Cybersecurity Sector Ideas

[gfp927z]

>>> Israel's Cyera triples valuation to $1.4 bln in funding led by U.S. investment firm


Reuters

Apr 9, 2024


https://finance.yahoo.com/news/israels-cyera-triples-valuation-1-141755593.html?.tsrc=fin-srch


April 9 (Reuters) - Israel's data security firm Cyera has tripled its valuation to $1.4 billion in less than a year as it raised fresh capital in a series C funding led by U.S. tech-focused fund Coatue Management.

Cyera, founded in 2021 and backed by venture capital firms Sequoia Capital and Accel, raised $300 million, taking its total funds raised so far to $460 million, the company said on Tuesday.

The rapid adoption of artificial intelligence has resulted in companies spending more to protect their systems from hack, leading to higher demand for firms such as Cyera that provide data security using its AI-driven platform.

The funding is a rare bright spot for Israeli startups that are facing a decline in funding over the last one year as planned judicial reform and war with Hamas in Gaza deter several investors, according to an annual report by Startup Nation Central.

The latest funding was also joined by new investors - Spark Capital, Georgian and AT&T Ventures - along with existing investors Sequoia, Accel, Redpoint and Cyberstarts.

Cyera had raised $100 million at a valuation of $500 million in June last year.

<<<



---

[gfp927z]

>>> Why a near-miss cyberattack put US officials and the tech industry on edge


Reuters

by Raphael Satter

April 5, 2024


https://finance.yahoo.com/news/why-near-miss-cyberattack-put-110219091.html


WASHINGTON (Reuters) -German software developer Andres Freund was running some detailed performance tests last month when he noticed odd behavior in a little known program. What he found when he investigated has sent shudders across the software world and drawn attention from tech executives and government officials.

Freund, who works for Microsoft out of San Francisco, discovered that the latest version of the open source software program XZ Utils had been deliberately sabotaged by one of its developers, a move that could have carved out a secret door to millions of servers across the internet.

Security experts say it’s only because Freund spotted the change before the latest version of XZ had been widely deployed that the world was spared a digital security crisis.

“We really dodged a bullet,” said Satnam Narang, a security researcher with Tenable who has been tracking the fallout from the find. “It is one of those moments where we have to wipe our brow and say, ‘We were really lucky with this one.’”

The near-miss has refocused attention on the safety of open source software – free, often volunteer-maintained programs whose transparency and flexibility mean they serve as the foundation for the internet economy.

Many such projects depend on a tiny circle of unpaid volunteers fighting to get out from under a pile of demands for fixes and upgrades.

XZ, a suite of file compression tools packaged into distributions of the Linux operating system, was long maintained by a single author, Lasse Collin.

In recent years, he appeared to be under strain.

In a message posted to a public mailing list in June 2022, Collin said he was dealing with "longterm mental health issues" and hinted that he working privately with a new developer named Jia Tan and that “perhaps he will have a bigger role in the future.”

Update logs available through the open source software site Github show that Tan’s role quickly expanded. By 2023 the logs show Tan was merging his code into XZ, a sign that he had won a trusted role in the project.

But cybersecurity experts who’ve scoured the logs say that Tan was masquerading as a helpful volunteer. Over the next few months, they say, Tan introduced a nearly invisible backdoor into XZ.

Collin didn’t return messages seeking comment and said on his website that he would not respond to reporters until he understood the situation well enough to do so.

Tan did not return messages sent to his Gmail account. Reuters has been unable to ascertain who Tan is, where he is, or who he was working for, but many of those who've examined his updates believe Tan is a pseudonym for an expert hacker or group of hackers -- likely one working on behalf of a powerful intelligence service.

“This is not kindergarten stuff,” said Omkhar Arasaratnam, the general manager of the Open Source Security Foundation, which works to defend projects like XZ. “This is incredibly sophisticated.”

‘WE LUCKED OUT’

Tan could easily have gotten away with it had it not been for Freund, the Microsoft developer, whose curiosity was piqued when he noticed the latest version of XZ intermittently using an unexpected amount of processing power on the system he was testing.

Microsoft declined to make Freund available for an interview, but in a publicly-available email and posts to social media, Freund said a series of easy-to-miss clues prompted him to discover the backdoor.

The find “really required a lot of coincidences,” Freund said on the social network Mastodon.

Microsoft CEO Satya Nadella congratulated Freund over the weekend, saying in a post to the social network X that he loved seeing how the developer, “with his curiosity and craftsmanship, was able to help us all.”

In the open source community, the discovery has been sobering. The volunteers who maintain the software that underpins the internet aren't strangers to the idea of little pay or recognition, but the realization that they were now being hunted by well-resourced spies pretending to be Good Samaritans was “incredibly intimidating,” said Arasaratnam, of the Open Source Security Foundation.

Government officials are also weighing the implications of the near-miss, which has underlined concerns about how to protect open source software. Assistant National Cyber Director Anjana Rajan told Politico that “there’s a lot of conversations that we need to have about what we do next” to protect open source code."

The Cybersecurity and Infrastructure Security Agency (CISA) says it has been leaning on U.S. companies that use open source software to plow resources back into the communities that build and maintain it. CISA adviser Jack Cable told Reuters the burden was on tech companies not just to vet open software but to “contribute back and help build the sustainable open source ecosystem that we get so much value from.”

It’s not clear that software companies are properly incentivized to do so. Online open source mailing lists are teeming with complaints about tech giants demanding that volunteers troubleshoot issues with open source software those companies use to make billions of dollars.

Whatever the solution, almost everyone agrees the XZ episode shows something has to change.

“We got unreasonably lucky here,” said Freund in another Mastodon post. “We can't just bank on that going forward.”

<<<



---

[gfp927z]

>>> CrowdStrike Holdings -- The first high-octane AI growth stock that appeared to whet the whistles of billionaire money managers during the December-ended quarter is cybersecurity company CrowdStrike Holdings (NASDAQ: CRWD). Four highly successful billionaires added to their funds' respective stakes in CrowdStrike, including (total shares purchased in parenthesis):


https://finance.yahoo.com/news/forget-nvidia-billionaires-selling-buying-084100649.html


Jeff Yass of Susquehanna International (400,988 shares)

Jim Simons of Renaissance Technologies (97,900 shares)

David Siegel and John Overdeck of Two Sigma Investments (91,091 shares)

On a macro basis, the cybersecurity industry has the look of a surefire growth story through at least the remainder of the decade. As businesses continue shifting their data online and into the cloud, third-party providers are being relied on with frequency to protect this information from hackers.

Furthermore, cybersecurity solutions can thrive in any economic climate. A bad day for Wall Street or a rough patch for the U.S. economy doesn't mean a thing to hackers and robots looking to steal sensitive information. Since CrowdStrike is a subscription-driven company that protects end users, it's well-positioned to generate predictable cash flow no matter what's happening with the economy or stock market.

On a more company-specific basis, CrowdStrike brings clearly identifiable competitive advantages to the table for its customers and investors. The company's Falcon security platform is driven by AI and ML. Falcon is overseeing trillions of events each week, which are making it smarter and more effective at recognizing and responding to potential threats.

There are a couple of key performance indicators that demonstrate just how much pull CrowdStrike has with businesses. Even though its platform isn't the cheapest, gross retention rate has been pegged right around 98% for multiple years. Additionally, the company's net retention rate hasn't fallen below 119% in more than five years. This means the company's existing clients are spending at least 19% more on a year-over-year basis.

But the key to CrowdStrike's success has been its ability to upsell existing customers. Whereas a single-digit percentage of its clients seven years ago had purchased four or more cloud module subscriptions, 64% of its customers now have five or more cloud module subscriptions. These add-on sales have lifted its adjusted subscription gross margin to an impressive 80%!

<<<



---

[gfp927z]

>>> Cybersecurity Stocks To Watch Amid Shift To AI, Cloud


Investor's Business Daily

REINHARDT KRAUSE

03/11/2024


https://www.investors.com/news/technology/cybersecurity-stocks/?src=A00220


You may think the time is right to move into cybersecurity stocks amid high profile hacking incidents. Also, buzz surrounding artificial intelligence is driving investor interest in cybersecurity stocks. And, federal government spending on cybersecurity should provide a boost in 2024, analysts say.

As of March 11, the IBD Computer Software-Security group ranked No. 26 out of 197 industry groups that IBD tracks. That was down from No. 9 two weeks ago.

Also, four cybersecurity stocks are members of the IBD 50 roster of growth stocks: CrowdStrike (CRWD), SentinelOne (S), Okta (OKTA) and Cloudflare (NET). Earnings for SentinelOne are due March 13.

CRWD stock jumped on its better-than-expected Q4 earnings and outlook. CrowdStrike stock has advanced 26% in 2024.

"Q4 was the company's fourth consecutive quarter of positive GAAP earnings, meaning that CrowdStrike could potentially be eligible for S&P 500 inclusion," said a Bank of America report.

Zscaler (ZS), a big player in the fast-growing SASE market, has dropped off the IBD Leaderboard. Billings, a sales growth metric, is an issue for ZS stock amid go-to-market changes.

Cybersecurity Price War Coming?

Palo Alto Networks' (PANW) fiscal second-quarter earnings report and reduced 2024 guidance for PANW stock sent cybersecurity stocks down. Palo Alto's decision to bundle more products in discounted packages as part of a "Platformization" strategy could spark a pricing war, some investors worry.

Shares in Fortinet (FTNT), a rival of Palo Alto Networks, are up 22% in 2024.

The big picture: cybersecurity services delivered via cloud computing platforms are in favor. Many companies are moving away from on-premise computer network "firewall" appliances.

Raymond James analyst Adam Tindle forecast a fast-growing cloud security market in a recent report. "We arrive at a $16 billion cloud security total addressable market in 2024, growing faster than a 20% three-year, compound annual growth rate, to hit $30 billion in 2027."

Problem is, public cybersecurity firms are in a fierce battle with feisty cloud security startups for market share. Among the startups: Wiz, Lacework and Snyk.

Cybersecurity Stocks: Microsoft Competition

The cybersecurity stocks have thrived despite growing competition from cloud computing giant Microsoft (MSFT). Microsoft aims to integrate artificial intelligence tools into its security platform. Called Microsoft Security Copilot, the platform uses a new AI assistant.

The recent hacks on casino operators MGM Resorts (MGM) and Caesars Entertainment (CZR) underlined worries that generative AI will increase ransomware attacks.

Meanwhile, the Securities and Exchange Commission has new disclosure rules for public companies. The rules require companies to report hacking incidents within four business days if they have a material impact on operations.

Further, research firm Gartner has updated its forecast for corporate spending on cybersecurity. The research firm sees a 14% rise in 2024 to $215 billion.

That's up from its earlier forecast for 11% growth. And, that's better than most information-technology spending categories.

In 2024, spending on cloud security products and services will jump nearly 25% to $7 billion, Gartner predicts.

Cybersecurity Stocks: AI Double-Edged Sword

Meanwhile, both computer security firms and hackers are expected to make use of generative AI tools. Here's a look at the AI cybersecurity battle.

Cybersecurity firms expect generative AI tools to help reduce the time to detect and respond to many forms of computer hacking. Also, they see generative AI automating more functions in security operations centers to help companies deal with a shortage of software engineers.

According to a Morgan Stanley survey of chief information officers in 2022, cloud computing and security software remained at the top of priority lists, followed by business intelligence/analytics, digital transformation and artificial intelligence.

Analysts say a new wave of startups is taking share from industry incumbents. They include Netskope, Wiz, Snyk, Lacework and Illumio. Analysts say others to watch include Vectra AI, Venafi, Recorded Future, Noname Security, Obsidian Security, Deep Instinct and Skyflow. The startups pressure incumbents into higher research and development spending.

Funding continues to go to cybersecurity startups. Cloud security firm Wiz recently raised $300 million at a $10 billion valuation.

Cybersecurity Stocks And Private Equity

Private-equity firms remain active. Thoma Bravo in October 2022 agreed to buy ForgeRock for $23.25 a share in an all-cash deal valued at about $2.3 billion. The deal represented a 53% premium to ForgeRock's closing share price on Oct. 10. The deal is expected to close in the first half of 2023 (?)

Earlier, Thoma Bravo acquired Ping Identity Holdings (PING) for $2.8 billion. Thoma Bravo also has acquired cybersecurity firms SailPoint Technology, Proofpoint, Sophos and Barracuda. The private equity firm has invested in cybersecurity startups, such as Illumio.

Also, private-equity firm Permira in May completed its purchase of Mimecast for $5.8 billion.

Federal Market A Tailwind?

Google-parent Alphabet (GOOGL) last year acquired cybersecurity firm Mandiant in an all-cash $5.4 billion deal. Mandiant is now part of Google's cloud computing business.

Further, Google in 2022 acquired Siemplify, a security orchestration, automation and response provider, for around $500 million.

Still, some computer security firms could get a boost from new federal government initiatives.

The Cyber Incident Reporting Act of 2023 requires agencies, federal contractors and critical infrastructure operators to notify the Department of Homeland Security when a data breach is detected, a significant step in building security.

In addition, Ransomware remains a big threat.

Cybersecurity Stocks: Wide Range Of Products

Further, it behooves an investor to know which cybersecurity stocks address ransomware, phishing or other kinds of cyberattacks.

Meanwhile, CrowdStrike uses machine learning and a specialized database to detect malware on laptops, mobile phones and other devices that access corporate networks. In addition, many software companies are using artificial intelligence to get a competitive edge.

In addition, Zscaler is the biggest provider of cloud-based web security gateways that inspect customers' data traffic for malware.

SailPoint, an identity management software maker, is among companies that garner more than 10% of revenue from government agencies.

Other cybersecurity firms with a sizable government business include Tenable (TENB), Rapid7 and CyberArk (CYBR). Tenable in 2021 acquired France-based Alsid, which focuses on identity access management.

In addition, Rapid7 (RPD) and Qualys (QLYS) specialize in vulnerability management services.

Amid the rapid global spread of Covid-19, many companies instructed employees to work from home. That has increased demand for computer security products that support remote work.

