Search This Blog

Saturday, September 17, 2022

Cybersecurity Stocks To Watch Amid Uber Data Breach

 You may think the time is right to move into cybersecurity stocks amid the latest data breach involving ride-sharing service Uber Technologies (UBER).  But right now, the IBD Computer-Software Security group ranks only No. 151 out of 197 industry groups tracked.

In the Uber data breach, a hacker used social engineering techniques to gain entry to its computer system.

"We believe a breach of this stature can act as a tailwind to long-term security budget growth, especially as those conversations become more difficult in the current macro environment," said Wolfe Research analyst Joshua Tilton in a report.

Social engineering is the art of manipulating people so they give up confidential information. The hacker claimed to be a member of Uber's information technology team and tricked an employee into handing over a password.

With the summer earnings reporting period over, customer conferences loom as possible catalysts. CrowdStrike Holdings (CRWD) hosts its Fal.con conference from Sept. 19 to Sept. 22. An investor day for CRWD stock is slated for Sept. 20.

Fortinet (FTNT) hosted a security summit as part of the new PGA golf season on Sept. 15. At the summit, Fortinet touted its growing relationships with cloud computing giants such as Amazon.com (AMZN) and others, noted Wells Fargo analyst Andrew Nowinski in a report.

Cybersecurity Stocks: Cloud Computing Synergy

"While each hyperscaler works with nearly all the security vendors, this channel represents a strong route-to-market, given that AWS alone has 45,000 sales people, Azure has over 30,000, and GCP has 25,000," Nowinski said.

"We believe Fortinet is well-positioned with these hyperscalers, given the large installed base of FortinetFortinet has nearly 600,000 customers, far more than all other security vendors, which provides a lot more opportunities for the hyperscalers to cross-sell their services.

The IBD security group is down nearly 25% in 2022, under-performing the S&P 500. The S&P 500 is down about 19%. But some cybersecurity stocks hold high Relative Strength Ratings, such as Palo Alto Networks (PANW). Palo Alto has completed a 3-for-1 stock split.

Meanwhile, the iShares Expanded Tech-Software ETF (IGV) fell nearly 5% in August. The IGV index has retreated nearly 33% in 2022.

According to a Morgan Stanley survey of chief information officers in July, cloud computing and security software remain at the top of priority lists, followed by business intelligence/analytics, digital transformation and artificial intelligence.

Cybersecurity Stocks Report Mixed Earnings

Zscaler (ZS) stock jumped on stellar fiscal fourth quarter results.

PANW stock jumped on better-than-expected fiscal Q4 earnings and guidance. Palo Alto Networks has been building a broad cloud-based services platform via acquisitions. Palo Alto Networks has spent more than $3 billion on 10 acquisitions over the past three years.

CrowdStrike reported reported Q2 annual recurring revenue, or ARR, of $2.14 billion. Analysts expected $2.11 billion, up 59%. Analysts consider ARR a key metric in CrowdStrike results, as it links to subscription customer growth.

Check Point Software Technologies (CHKP) reported earnings on Aug. 1. CHKP stock fell on guidance.

Fortinet reported second-quarter earnings, revenue and billings that topped estimates but the size of the beats disappointed. For the September quarter, Fortinet forecast sales of $1.12 billion, below estimates of $1.13 billion.

Consolidation Impacts Cybersecurity Stocks

Private equity firms continue to target the sector, with Thoma Bravo acquiring Ping Identity Holdings (PING) for $2.8 billion.

Thoma Bravo also has acquired cybersecurity firms SailPoint Technology, Proofpoint, Sophos and Barracuda. The private equity firm has invested in cybersecurity startups, such as Illumio.

Also, PE firm Permira in May completed its purchase of Mimecast for $5.8 billion. PE firms aren't the only acquirers.

Google-parent Alphabet (GOOGL) on March 7 said it's acquiring cybersecurity firm Mandiant (MNDT) in an all-cash $5.4 billion deal.  Mandiant will be part of Google's cloud computing business.

Also Google in January acquired Siemplify, a security orchestration, automation and response provider, for around $500 million.

