>>> Cloudflare, Palo Alto Networks and Zscaler tumble as Microsoft expands in cybersecurity
JUL 12 2023
Microsoft introduced products under the Secure Service Edge umbrella.
Some analysts cautioned that it’s early for the new products. Pricing information isn’t available yet.
Cloudflare, Palo Alto Networks and Zscaler shares all declined Wednesday after analysts noted Microsoft’s entry into a part of the cybersecurity market where those three smaller companies already compete. Palo Alto and Zscaler shares both slid about 7%, while Cloudflare shares fell 5.5%.
Analysts emphasized that the new Microsoft Entra Internet Access and Microsoft Entra Private Access products are in the preview stage, with no pricing details available. But over time, they could strengthen Microsoft’s campaign to make security one of its top categories, as older areas such as Windows recede.
In 2022, Microsoft’s security revenue exceeded $20 billion, up about 33% from the prior year. CEO Satya Nadella said in a recently disclosed memo that the company’s Security, Compliance, Identity and Management business could reach $100 billion in revenue by the 2030 fiscal year.
The new Entra products, along with the existing Microsoft Defender for Cloud Apps, fall under a category known as Secure Service Edge. SSE involves providing cloud tools that help corporate workers securely access applications hosted in the cloud and on premises, Joy Chik, Microsoft’s president of identity and network access, wrote in a Tuesday blog post.
The Microsoft Entra Private Access service offers an alternative to long-standing virtual private networks, or VPNs, which let employees access internal programs while working remotely. Microsoft Entra Internet Access can help security administrators control employees’ connections to cloud apps, including Microsoft 365 applications such as Teams.
Analysts at Jefferies, with a buy rating on Microsoft stock, said the move could have “potential longer term ramifications” to Cloudflare, Palo Alto and Zscaler, as well as Fortinet and Check Point Software
“This is potentially the largest and last major cybersecurity market that Microsoft has yet to enter and it is now competing with cloud network security providers, mainly ZS, NET, PANW,” Morgan Stanley analysts led by Hamza Fodderwala wrote in a Tuesday note. Still, they said gaining meaningful market share in SSE could prove more difficult than in other parts of security because of a lack of structural tie-ins with Microsoft software. The company has gained adoption in endpoint security through Windows and identity products due to integrations in its email software.
“The same presence doesn’t exist for network security/SASE, which we think is more complex given the need to enforce policy in heterogeneous environments,” wrote the analysts, who have the equivalent of a buy rating on Microsoft shares.
Analysts at UBS, with a hold rating on the stock, said Zscaler’s 4.5% downward move Tuesday appeared to be “overdone, especially when considering ZS’s near-exclusive focus on the enterprise segment and the expectation that the initial Microsoft Security Edge solution will be primarily aimed at SMBs.”
>>> Fortinet - is a well-known cybersecurity company that offers a wide range of products and services, including everything from subscription anti-virus software to firewalls. Like CrowdStrike, Fortinet is seeing exceptional growth right now compared to most tech companies.
Fortinet's sales rose 32% in 2022, reaching $4.2 billion, thanks to the company's service revenue increasing 26% and product revenue jumping 42%.
Part of the company's competitive advantage comes from its large firewall business. The latest IDC data shows Fortinet in the No. 1 position for firewall shipments. Fortinet CFO Keith Jensen said in the latest earnings call that the company's current economies of scale make it difficult for competitors to catch up, because of the "high entry barrier and significant investment that is required" to develop similar firewall technology.
In addition to the company's strong position in the cybersecurity market, management expects more growth this year, with sales estimated to climb 22% to about $5.4 billion. And Fortinet's management believes that it is "well positioned to achieve" its target of $8 billion in revenue for the 2025 year.
>>> Microsoft is bringing ChatGPT technology to cybersecurity
by Daniel Howley
March 28, 2023
Microsoft (MSFT) is bringing OpenAI’s ChatGPT capabilities to its cybersecurity business via its new Microsoft Security Copilot. The software, which was announced Tuesday, is meant to help cybersecurity professionals prevent and detect cyberattacks faster and with greater ease.
“The entire impact of this is to defend the way we've never been able to defend before,” Vasu Jakkal, Microsoft CVP of security, compliance, identity, and management told Yahoo Finance. “You're now going to be able to protect and disrupt attacks when they're happening.”
