The Right Stock At The Right Time®  Launch Smart Chart
Updated For:
Daily Market Comment 
Dr. ME Talks Stocks 
Market Letter
On The Edge
The Outlook
Email Alert

News & Analysis
Stocks & Funds
Options & Futures
Personal Finance

By Providers
S&P Capital IQ


11/24/16 05:00:34 PM


Adaptive security continues to gain prevalence over network-centric options, as we think complexities in breaches have prompted a larger appetite for improved remediation. Despite razor-sharp focus from corporations to secure digital assets, industry data suggest the proliferation in data breaches show little signs of slowing. We take a deeper dive into select companies with adaptive architecture, which we think will usher in next-generation security for the digital age.

According to FireEye, 229 days is the average time it takes a malicious attacker to be detected by a company, and another 30 days before the attacker can be completely removed from a network. Interestingly, 63% of companies were informed of these breaches by an external source, while 100% of them had up-to-date anti-virus solutions. PricewaterhouseCoopers (PwC) estimates that breaches rose by more than 38% in 2015 versus 2014, to nearly 60 million total detected breaches. Furthermore, research firm Gartner projects that worldwide cybersecurity spending could grow to $101 billion by 2018 from $75 billion in 2015. We think public sector security spending could present a growing portion of this going forward, given the recent presidential election outcome.

While the data points above are alarming, this raises the question of how this might occur, as corporations implement intrusion detection and prevention systems (ID/PS), firewalls, and anti-virus programs to safeguard data and mitigate further risk. In our view, this suggests that conventional network-centric security models are fundamentally compromised. While building a barrier around a single point of entry/exit to protect valuable data worked 10 years ago, this has proven to be ineffective as digitization (virtualization and cloud) paved the way for new dynamic infrastructure. We think this movement has made prized records much more susceptible and easier targets to further cyber-attacks.

On the other hand, adaptive security deploys defense to all computing environments seamlessly, and has the ability to operate on private or public applications (cloud or server) without having to reconfigure entire networks, which is a luxury not afforded with legacy security. Further, through graph theory (plotting of mathematical relations), adaptive architecture continuously monitors all workloads (or computer processing), and implements change accordingly to minimize the severity of the intrusion. In other words, this approach fully acknowledges it will not stem all breaches, which is virtually impossible given ever-evolving malicious attacks from hackers (e.g. botnets), but instead aims to swiftly detect and thwart an attack before it reaches critical level information.

Markets and Markets (a data provider) estimates that the adaptive security total addressable market (TAM) is anticipated to rise to more than $7 billion by 2021 from $3.5 billion in 2016 (compounded annual growth rate CAGR of 14.9%). While we include an eclectic group of public and private companies below, we think they all offer competitive adaptive security solutions, and could benefit from pronounced demand, as the need for cyber-attack defense approaches critical levels.

FireEye, Inc. (FEYE 14 ***) provides comprehensive cybersecurity solutions for detecting, preventing, analyzing, and resolving malicious cyber-attacks. Through its full suite of products, including its virtual machine technology, it implements an adaptive approach to cybersecurity. We note virtually all of FEYE's revenues, which had robust growth of 46% in 2015, but we see moderating to around 16% for 2016, are derived from cybersecurity offerings (product or subscription). FEYE posted solid billings of $215 million and a sustained renewal rate of around 90% in Q3. Our hold ranking balances what we see as the company's best-of-breed solutions with the translation of revenue growth to profitability, which remains elusive.

Illumio (Private) was founded in 2013, and provides security options through its adaptive security platform (ASP) for data center and cloud environments. The headcount at Illumio is currently at approximately 150 employees. According to 451 Research, Illumio has received $142.5 million from three rounds of funding to date. Given annualized revenue per customer trends, 451 Research currently estimates an annual run rate in generated sales of $16 million to $24 million. Considering consolidation themes for enterprise security remains elevated, we think Illumio offers a differentiated go-to-market solution that could garner M&A interest.

International Business Machines Corporation (IBM 163 ***) has transformed itself multiple times since being incorporated in 1911, in order to remain prevalent as the technology industry continues to evolve. As of Q3, Strategic Imperatives (mobile, cloud, security and analytics), accounted for 40% of revenues, and grew 15% from the prior year. IBM's security system is built on an adaptive architecture, to proactively prevent, detect, and respond to advanced cyber-attacks. We note its February 2016 acquisition of Resilient Systems (security response), to fully round out its end-to-end security platform. Despite solid execution shifting mix towards Strategic Imperatives, we think the pace of acquisitions could slow in '17 and wait for further clarity around monetization of Watson offerings.

Symantec Corp. (SYMC 25 ***) is a global provider of security solutions to help organizations and consumers secure valuation information. SYMC says its data center security solutions offer nimble adaptive security, and enable competitive advantages such as reducing the number of false positives and reduction in latency for better protection in digital endpoints. We positively view SYMC's recent acquisition of Blue Coat, Inc. in June 2016 for approximately $4.65 billion in cash, and its recent intent to acquire LifeLock (LOCK 24 NR), in November 2016 for $2.3 billion. We note these transactions look to reverse revenue trends (FY 17 growth of 11%), which fell 45% in FY 16 following its Veritas divestiture. While we think Blue Coat will enhance its growth profile, we see execution challenges and a full valuation (21.1X FY 17 EPS).

Risk Factors: Potential risks to our current outlook include new emerging technology providing a viable alternative to adaptive security, a slowdown in public and private sector cybersecurity spending, and regulatory concerns and/or constraints.


Past performance is not a guarantee of future results. The data contained in Market Edge is obtained from sources considered by Computrade Systems, Inc. to be reliable but the accuracy and completeness thereof are not guaranteed. Computrade Systems, Inc. does not and will not warrant the performance and results that may be obtained while using the Market Edge research service.
The Market Edge research service & Second Opinion are neither offers to sell nor solicitations of offers to buy any security.
Company profile, estimates and financials provided by S&P Capital IQ
See User Agreement for other disclaimers.
Market Edge and Second Opinion are registered trademarks of Computrade Systems, Inc.
© 2016 Computrade Systems, Inc.
© 2016 The McGraw-Hill Companies, Inc. S&P Capital IQ is a division of The McGraw-Hill Companies, Inc. See full Copyright for details.