"Increased acquisition activity is being spurred by depressed valuations in the current uncertain macroeconomy," Cowen analyst Shaul Eyal said in a recent note to clients. "We believe that acquirers are increasingly seeking targets that demonstrate a balance of growth versus profitability and positive cash flow."

Corporate Spending On Cybersecurity

Meanwhile, Qualys and Fortinet have dropped off the IBD 50 roster of growth companies.

At an investor day for FTNT stock on May 10, Fortinet unveiled 2025 financial targets that call for billings of $10 billion and revenue of $8 billion, implying a three-year average growth rate of 22% for both metrics.

Cybersecurity spending worldwide climbed 13% in 2021 to $172 billion, estimated market research firm Gartner, accelerating from 8% growth in 2020. In both 2022 and 2023, Gartner forecasts 11% growth in cybersecurity spending.

Bank of America in a recent report said cybersecurity stocks that deliver services via cloud computing platforms will be better positioned.

"We believe 'born-in-the-cloud' companies like Zscaler, CrowdStrike and SentinelOne (S) to be relatively resilient to any spending slowdown, also given how critical their solutions are to cyber defense efforts," said BofA analyst Tal Liani in a note to clients.

Cybersecurity stocks got a lift in February as Russia's invasion of Ukraine began. Analysts said attacks aimed at shutting down websites could increase.

Further, Congress has finally passed legislation funding infrastructure projects, which is expected to include funding for federal, state and local cybersecurity infrastructure.

Ransomware remains a big threat, though fewer highly publicized incidents occurred in the back half of 2021.

The rise of cryptocurrency Bitcoin has been linked to a spike in ransomware attacks. In ransomware attacks, hackers take over computer systems, encrypt files and demand digital payment to restore access to critical data.

Cybersecurity Stocks With High Composite Ratings

Cybersecurity stocks with Composite Ratings above 90 include Qualys, Fortinet and Palo Alto Networks.

The Composite Rating is a blend of the other five IBD stock ratings: the earnings per share or EPS Rating, Relative Price Strength Rating, Accumulation/Distribution Rating, Industry Group Relative Strength Rating and the SMR Rating.

The latter measures sales growth, profit margins and return on equity. The all-encompassing Composite Rating helps investors easily measure the quality of a stock's fundamental and technical metrics.

No security stocks currently are members of the IBD Leaderboard. It's IBD's curated list of leading stocks that stand out on technical and fundamental metrics.

Hot Cybersecurity Startups Eye IPOs

And initial public offerings are on the table. SentinelOne's IPO raised $1.2 billion. SentinelOne is a rival of CrowdStrike.

Meanwhile, analysts say Netskope, Illumio and Menlo Security are among cloud security startups that could launch IPOs.

Analysts say a new wave of startups seems to be taking share from industry incumbents.

Darktrace (DARK) launched its IPO on the London stock exchange in April. Darktrace utilizes self-learning artificial intelligence tools in security automation.

Further, consolidation may be coming in the cybersecurity industry. Okta (OKTA) in early 2021 acquired privately held Auth0 in a $6.5 billion, all-stock deal. Also, Okta is expanding into new security markets to take on CyberArk Software (CYBR) and SailPoint.

Microsoft Stock A Big Player In Cybersecurity

Also, Microsoft (MSFT) has moved into this space. The software giant recently disclosed that its cybersecurity revenue tops $10 billion annually. With 400,000 customers, Microsoft's computer security franchise is growing at more than 40%, the company said.

Microsoft in July 2021 acquired RiskIQ, a security threat management company. Bloomberg reported that Microsoft paid around $500 million. Microsoft also bought CloudKnox Security in July.

In addition, Microsoft is integrating more security tools into its cloud-based Office 365 software. As it expands cloud-based security services, Microsoft could pressure more industry incumbents, such as Okta, CrowdStrike, and Splunk (SPLK).

"Microsoft is clearly pitching itself as offering a full security suite, a competitive advantage as customers increasingly want a unified view of threats," UBS analyst Karl Keirstead said in a recent note.

Cybersecurity Stocks: Wide Range Of Products

Further, it behooves an investor to know which cybersecurity stocks address ransomware, phishing or other kinds of cyberattacks.