Security Copilot, Jakkal explained, runs on both OpenAI’s GPT-4 generative AI model and Microsoft’s own security-specific model. The result is an AI bot that allows cybersecurity professionals to do things like quickly pull together information on the latest security incidents in their companies, dig into potential threats, and even quickly look up data on common vulnerabilities and exposures.
In one example, Microsoft showed how Security Copilot can look at a cyberattack to pick apart how the hacker got into a network and onto a victim’s device.
“It’s the first and only generative AI-based, [large language model]-based tool that is out there. It’s one of a kind. This has never happened before,” Jakkal added.
Microsoft says that Security Copilot will allow cybersecurity workers to catch incidents that other approaches may otherwise miss, improve the quality of threat detection, speed up their response, and help them improve their overall security standing.
Microsoft already sells an array of cybersecurity offerings including Microsoft Defender, Microsoft Entra, Microsoft Purview, and Microsoft Sentinel. In January, the company announced that its cybersecurity arm is now a $20 billion a year business.
The tech giant says that Security Copilot will continually improve as it learns from a company’s own data. That data, however, will never be used to teach the broader Copilot algorithm. Meaning a customer’s information will remain its own.
Security Copilot works just like Microsoft’s Bing search engine. Cybersecurity workers type a prompt into a text box, and Security Copilot will fire back a reply based on the app’s available knowledge set.
As with the company’s other generative AI offerings, Microsoft says Security Copilot may provide incorrect answers to prompts, and gives users a means to report them.
The announcement comes just weeks after Microsoft debuted its Microsoft 365 Copilot for its Microsoft 365 productivity suite. That offering allows users to take advantage of Microsoft’ and OpenAI’s AI capabilities to do things like put together a PowerPoint presentation, write up articles in Word, and more.
Microsoft is riding high on its multi-billion investment in OpenAI. The firm, which originally showed off its ChatGPT-powered Bing search engine and Edge browser, is pouring the technology into seemingly all of its products as the AI wars heat up across Silicon Valley.
>>> Palo Alto Networks (PANW) - Despite facing macroeconomic challenges and spending slowdowns, Palo Alto remains an industry leader in enterprise security solutions. As the digital landscape grows and cyberattacks and ransomware become more prevalent, demand for Palo Alto’s products remains strong.
Palo Alto’s ability to execute well amid economic uncertainty is a testament to its resilience and long-term growth prospects. Even though the company is working to manage costs, its focus on efficiencies will have a limited impact on headcount growth.
Additionally, its expanding portfolio of cloud security and security operations products boosts demand. The number of deals worth $10 million or more increased by 144% year over year, indicating strong demand. Palo Alto invested heavily in research and development (R&D), spending $1 billion last year. As a result, the company’s R&D is up to five times more than some of its competitors.
Furthermore, Palo Alto has successfully transformed in recent years, prioritizing cloud-based solutions over physical firewall products. With a focus on artificial intelligence, scale and profitable growth, it is well-positioned to transform cybersecurity with AI-based outcomes such as zero-day protections and real-time response.
A critical factor for cybersecurity stocks like Palo Alto Networks is providing a much-needed service that is always in demand. Lastly, businesses with an online presence require protection from hackers, regardless of the economic environment.
>>> Nice (NICE) is a global software company providing businesses with cutting-edge contact center software. Its cloud-based product is a market leader, with approximately one out of every three customer service agents using NICE’s software today. With high barriers to entry, NICE has a significant distribution advantage, making it difficult for new competitors to gain traction in the market.
As cloud penetration continues to increase, NICE is expected to take even more market share from legacy on-premises competitors. The company’s revenue per customer will increase due to upselling digital solutions that improve the customer experience. NICE is well-positioned to weather a recession due to its strong free cash flow and skilled management. In addition, its AI-powered smarts have attracted some of the largest consumer-oriented businesses in the world.
Interestingly, NICE is winning contracts for cloud-based customer interaction services while traditional competitors struggle. As a result, recurring revenues will become NICE’s most significant revenue stream in the second half of the year. NICE’s promising position in the AI-driven automation market is bolstered by its progressive product portfolio, which includes the industry’s first conversational CX with ChatGPT-enabled CXone.
