Which companies are benefitting from the cyber security tailwinds created by the coronavirus pandemic?
The isolation economy has created substantial momentum for certain cyber security companies. Notably, as of the big stock market selloff on June 11, relative to our last cyber report in February, the S&P 500 and Nasdaq are off 11% and 3% respectively. Yet the valuations of three companies that we cited as four star firms in our February cyber report are up significantly.
Specifically – Okta’s valuation is up 34% since our last look in February. Crowdstrike almost 50% and Zscaler over 60%. Yet several other companies that we named as Four Star players have tracked the S&P or have even performed more poorly – despite still showing decent strength in spending momentum based on survey data.
In this Breaking Analysis we’ll update you on our cyber security outlook and try to answer several questions, including:
- What has changed in the cybersecurity space since our last report?
- Has the isolation economy created a permanent shift in security spend or are these upticks anomalies?
- What can we learn from the ETR spending data and is the divergence in valuations amongst security leaders justified?
What’s Changed in Cyber Since the RSA Conference?
The COVID pandemic has catalyzed significant changes in the cyber security space and we want to understand are they systematic? In other words, are there fundamental changes to the existing market and its underlying principles? And by many accounts the answer appears to be yes as it relates to cyber.
Last week, we listened in on a CISO roundtable call with ETR’s Erik Bradley and we heard the executives echo some themes that we’ve been reporting. Specifically, the executives elaborated on the impact that the work from home (WFH) pivot has had on their businesses. They cited a greater focus on so-called zero trust networks, changes in identity and access management and the increasing attractiveness of cloud and as-a-service models. They also reiterated their belief that going forward they would reduce their reliance on traditional firewalls and appliances in the data center.
From Digital Complacency to Digital Mandate
We’ve gone from a world where digital transformation was an important strategic initiative to one where if you weren’t digital, you largely couldn’t transact business. People are beginning to question the long term viability of their VPNs and even things like SD-WAN are being called into question as corporate offices are empty and the Internet is becomes the new private network.
One thing that hasn’t changed is there are still too many tools in the security space and that seems to be continuing as buyers need solutions to problems quickly. On balance IT budgets are contracting so most companies still have to justify security spending based on risk reduction, which is of course easier to justify for securing remote workers.
As well, the importance of cyber skills is exacerbated in this climate.
A Look Back at the February Spending Data
This chart below shows data from the January ETR survey. It isolates on the security sector within the data set. And if you recall we keyed on two key metrics: Net Score, which is a measure of spending momentum and Shared N, which the number of mentions for a specific company within the sector.
The left side of the chart shows cyber players sorted by Net Score and the right hand chart sorts those companies on Shared N.
Last year we used this data to create a methodology to name several companies as “Four Star” security firms based on their ranking within both of those metrics. You can see the Four Star firms highlighted: Microsoft, Splunk, Palo Alto Networks, Proofpoint, Okta and Crowstrike. We added Zscaler in our February post and then CyberArk Software made the cut. And we gave Cisco and Fortinet 2 stars as they were on the cusp.
Impact of Coronavirus on Security Spend
The chart below shows a subset of the vendors we showed above. Remember, this survey was taken at the height of the lockdown from the pandemic. Budgets were under immense pressure. Nonetheless, Microsoft, Cisco, Palo Alto, Fortinet and Zscaler all held up. Crowdstrike also held steady and maintained a very elevated Net Score level. Okta dipped somewhat but from a high level as well. Only Proofpoint of the Four Stars we show earlier declined notably from a 48% to 40% Net Score.
Sailpoint didn’t make the Four Star cut because it doesn’t have as high a presence in the data set, but its Net Score is solid and its Shared N jumped from 66 last survey to 88 in the latest checkpoint. So we think this identity and access management player seems to be one to watch, especially given the comments we hear from CISOs.
Plotting the Leading Cyber Security Players
The chart shows a view that we like to share often, juxtaposing Net Score against Market Share.