The coronavirus emergency and shift to remote work has accelerated the growth of cloud-based network security. So the industry now has a new term for the infrastructure that supports distributed workers and branch offices.

SD-WAN Technology Changes Security Needs

Corporate America has hiked tech spending on security aiming to protect intellectual property as well as consumer privacy. Hackers continue to steal credit card data and intellectual property.

Spending on security technologies has evolved as companies shift business workloads to cloud computing service providers. Amazon Web Services, part of Amazon.com (AMZN), is the biggest cloud services firm. Amazon looms as a potential rival to companies like Cloudflare as it builds more security tools into its cloud services.

Also, Fortinet competes with Palo Alto Networks and others in the firewall security market. Firewalls reside between private networks and the internet. They block unauthorized traffic and check web applications for malware.

As large companies shift to off-premise cloud computing services, one view is that firewall technology will play a lesser role. Fortinet has targeted software-defined wide area networks, or SD-WANs, an emerging computer networking technology.

Cybersecurity Products Battle Ransomware, Phishing

Further, cybersecurity stocks span a wide-range of products and services. In addition, some security vendors are shifting to software-based subscription business models from selling hardware appliances. Among them, Proofpoint specializes in email and data-loss protection.

Meanwhile, hackers often aim to compromise networks by targeting employees or management who have administrative access. CyberArk (CYBK) manages privileged accounts. In addition, Okta provides identity verification services.

To slow down hackers, more companies are focusing on internal security threats though a strategy known as Zero Trust. In addition, traditional security measures aim to keep the bad guys out of corporate networks. Further, network firewalls focus on intruders from the public internet.

Zero Trust cybersecurity models focus on internal threats, such as hackers stealing someone's security credentials. Security firms verify the identity of network users and limit access to applications.

CrowdStrike, Okta, Netskope and Proofpoint recently formed a Zero Trust alliance. Targeting Zero Trust security, Cisco Systems (CSCO) in 2018 acquired Duo Security for $2.35 billion.

Also, many fast-growing cybersecurity firms are in the endpoint market. Their tools detect malware on laptops, mobile phones and other devices that access corporate networks.

Also, investors might consider the Global X Cybersecurity ETF (BUG) for a more broad exposure to the sector.

<<<



---

[gfp927z]

PANW - >>> 1 Amazing Artificial Intelligence (AI) Stock Down 29% You'll Regret Not Buying on the Dip


by Anthony Di Pizio

Motley Fool

February 26, 2024


https://finance.yahoo.com/news/1-amazing-artificial-intelligence-ai-102900913.html


Cyber threats are a growing concern among the world's top businesses. Technologies like generative artificial intelligence (AI) are helping bad actors craft sophisticated attacks by creating hyper-realistic phishing emails, and voice recordings that can trick employees into handing over sensitive information.

In fact, 64% of the 4,702 CEOs recently surveyed by PwC believe generative AI will increase cybersecurity risk in their organizations over the next 12 months. It was their biggest concern when it comes to AI, outranking the spread of misinformation and potential legal risks.

Advanced cybersecurity tools that use AI to deliver smarter, more automated protection are required to combat these new-age threats -- and Palo Alto Networks (NASDAQ: PANW) is a leader in that very field, but the stock has had a rough go of it lately.

The company recently released results for its fiscal 2024's second quarter (ended Jan. 31). That sent the shares plunging 29% as the company announced a shift in its business strategy. However, these new steps could bear fruit over the long term. Here's why investors should consider the stock now.

Palo Alto is a leader in AI-based cybersecurity

Palo Alto's business is split into three platforms: network security, cloud security, and security operations. The company is gradually weaving AI through many of the products under those banners to give businesses the most advanced protection possible.

Here's a notable statistic. Palo Alto says 93% of security operations centers within organizations still rely on human-led processes. Cybersecurity managers are under such a heavy workload that 23% of incidents are left uninvestigated, which creates an unacceptable number of vulnerabilities.

Palo Alto's Cortex XSIAM security operations platform was designed to solve that problem. AI and automation are at its core, and for one large customer, it has reduced the number of incidents that require manual investigation by 75%. Another customer now has 90% of their security incidents solved by automation, up from 10% prior to adopting XSIAM. XSIAM was launched a little over one year ago, and it has already amassed a revenue pipeline worth $1 billion.


But the AI opportunity is just heating up. Organizations and their employees will be using AI an increasing amount in the coming years, and Palo Alto says security isn't yet front and center. They could be accessing AI in an insecure manner that places their critical data at risk, and plugging those vulnerabilities could be a $5 billion opportunity by 2030.

Plus, Palo Alto says the frequency of phishing emails has increased 12-fold over the last year because of AI's ability to generate them instantly. According to CrowdStrike, 90% of successful cyberattacks originate at the endpoint -- the computer or device used by each employee -- making it the most vulnerable part of every company.

Phishing emails tend to target those employees, and since Palo Alto already protects roughly 100 million individual users, it has a huge opportunity ahead in limiting the damage.

A strong Q2, but reduced full-year forecast

Palo Alto delivered $2 billion of revenue in the second quarter, marking a 19% increase from the year-ago period. It also delivered $1.46 in non-GAAP (adjusted) earnings per share, which was a 39% increase. Palo Alto was profitable on a generally accepted accounting principles (GAAP) basis, too, although the result benefited from a large one-off income tax benefit.

The point is, this company is delivering revenue growth without substantial losses at the bottom line, unlike many of its competitors, which are still burning through cash each quarter. Palo Alto's remaining performance obligations (RPOs) also soared 22% to $10.8 billion, which typically converts to revenue over time.

However, Palo Alto's management team unexpectedly reduced its forecast for both RPOs and revenue for the fiscal 2024 full year. The company is undergoing a major strategy shift to position itself for accelerated growth in the future.

The shift toward platformization

The cybersecurity industry is fragmented, with companies often piecing products together from different providers based on their needs. Historically, Palo Alto has relied on the quality of its products to attract its customers to use more of them.

I mentioned earlier that Palo Alto's business is split into three platforms. Well, the lifetime value of customers using all three platforms is 40 times greater than those using just one. Therefore, incentivizing large customers to use Palo Alto for all of their needs could drive enormous growth in the long term.

The problem is that large organizations often have existing contracts with their cybersecurity providers and can't simply opt out whenever they please. So, Palo Alto is offering them fee-free periods to capture them while they are still contracted with a competitor. Then, once that contact runs out, they will convert into paying customers for Palo Alto.

It's a great strategy that forgoes short-term revenue (hence the drop in billings and revenue guidance) in exchange for potentially significant growth in the long term. Plus, it squeezes out Palo Alto's competitors in the process.

Why Palo Alto stock is a buy now

Palo Alto believes the accelerated shift to platformization will help the company reach $15 billion in annual revenue by 2030, 90% of which will be recurring revenue, creating a stable and reliable business.

Considering that the company expects to deliver $8 billion in revenue during fiscal 2024, hitting that goal would translate to an 87.5% increase between now and then -- or a compound annual growth rate of 11%.

However, Palo Alto thinks there could be upside to its $15 billion target thanks to AI. That isn't surprising given that so many companies developing AI technologies are delivering explosive growth right now. The truth is, nobody knows exactly how much the threat landscape might be altered by sophisticated AI-based attacks, so the true size of Palo Alto's long-term opportunity is hard to discern.

So, while investors rushed for the exits following the reduction in Palo Alto's guidance, the 29% drop in its stock price presents an opportunity for investors who are willing to hold for the long term. They might be glad they bought in when they look back on this moment in a few years, assuming Palo Alto's vision becomes reality.

<<<



---

[gfp927z]

>>> Why Palo Alto Networks Stock Crashed Wednesday Morning


by Danny Vena

Motley Fool

Feb 21, 2024


https://finance.yahoo.com/news/why-palo-alto-networks-stock-162612031.html


Shares of Palo Alto Networks (NASDAQ: PANW) turned sharply lower Wednesday morning, falling as much as 27%. As of 10:44 a.m. ET, the stock was still down 25.9%.

The catalyst that sent the cybersecurity specialist plunging was its quarterly financial report. While results were better than expected, the company announced a major change to its strategy that caught investors off guard.

Solid results

For its fiscal 2024 second quarter (ended Jan. 31), Palo Alto Networks' revenue grew 19% year over year to $2 billion, fueled by existing customers increasing their spending. This resulted in adjusted earnings per share (EPS) that rose 39% to $1.46.

To give those numbers context, analysts' consensus estimates were calling for revenue of $1.65 billion and adjusted EPS of $1.30, so Palo Alto Networks cleared both bars with room to spare.

Total billings -- or contractually obligated sales that haven't yet been booked as revenue -- provide insight into the company's future growth potential, and there appeared to be trouble on the horizon. Second-quarter billings increased to $2.35 billion, up 16% year over year. When billings grow more slowly than current revenue growth, this suggests a potential slump in future sales.

A major strategic pivot

CEO Nikesh Arora revealed a major shift in strategy that caught investors off guard. The company will offer increased incentives, including free product offers, in a bid to get customers to adopt more of its products and services. The resulting uncertainty had some investors running for the exits.

In keeping with its plans, management slashed its guidance. For its fiscal third quarter, executives are forecasting revenue in a range of $1.95 billion to $1.98 billion, or year-over-year growth of 14% at the midpoint. The company also expects diluted adjusted EPS of $1.25. Even more troubling was projected billings of $2.33 billion, or an uptick of just 3% at the midpoint. This suggests a rapid deceleration in growth.

For fiscal 2024, management is forecasting revenue of $8 billion, up roughly 15% year over year. Palo Alto Networks expects total billings of roughly $10.15 billion at the midpoint of its guidance, which would equal growth of about 11%.

This is a major shift in strategy, and it remains to be seen whether management can pull this off, which is why the stock plummeted.

<<<



---

[andrethegiant1]

$SWISF worth looking into

[gfp927z]

>>> Booz Allen Doubles Down on Adversarial AI Capabilities With New Investment


Business Wire

September 26, 2023


https://finance.yahoo.com/news/booz-allen-doubles-down-adversarial-120000482.html


HiddenLayer’s MLSec platform brings added scale to Booz Allen’s ability to protect federal AI missions


MCLEAN, Va., September 26, 2023--(BUSINESS WIRE)--Booz Allen Hamilton (NYSE: BAH) – the largest single provider of artificial intelligence services for the Federal government – today announced that its corporate venture capital arm, Booz Allen Ventures, has made a strategic investment in HiddenLayer, a security platform that safeguards machine learning (ML) models. This investment strengthens and expands Booz Allen’s tenured Adversarial AI capabilities, including those developed for the Department of Defense and intelligence clients, and will further accelerate secure adoption of enterprise AI solutions to keep pace with emerging national security threats as well as rising consumer expectations.

"Every AI-enabled solution should be assessed for risk and appropriately protected from adversarial attacks – especially as the government looks to deploy AI capabilities in increasingly important applications," said Matt Keating, leader of Booz Allen’s Adversarial AI portfolio. "Our clients operate in complex environments that require AI models be highly specialized, rapidly deployable, and secure. The HiddenLayer investment by Booz Allen Ventures better positions us to integrate startup, commercial, and open source innovation to rapidly augment our existing capabilities. Ultimately, allowing us to more quickly and confidently delivery robust AI capability to our clients – and the country at large."

With increased AI adoption – specifically AI models deployed within mission critical systems – the risk surface increases for federal, defense, civil, national security and commercial users, with bad actors looking to exploit and accelerate cyber threats. The newly announced investment in HiddenLayer will complement and accelerate Booz Allen’s existing Adversarial AI capabilities, a leader for over five years in advancing machine learning (ML) methodologies to safeguard systems against attack.

This includes a long-standing focus on addressing key challenges with model security, such as data poisoning, data leakage, model evasion, and malicious code injection. In addition, Booz Allen has also led advanced research to assess the adversarial image perturbation robustness for computer vision models and how manipulated tabular data can enhance the behavior evasive capabilities of Microsoft Windows malware.

"Using pre-trained open-source models is an overall net positive, but this foundation also puts AI models at greater risk for adversarial attack. This tension is a threat that organizations need to be aware of, plan for, and get ahead of, as our adversaries are doing just that," said Edward Raff, chief scientist at Booz Allen and leader of the Booz Allen ML research team, which has been publishing academic research on adversarial AI since 2018.

This is the latest AI-focused investment by Booz Allen Ventures, which identifies and invests in strategic, dual-use commercial technologies, with recent investments including Shift5, Credo AI, Hidden Level, Latent AI, Synthetaic, and Reveal Technology. The investment also builds on Booz Allen’s focused efforts and missions around Generative AI and Responsible AI, providing a robust security foundation as AI use increases.

"HiddenLayer’s powerful platform and expert team has proven effective in securing AI from a broad range of threats, so we quickly identified them as a partner that can support and protect our AI deployments," said Travis Bales, Managing Director at Booz Allen Ventures. "From our early discussions, it was clear to us that the HiddenLayer team has the vision and execution to continue developing security for the emerging AI market."

Booz Allen’s recent investment now enables Federal agencies to capitalize on HiddenLayer’s award-winning Machine Learning Detection & Response platform, as well as Booz Allen’s AI security research, risk and vulnerability assessments, managed detection and response services—all paired with AI security engineering best practices, tools and technologies.

"Booz Allen continuously proves its commitment to developing AI capabilities that are robust, secure, and offer the technical depth needed by the Federal government. Their 360-degree approach to AI combined with their steadfast commitment to HiddenLayer's vision since our founding made them a perfect partner for the next stage of our growth," said Chris Sestito, Co-Founder & CEO at HiddenLayer. "Bringing together our MLSec platform and their purpose-built AI solutions ensures our government can continue to innovate through AI adoption with confidence knowing they are secure from all types of cyber-attacks, including those from nation-states."

Learn more about Booz Allen’s work in Adversarial AI and about Booz Allen Ventures.

About Booz Allen Hamilton

Trusted to transform missions with the power of tomorrow’s technologies, Booz Allen Hamilton advances the nation’s most critical civil, defense, and national security priorities. We lead, invest, and invent where it’s needed most—at the forefront of complex missions, using innovation to define the future. We combine our in-depth expertise in AI and cybersecurity with leading-edge technology and engineering practices to deliver impactful solutions. Combining more than 100 years of strategic consulting expertise with the perspectives of diverse talent, we ensure results by integrating technology with an enduring focus on our clients. We’re first to the future—moving missions forward to realize our purpose: Empower People to Change the World®.

With global headquarters in McLean, Virginia, our firm employs approximately 32,600 people globally as of June 30, 2023 and had revenue of $9.3 billion for the 12 months ended March 31, 2023.

<<<



---

[gfp927z]

>>> Cloudflare, Palo Alto Networks and Zscaler tumble as Microsoft expands in cybersecurity


CNBC

JUL 12 2023

Jordan Novet


https://www.cnbc.com/2023/07/12/palo-alto-networks-and-zscaler-tumble-as-microsoft-expands-in-security.html#:~:text=Cloudflare%20%2C%20Palo%20Alto%20Networks%20and%20Zscaler%20shares%20all%20declined%20Wednesday,while%20Cloudflare%20shares%20fell%205.5%25;.


Microsoft introduced products under the Secure Service Edge umbrella.

Some analysts cautioned that it’s early for the new products. Pricing information isn’t available yet.


Cloudflare, Palo Alto Networks and Zscaler shares all declined Wednesday after analysts noted Microsoft’s entry into a part of the cybersecurity market where those three smaller companies already compete. Palo Alto and Zscaler shares both slid about 7%, while Cloudflare shares fell 5.5%.

Analysts emphasized that the new Microsoft Entra Internet Access and Microsoft Entra Private Access products are in the preview stage, with no pricing details available. But over time, they could strengthen Microsoft’s campaign to make security one of its top categories, as older areas such as Windows recede.

In 2022, Microsoft’s security revenue exceeded $20 billion, up about 33% from the prior year. CEO Satya Nadella said in a recently disclosed memo that the company’s Security, Compliance, Identity and Management business could reach $100 billion in revenue by the 2030 fiscal year.

The new Entra products, along with the existing Microsoft Defender for Cloud Apps, fall under a category known as Secure Service Edge. SSE involves providing cloud tools that help corporate workers securely access applications hosted in the cloud and on premises, Joy Chik, Microsoft’s president of identity and network access, wrote in a Tuesday blog post.

The Microsoft Entra Private Access service offers an alternative to long-standing virtual private networks, or VPNs, which let employees access internal programs while working remotely. Microsoft Entra Internet Access can help security administrators control employees’ connections to cloud apps, including Microsoft 365 applications such as Teams.

Analysts at Jefferies, with a buy rating on Microsoft stock, said the move could have “potential longer term ramifications” to Cloudflare, Palo Alto and Zscaler, as well as Fortinet and Check Point Software
.
“This is potentially the largest and last major cybersecurity market that Microsoft has yet to enter and it is now competing with cloud network security providers, mainly ZS, NET, PANW,” Morgan Stanley analysts led by Hamza Fodderwala wrote in a Tuesday note. Still, they said gaining meaningful market share in SSE could prove more difficult than in other parts of security because of a lack of structural tie-ins with Microsoft software. The company has gained adoption in endpoint security through Windows and identity products due to integrations in its email software.

“The same presence doesn’t exist for network security/SASE, which we think is more complex given the need to enforce policy in heterogeneous environments,” wrote the analysts, who have the equivalent of a buy rating on Microsoft shares.

Analysts at UBS, with a hold rating on the stock, said Zscaler’s 4.5% downward move Tuesday appeared to be “overdone, especially when considering ZS’s near-exclusive focus on the enterprise segment and the expectation that the initial Microsoft Security Edge solution will be primarily aimed at SMBs.”

<<<



---

[gfp927z]

>>> Fortinet - is a well-known cybersecurity company that offers a wide range of products and services, including everything from subscription anti-virus software to firewalls. Like CrowdStrike, Fortinet is seeing exceptional growth right now compared to most tech companies.


https://www.fool.com/investing/2023/04/21/cybersecurity-stocks-buy-and-hold-for-decade/?source=eptyholnk0000202&utm_source=yahoo-host&utm_medium=feed&utm_campaign=article


Fortinet's sales rose 32% in 2022, reaching $4.2 billion, thanks to the company's service revenue increasing 26% and product revenue jumping 42%.

Part of the company's competitive advantage comes from its large firewall business. The latest IDC data shows Fortinet in the No. 1 position for firewall shipments. Fortinet CFO Keith Jensen said in the latest earnings call that the company's current economies of scale make it difficult for competitors to catch up, because of the "high entry barrier and significant investment that is required" to develop similar firewall technology.

In addition to the company's strong position in the cybersecurity market, management expects more growth this year, with sales estimated to climb 22% to about $5.4 billion. And Fortinet's management believes that it is "well positioned to achieve" its target of $8 billion in revenue for the 2025 year.

<<<



---

[gfp927z]

>>> Microsoft is bringing ChatGPT technology to cybersecurity


Yahoo Finance

by Daniel Howley

March 28, 2023


https://finance.yahoo.com/news/microsoft-is-bringing-chatgpt-technology-to-cybersecurity-153003566.html


Microsoft (MSFT) is bringing OpenAI’s ChatGPT capabilities to its cybersecurity business via its new Microsoft Security Copilot. The software, which was announced Tuesday, is meant to help cybersecurity professionals prevent and detect cyberattacks faster and with greater ease.

“The entire impact of this is to defend the way we've never been able to defend before,” Vasu Jakkal, Microsoft CVP of security, compliance, identity, and management told Yahoo Finance. “You're now going to be able to protect and disrupt attacks when they're happening.”

Security Copilot, Jakkal explained, runs on both OpenAI’s GPT-4 generative AI model and Microsoft’s own security-specific model. The result is an AI bot that allows cybersecurity professionals to do things like quickly pull together information on the latest security incidents in their companies, dig into potential threats, and even quickly look up data on common vulnerabilities and exposures.

In one example, Microsoft showed how Security Copilot can look at a cyberattack to pick apart how the hacker got into a network and onto a victim’s device.

“It’s the first and only generative AI-based, [large language model]-based tool that is out there. It’s one of a kind. This has never happened before,” Jakkal added.

Microsoft says that Security Copilot will allow cybersecurity workers to catch incidents that other approaches may otherwise miss, improve the quality of threat detection, speed up their response, and help them improve their overall security standing.

Microsoft already sells an array of cybersecurity offerings including Microsoft Defender, Microsoft Entra, Microsoft Purview, and Microsoft Sentinel. In January, the company announced that its cybersecurity arm is now a $20 billion a year business.

The tech giant says that Security Copilot will continually improve as it learns from a company’s own data. That data, however, will never be used to teach the broader Copilot algorithm. Meaning a customer’s information will remain its own.

Security Copilot works just like Microsoft’s Bing search engine. Cybersecurity workers type a prompt into a text box, and Security Copilot will fire back a reply based on the app’s available knowledge set.

As with the company’s other generative AI offerings, Microsoft says Security Copilot may provide incorrect answers to prompts, and gives users a means to report them.

The announcement comes just weeks after Microsoft debuted its Microsoft 365 Copilot for its Microsoft 365 productivity suite. That offering allows users to take advantage of Microsoft’ and OpenAI’s AI capabilities to do things like put together a PowerPoint presentation, write up articles in Word, and more.

Microsoft is riding high on its multi-billion investment in OpenAI. The firm, which originally showed off its ChatGPT-powered Bing search engine and Edge browser, is pouring the technology into seemingly all of its products as the AI wars heat up across Silicon Valley.

<<<



---

[gfp927z]

>>> Palo Alto Networks (PANW) - Despite facing macroeconomic challenges and spending slowdowns, Palo Alto remains an industry leader in enterprise security solutions. As the digital landscape grows and cyberattacks and ransomware become more prevalent, demand for Palo Alto’s products remains strong.


https://finance.yahoo.com/news/3-cybersecurity-stocks-buy-digital-181005216.html


Palo Alto’s ability to execute well amid economic uncertainty is a testament to its resilience and long-term growth prospects. Even though the company is working to manage costs, its focus on efficiencies will have a limited impact on headcount growth.

Additionally, its expanding portfolio of cloud security and security operations products boosts demand. The number of deals worth $10 million or more increased by 144% year over year, indicating strong demand. Palo Alto invested heavily in research and development (R&D), spending $1 billion last year. As a result, the company’s R&D is up to five times more than some of its competitors.

Furthermore, Palo Alto has successfully transformed in recent years, prioritizing cloud-based solutions over physical firewall products. With a focus on artificial intelligence, scale and profitable growth, it is well-positioned to transform cybersecurity with AI-based outcomes such as zero-day protections and real-time response.

A critical factor for cybersecurity stocks like Palo Alto Networks is providing a much-needed service that is always in demand. Lastly, businesses with an online presence require protection from hackers, regardless of the economic environment.

<<<



---

[gfp927z]

>>> Nice (NICE) is a global software company providing businesses with cutting-edge contact center software. Its cloud-based product is a market leader, with approximately one out of every three customer service agents using NICE’s software today. With high barriers to entry, NICE has a significant distribution advantage, making it difficult for new competitors to gain traction in the market.


https://finance.yahoo.com/news/3-cybersecurity-stocks-buy-digital-181005216.html


As cloud penetration continues to increase, NICE is expected to take even more market share from legacy on-premises competitors. The company’s revenue per customer will increase due to upselling digital solutions that improve the customer experience. NICE is well-positioned to weather a recession due to its strong free cash flow and skilled management. In addition, its AI-powered smarts have attracted some of the largest consumer-oriented businesses in the world.

Interestingly, NICE is winning contracts for cloud-based customer interaction services while traditional competitors struggle. As a result, recurring revenues will become NICE’s most significant revenue stream in the second half of the year. NICE’s promising position in the AI-driven automation market is bolstered by its progressive product portfolio, which includes the industry’s first conversational CX with ChatGPT-enabled CXone.

NICE’s strong performance is reflected in recent honors, including winning Best Anti-Money Laundering Solution for the second consecutive year and surpassing the milestone of 1 million agents on CXone.

Overall, NICE has established itself as a market leader across multiple areas, including workforce engagement management, contact center as a service, and public safety. In addition, the company’s revenue and profit trends have steadily increased, with cloud revenue driving accelerated total revenue growth. Finally, its recurring revenue expansion provides visibility and cash flow predictability.

Yiannis Zourmpanos is the founder of Yiazou Capital Research, a stock-market research platform designed to elevate the due diligence process through in-depth business analysis.

<<<



---

[gfp927z]

>>> Fortinet has been growing impressively. The company's 2022 revenue of $4.42 billion was up 32% over the prior year. More importantly, Fortinet's deferred revenue increased at a faster pace of 34% over 2021 to $4.64 billion, while billings also increased by a similar number to $5.6 billion.


https://www.fool.com/investing/2023/03/29/the-best-stocks-to-invest-1000-in-right-now/?source=eptyholnk0000202&utm_source=yahoo-host&utm_medium=feed&utm_campaign=article


The faster growth in Fortinet's billings and deferred revenue compared with its actual revenue is an indication that the company is building a solid future revenue pipeline. That's not surprising, as customers have ramped up their spending on its offerings. For instance, Fortinet landed 181 deals worth $1 million or more last quarter, up from 122 in the year-ago period. Meanwhile, the number of deals worth $500,000 or more also increased rapidly to 450 from 320 in the prior year.

Fortinet can sustain its impressive growth, as it gets a quarter of its business from the software-defined wide area network (SD-WAN) and operational technology (OT) cybersecurity markets. These are fast-growing niches, as the SD-WAN security space is expected to generate 21.2% annual growth over the next decade, while the OT security market could expand at an annual rate of 15.5% over the next five years.

As a result, Fortinet should be able to deliver robust growth against last year's revenue of $4.4 billion.

It's also worth noting that Fortinet has turned a $1,000 investment into more than $13,500 over the past decade, and the huge addressable opportunity in the cybersecurity market could help it remain a top cybersecurity stock for years to come.

<<<



---

[gfp927z]

>>> New Biden Cybersecurity Strategy Assigns Responsibility to Tech Firms


The New York Times

March 2023


https://www.msn.com/en-us/news/politics/new-biden-cybersecurity-strategy-assigns-responsibility-to-tech-firms/ar-AA188tH7?ocid=hpmsn&cvid=8e4726fe39084efaa92e447c8efc3714&ei=14


WASHINGTON — The Biden administration plans to issue a cybersecurity strategy on Thursday that calls on software makers and American industry to take far greater responsibility to assure that their systems cannot be hacked, while accelerating efforts by the F.B.I. and the Defense Department to disrupt hackers and ransomware groups around the world.

For years, the government has pressed companies to voluntarily report intrusions in their systems and regularly “patch” their programs to shut down newly discovered vulnerabilities, much as an iPhone does with automatic updates every few weeks. But the new National Cybersecurity Strategy concludes that such voluntary efforts are insufficient in a world of constant attempts by sophisticated hackers, often backed by Russia, China, Iran or North Korea, to get into critical government and private networks.

Every administration since that of George W. Bush, 20 years ago, has issued a cybersecurity strategy of some kind, usually once in a presidency. But President Biden’s differs from previous versions in several respects, chiefly by urging far greater mandates on private industry, which controls the vast majority of the nation’s digital infrastructure, and by expanding the role of the government to take offensive action to pre-empt cyberattacks, especially from abroad.

The Biden administration’s strategy envisions what it calls “fundamental changes to the underlying dynamics of the digital ecosystem.” If enacted into new regulations and laws, it would force companies to enact minimum cybersecurity measures for critical infrastructure — and, perhaps, impose liability on firms that fail to secure their code, much like automakers and their suppliers are held liable for faulty airbags or defective brakes.

“It just reimagines the American cybersocial contract,” said Kemba Walden, the acting national cyber director, a White House post created by Congress two years ago to oversee both cyberstrategy and cyberdefense. “We are expecting more from those owners and operators in our critical infrastructure,” added Ms. Walden, who took over last month after the country’s first national cyber director, Chris Inglis, a former deputy director of the National Security Agency, resigned.

The government also has a heightened responsibility, she added, to shore up defenses and disrupt the major hacking groups that have locked up hospital records or frozen the operations of meatpackers around the country.

“We have a duty to do that,” Ms. Walden said, “because the internet is now a global commons, essentially. So we expect more from our partners in the private sector and the nonprofits and industry, but we also expect more of ourselves.”

Read alongside past cyberstrategies issued by the previous three presidents, the new document reflects how cyberoffense and -defense have become increasingly central to national security policy.

The Bush administration never publicly acknowledged American offensive cybercapabilities, even as it mounted the most sophisticated cyberattack one state has ever directed at another: a covert effort to use code to sabotage Iran’s nuclear fuel facilities. The Obama administration was reluctant to name Russia and China as the powers behind major hacks of the U.S. government.

The Trump administration bolstered American offensive initiatives against hackers and state-backed actors abroad. It also raised the alarm about having Huawei, the Chinese telecommunications giant it accused of being an arm of the Chinese government, set up high-speed 5G networks in the United States and among allies, fearing the company’s control of such networks would aid in Chinese surveillance or allow Beijing to shut down systems at a time of conflict.

But the Trump administration was less active in requiring American companies to establish minimum protections on critical infrastructure, or seeking to make those firms liable for damage if vulnerabilities they left unaddressed were exploited.

Imposing new forms of liability would require major legislative changes, and some White House officials acknowledged that with Republicans now controlling the House, Mr. Biden may face insurmountable opposition if he seeks to pass what would amount to sweeping new corporate regulation.

Many elements of the new strategy are already in place. In some ways, it is catching up with steps the Biden administration took after struggling through its first year, which began with major hacks of systems used by both private industry and the military.

After a Russian ransomware group shut down the operations of Colonial Pipeline, which handles much of the gasoline and jet fuel along the East Coast, the Biden administration used little-known legal authorities held by the Transportation Security Administration to regulate the nation’s vast network of energy pipelines. Pipeline owners and operators are now required to submit to far-reaching standards set largely by the federal government, and later this week, the Environmental Protection Agency is expected to do the same for water pipelines.

There are no parallel federal authorities for requiring minimum standards of cybersecurity at hospitals, which are largely state regulated. They have been another target of attacks, from Vermont to Florida.

“We should have been doing many of these things years ago after cyberattacks were first used to disrupt power to thousands of people in Ukraine,” Anne Neuberger, Mr. Biden’s deputy national security adviser for cyber and emerging technologies, said on Wednesday. She was referring to a series of attacks on the Ukrainian power grid that began seven years ago.

Now, she said, “we are literally cobbling together an approach sector by sector that covers critical infrastructure.”

Ms. Neuberger cited Ukraine as an example of proactively building up cyberdefenses and resiliency: In the weeks after the Russian invasion, Ukraine changed its laws to allow ministries to move their databases and many government operations to the cloud, backing up computer servers and data centers around Kyiv and other cities that were later targets for Russian artillery. Within weeks, many of those server farms were destroyed, but the government kept running, communicating to servers abroad using satellite systems like Starlink, also brought in after the war broke out.

The strategy is also catching up with an offensive program that has become increasingly aggressive. Two years ago, the F.B.I. began to use search warrants to find and dismantle fragments of malicious code found on corporate networks. More recently, it hacked into the networks of a ransomware group, removed the “decryption keys” that would unlock documents and systems belonging to the group’s victims and foiled efforts to collect large ransoms.

The F.B.I. can operate in domestic networks; it is up to the U.S. Cyber Command to go after Russian hacking groups like Killnet, a pro-Moscow group responsible for a series of denial-of-service attacks starting in the early days of the war for Ukraine. The Cyber Command also slowed the operations of Russian intelligence agencies around the 2018 and 2020 American elections.

But none of those are permanent solutions; some groups the United States has targeted have formulated themselves anew, often under different names.

Mr. Biden’s only face-to-face meeting as president with Russia’s leader, Vladimir V. Putin, in 2021 in Geneva, was driven largely by the fear that rising ransomware attacks were affecting the lives of consumers, hospital patients and factory workers. Mr. Biden warned the Russian leader that his government would be held responsible for attacks emanating from Russian territory.

There was a lull for a number of months, and a prominent hacking group was raided by Russian authorities in Moscow. But that cooperation ended with the opening of the war in Ukraine.

In a speech this week at Carnegie Mellon University, Jen Easterly, the director of the Cybersecurity and Infrastructure Security Agency, described the efforts of the administration as “shifting liability onto those entities that fail to live up to the duty of care they owe their customers.”

“Consumers and businesses alike expect that products purchased from a reputable provider will work the way they are supposed to and not introduce inordinate risk,” Ms. Easterly added, arguing that the administration needed to “advance legislation to prevent technology manufacturers from disclaiming liability by contract,” a common practice that few notice in the fine print of software purchases.

<<<



---

[MomsSpaghetti]

SWISF - Sekur Private Data Ltd.

[gfp927z]

Fortinet - >>> J.P. Morgan Says Now Could Be a Good Time to Buy Cybersecurity Stocks; Here Are 2 Names With Promising Growth Potential


TipRanks

January 27, 2023


https://finance.yahoo.com/news/j-p-morgan-says-now-200856790.html


In today’s digital world, there will always be a need for cybersecurity. Too many of our essential systems, everything from the upper levels of government and finance to the automation systems that run the traffic lights, depend on online connections for us to ignore the basics of securing our computer networks. Recent events, including the ongoing questions about election integrity, deep macroeconomic volatility, and the Russian war in Ukraine, have simply underscored the importance of cybersecurity.

Against this background of accelerating tailwinds, cybersecurity has become a top priority for tech execs. The situation has caught the attention of J.P. Morgan analyst Brian Essex, who says, “With less than $200 billion of enterprise spend to address over a trillion dollars of estimated annual cost and value destruction related to cybercrime, we expect Security budget growth will outpace IT budget growth for the full year and, with multiples now below pre-pandemic levels, we see several compelling opportunities within Security."

Essex doesn’t leave us with a macro view of the sector. The analyst goes on to give a drill-down to the micro level, and picks out two cybersecurity stocks that he sees as potential winners in the months ahead. These are Buy-rated equities with, in the analyst’s view, promising growth potential. Let's take a closer look.

Fortinet, Inc. (FTNT)

We’ll start with Fortinet, which is well-known for its line of high-end digital security products, including firewalls, endpoint security, intrusion prevention, anti-virus systems, and zero-trust access. Fortinet’s products and services are used to secure and protect data, networks, and system users. Over the past few years, Fortinet has seen its quarterly revenues climb steadily, as the demand for cybersecurity has increased.

A look at the numbers bears it out. In 2019, before the corona pandemic forced a major shift to online and networked connections, Fortinet had $2.2 billion in total revenues; in the 2021, the last full year with data available, the company had a top line exceeding $3.3 billion. In the last reported quarter, 3Q22, the top line came in at $1.15 billion, for a 33% year-over-year gain. The company will report Q4 and full-year 2022 data on February 7; we’ll see then how the trend line is continuing.

In the meantime, a look at the drill-downs of the Q3 data is informative. Product revenue, at $468.7 million, was up 39% y/y, while service revenue rose 28% to reach $680.8 million. Billings rose 33%, to $1.41 billion, and deferred revenue, a measure of future work and income, came in at $4.19 billion for a 35% increase over the prior year quarter. The company’s non-GAAP diluted EPS, of 33 cents, was up 65% from 3Q21.

Fortinet has deep pockets, too, to meet contingencies. The company brought in $483 million in cash from operations during 3Q22, a total that included $395.2 million in free cash flow. This was after spending $500 million in cash to repurchase shares. The company had $964 million in cash and liquid assets on hand at the end of the quarter.

J.P. Morgan's Essex initiated his coverage of Fortinet with an Overweight (i.e. Buy) rating, and a price target of $69, suggesting a one-year upside potential of 31%. (To watch Essex’ track record, click here)

Backing this stance, Essex writes, “We view current valuation levels compelling as the company works toward its medium term goal of $10bn of billings, $8bn of revenue, and adjusted FCF margins in the mid- to high-30%’s for 2025. In our view, demand for core firewall, segmentation, SD-WAN and OT security is strong enough to support double digit product revenue growth with subscription acceleration and gross margin expansion driving continued fundamental strength ahead.”

Tech stocks tend to attract a lot of attention, and Fortinet is no exception – the stock has 20 analyst reviews on record, and they include 13 Buys against 7 Holds to give the company its Moderate Buy consensus recommendation. (See FTNT stock forecast)


Okta, Inc. (OKTA)

The second stock we’re looking at is Okta, a cloud computing firm offering security software for user authentication and identity control. The company’s cloud-based software allows enterprise customers to provide secure user authentication and identity controls, built directly into apps, devices, and website services. Okta has been in business since 2009, has been a public entity since 2017, and currently boasts over 17,000 customers.

The cybersecurity industry was valued at more than $200 billion last year, and is expected to reach $266 billion by 2027. Okta is carving itself a piece of that pie, and in its fiscal year 2022 saw $1.3 billion in total revenues. The company is beating that total in its current fiscal year; in the first three quarters of fiscal ’23, Okta has already generated $1.35 billion in revenues. Okta will release its full year data for fiscal year 2023 this coming March.

Results from the last reported quarter, Q3 of fiscal 2023, showed a top line of $481 million, for a 37% y/y gain. This included $466 million in subscription revenue, which was up 38% year-over-year. The company’s remaining performance obligations – how it reports the backlog – was up 21% y/y, to $2.85 billion, a metric that bodes well for revenues and income going forward. Currently, Okta has a non-GAAP EPS that’s breaking even, an improvement compared to the 7-cent EPS loss reported in the prior year period.

Okta’s Q3 cash flow was modest, at $10 million in net cash from operations, and $6 million in free cash flow, but the company’s cash assets at the end of the third quarter were much more impressive, at $2.47 billion in cash and cash equivalents.

Among the bulls is J.P. Morgan's Brian Essex who describes Okta as ‘a market leader at a discount.’ Getting into details, Essex says of the company: “We believe digital transformation and Cloud adoption will continue to drive demand for cloud native Identity Management technology near term. Long term, we believe Distributed Identity could also be a meaningful underappreciated trend and we view Okta as one of the best positioned vendors to benefit from each of these trends..."

"We believe multiple compression is overdone with material opportunity considering the company’s market leadership position, growth expectations de-risked, and valuation at a meaningful discount. The stock has materially underperformed the S&P 500, as well as the rest of the coverage universe, but at 4.9x EV/NTM Sales, compared to 6.1x for the company's Security Software peers, the setup for upside to OKTA is favorable relative to current stock price levels, in our view,” Essex added.

Putting some definite numbers on this stance, Essex sets an Overweight (i.e. Buy) rating on OKTA, along with a $90 price target, implying a 25% gain on the one-year horizon.

Essex leads the Bulls on OKTA. The stock has a Moderate Buy from the analyst consensus, based on 29 reviews that include 18 Buys and 11 Holds. (See OKTA stock forecast)

<<<



---

[gfp927z]

>>> A Catastrophic Mutating Event Will Strike the World in 2 Years, Report Says


Popular Mechanics

by Tim Newcomb

January 25, 2023


https://finance.yahoo.com/news/catastrophic-mutating-event-strike-world-214800438.html


A World Economic Forum report says business leaders believe a “catastrophic cyber event” is coming.

Cybercrime will grow from a $3 trillion industry in 2015 to a $10.5 trillion industry by 2025.

The unpredictable nature of cybercrime increases threats.


The 2023 World Economic Forum (WEF) in Davos, Switzerland, has filled us with lots of uplifting predictions, like how companies will soon decode our brain waves. The latest warns of a global catastrophic cyber event in the very near future.

“The most striking finding that we’ve found,” WEF managing director Jeremy Jurgens said during a presentation highlighting the WEF Global Security Outlook Report 2023, “is that 93 percent of cyber leaders, and 86 percent of cyber business leaders, believe that the geopolitical instability makes a catastrophic cyber event likely in the next two years. This far exceeds anything that we’ve see in previous surveys.”

Add in the extreme unpredictability of these events—Jurgens cited a cyberattack recently aimed at shutting down Ukranian military abilities that unexpectedly also closed off parts of electricity production across Europe—and the global challenges are only growing.

“This is a global threat,” Jürgen Stock, Secretary-General of Interpol, said during the presentation. “It calls for a global response and enhanced and coordinated action.” He said the increased profits that the multiple bad “actors” reap from cybercrime should encourage world leaders to work together to make it a priority as they face “new sophisticated tools.”

One country that recently saw a massive cyberattack, Albania, is now working with larger allies in warding off the criminals, serving as a laboratory of sorts for folks to realize what is coming.

Edi Rama, Albania’s prime minister, spoke during the presentation, saying that the growth of the cybercrime industry—from $3 trillion in 2015 to an expected $10.5 trillion in 2025—means that if cybercrime was a state, it would be the third largest global economy after the U.S. and China.

That means the crime coming could truly be catastrophic.

Rama cited the global response to COVID-19 and said a cyberattack could be much more substantial:

“Let’s imagine an exponential multitude of viruses that mutate everyday exponentially while not threatening our body, but the bodies we live in, our organizations, our countries, our system, then, you know, it could be just apocalypse. It’s about viruses that can not only block our way of living, but can control it and deviate it.”

<<<



---

[gfp927z]

>>> Is Fortinet Stock a Once-in-a-Decade Buying Opportunity?


By Nicholas Rossolillo

Nov 10, 2022


https://www.fool.com/investing/2022/11/10/is-fortinet-a-once-in-a-decade-buying-opportunity/?source=eptyholnk0000202&utm_source=yahoo-host&utm_medium=feed&utm_campaign=article


KEY POINTS

Fortinet maintained its solid growth outlook for 2022 but cautioned it's seeing customer spending beginning to normalize.