NICE’s strong performance is reflected in recent honors, including winning Best Anti-Money Laundering Solution for the second consecutive year and surpassing the milestone of 1 million agents on CXone.
Overall, NICE has established itself as a market leader across multiple areas, including workforce engagement management, contact center as a service, and public safety. In addition, the company’s revenue and profit trends have steadily increased, with cloud revenue driving accelerated total revenue growth. Finally, its recurring revenue expansion provides visibility and cash flow predictability.
Yiannis Zourmpanos is the founder of Yiazou Capital Research, a stock-market research platform designed to elevate the due diligence process through in-depth business analysis.
>>> Fortinet has been growing impressively. The company's 2022 revenue of $4.42 billion was up 32% over the prior year. More importantly, Fortinet's deferred revenue increased at a faster pace of 34% over 2021 to $4.64 billion, while billings also increased by a similar number to $5.6 billion.
The faster growth in Fortinet's billings and deferred revenue compared with its actual revenue is an indication that the company is building a solid future revenue pipeline. That's not surprising, as customers have ramped up their spending on its offerings. For instance, Fortinet landed 181 deals worth $1 million or more last quarter, up from 122 in the year-ago period. Meanwhile, the number of deals worth $500,000 or more also increased rapidly to 450 from 320 in the prior year.
Fortinet can sustain its impressive growth, as it gets a quarter of its business from the software-defined wide area network (SD-WAN) and operational technology (OT) cybersecurity markets. These are fast-growing niches, as the SD-WAN security space is expected to generate 21.2% annual growth over the next decade, while the OT security market could expand at an annual rate of 15.5% over the next five years.
As a result, Fortinet should be able to deliver robust growth against last year's revenue of $4.4 billion.
It's also worth noting that Fortinet has turned a $1,000 investment into more than $13,500 over the past decade, and the huge addressable opportunity in the cybersecurity market could help it remain a top cybersecurity stock for years to come.
>>> New Biden Cybersecurity Strategy Assigns Responsibility to Tech Firms
The New York Times
WASHINGTON — The Biden administration plans to issue a cybersecurity strategy on Thursday that calls on software makers and American industry to take far greater responsibility to assure that their systems cannot be hacked, while accelerating efforts by the F.B.I. and the Defense Department to disrupt hackers and ransomware groups around the world.
For years, the government has pressed companies to voluntarily report intrusions in their systems and regularly “patch” their programs to shut down newly discovered vulnerabilities, much as an iPhone does with automatic updates every few weeks. But the new National Cybersecurity Strategy concludes that such voluntary efforts are insufficient in a world of constant attempts by sophisticated hackers, often backed by Russia, China, Iran or North Korea, to get into critical government and private networks.
Every administration since that of George W. Bush, 20 years ago, has issued a cybersecurity strategy of some kind, usually once in a presidency. But President Biden’s differs from previous versions in several respects, chiefly by urging far greater mandates on private industry, which controls the vast majority of the nation’s digital infrastructure, and by expanding the role of the government to take offensive action to pre-empt cyberattacks, especially from abroad.
The Biden administration’s strategy envisions what it calls “fundamental changes to the underlying dynamics of the digital ecosystem.” If enacted into new regulations and laws, it would force companies to enact minimum cybersecurity measures for critical infrastructure — and, perhaps, impose liability on firms that fail to secure their code, much like automakers and their suppliers are held liable for faulty airbags or defective brakes.
“It just reimagines the American cybersocial contract,” said Kemba Walden, the acting national cyber director, a White House post created by Congress two years ago to oversee both cyberstrategy and cyberdefense. “We are expecting more from those owners and operators in our critical infrastructure,” added Ms. Walden, who took over last month after the country’s first national cyber director, Chris Inglis, a former deputy director of the National Security Agency, resigned.
The government also has a heightened responsibility, she added, to shore up defenses and disrupt the major hacking groups that have locked up hospital records or frozen the operations of meatpackers around the country.
“We have a duty to do that,” Ms. Walden said, “because the internet is now a global commons, essentially. So we expect more from our partners in the private sector and the nonprofits and industry, but we also expect more of ourselves.”
Read alongside past cyberstrategies issued by the previous three presidents, the new document reflects how cyberoffense and -defense have become increasingly central to national security policy.