The chart plots Net Score or spending velocity on the Y-axis and Market Share on the X-axis. Remember, Net Score measures spending momentum by calculating the net percent of companies planning to spend more versus less on a company’s technology. Market share is calculated by dividing the number of mentions for a company by the total mentions in a sector.
You can see above a continued theme of Microsoft momentum. The company continues to stand out in many sectors and cyber is no different. It has an elevated Net Score and big presence in the survey.
For context, we plotted IBM and Dell EMC (which is the legacy RSA business). These are two companies with strong security brands but as you can they are not the giants they used to be in cyber security software.
Some additional points on this graphic:
- Crowdstrike jumps out as the momentum play on the chart. No surprise given its focus on endpoint security and the pivot to WFH.
- Okta with its cloud-based identity management focus, continues to show strong.
- CyberArk, a privilege access player is very important in this remote worker environment.
- Zscaler shows quite strong and steady from the last survey. However, Zscaler saw some of the biggest action in the stock market, which we will address later in this post.
- Proofpoint saw a deceleration in Net Score but they are right in the mix as is Fortinet.
- Palo Alto Networks remains strong and we think a very strategic player to CISOs.
- Finally, Cisco in cyber shows a very credible Net Score and a large market presence. As we reported in a January Breaking Analysis, security is one of the brighter spots in Cisco’s portfolio.
So the big takeaway from the ETR data is despite the pandemic, cyber security software has held up very well from a spending standpoint.
What does the Action in the Stock Market Tell us?
First, as we know, there’s a disconnect between what’s happening in financial markets and the fundamentals of the economy. And within the security sector there’s a dissonance between companies. In particular, as you know, the technology market has shaken off this pandemic and the valuations of several companies in the security sector have exploded, while others have declined. We want to discuss that dynamic in this segment of our report.
The chart below updates data that we showed in February from our last cyber security update. This data adds a comparison to the performance of the S&P and the Nasdaq as of February 19. It compares these indices with the performance of our Four Star cyber players from that date to Thursday June 11, the day of an 1,800 point drop in the Dow. So some of the steam has been let out of the market but the fundamental story won’t change.
First -S&P is off 11% since that time but the Nasdaq is only off 3%. But note the deltas of our Four Star companies.
Let’s start with Splunk who we didn’t show in the earlier charts. The value metrics of Splunk haven’t moved much since our February report. Its Net Score was down somewhat in the sector but remember Splunk does more than just security. It really is becoming a critical big data player in analytics. We think investors perhaps don’t like the tepid 2% revenue growth but remember Splunk is transitioning to an annual recurring revenue (ARR) model and that will take some time to show up in the income statement. Splunk acquired SignalFX late last year to give it a stronger SaaS play in monitoring and analytics. We like Splunk’s fundamentals. Like Adobe and Tableau who had to make similar transitions to a subscription model and ultimately powered through because they are great companies with really loyal customers.
Palo Alto Networks & Fortinet
Let’s move on to Palo Alto Networks and Fortinet. In our last security update we spent a fair amount of time explaining the valuation divergence between these two companies due to some cloud challenges Palo Alto was facing. We said Fortinet had done a better job transitioning to cloud. But Palo Alto had a great quarter in its latest report. It beat earnings and revenue and gave solid guidance. The stock moved up nicely but it ran into resistance and you can see it’s tracking about with the S&P 500. And you can see the revenue multiples show the valuation divergence is even more stark relative to Fortinet who held serve in the period – i.e. Fortinet’s valuation and revenue multiple held while Palo Alto showed a double digit decline its value over this time period.
But we like the fundamentals of Palo Alto Networks. Not did Palo Alto beat earnings, but it shows solid performance in the ETR data set, despite the COVID pandemic. Further, anecdotal evidence and discussions with IT leaders suggests that organizations want to do business with Palo Alto. Palo Alto is considered a thought leader in the space and we think will do very well this decade. Maybe there are some technical aspects going on with the stock, which we’re not qualified to address, but they clearly saw some resistance despite their strong quarter.
CyberArk Software & Proofpoint
Let’s skip over the green box for a moment and quickly comment on the last two companies in the chart. We’ll start with CyberArk.