Meanwhile, CrowdStrike uses machine learning and a specialized database to detect malware on laptops, mobile phones and other devices that access corporate networks. In addition, many software companies are using artificial intelligence to get a competitive edge.

In addition, Zscaler is the biggest provider of cloud-based web security gateways that inspect customers' data traffic for malware.

SailPoint, an identity management software maker, is among companies that garner more than 10% of revenue from government agencies.

Coronavirus Outbreak Boosted Demand For Cloud Security

Other cybersecurity firms with a sizable government business include Tenable Holdings (TENB), Rapid7 and CyberArk. Tenable in 2021  acquired France-based Alsid, which focuses on identity access management.

In addition, Rapid7 and Qualys specialize in vulnerability management services.

Amid the rapid global spread of Covid-19, many companies instructed employees to work from home. That has increased demand for computer security products that support remote work.

The coronavirus emergency and shift to remote work has accelerated the growth of cloud-based network security. So the industry now has a new term for the infrastructure that supports distributed workers and branch offices.

It's spelled SASE — pronounced "sassy" — and it stands for Secure Access Service Edge.

SD-WAN Technology Changes Security Needs

Corporate America has hiked tech spending on security aiming to protect intellectual property as well as consumer privacy. Hackers continue to steal credit card data and intellectual property.

Spending on security technologies has evolved as companies shift business workloads to cloud computing service providers. Amazon Web Services, part of Amazon.com (AMZN), is the biggest cloud services firm. Amazon looms as a potential rival as it builds more security tools into its cloud services.

Also, Fortinet competes with Palo Alto Networks and others in the firewall security market. Firewalls reside between private networks and the internet. They block unauthorized traffic and check web applications for malware.

As large companies shift to off-premise cloud computing services, one view is that firewall technology will play a lesser role. Fortinet has targeted software-defined wide area networks, or SD-WANs, an emerging computer networking technology.

Aiming to catch-up in SD-WAN technology, Palo Alto Networks acquired startup CloudGenix.

Cybersecurity Products Battle Ransomware, Phishing

Cybersecurity stocks span a wide-range of products and services. In addition, some security vendors are shifting to software-based subscription business models from selling hardware appliances. Among them, Proofpoint specializes in email and data-loss protection.

Meanwhile, hackers often aim to compromise networks by targeting employees or management who have administrative access. CyberArk manages privileged accounts. In addition, Okta provides identity management services.

To slow down hackers, more companies are focusing on internal security threats though a strategy known as Zero Trust. In addition, traditional security measures aim to keep the bad guys out of corporate networks. Further, network firewalls focus on intruders from the public internet.

Zero Trust cybersecurity models focus on internal threats, such as hackers stealing someone's security credentials. Security firms verify the identity of network users and limit access to applications.

CrowdStrike, Okta, Netskope and Proofpoint recently formed a Zero Trust alliance. Targeting Zero Trust security, Cisco Systems (CSCO) in 2018 acquired Duo Security for $2.35 billion.

Artificial Intelligence Changing Cybersecurity Market

Also, many fast-growing cybersecurity firms are in the endpoint market. Their tools detect malware on laptops, mobile phones and other devices that access corporate networks.

Further, CrowdStrike's initial public offering in June 2019 raised $612 million, one of the largest cybersecurity offerings. CrowdStrike's rivals include VMware's (VMW) Carbon Black, Palo Alto and startup Cybereason.

The  "Human Element" causes at least 75% of cyber breaches, according to a new study by Cowen Research and Boston Consulting Group. Many companies have stepped up employee training to deter ransomware attacks and other threats. Cowen favors Cloudflare (NET),  Fortinet, CrowdStrike and KnowBe4 (KNBE).

In addition, state-sponsored hackers and cybersecurity firms are both using artificial intelligence to get an edge.

Artificial intelligence should improve computer security tools by speeding up incident responses. It could help thwart email-delivered ransomware or swarming botnets that knock out access to websites.

https://www.investors.com/news/technology/cybersecurity-stocks/

No comments:

Post a Comment