The Bush administration never publicly acknowledged American offensive cybercapabilities, even as it mounted the most sophisticated cyberattack one state has ever directed at another: a covert effort to use code to sabotage Iran’s nuclear fuel facilities. The Obama administration was reluctant to name Russia and China as the powers behind major hacks of the U.S. government.
The Trump administration bolstered American offensive initiatives against hackers and state-backed actors abroad. It also raised the alarm about having Huawei, the Chinese telecommunications giant it accused of being an arm of the Chinese government, set up high-speed 5G networks in the United States and among allies, fearing the company’s control of such networks would aid in Chinese surveillance or allow Beijing to shut down systems at a time of conflict.
But the Trump administration was less active in requiring American companies to establish minimum protections on critical infrastructure, or seeking to make those firms liable for damage if vulnerabilities they left unaddressed were exploited.
Imposing new forms of liability would require major legislative changes, and some White House officials acknowledged that with Republicans now controlling the House, Mr. Biden may face insurmountable opposition if he seeks to pass what would amount to sweeping new corporate regulation.
Many elements of the new strategy are already in place. In some ways, it is catching up with steps the Biden administration took after struggling through its first year, which began with major hacks of systems used by both private industry and the military.
After a Russian ransomware group shut down the operations of Colonial Pipeline, which handles much of the gasoline and jet fuel along the East Coast, the Biden administration used little-known legal authorities held by the Transportation Security Administration to regulate the nation’s vast network of energy pipelines. Pipeline owners and operators are now required to submit to far-reaching standards set largely by the federal government, and later this week, the Environmental Protection Agency is expected to do the same for water pipelines.
There are no parallel federal authorities for requiring minimum standards of cybersecurity at hospitals, which are largely state regulated. They have been another target of attacks, from Vermont to Florida.
“We should have been doing many of these things years ago after cyberattacks were first used to disrupt power to thousands of people in Ukraine,” Anne Neuberger, Mr. Biden’s deputy national security adviser for cyber and emerging technologies, said on Wednesday. She was referring to a series of attacks on the Ukrainian power grid that began seven years ago.
Now, she said, “we are literally cobbling together an approach sector by sector that covers critical infrastructure.”
Ms. Neuberger cited Ukraine as an example of proactively building up cyberdefenses and resiliency: In the weeks after the Russian invasion, Ukraine changed its laws to allow ministries to move their databases and many government operations to the cloud, backing up computer servers and data centers around Kyiv and other cities that were later targets for Russian artillery. Within weeks, many of those server farms were destroyed, but the government kept running, communicating to servers abroad using satellite systems like Starlink, also brought in after the war broke out.
The strategy is also catching up with an offensive program that has become increasingly aggressive. Two years ago, the F.B.I. began to use search warrants to find and dismantle fragments of malicious code found on corporate networks. More recently, it hacked into the networks of a ransomware group, removed the “decryption keys” that would unlock documents and systems belonging to the group’s victims and foiled efforts to collect large ransoms.
The F.B.I. can operate in domestic networks; it is up to the U.S. Cyber Command to go after Russian hacking groups like Killnet, a pro-Moscow group responsible for a series of denial-of-service attacks starting in the early days of the war for Ukraine. The Cyber Command also slowed the operations of Russian intelligence agencies around the 2018 and 2020 American elections.
But none of those are permanent solutions; some groups the United States has targeted have formulated themselves anew, often under different names.
Mr. Biden’s only face-to-face meeting as president with Russia’s leader, Vladimir V. Putin, in 2021 in Geneva, was driven largely by the fear that rising ransomware attacks were affecting the lives of consumers, hospital patients and factory workers. Mr. Biden warned the Russian leader that his government would be held responsible for attacks emanating from Russian territory.
There was a lull for a number of months, and a prominent hacking group was raided by Russian authorities in Moscow. But that cooperation ended with the opening of the war in Ukraine.
In a speech this week at Carnegie Mellon University, Jen Easterly, the director of the Cybersecurity and Infrastructure Security Agency, described the efforts of the administration as “shifting liability onto those entities that fail to live up to the duty of care they owe their customers.”
“Consumers and businesses alike expect that products purchased from a reputable provider will work the way they are supposed to and not introduce inordinate risk,” Ms. Easterly added, arguing that the administration needed to “advance legislation to prevent technology manufacturers from disclaiming liability by contract,” a common practice that few notice in the fine print of software purchases.
Fortinet - >>> J.P. Morgan Says Now Could Be a Good Time to Buy Cybersecurity Stocks; Here Are 2 Names With Promising Growth Potential
January 27, 2023
In today’s digital world, there will always be a need for cybersecurity. Too many of our essential systems, everything from the upper levels of government and finance to the automation systems that run the traffic lights, depend on online connections for us to ignore the basics of securing our computer networks. Recent events, including the ongoing questions about election integrity, deep macroeconomic volatility, and the Russian war in Ukraine, have simply underscored the importance of cybersecurity.
Against this background of accelerating tailwinds, cybersecurity has become a top priority for tech execs. The situation has caught the attention of J.P. Morgan analyst Brian Essex, who says, “With less than $200 billion of enterprise spend to address over a trillion dollars of estimated annual cost and value destruction related to cybercrime, we expect Security budget growth will outpace IT budget growth for the full year and, with multiples now below pre-pandemic levels, we see several compelling opportunities within Security."
Essex doesn’t leave us with a macro view of the sector. The analyst goes on to give a drill-down to the micro level, and picks out two cybersecurity stocks that he sees as potential winners in the months ahead. These are Buy-rated equities with, in the analyst’s view, promising growth potential. Let's take a closer look.
Fortinet, Inc. (FTNT)
We’ll start with Fortinet, which is well-known for its line of high-end digital security products, including firewalls, endpoint security, intrusion prevention, anti-virus systems, and zero-trust access. Fortinet’s products and services are used to secure and protect data, networks, and system users. Over the past few years, Fortinet has seen its quarterly revenues climb steadily, as the demand for cybersecurity has increased.
A look at the numbers bears it out. In 2019, before the corona pandemic forced a major shift to online and networked connections, Fortinet had $2.2 billion in total revenues; in the 2021, the last full year with data available, the company had a top line exceeding $3.3 billion. In the last reported quarter, 3Q22, the top line came in at $1.15 billion, for a 33% year-over-year gain. The company will report Q4 and full-year 2022 data on February 7; we’ll see then how the trend line is continuing.
In the meantime, a look at the drill-downs of the Q3 data is informative. Product revenue, at $468.7 million, was up 39% y/y, while service revenue rose 28% to reach $680.8 million. Billings rose 33%, to $1.41 billion, and deferred revenue, a measure of future work and income, came in at $4.19 billion for a 35% increase over the prior year quarter. The company’s non-GAAP diluted EPS, of 33 cents, was up 65% from 3Q21.
Fortinet has deep pockets, too, to meet contingencies. The company brought in $483 million in cash from operations during 3Q22, a total that included $395.2 million in free cash flow. This was after spending $500 million in cash to repurchase shares. The company had $964 million in cash and liquid assets on hand at the end of the quarter.
J.P. Morgan's Essex initiated his coverage of Fortinet with an Overweight (i.e. Buy) rating, and a price target of $69, suggesting a one-year upside potential of 31%. (To watch Essex’ track record, click here)
Backing this stance, Essex writes, “We view current valuation levels compelling as the company works toward its medium term goal of $10bn of billings, $8bn of revenue, and adjusted FCF margins in the mid- to high-30%’s for 2025. In our view, demand for core firewall, segmentation, SD-WAN and OT security is strong enough to support double digit product revenue growth with subscription acceleration and gross margin expansion driving continued fundamental strength ahead.”
Tech stocks tend to attract a lot of attention, and Fortinet is no exception – the stock has 20 analyst reviews on record, and they include 13 Buys against 7 Holds to give the company its Moderate Buy consensus recommendation. (See FTNT stock forecast)
Okta, Inc. (OKTA)
The second stock we’re looking at is Okta, a cloud computing firm offering security software for user authentication and identity control. The company’s cloud-based software allows enterprise customers to provide secure user authentication and identity controls, built directly into apps, devices, and website services. Okta has been in business since 2009, has been a public entity since 2017, and currently boasts over 17,000 customers.
The cybersecurity industry was valued at more than $200 billion last year, and is expected to reach $266 billion by 2027. Okta is carving itself a piece of that pie, and in its fiscal year 2022 saw $1.3 billion in total revenues. The company is beating that total in its current fiscal year; in the first three quarters of fiscal ’23, Okta has already generated $1.35 billion in revenues. Okta will release its full year data for fiscal year 2023 this coming March.
Results from the last reported quarter, Q3 of fiscal 2023, showed a top line of $481 million, for a 37% y/y gain. This included $466 million in subscription revenue, which was up 38% year-over-year. The company’s remaining performance obligations – how it reports the backlog – was up 21% y/y, to $2.85 billion, a metric that bodes well for revenues and income going forward. Currently, Okta has a non-GAAP EPS that’s breaking even, an improvement compared to the 7-cent EPS loss reported in the prior year period.
Okta’s Q3 cash flow was modest, at $10 million in net cash from operations, and $6 million in free cash flow, but the company’s cash assets at the end of the third quarter were much more impressive, at $2.47 billion in cash and cash equivalents.
Among the bulls is J.P. Morgan's Brian Essex who describes Okta as ‘a market leader at a discount.’ Getting into details, Essex says of the company: “We believe digital transformation and Cloud adoption will continue to drive demand for cloud native Identity Management technology near term. Long term, we believe Distributed Identity could also be a meaningful underappreciated trend and we view Okta as one of the best positioned vendors to benefit from each of these trends..."
"We believe multiple compression is overdone with material opportunity considering the company’s market leadership position, growth expectations de-risked, and valuation at a meaningful discount. The stock has materially underperformed the S&P 500, as well as the rest of the coverage universe, but at 4.9x EV/NTM Sales, compared to 6.1x for the company's Security Software peers, the setup for upside to OKTA is favorable relative to current stock price levels, in our view,” Essex added.
Putting some definite numbers on this stance, Essex sets an Overweight (i.e. Buy) rating on OKTA, along with a $90 price target, implying a 25% gain on the one-year horizon.
Essex leads the Bulls on OKTA. The stock has a Moderate Buy from the analyst consensus, based on 29 reviews that include 18 Buys and 11 Holds. (See OKTA stock forecast)
>>> A Catastrophic Mutating Event Will Strike the World in 2 Years, Report Says
by Tim Newcomb
January 25, 2023
A World Economic Forum report says business leaders believe a “catastrophic cyber event” is coming.
Cybercrime will grow from a $3 trillion industry in 2015 to a $10.5 trillion industry by 2025.
The unpredictable nature of cybercrime increases threats.
The 2023 World Economic Forum (WEF) in Davos, Switzerland, has filled us with lots of uplifting predictions, like how companies will soon decode our brain waves. The latest warns of a global catastrophic cyber event in the very near future.
“The most striking finding that we’ve found,” WEF managing director Jeremy Jurgens said during a presentation highlighting the WEF Global Security Outlook Report 2023, “is that 93 percent of cyber leaders, and 86 percent of cyber business leaders, believe that the geopolitical instability makes a catastrophic cyber event likely in the next two years. This far exceeds anything that we’ve see in previous surveys.”
Add in the extreme unpredictability of these events—Jurgens cited a cyberattack recently aimed at shutting down Ukranian military abilities that unexpectedly also closed off parts of electricity production across Europe—and the global challenges are only growing.
“This is a global threat,” Jürgen Stock, Secretary-General of Interpol, said during the presentation. “It calls for a global response and enhanced and coordinated action.” He said the increased profits that the multiple bad “actors” reap from cybercrime should encourage world leaders to work together to make it a priority as they face “new sophisticated tools.”
One country that recently saw a massive cyberattack, Albania, is now working with larger allies in warding off the criminals, serving as a laboratory of sorts for folks to realize what is coming.
Edi Rama, Albania’s prime minister, spoke during the presentation, saying that the growth of the cybercrime industry—from $3 trillion in 2015 to an expected $10.5 trillion in 2025—means that if cybercrime was a state, it would be the third largest global economy after the U.S. and China.
That means the crime coming could truly be catastrophic.
Rama cited the global response to COVID-19 and said a cyberattack could be much more substantial:
“Let’s imagine an exponential multitude of viruses that mutate everyday exponentially while not threatening our body, but the bodies we live in, our organizations, our countries, our system, then, you know, it could be just apocalypse. It’s about viruses that can not only block our way of living, but can control it and deviate it.”