The company is underperforming this group even though you would think with a focus on privilege access security it would do well in this environment. It beat earnings last quarter but suspended guidance. On its earnings call, the company cited exposure to some industries that were hard hit from the pandemic. Notably, the company is aggressively hiring and increasing operating expenses so management is confident and perhaps just being cautious. But CyberArk is taking a valuation hit as a result. Notably, its Net Score in the ETR data looks very strong so we’ll be watching closely the results from the June survey.
Now Proofpoint has also taken a valuation hit in our period of analysis despite beating estimates last quarter. Maybe not as strong a WFH play but again – beating in this environment is a positive.
Okta, Crowdstrike & Zscaler Shine in the Isolation Economy
Now let’s talk about the three companies highlighted in green. Okta, Crowdstrike and Zscaler. Again, Zscaler was added to the Four Star list in February.
The valuation of these three companies has soared since the pandemic as they have benefited fro the cyber security tailwinds as a result of the new reality. Okta with its identity management focus, Crowdstrike with endpoint and Zscaler with its security cloud are all seeing huge momentum. It makes sense. These three companies are very focused and aligned with a remote worker economy and the shift to cloud. As well, they all beat earnings and management had a sanguine outlook going forward.
But look at the revenue multiples compared to their peers. Are these justified? Well as we said before theres a difference between the stock market and what’s happening in the real world today. So we would say we want to see these companies continue to outperform estimates and frankly, at these revenue multiples we would expect maybe even higher growth rates, especially from Okta and Zscaler.
The point is the market’s exuberance is based on future expectations and we do think there was a bit of FOMO (fear of missing out) at play here with investors hopping on the bandwagon. However the growth growth rates of these three firms is meaningfully higher than the peers we’ve listed. Of course much of the stock action is based on performance relative to earnings estimates. So we will see if these firms can continue to beat estimates and justify these juicy valuations.
The data from ETR shows these companies are strong – although we’d like to see Zscaler’s Net Score and market presence continue to improve. And the momentum of Palo Alto and CyberArk shown in the ETR data could signal positive results going forward. So we’ll be watching the next survey very closely.
Keeping an Eye on Wall Street v Main Street
The disconnect between financial markets and the real world economy creates uncertainty. So you have to be cautious here if you’re chasing momentum. We know a lot of young investors who comment to us on these segments. To stress, we’re not qualified to tell you where to invest, we are reporting on fundamentals, financial trends and we try to formulate opinions using survey data from ETR and theCUBE community. Please, do your own research and be patient with this market.
The after COVID (AC) economy and the remote WFH momentum will not be a rising tide to lift all ships. But there’s no doubt CISOs are rethinking cyber. We’ve said for years that spending was going to shift from protecting the perimeter to secure remote devices and distributed data. To some degree this change has occurred albeit more slowly than we expected. However in the last 90 days we’ve seen a more dramatic shift in mindset than in the previous three years.
The scourge of VPNs, the albatross of MPLS networks and even the efficacy of SD-WAN are being called into question as security technologies that exploit the internet and cloud appear more attractive to CISOs.
We are also seeing more collaboration between organizational boundaries and even many CIOs becoming much more involved in security as are line of business heads. As we’ve said many times, cyber has become and will continue to be a board level agenda item.
Near term – we don’t see the fragmentation of products decreasing. If anything, the shiny new security tools will probably increase granularity in the market as organizations can’t just unplug their legacy infrastructure – as much as they’d like to do so. Longer term, however, there will be more consolidation in this market as the whales purchase companies to fill holes. For example, look at VMware, a company we haven’t cited in this segment. VMware is trying to elbow its way into the security market with an aggressive acquisition agenda. And the cloud as well will attack this problem of complexity which in part stems from too many tools.
As always, we’re grateful for our community and the input you provide to these segments.
Remember these episodes are all available as podcasts wherever you listen.
Also, you may want to check out this ETR Tutorial we created, which explains the spending methodology in more detail.
Watch this week’s full video analysis: