In cyber security, where I spent the better part of two decades, you discover quickly that there’s a lot going on in dynamic, complex systems. Security teams easily get buried under reams of seemingly uncorrelated data. Locating “the right needle” in a haystack of needles requires serious tuning (signal-in/noise-out) to focus on what really matters.
This is easy-to-say and hard-to-do, but without risk-based prioritization leading the way, then the controls, monitoring and incident response –your whole risk management effort–is a hot mess.
“Risk-based” means, step 1 figure out the data, machines and people that matter most; Step 2 decide out of everything that’s possible, what are your highest probability, most-likely risks? Step 3 focus your scarce resources on the high-impact efforts that mitigate the most-probable, most-costly risks.
A lot of this process translates well to trading financial markets. (Having the discipline to follow the process, well, that’s a story for another time. Risk management posts are on the way.)
I have a long history with most of the publicly traded cyber security stocks having worked with, for and against nearly all of them in one way or another. Since becoming a trader, I’ve tried to build on what I know as a basis for going long and short–repeatedly–over the last two years.
I have no positions in any cyber stocks at this time as most of them are in my “too hard” pile. FTNT blew up recently because analysts keyed in on on a slowing forward growth rate, and management had, frankly, a pretty lousy conference call. QLYS had a crazy night last night because of a slowing forward growth rate. I haven’t read the transcript yet, but I know competition (with Rapid7 and others) is taking a toll. Nearly all of the cyber stocks are trading at steep valuations because of their growth rates. If those growth rates are now declining, logic dictates that growth investors will sell and the stocks will fall until the valuations become interesting to the value guys. At their current price to sales ratios, that could be a pretty steep fall for some of these companies. PANW –who is an amazing company and probably the best name I can point to in the space– is trading at a mind-blowing 15x sales. Even after getting cut in half the last 90 days, FEYE still trades at a 8x sales multiple.
Speaking of FEYE, they report this Wednesday, November 4. I have a long and mostly successful history trading this stock both long and short.
Based on the who they are, what they do, how they’ve gone to market, buyer behavior, psychology, competition, etc…the risk/reward for FireEye –even after this decline– has me spooked. Channel partners are, for the first time, missing their quotas. There’s been a lot of employee turnover this year, putting the whole services pivot into question. They’re not making great progress on their cyber insurance initiatives.
Perhaps worst of all, FEYE lacks the same compliance-mandated buying drivers that Firewall and AV –the top 2 security budget line items — have. This is frustrating for FEYE, because even though AV & FW clearly have shortcomings in catching never-seen-before threats, if companies want to continue processing credit cards or be compliant protecting their patients’ private health information, well, that 25-year old auditor has to check the box that FireEye’s competitors are installed. This is a screwy feature of the cyber space, compliance drives the security budget. Unfortunately for FEYE, there’s really no compliance check box that requires sandboxing technology. Every purchase is a discretionary purchase, the hardest of all for salespeople to close. Unless your hair is on fire from a recent breach. Then, you buy whatever Mandiant tells you to buy in order to make the pain go away. (You see how that works?) It’s great to be the sales guy picking up the red phone when the breach happens, but that model is vulnerable to lumpy results, and that’s not the way Wall Street likes it. As their quarterly numbers get bigger and bigger, the risk grows that these nice-to-have but not mandatory discretionary purchases will lead to a miss. Then the trapdoor opens and FEYE investors could be looking at a -30% or more drawdown.
Although FEYE is trying to replace McAfee (Dave DeWalt sold McAfee to Intel) and Symantec AV deployments with their endpoint solution, it’s still early days and there are dozens of endpoint companies out there trying to do the same. I won’t go into all their managed services and pro-services offerings, but employee turnover and unclear SLA’s have not helped customer satisfaction. That said, FEYE has amazing sandboxing technology. Too bad that everyone from PANW to FTNT and CSCO now have their own me-too sandbox tools, that they’re, um, giving away as a feature of their firewall platform. This ends up confusing the marketplace, and if buyers can’t tell the difference, asymmetric information markets theory (nobel prize winner!) tells us they’re going to buy what ever is cheaper.
And then there’s the newly appointed FEYE CFO. Will he kitchen-sink 3Q and reset forward expectations as most new CFO’s are want to do? Or did they win a massive government contract and will that will save the day?
My point is if you’re long FEYE, at this heady 8x sales valuation and with -50% earnings (they spend $1.5 on every $1 of revenue for sales, marketing & R&D)- you want (you need) a triple play, which is a beat on earnings, revenue and a forward guidance raise. With what I’ve listed above, does that seem likely to you? If it does, stay long. If you’re short, you better hope that the quarter was bad, and that the rumor of a big DHS contract is just a rumor. Along with the constant rumors of an imminent M&A takeout (IMHO, highly probably over the next year)…because this stock has come down a long way in a short time.
I get that this is maddening. That’s my point. As an investor, I want to wait until most of the probabilities are lining up in my favor. Right now, for FEYE –and many stocks–it’s tough to say that’s the case. Ergo, the “too hard” pile. Good luck to you, whichever way you lean.
Remember, if it was easy, then no one would make money.
If you enjoy the content at iBankCoin, please follow us on Twitter
Great post. I decided to be an investor, in the damn 30’s. I’m an easy target here, lol.
Thanks for the info. Very informative.
Great stuff!
To be clear PANW does not give away WildFire, they charge for the subscription. FTNT does not give it away either and their product sucks unless you buy FortiSandbox which starts out at 30k then jumps to 100k vs 11k for an NX900 and on from there. Also the PANW and FTNT products time to block is close to 2 days at current because they use signature rollups to block where as FEYE is 5 min on-prem and 30 min globally via hash sharing. FTNT also doesn’t require threat sharing be default whereas FEYE charges you more if you disable DTI. There is simply no comparison between the products, FEYE just dominates the others. That said, I have not been selling much of any of the products this quarter, its all been assessments, not hardware.
The “market of lemons” (asymmetric information markets) I described is real.
Everyone certainly wants to charge for their sandbox subscription, I agree. It depends on what’s at stake whether FEYE competitors throw in a “free” trial (or a “special discount” applied to a larger multi-product purchase that compensates for its cost, and lasts for as long as the customer keeps the products deployed).
I don’t disagree with what you’re saying though, FEYE does have a superior technology edge. Unfortunately, the sandbox is still not a compliance-mandated control, and therefore it lacks formal budget. As a discretionary budget purchase, they’re susceptible to air gaps in sales when “attacks from China slow”, which is why the stock is getting torched in the AH.
I wouldn’t be surprised to see shareholders asking for DeWalt’s head soon. I was hoping to see it down in the mid-teens to go long. Could be wrong of course, but I still don’t think we’ve seen a bottom.