This is a highly profitable cybersecurity business, one that has been rewarding shareholders with stock buybacks this year.

With a plan to continue growing at a rapid pace for the next few years, this still looks like a top cybersecurity buy.

The stock has given back over a year's worth of gains, even as cybersecurity demand soars.

Make no mistake, cybersecurity is a secular growth trend. As computing technology deepens its roots in the global economy, businesses have new opportunities ahead of them -- but they're simultaneously faced with new dangers too. The pandemic accelerated reliance on digital processes, which has in turn boosted demand for cybersecurity.

But that hasn't equated to shareholder gains. Take Fortinet (FTNT -0.08%), for example. It's the second-largest cybersecurity pure-play stock (as measured by revenue, behind only Palo Alto Networks), and shares are down 30% so far in 2022 as the bear market rages on. Business itself is booming, though. Is this a once-in-a-decade buying opportunity for this long-term growth story?

Q3 was good, but it's all about the guidance

Fortinet's third-quarter revenue increased nearly 33% year over year to $1.15 billion -- driven by a 39% increase in product sales ($469 million) and a 28% increase in services ($681 million). Earnings per share jumped 65% to $0.33, and free cash flow was up 20% to $395 million (for a very healthy free-cash-flow margin of 34%).

Why is the market so down on Fortinet? Just like last quarter, free-cash-flow growth came in a bit light. That's a function of Fortinet's spending this year on research and development, as well as a sizable expansion of its sales and marketing team. The company sees big opportunities ahead of it (more on that in a moment), so it's keeping the foot on the gas to hold onto some of its momentum. With global economic conditions worsening, that's making some investors a bit nervous.

It isn't just the third-quarter free cash flow that's a problem for the market, though. After two years of accelerating growth in Fortinet's hardware sales, CFO Keith Jensen said on the earnings call the company is "seeing early signs of a transition back to more normalized customer buying behaviors."

What does that mean? Well, back in 2019 before the pandemic, revenue for Fortinet's product and services segments increased a respective 17% and 21%. While that's respectable, it's far lower than the full-year 2022 outlook for revenue to increase about 33% from 2021 (at the midpoint of guidance). If customer buying "normalizes" to a pre-pandemic pace, Fortinet is poised for a big deceleration in the next few years.

Buy Fortinet for the long haul

Worries aside, there is still plenty to like about Fortinet at this juncture. The company benefits from a type of cybersecurity flywheel effect. Once Fortinet's security equipment is installed, customers usually begin to pay for ongoing software and services attached to the hard asset. That means Fortinet's rapid rise in product sales this year should lead to a nice tail of service sales growth in the next few years -- even as product sales ease up.

Additionally, Fortinet has been investing heavily into new services in areas like employee endpoint protection (a must-have for remote workers) and providing various network security technologies from a single platform (from mobile 5G network operators to more traditional networks). CEO Ken Xie said this has led to expanding relationships with existing customers, especially as larger organizations look for more simplicity by consolidating the number of security vendors they use.

With that as the backdrop, Fortinet doesn't see a slowing economy -- perhaps even a recession -- as a significant risk to the medium-term guidance it laid out in May 2022. Specifically, management expects to reach $8 billion in revenue by 2025 (which would work out to a 22% average annual growth rate from today), and a 2025 free-cash-flow margin roughly in line with where it is now. Additionally, Fortinet has returned $2.56 billion to shareholders over the last 12-month stretch via share repurchases. Balancing profitable growth with shareholder returns will remain the focus going forward.

Fortinet stock now trades for 43 times expected 2022 adjusted earnings, or 35 times trailing-12-month free cash flow. With growth still going strong and a possible rebound in profitability in store next year as Fortinet's heavy rate of investment spending eases, it isn't an unreasonable price tag. The stock's fall this year doesn't exactly spell once-in-a-decade opportunity. However, if Fortinet achieves its goals, this remains a top buy among cybersecurity stocks in my book.

<<<



---

[gfp927z]

>>> Should You Buy Fortinet After Its Recent Stock Split?


Motley Fool

By Bradley Guichard

Aug 11, 2022


https://www.fool.com/investing/2022/08/11/should-you-buy-fortinet-after-its-recent-stock-spl/?source=eptyholnk0000202&utm_source=yahoo-host&utm_medium=feed&utm_campaign=article


KEY POINTS

Cybersecurity leader Fortinet executed a 5-to-1 stock split less than two months ago.

Last week's Q2 earnings release sent shares tumbling.

Is this an opportune time to pounce on the stock?

Fortinet is a leader in defending against growing cybersecurity threats.


Cybersecurity is one of the defining defense issues of our time. What is unique is that it is largely fought by the private sector. Businesses large and small spend billions each year to defend against breaches, ransomware, and other bad actors. An ounce of prevention is definitely worth a pound of cure.

What's more, it seems it is just a matter of time before a broad cyber conflict takes place. This would be a gigantic catalyst for cybersecurity companies like Fortinet (FTNT) which is at the forefront of network security.

Fortinet's stock split didn't garner nearly the attention of Amazon or Alphabet, but perhaps it should. The stock has outpaced both of these juggernauts over the past one, three, five, and 10-year periods.

Is the market being shortsighted?

Fortinet sells products and services such as its Fortigate Next-Generation Firewall, security subscriptions, and tech support services. Higher-margin services make up over 60% of total sales. The market reacted negatively to Fortinet's second-quarter earnings, but this may be shortsighted.

The tremendous growth in sales and billings has become a hallmark of Fortinet. The company expects to continue this trend this year with sales and billings north of $4.3 billion and $5.5 billion, respectively, as shown below.

Billings growing in excess of sales suggest strong continued growth. These numbers represent revenue that will be earned in future periods.

Cash flow is still king

The cybersecurity industry is full of fast-growing companies that aren't profitable. Fortinet has a solid mix of both. Fortinet had an operating margin of 19% last quarter, far outpacing many competitors. This success allows Fortinet to generate generous free cash flow, which it uses to improve the company and repurchase its stock. Fortinet spent $800 million on buybacks in Q2, rewarding shareholders and offsetting the effect of stock-based compensation. In fact, Fortinet's free-cash-flow margin puts it in the top 10% of the S&P 500.

Room to expand and catalysts

Statista puts global cybersecurity revenue at $160 billion for 2022, ballooning to nearly $300 billion in the next five years. Fortinet has set itself up to capture a significant chunk of this market.

A cybersecurity sector catalyst is also upcoming; we just don't know when. Early examples include the Colonial Pipeline attack and Russian tactics in Ukraine. Just last week, during House Speaker Nancy Pelosi's visit, broad cyberattacks were reported in Taiwan.

Businesses and governments must be ready to meet this challenge and will spend billions doing so. Fortinet has the opportunity to continue outpacing the market for years to come.

<<<



---

[gfp927z]

>>> Palo Alto Networks, Inc. (PANW) provides cybersecurity solutions worldwide. The company offers firewall appliances and software; Panorama, a security management solution for the control of firewall appliances and software deployed on an end-customer's network and instances in public or private cloud environments, as a virtual or a physical appliance; and virtual system upgrades, which are available as extensions to the virtual system capacity that ships with physical appliances.

It also provides subscription services covering the areas of threat prevention, malware and persistent threat, uniform resource locator filtering, laptop and mobile device protection, and firewall; and DNS security, Internet of Things security, SaaS security API, and SaaS security inline, as well as threat intelligence, and data loss prevention. In addition, the company offers cloud security, secure access, security analytics and automation, and threat intelligence and cyber security consulting; professional services, including architecture design and planning, implementation, configuration, and firewall migration; education services, such as certifications, as well as online and in-classroom training; and support services.

Palo Alto Networks, Inc. sells its products and services through its channel partners, as well as directly to medium to large enterprises, service providers, and government entities operating in various industries, including education, energy, financial services, government entities, healthcare, Internet and media, manufacturing, public sector, and telecommunications. The company was incorporated in 2005 and is headquartered in Santa Clara, California.

<<<


https://finance.yahoo.com/quote/PANW/profile?p=PANW


---

[gfp927z]

>>> Cybersecurity Stock Sell-off Holding Back Nasdaq, but 1 Tech Stock Is Surging


Motley Fool

By Jason Hall

Aug 4, 2022


https://www.fool.com/investing/2022/08/04/cybersecurity-stock-selloff-has-nasdaq-down-but-1/?source=eptyholnk0000202&utm_source=yahoo-host&utm_medium=feed&utm_campaign=article


KEY POINTS

Fortinet beat second-quarter expectations, but weaker-than-expected guidance and cash flow have investors selling.

Other cybersecurity stocks, including Palo Alto Networks, CrowdStrike, and Zscaler, are also on the decline today.
MercadoLibre is one of the best-performing Nasdaq stocks today, up by double digits after reporting blowout Q2 results.

Fortinet's weak guidance causes sell-off among cybersecurity stocks, while MercadoLibre shares are rocketing higher after stellar quarterly results.

The Nasdaq Composite Index (^IXIC 2.09%) is roughly flat today, Aug. 4, at 2:15 p.m. ET. It's a bit of a bounce-back day for a number of tech stocks that have stumbled in recent days post-earnings. However, the most popular cybersecurity stocks are decidedly not having a good day, following the release of second-quarter earnings from Fortinet (FTNT 3.37%) Wednesday afternoon. At the time of this writing, Fortinet shares are down almost 17%, while Palo Alto Networks (PANW 2.01%), CrowdStrike (CRWD 1.42%), and Zscaler (ZS 2.20%) shares are down between 5.4% and 3.3% on the day.

One of today's best-performing Nasdaq stocks is Latin American payments and e-commerce leader MercadoLibre (MELI 4.71%). Shares are up 16% after the company reported second quarter results that investors loved.

Fortinet: Investors spooked after guidance, weaker cash flow

Cybersecurity stocks, as a cohort, have held up better this year than many other high-growth tech stock sectors. So far this year, shares of Palo Alto Networks and CrowdStrike are down about 22%, while Fortinet shares are down 27%. Before today, the three were down in the teens this year, not a good result, but certainly less bad than plenty of tech stocks in 2022. One key reason is the increasing importance of cybersecurity for organizations of all kinds. As digital transformation ramps up, data security is an imperative, not a luxury, and investors have increasingly viewed the prospects for these companies as being more stable and less likely to be upended by the economic climate.

However, Fortinet's second-quarter earnings report -- or specifically management's Q3 guidance -- might have put some cracks in the wall. The company expects $1.12 billion in revenue this quarter, lower than what Wall Street analysts were counting for in their models. The result is fueling today's sell-off as investors fear that growth could slow even in cybersecurity. With many of the top stocks in the market still reporting GAAP losses and some still burning cash at the operating level, investors are taking a step back to reevaluate things.

MercadoLibre: Payments growing by triple digits, e-commerce up 23%

The leading online shopping and payments platform in Latin America saw combined revenue increase 57% adjusted for currency differences, to $2.6 billion. Operating income surged 51%, while earnings per share were up 77%. The company beat Wall Street's best guess on both the top and bottom lines, as customers bought more goods from its online store and used Mercado Pago to pay for more of those goods and to pay for more things off the company's platform.

With this report coming after many U.S. e-commerce companies have reported less-impressive sales growth, investors are far less concerned about the prospects for MercadoLibre now. While maybe not in a nascent stage anymore, e-commerce and digital payments are still much earlier in their proliferation in Latin America, and MercadoLibre is the undisputed leader there.

Looks like opportunity for buyers

Today's sell-off in cybersecurity stocks and the strong results from MercadoLibre underscore the opportunities available to long-term investors. While the sellers see cracks in the foundation of the potential for cybersecurity, the reality is that the thesis remains very strong, and investors who think (and act) in multiyear time horizons should consider buying shares of the leaders like CrowdStrike, Fortinet, and Zscaler on days like today. For MercadoLibre, even with today's gains, shares still trade at some of their lowest revenue-based valuations in years.

<<<



---

[gfp927z]

>>> 7 Undervalued Cybersecurity Stocks to Buy Now


Investor Place

by Faizan Farooque

July 22, 2022


https://finance.yahoo.com/news/7-undervalued-cybersecurity-stocks-buy-104500112.html


Cybersecurity stocks are a hot commodity in the stock market right now. Due to the increasing cybersecurity threats businesses and individuals face, cybersecurity stocks are in high demand.

If you’re looking to invest in cybersecurity, now is the time to do it. There are various cybersecurity companies to choose from, so you can find one that aligns with your investment goals. Whether you’re looking for growth potential or income potential, there’s a cybersecurity stock for you. So don’t wait any longer; start investing in cybersecurity today.

This list will provide you with seven cybersecurity stocks that are undervalued versus their potential. Keep these in mind when curating a portfolio of cybersecurity stocks.

Fortinet (FTNT)

Fortinet (NASDAQ:FTNT) provides a wide range of cybersecurity solutions. Both large and small organizations use Fortinet’s products, and the company has a strong presence in both the commercial and government sectors.

Fortinet’s products protect networks, servers, and data from various threats, including malware, viruses, worms, and other malicious software. In addition, Fortinet’s products can also prevent unauthorized access to network resources and provide content filtering to prevent users from accessing inappropriate or harmful websites.

Fortinet is a leader in the cybersecurity industry, and organizations around the world trust its products.

Fortinet is expected to see revenue grow by 28%-29% in fiscal 2022 in a range of $4.350 billion to $4.400 billion. The company forecasts that adjusted earnings per share will increase by 22%-25%. Despite growing rapidly, cybersecurity is still profitable, a rare achievement that makes it one of the undervalued cybersecurity stocks to keep your eye on.

Palo Alto Networks (PANW)

Palo Alto Networks (NASDAQ:PANW) is a company that specializes in providing security solutions for the enterprise. The company offers many products and services to help organizations protect their networks from attack.

Palo Alto Networks is a market leader in network security, and its products are used by some of the largest enterprises in the world.

The company has a strong reputation for innovation and is constantly introducing new products and features to its portfolio. It is a trusted partner for enterprise security, and its products are backed by a team of expert staff who are committed to helping customers stay safe online.

Palo Alto Networks sells its products and services through partners and resellers worldwide. Palo Alto Networks went public on July 20, 2012, and is traded on the NYSE under the ticker symbol “PANW.”

Since 2014, Palo Alto has made several acquisitions to expand its ecosystem into fresh and faster-growing markets. In just 10 years, Palo Alto increased its annual revenue from $255 million to a whopping 4.3 billion.

NortonLifeLock (NLOK)

NortonLifeLock (NASDAQ:NLOK) antivirus software protects computers from viruses, spyware, and other malware. Its long-standing leadership position makes it one of the undervalued cybersecurity stocks to buy.

Norton’s internet security products protect against online threats such as phishing attacks and malicious websites.

LifeLock identity theft protection services help to protect against identity theft and fraud. NortonLifeLock also offers a variety of other security products, including web security, email security, and data security solutions.

A perennial name in the computer world, Norton has dropped off a bit recently. It is not as marketable or vibrant, but it can still provide reliable protection and some of its best-known products like antivirus software.

The chief reasons for the decline are the concern over slowing growth and the delay in its $8.6 billion merger with Avast (OTCMKTS:AVASF). Britain’s Competition and Markets Authority believes that the tie-up might affect competition in the industry.

Zscaler (ZS)

Zscaler (NASDAQ:ZS) is a cloud-based, security-as-a-service provider that offers a suite of solutions for businesses of all sizes.

Its flagship product, Zscaler Internet Security, is a gateway that provides users with access to the internet and blocks malicious content.

Zscaler’s revenue growth galloped along rapidly in fiscal 2021, which ended last July, and through the first nine months of this year. Zscaler has been able to lock in even more large customers that generate over $1 million yearly in annual recurring revenue. The fact that this hasn’t moved the needle much makes this one of the undervalued cybersecurity stocks to watch.

The financials of Zscaler continue to improve, with its gross margins remaining stable and operating margin improving even more so on a non-generally accepted accounting principles (GAAP) basis.

In addition, their free cash flow also continues gaining momentum – an indication that they can make smart investments for future growth opportunities without sacrificing quality to maintain profitability nowadays.

Last quarter, its total customers with more than $1 million in ARR increased 77% and saw a sharp rise in the volume of customers with an ARR that topped $100k.

Qualys (QLYS)

Qualys (NASDAQ:QLYS) is a leading provider of vulnerability management solutions. The company’s “software as a service” model enables organizations of all sizes to scan their networks for vulnerabilities cost-effectively, identify and track potential threats, and mitigate risks.

In addition, Qualys’ real-time monitoring capabilities help organizations quickly identify and respond to potential attacks. As a result, Qualys’ solutions provide an essential layer of protection for organizations of all sizes.

Several companies are benefiting from the rapidly booming cybersecurity industry, with many others joining. But Qualys deserves special mention because it has beaten analyst expectations repeatedly. At the same time, it is growing at a rapid pace.

Qualys’ increased focus on providing solutions to markets that everyone’s focusing on has led to a fast rate of growth that’s set to continue for the foreseeable future. Qualys is well-positioned to continue its rapid growth, and it is an organization to watch in the coming years.

Check Point Software (CHKP)

Check Point (NASDAQ:CHKP) is a leading cyber security company that prevents cyber attacks.

Security solutions from Check Point prevent damage to government and business property, maintain the confidence of stakeholders, protect users’ privacy, and assure legal compliance.

Check Point’s research and development center is located in Herzliya, Israel. Check Point also has offices in the United States, Europe, Asia Pacific, and Latin America.

High-Quality Stocks to Buy That Are Trading Below Fair Value

The company reported a small earnings beat of 1.51% in its latest quarter. Check Point is generating sharp revenue growth and is currently gearing up sales resources to help achieve this goal. The plan is to grow the workforce by 25% to increase sales in 2023.

Check Point is projecting a good year for its profits. Revenue is expected to reach $2.2 to $2.375 billion from $7.02 in the previous fiscal period, and EPS is forecasted in the range of $6.90 to $7.50 versus $7.02 in the prior period.

A10 Networks (ATEN)

A10 Networks (NYSE:ATEN) is a software company that provides cloud-based services for businesses. They provide solutions for companies in the form of APIs and software.

A10 Networks is a cloud-based cybersecurity company that provides solutions for service providers, enterprises, and government agencies. With these solutions, clients can design new APIs to deliver services securely.

Today, A10 Networks’ products are used by some of the world’s largest organizations, including Uber (NYSE:UBER), Softbank (OTCMKTS:SFTBY), and Microsoft (NASDAQ:MSFT). A10 Networks’ products provide three core services:

1) Software as a Service (SaaS),

2) Platform as a Service (PaaS), and

3) Infrastructure as a Service (IaaS).

In its most recent quarterly results, A10 Networks reported an earnings beat of 15%. Revenues grew 14%, while net income flew 138%. In addition to being one of the best undervalued cybersecurity stocks to buy, the company bought back two million shares for $28.3 million in Q1. The quarterly performance sets up the company nicely for the remainder of the year.

<<<



---

[gfp927z]

>>> Cybersecurity Stocks To Watch: Private Equity Firms Target Sector


Investor's Business Daily

REINHARDT KRAUS

08/08/2022


https://www.investors.com/news/technology/cybersecurity-stocks/?src=A00220


You may think the time is right to move into cybersecurity stocks amid views they're better positioned if a recession hits the U.S. economy. Private equity firms continue to target the sector, with Thoma Bravo acquiring Ping Identity Holdings (PING) for $2.8 billion.

Thoma Bravo has also acquired cybersecurity firms SailPoint Technology, Proofpoint, Sophos and Barracuda. The private equity firm has invested in cybersecurity startups, such as Illumio.

Also, PE firm Permira in May completed its purchase of Mimecast for $5.8 billion. PE firms aren't the only acquirers.

Consolidation Impacts Cybersecurity Stocks

Google-parent Alphabet (GOOGL) on March 7 said it's acquiring cybersecurity firm Mandiant (MNDT) in an all-cash $5.4 billion deal. Mandiant will be part of Google's cloud computing business.

Also Google in January acquired Siemplify, a security orchestration, automation and response provider, for around $500 million.

"Increased acquisition activity is being spurred by depressed valuations in the current uncertain macroeconomy," said Cowen analyst Shaul Eyal in a report. "We believe that acquirers are increasingly seeking targets that demonstrate a balance of growth versus profitability and positive cash flow."

Meanwhile, the iShares Expanded Tech-Software ETF (IGV) climbed 9.5% in July, turning positive for the first time since March.

Earnings Reports Due For Cybersecurity Stocks

Earnings are starting to roll in for cybersecurity stocks. Check Point Software Technologies (CHKP) reported earnings on Aug. 1. CHKP stock fell on guidance.

Fortinet (FTNT) reported Q2 earnings, revenue and billings that topped estimates but the size of the beats disappointed. For the September quarter, Fortinet forecast sales of $1.12 billion, below estimates of $1.13 billion.

Palo Alto Networks (PANW) reports earnings on Aug. 22. Palo Alto Networks has been building a broad cloud-based services platform via acquisitions. Palo Alto Networks has spent more than $3 billion on 10 acquisitions over the past three years.

The IBD Computer-Software Security group ranks No. 110 out of 197 industry groups tracked.

According to a Morgan Stanley survey of chief information officers in July, cloud computing and security software remain at the top of priority lists, followed by business intelligence/analytics, digital transformation and artificial intelligence.

Bank of America in a recent report said cybersecurity stocks that deliver services via cloud computing platforms will be better positioned.

"We believe 'born-in-the-cloud' companies like Zscaler (ZS), Crowdstrike (CRWD) and SentinelOne (S) to be relatively resilient to any spending slowdown, also given how critical their solutions are to cyber defense efforts," said BofA analyst Tal Liani in a note to clients.

Corporate Spending On Cybersecurity

Earnings for CRWD stock are due Aug. 30. Zscaler reports earnings on Sept. 8.

Meanwhile, Qualys (QLYS) and Fortinet have dropped off the IBD 50 roster of growth companies. Qualys reports Q2 earnings on Aug. 8.

At an investor day for FTNT stock on May 10, Fortinet unveiled 2025 financial targets that call for billings of $10 billion and revenue of $8 billion, implying a three-year average growth rate of 22% for both metrics.

Cybersecurity stocks got a lift in February as Russia's invasion of Ukraine began. Analysts said attacks aimed at shutting down websites could increase.

"Expectations have lowered from pre-Q1 where Russia/Ukraine was still firmly in the spotlight, but are still higher than broader software into Q2," UBS analyst Roger Boyd said in a note. "We don't see stocks priced for negative guidance revisions."

Cybersecurity spending worldwide climbed 13% in 2021 to $172 billion, estimated market research firm Gartner, accelerating from 8% growth in 2020. In both 2022 and 2023, Gartner forecasts 11% growth in cybersecurity spending.

Further, Congress has finally passed legislation funding infrastructure projects, which is expected to include funding for federal, state and local cybersecurity infrastructure.

Ransomware remains a big threat, though fewer highly publicized incidents occurred in the back half of 2021.

The rise of cryptocurrency Bitcoin has been linked to a spike in ransomware attacks. In ransomware attacks, hackers take over computer systems, encrypt files and demand digital payment to restore access to critical data.

Cybersecurity Stocks With High Composite Ratings

Cybersecurity stocks with Composite Ratings above 90 include Qualys, Fortinet and Palo Alto Networks.

The Composite Rating is a blend of the other five IBD stock ratings: the earnings per share or EPS Rating, Relative Price Strength Rating, Accumulation/Distribution Rating, Industry Group Relative Strength Rating and the SMR Rating.

The latter measures sales growth, profit margins and return on equity. The all-encompassing Composite Rating helps investors easily measure the quality of a stock's fundamental and technical metrics.

No security stocks currently are members of the IBD Leaderboard. It's IBD's curated list of leading stocks that stand out on technical and fundamental metrics.

Hot Cybersecurity Startups Eye IPOs

And initial public offerings are on the table. SentinelOne's IPO raised $1.2 billion. SentinelOne is a rival of CrowdStrike.

Meanwhile, analysts say Netskope, Illumio and Menlo Security are among cloud security startups that could launch IPOs. Netskope in early July raised $300 million at a valuation of $7.5 billion.

Analysts say a new wave of startups seems to be taking share from industry incumbents.

Darktrace (DARK) launched its IPO on the London stock exchange in April. Darktrace utilizes self-learning artificial intelligence tools in security automation.

Further, consolidation may be coming in the cybersecurity industry. Okta (OKTA) in early 2021 acquired privately held Auth0 in a $6.5 billion, all-stock deal. Also, Okta is expanding into new security markets to take on CyberArk Software (CYBR) and SailPoint.

Microsoft Stock A Big Player In Cybersecurity

Also, Microsoft (MSFT) has moved into this space. The software giant recently disclosed that its cybersecurity revenue tops $10 billion annually. With 400,000 customers, Microsoft's computer security franchise is growing at more than 40%, the company said.

Microsoft in July 2021 acquired RiskIQ, a security threat management company. Bloomberg reported that Microsoft paid around $500 million. Microsoft also bought CloudKnox Security in July.

In addition, Microsoft is integrating more security tools into its cloud-based Office 365 software. As it expands cloud-based security services, Microsoft could pressure more industry incumbents, such as Okta, CrowdStrike, and Splunk (SPLK).

"Microsoft is clearly pitching itself as offering a full security suite, a competitive advantage as customers increasingly want a unified view of threats," UBS analyst Karl Keirstead said in a recent note.

Cybersecurity Stocks: Wide Range Of Products

Further, it behooves an investor to know which cybersecurity stocks address ransomware, phishing or other kinds of cyberattacks.

Meanwhile, CrowdStrike uses machine learning and a specialized database to detect malware on laptops, mobile phones and other devices that access corporate networks. In addition, many software companies are using artificial intelligence to get a competitive edge.

In addition, Zscaler is the biggest provider of cloud-based web security gateways that inspect customers' data traffic for malware.

SailPoint, an identity management software maker, is among companies that garner more than 10% of revenue from government agencies.

Coronavirus Outbreak Boosted Demand For Cloud Security
Other cybersecurity firms with a sizable government business include Tenable Holdings (TENB), Rapid7 and CyberArk. Tenable in 2021 acquired France-based Alsid, which focuses on identity access management.

In addition, Rapid7 and Qualys specialize in vulnerability management services.

Amid the rapid global spread of Covid-19, many companies instructed employees to work from home. That has increased demand for computer security products that support remote work.

The coronavirus emergency and shift to remote work has accelerated the growth of cloud-based network security. So the industry now has a new term for the infrastructure that supports distributed workers and branch offices.

It's spelled SASE — pronounced "sassy" — and it stands for Secure Access Service Edge.

SD-WAN Technology Changes Security Needs
Corporate America has hiked tech spending on security aiming to protect intellectual property as well as consumer privacy. Hackers continue to steal credit card data and intellectual property.

Spending on security technologies has evolved as companies shift business workloads to cloud computing service providers. Amazon Web Services, part of Amazon.com (AMZN), is the biggest cloud services firm. Amazon looms as a potential rival as it builds more security tools into its cloud services.

Also, Fortinet competes with Palo Alto Networks and others in the firewall security market. Firewalls reside between private networks and the internet. They block unauthorized traffic and check web applications for malware.

As large companies shift to off-premise cloud computing services, one view is that firewall technology will play a lesser role. Fortinet has targeted software-defined wide area networks, or SD-WANs, an emerging computer networking technology.

Aiming to catch-up in SD-WAN technology, Palo Alto Networks acquired startup CloudGenix.

Cybersecurity Products Battle Ransomware, Phishing

Cybersecurity stocks span a wide-range of products and services. In addition, some security vendors are shifting to software-based subscription business models from selling hardware appliances. Among them, Proofpoint specializes in email and data-loss protection.

Meanwhile, hackers often aim to compromise networks by targeting employees or management who have administrative access. CyberArk manages privileged accounts. In addition, Okta provides identity management services.

To slow down hackers, more companies are focusing on internal security threats though a strategy known as Zero Trust. In addition, traditional security measures aim to keep the bad guys out of corporate networks. Further, network firewalls focus on intruders from the public internet.

Zero Trust cybersecurity models focus on internal threats, such as hackers stealing someone's security credentials. Security firms verify the identity of network users and limit access to applications.

CrowdStrike, Okta, Netskope and Proofpoint recently formed a Zero Trust alliance. Targeting Zero Trust security, Cisco Systems (CSCO) in 2018 acquired Duo Security for $2.35 billion.

Artificial Intelligence Changing Cybersecurity Market
Also, many fast-growing cybersecurity firms are in the endpoint market. Their tools detect malware on laptops, mobile phones and other devices that access corporate networks.

Further, CrowdStrike's initial public offering in June 2019 raised $612 million, one of the largest cybersecurity offerings. CrowdStrike's rivals include VMware's (VMW) Carbon Black, Palo Alto and startup Cybereason.

The "Human Element" causes at least 75% of cyber breaches, according to a new study by Cowen Research and Boston Consulting Group. Many companies have stepped up employee training to deter ransomware attacks and other threats. Cowen favors Cloudflare (NET), Fortinet, CrowdStrike and KnowBe4 (KNBE).

In addition, state-sponsored hackers and cybersecurity firms are both using artificial intelligence to get an edge.

Artificial intelligence should improve computer security tools by speeding up incident responses. It could help thwart email-delivered ransomware or swarming botnets that knock out access to websites.

<<<



---

[gfp927z]

>>> Defense Firm Said U.S. Spies Backed Its Bid for Pegasus Spyware Maker


The New York Times

7-10-22


https://www.msn.com/en-us/news/politics/defense-firm-said-us-spies-backed-its-bid-for-pegasus-spyware-maker/ar-AAZqHy1?li=BBnb7Kz


A team of executives from an American military contractor quietly visited Israel numerous times in recent months to try to carry out a bold but risky plan: purchasing NSO Group, the cyber hacking firm that is as notorious as it is technologically accomplished.

The Biden administration blacklisted the cyber hacking firm, saying it had acted “contrary to the national security or foreign policy interests of the United States.”

The impediments were substantial for the team from the American company, L3Harris, which also had experience with spyware technology. They started with the uncomfortable fact that the United States government had put NSO on a blacklist just months earlier because the Israeli firm’s spyware, called Pegasus, had been used by other governments to penetrate the phones of political leaders, human rights activists and journalists.

Pegasus is a “zero-click” hacking tool that can remotely extract everything from a target’s mobile phone, including messages, contacts, photos and videos without the user having to click on a phishing link to give it remote access. It can also turn the mobile phone into a tracking and recording device.

NSO had acted “contrary to the national security or foreign policy interests of the United States,” the Biden administration said in announcing the blacklisting in November, barring American companies from doing any business with the Israeli firm.

But five people familiar with the negotiations said that the L3Harris team had brought with them a surprising message that made a deal seem possible. American intelligence officials, they said, quietly supported its plans to purchase NSO, whose technology over the years has been of intense interest to many intelligence and law enforcement agencies around the world, including the F.B.I. and the C.I.A.

The talks continued in secret until last month, when word of NSO’s possible sale leaked and sent all the parties scrambling. White House officials said they were outraged to learn about the negotiations, and that any attempt by American defense firms to purchase a blacklisted company would be met by serious resistance.

Days later, L3Harris, which is heavily reliant on government contracts, notified the Biden administration that it had scuttled its plans to purchase NSO, according to three United States government officials, although several people familiar with the talks said there have been attempts to resuscitate the negotiations.

Left in place are questions in Washington, other allied capitals and Jerusalem about whether parts of the U.S. government — with or without the knowledge of the White House — had seized an opportunity to try to bring control of NSO’s powerful spyware under U.S. authority, despite the administration’s very public stance against the Israeli firm.

It also left unsettled the fate of NSO, whose technology has been a tool of Israeli foreign policy even as the firm has become a target of intense criticism for the ways its spyware is used by governments against their citizens.

The episode was the latest skirmish in an ongoing battle among nations to gain control of some of the world’s most powerful cyberweapons, and it reveals some of the headwinds faced by a coalition of nations — including the United States under the Biden administration — as it tries to rein in a lucrative global market for sophisticated commercial spyware.

Spokesmen for L3Harris and NSO declined to comment about the negotiations between the companies. A spokeswoman for Avril Haines, the director of national intelligence, declined to comment on whether any American intelligence officials quietly blessed the discussions. A spokesman for the Commerce Department declined to give specifics about any discussions with L3 Harris about purchasing NSO.

A spokesman for the Israeli defense ministry declined to comment, as did a spokeswoman for the Israeli prime minister.

The Biden administration’s decision to put NSO on a Commerce Department blacklist came after years of revelations about how governments had used Pegasus, NSO’s premier hacking tool, as an instrument of domestic surveillance. But the United States itself has also purchased, tested and deployed Pegasus.

In January, The New York Times revealed that the F.B.I. had purchased Pegasus software in 2019, and that government lawyers at the F.B.I. and the Justice Department had debated whether to deploy the spyware for use in domestic law enforcement investigations. The Times also reported that in 2018 the C.I.A. had purchased Pegasus for the government of Djibouti to conduct counterterrorism operations, despite that country’s record of torturing political opposition figures and imprisoning journalists.

A decision by L3 to terminate the acquisition talks would leave NSO’s future in doubt. The company had seen a deal with the American defense contractor as a potential lifeline after being blacklisted by the Commerce Department, which has crippled its business. American firms are not allowed to do business with companies on the blacklist, under penalty of sanctions.

As a result, NSO cannot buy any American technology to sustain its operations — whether it be Dell servers or Amazon cloud storage — and the Israeli firm has been hoping that being sold to a company in the United States could lead to the sanctions being lifted.

For more than a decade, Israel has treated NSO as a de facto arm of the state, granting licenses for Pegasus to numerous countries — including Saudi Arabia, Hungary and India — with which the Israeli government hoped to nurture stronger security and diplomatic ties.

But Israel has also denied Pegasus to countries for reasons of diplomacy. Last year, Israel rejected a request by the government of Ukraine to purchase Pegasus to use against targets in Russia, fearing that the sale would damage Israel’s relations with the Kremlin.

The Israeli government also makes extensive use of Pegasus and other locally made cyber tools for its own intelligence and law enforcement purposes, giving it further incentive to find a way for NSO to survive the American sanctions.

During the discussions about the possible sale of NSO to L3 Harris — which included at least one meeting with Amir Eshel, the director general of the Israeli defense ministry, who would have to approve any deal — the L3Harris representatives said they had received permission from the United States government to negotiate with NSO, despite the company’s presence on the American blacklist.

L3 Harris’s representatives told the Israelis that U.S. intelligence agencies supported the acquisition as long as certain conditions were met, according to five people familiar with the discussions.

One of the conditions, those people said, was that NSO’s arsenal of “zero days” — the vulnerabilities in computer source code that allow Pegasus to hack into mobile phones — could be sold to all of the United States’ partners in the so-called Five Eyes intelligence sharing relationship. The other partners are Britain, Canada, Australia and New Zealand. A senior British diplomat declined to comment on questions about the degree of knowledge British intelligence had about a possible deal between L3 and NSO.

Such a plan would have been highly unusual had it been finalized, since the Five Eyes countries usually only purchase intelligence products that have been developed and manufactured within those countries.

Israeli defense ministry officials were open to this arrangement. But following heavy pressure from the Israeli intelligence community, it balked at another request: that the Israeli government allow NSO to share the computer source code for Pegasus — which allows it to exploit the vulnerabilities in the phones it targets — with the Five Eyes countries. They also did not agree, at least not in the first phase, to allow L3’s cyber experts to come to Israel and join NSO’s development teams at the company’s headquarters north of Tel Aviv.

Representatives of the defense ministry also insisted that Israel retain its authority to grant export licenses for NSO’s products, but said they were willing to negotiate over which countries received the spyware.

Over the course of the discussions, there were numerous issues that would have required the approval of the United States government. L3Harris representatives said that they had discussed the issues with American officials, who had agreed in principle, according to the people familiar with the discussions.

To help negotiate the sale of NSO, L3Harris hired an influential lawyer in Israel with deep ties to Israel’s defense establishment. The lawyer, Daniel Reisner, is the former head of the International Law Department at the Israeli Military Prosecutor’s Office and acted as a special adviser on the Middle East peace process to former Prime Minister Benjamin Netanyahu.

In the months since the Biden administration announced the blacklist in November, and as the Israeli government pressed for a way to keep NSO from going under, the Commerce Department in Washington sent a list of questions to NSO and another Israeli hacking firm that had been blacklisted at the same time, about how the spyware works, who it targets and whether the company has any control over how its nation-state clients deploy the hacking tools.

The list, reviewed by The Times, asked whether NSO maintained “positive control over its products” and whether Americans overseas were protected from having NSO’s products deployed against them.

Another asked if NSO would “shut down access to its products if the U.S. government informs them that there is an unacceptable risk of the tool being used for human rights abuses by a particular customer?”

Separately from the proposed NSO and L3 Harris deal, Israeli officials negotiated unsuccessfully with the Commerce Department about getting NSO removed from the American blacklist in advance of President Biden’s trip to Israel in the coming week.

News last month of L3Harris’s talks to purchase NSO seemed to blindside White House officials. After the website Intelligence Online reported on the possible sale, a top White House official said such a transaction would pose “serious counterintelligence and security concerns for the U.S. government” and that the administration would work to ensure that the deal did not happen.

The official said that an American company, particularly a defense contractor, should have been aware that any transaction “would spur intensive review to examine whether the transaction process poses a counterintelligence threat to the U.S., government and its systems and information.”

Last week, in response to questions from The Times, another U.S. official said “after learning about the potential sale, the IC did an analysis that raised concerns about the sale’s implications and informed the administration’s position.”

While not a household defense industry name like Lockheed Martin or Raytheon, L3Harris earns billions each year from American government contracts at both the federal and state level. According to the company’s most recent annual report, more than 70 percent of the company’s revenue in fiscal year 2021 came from various U.S. government contracts.

USAspending.gov, a website that tracks government contracts, indicates that the Defense Department is L3Harris’ biggest government client.

The company once produced a surveillance system called Stingray that was used by the F.B.I. and local American police forces until the company discontinued production. In 2018, the company purchased Azimuth Security and Linchpin Labs, two Australian cyber firms that Vice reported had sold zero day exploits to the Five Eyes countries.

In 2016, the F.B.I. enlisted Azimuth to help break into the Apple phone of a terrorist who had carried out a deadly shooting in San Bernardino, Calif., killing more than a dozen people, according to a report in the Washington Post.

Azimuth’s work for the F.B.I. ended a standoff between the bureau and Apple, which had pointedly refused to help the F.B.I. unlock the phone in the San Bernardino case. The tech giant argued it had no backdoor to allow the F.B.I. access to the phone, and were loathe to create one because it would weaken the iPhone’s security features it promotes to its customers.

<<<



---

[gfp927z]

>>> NortonLifeLock Drops 12%; 206 ETFs Affected


ETF.com

March 16, 2022

by Ben Kissam


https://www.etf.com/sections/features-and-news/norton-lifelock-drops-12-206-etfs-affected


NortonLifeLock Inc. (NLOK) dropped more than 12% on Wednesday after the U.K.'s Competition and Markets Authority (CMA) announced its intent to begin phase 2 investigations regarding Norton's proposed merger with Avast, a rival cybersecurity company.

The deal, worth between $8.1 billion and $8.6 billion, was supposed to close in February, but to go through, it needed approval from both Spain (which it received) and the U.K. It is now likely to be delayed another several months, and may not conclude until fall, at the earliest.?

Currently, 206 ETFs hold NLOK shares.?

The Global X Cybersecurity ETF (BUG) has the greatest exposure to NLOK, at 5.74%; followed by the TrueShares Low Volatility Equity Income ETF (DIVZ), with 4.03%.

From there, percentages drop off slightly, with the ETFMG Prime Cyber Security ETF (HACK) at 2.61%, followed by the ASYMshares ASYMmetric S&P 500 ETF (ASPY), at 2.34%; and the First Trust US Equity Dividend Select ETF (RNDV), at 2.20%.

BUG and HACK have seen the greatest 30-day percentage changes as holders of NLOK, at 7.83% and 3.99%, respectively.

A total of 64.3 million shares of NortonLifeLock are held in exchange-traded funds, comprising roughly 11% of the total outstanding shares.?

The top five ETFs with the most NLOK shares overall are not the funds with the most significant exposure but large, broad-based ETFs.

The SPDR S&P 500 ETF Trust (SPY) holds 6.24 million shares, while the iShares Core S&P 500 ETF (IVV) and the Vanguard S&P 500 ETF (VOO), which both track the same index as SPY, hold 4.97 million and 4.01 million shares, respectively.

Interestingly, despite the S&P 500 Index being known as a mostly large cap benchmark, the Vanguard Mid-Cap ETF (VO) holds 4.19 million shares of the stock. Meanwhile, the Vanguard Total Stock Market ETF (VTI) holds 3.38 million shares.

Cap-weighted ETFs are the top strategy holding Norton shares, with 45 funds, but multifactor ETFs and active management ETFs are also involved, with those funds holding NLOK numbering 34 and 27, respectively. ESG ETFs represent 21 funds and fundamental ETFs represent 18 funds, rounding out the top five.

About The Company

NortonLifeLock announced in August 2021 its plans to merge with Avast, a Czech software company. In its initial release, the companies said the merger "has compelling strategic logic and represents an attractive opportunity to create a new, industry leading consumer Cyber Safety business."?

“With this combination, we can strengthen our cyber safety platform and make it available to more than 500 million users,” said Norton CEO Vincent Pilette, when the deal was announced.

NortonLifeLock's products primarily focus on internet identity protection, whereas Avast's products aim to ward off viruses, phishing scams and other spam threats.

Although Avast's headquarters is located in Prague, it trades on the London Stock Exchange. The CMA launched a phase 1 probe into the more than $8 billion cash-plus-stock deal in January and had until March 16 to announce its findings.?

The CMA said that both companies are industry leaders in the cybersecurity field and that a merger could potentially reduce competition in the cyber safety software market of the future.

"Unless the companies can offer a clear-cut solution to address our concerns, we intend to carry out an in-depth phase 2 investigation," said CMA Executive Director David Stewart.

NortonLifeLock and Avast now have five days to submit a proposal to appease those concerns.

However, in response to the investigation, NortonLifeLock was quick to call the CMA's announcement "surprising" and said it doesn't plan to make any phase 1 remedies.

<<<



---

[gfp927z]

>>> Fortinet Announces Five-for-One Stock Split


Yahoo Finance

Fortinet, Inc.

June 09, 2022


https://finance.yahoo.com/news/fortinet-announces-five-one-stock-130000973.html


News Summary

Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, today announced its intention to implement its previously announced five-for-one forward stock split (the “Stock Split”) on June 22, 2022. Fortinet previously disclosed the Stock Split on April 22, 2022, and further details on the Stock Split were included in Fortinet’s definitive proxy statement (the “Proxy Statement”) relating to Fortinet’s Annual Meeting of Stockholders to be held on June 17, 2022 (the “2022 Annual Meeting”).

The Stock Split is contingent upon stockholder approval at the 2022 Annual Meeting of an Amended and Restated Certificate of Incorporation (the “Restated Certificate”) that would increase the number of authorized shares of Fortinet’s common stock and implement the Stock Split, among certain other changes described in the Proxy Statement.

If Fortinet’s stockholders approve the Stock Split at the 2022 Annual Meeting then, upon the filing of the Restated Certificate, each share of Fortinet’s common stock outstanding on June 22, 2022 will be split into five shares of common stock. Trading is expected to begin on a split-adjusted basis on or around June 23, 2022.

For additional details, please see the Proxy Statement filed with the U.S. Securities and Exchange Commission on May 2, 2022.

This will be the second time that Fortinet has split its stock, having implemented in 2011 a two-for-one stock split.

About Fortinet

Fortinet (NASDAQ: FTNT) makes possible a digital world that we can always trust through its mission to protect people, devices, and data everywhere. This is why the world’s largest enterprises, service providers, and government organizations choose Fortinet to securely accelerate their digital journey. The Fortinet Security Fabric platform delivers broad, integrated, and automated protections across the entire digital attack surface, securing critical devices, data, applications, and connections from the data center to the cloud to the home office. Ranking #1 in the most security appliances shipped worldwide, more than 580,000 customers trust Fortinet to protect their businesses. And the Fortinet NSE Training Institute, an initiative of Fortinet’s Training Advancement Agenda (TAA), provides one of the largest and broadest training programs in the industry to make cyber training and new career opportunities available to everyone

<<<



---

[gfp927z]

>>> 3 Top Cybersecurity Stocks to Buy in April


Motley Fool

By Jake Lerch

Apr 11, 2022


https://www.fool.com/investing/2022/04/11/3-top-cybersecurity-stocks-to-buy-in-april/?source=eptyholnk0000202&utm_source=yahoo-host&utm_medium=feed&utm_campaign=article


These companies are helping to secure the world's organizations from cybercrime -- and growing quickly because of it.

Cybersecurity is one of the most pressing topics today. Whether big or small, public or private, it seems every organization is vulnerable to hacking. A recent survey of risk management experts conducted by Allianz listed cyber incidents as the most relevant concern for 2022 -- ahead of new regulations, climate change, or even another pandemic.

It's easy to see why. As technology has scaled up, so have the opportunities to infiltrate, disable, or ransom the tools that serve our economy. Amid this backdrop, numerous companies have emerged to meet this critical challenge -- several of which are great investment opportunities. While many stocks have sold off over the last year, shares of Zscaler ( ZS -4.31% ), Fortinet ( FTNT -2.67% ), and Crowdstrike ( CRWD -1.93% ) have outperformed the Invesco NASDAQ 100 ETF. Let's take a look at what makes these companies must-buys in April.


1. Zscaler

You've probably heard the phrase "Trust, but verify." Zscaler, a leader in zero-trust security, takes the proverb one step further. It is guided by the mantra "Never trust, always verify." Its security model relies on mutual authentication, meaning that users and devices must always verify their identity before being granted access to a system.

Customers, particularly large enterprise businesses, have flocked to Zscaler's products. The company has over 5,600 customers in total, including more than 170 companies within the Fortune 500. Zscaler reports that 251 of its customers now generate over $1 million in annual recurring revenue -- up 85% from a year earlier.

Overall revenues are growing fast too. In its latest quarterly earnings report (the period ending Jan. 31, 2022), Zscaler reported quarterly revenues of $256 million, a 63% increase year over year. It reported revenues of $860 million for the most recent 12 months. Moreover, the company turns those revenues into profits. Adjusted earnings-per-share for the most recent quarter was $0.13, beating the consensus estimate of $0.11.

On the horizon, Zscaler sees a great deal of opportunity ahead. It estimates its total market opportunity at $72 billion, given the surging demand for cybersecurity. Looking ahead, analysts expect fiscal 2022 revenues (the 12 months ending Jul. 31, 2022) of $1.05 billion, growing to $1.42 billion in fiscal year 2023. With its sizzling revenue growth, Zscaler is a name to own now.


2. Fortinet

Fortinet delivers various products and services that provide network, endpoint, and cloud security. The company's FortiGate firewall product, along with associated services, makes up 66% of its revenue.

While securing network hardware may not be the most exciting part of the cybersecurity field, it's still essential. And as one of the best-of-breed providers, Fortinet commands pricing power. It boasts 19% operating margins, putting it near the top of its industry in that category. Supply chain issues may present some short-term headwinds, but analysts expect Fortinet's margins to remain basically unchanged through 2023.

While its revenue growth is more modest than some of its competitors (quarterly revenues grew 29% versus last year), Fortinet compensates with profitability. It generated $3.63 of earnings per share (EPS) in 2021, and consensus estimates for 2022 are for EPS of $4.95, growing to $5.96 in 2023.

After turning in a stellar 142% gain in 2021, shares have slumped 7% in 2022. However, given its balanced growth and profitability, investors would be wise to use its recent weakness to pick up shares now -- before the company reports earnings during the first week of May.


3. Crowdstrike

The third stock on my list is Crowdstrike. The company recently reported a fantastic quarterly earnings report, with revenues growing 63% year over year. Crowdstrike is an innovator in the cybersecurity market. It doesn't rely on databases of known viruses and malware. Instead, Crowdstrike's cloud-based artificial intelligence scans customer networks in real-time, looking for suspicious patterns of behavior, and escalating or eliminating risks proactively.

What's more, Crowdstrike sells its products via subscription modules -- allowing its customers to purchase the components most applicable to their needs, and providing Crowdstrike with annual recurring revenue. This plug-and-play approach is paying off. Its subscriber base has jumped to 16,325 -- with over 69% of customers buying four or more modules.

I love Crowdstrike's business model, and so do Wall Street analysts. Of the 33 analysts who cover the stock, 30 rate it as a buy or strong buy.

<<<

[gfp927z]

Fortinet - >>> Better Cybersecurity Stock: Fortinet vs. Tenable


Motley Fool

By Leo Sun

Mar 29, 2022


https://www.fool.com/investing/2022/03/29/better-cybersecurity-stock-fortinet-vs-tenable/?source=eptyholnk0000202&utm_source=yahoo-host&utm_medium=feed&utm_campaign=article


KEY POINTS

Fortinet is a market leader in next-gen firewalls.

Tenable scans networks for security flaws to proactively stop attacks.

One is clearly a safer investment than the other.


Which cybersecurity player is a better overall investment?

Data breaches, ransomware attacks, and other types of cyberattacks have cost organizations tens of billions of dollars in recent years. The total number of cyberattacks worldwide skyrocketed 50% in 2021, according to Check Point Research, and peaked at a whopping average of 925 weekly attacks per organization last December.

That escalation has sent organizations scrambling to upgrade their digital defenses. It's also turned many leading cybersecurity stocks into evergreen investments that are resistant to macroeconomic headwinds.

Two promising stocks in that sector are Fortinet ( FTNT -0.80% ) and Tenable ( TENB 1.68% ). Let's take a closer look at these two cybersecurity companies and see which is the more well-rounded investment.

What do Fortinet and Tenable do?

Fortinet's main product is a next-gen firewall called Fortigate, which it installs through a network of on-site appliances called the "Fortinet Security Fabric." This platform provides end-to-end protection for on-premise, cloud-based, and Internet of Things (IoT) devices.

Fortinet serves over half a million customers globally, including the majority of the Fortune 500, and leverages its artificial intelligence and machine learning algorithms to analyze over 100 billion events daily.

Tenable's enterprise-facing platform, Nessus Professional, scans an organization's entire infrastructure for security vulnerabilities like weak passwords, misconfigured software, and network flaws. It also offers a free version for home networks. That proactive approach can prevent devastating attacks from ever happening.

Tenable currently serves about 40,000 customers worldwide, including 60% of the Fortune 500 and 40% of the Global 2000.

How fast is Fortinet growing?

Fortinet's revenue rose 20% in 2020 and grew 21% to $3.34 billion in 2021. It expects its revenue to grow 28%-29% this year. Its recent exit from Russia might initially reduce its annual revenue by 2%-3% this year, but it could potentially offset that loss by gaining more customers elsewhere -- especially if Russia escalates its cross-border cyberattacks.

Moreover, Fortinet's 32.5% year-over-year growth in deferred revenue at the end of 2021, which accelerated from its 23.5% growth in 2020, indicates there's still plenty of pent-up demand for its products -- and that its exit from Russia will merely be a speed bump for its long-term growth.

Unlike many other high-growth cybersecurity companies, Fortinet is firmly profitable by both generally accepted accounting principles (GAAP) and non-GAAP measures. Its non-GAAP earnings per share (EPS) increased 34% in 2020 and 19% in 2021, and it expects 22%-25% growth in 2022.

How fast is Tenable growing?

Tenable's revenue rose 24% in 2020 and grew 23% to $541 million in 2021. It expects its revenue to increase 22%-24% in 2022.

Tenable generated 58% of its revenue in the United States in 2021, and no other market accounted for over 10% of its revenue. It doesn't seem to do any significant business in Russia, and it hasn't issued any statements about its exposure to the Russo-Ukrainian war yet.

Last year, Tenable bundled together all of its risk-based exposure tools into a single platform called Tenable.ep. It's also been expanding its subscription-based cloud platform, Tenable.io, to lock in even more customers. Its 30% growth in deferred revenue in 2021, which accelerated from its 2% decline in 2020, indicates there's plenty of pent-up demand for those services.

Tenable remains unprofitable by GAAP measures, but it turned profitable on a non-GAAP basis in 2020. Its non-GAAP EPS jumped 79% in 2021, but it's bracing for a 44%-56% decline this year as it ramps up its spending.

The valuations and verdict

On a non-GAAP basis, Fortinet trades at 65 times forward earnings. Tenable has a forward P/E ratio of more than 300.

Both of those multiples are high, but higher-growth cybersecurity companies are generally valued by their top-line growth until they lose their momentum. By that measure, Fortinet trades at 12 times this year's sales, while Tenable trades at nine times this year's sales. Both price-to-sales ratios are fairly reasonable for companies that generate more than 20% revenue growth.

Fortinet and Tenable are both promising cybersecurity plays, but I believe Fortinet's stronger top-line growth and stable GAAP profits make it a better overall investment in this challenging market.

<<<

[gfp927z]

>>> 3 Cybersecurity Stocks That Could Help Make You a Fortune


Motley Fool

By Leo Sun

Mar 10, 2022


https://www.fool.com/investing/2022/03/10/3-cybersecurity-stocks-that-could-help-make-you-a/?source=eptyholnk0000202&utm_source=yahoo-host&utm_medium=feed&utm_campaign=article


KEY POINTS

Fortinet’s next-gen firewalls will keep networks secure.

Palo Alto’s blend of firewalls, cloud services, and AI threat detection platforms makes it a well-rounded cybersecurity play.

CrowdStrike’s cloud-native approach gives it plenty of room to grow.


Fortinet, Palo Alto Networks, and CrowdStrike are all great long-term plays on the cybersecurity market.


Russia's invasion of Ukraine, which sparked sanctions against the country, has also sparked fears worldwide of retaliatory Russian cyberattacks. But long before that conflict broke out, many organizations had already been hardening their cybersecurity defenses to counter data breaches, ransomware attacks, and other threats.

That secular trend has turned the cybersecurity sector into a defensive one that is resistant to macroeconomic threats like inflation and higher interest rates. So today, let's take a closer look at three evergreen plays in that sector -- Fortinet ( FTNT 2.00% ), Palo Alto Networks ( PANW 1.85% ), and CrowdStrike ( CRWD 7.63% ) -- and why they could help make you amass a fortune.


1. Fortinet

Fortinet's core platform Fortigate is a next-gen firewall that runs on on-site appliances. It links its services together with the Fortinet Security Fabric, which provides end-to-end protection for an organization's on-premise, cloud-based, and Internet of Things (IoT) services. It currently serves more than half a million customers worldwide, including the majority of the Fortune 500, and leverages its artificial intelligence (AI) and machine learning algorithms to analyze over 100 billion events daily.

Fortinet's revenue rose 20% in fiscal 2020 and 29% to $3.34 billion in fiscal 2021, and it expects 28%-29% growth in fiscal 2022. It's profitable by both generally accepted accounting principles (GAAP) and non-GAAP metrics, and its operating margins improved by both measures last year. It expects its non-GAAP earnings per share (EPS) to grow 22%-25% in fiscal 2022.

Fortinet's stock price recently dipped after it suspended its operations in Russia in response to its invasion of Ukraine, but it generates less than 3% of its revenue from the country. Furthermore, an escalation of cyberattacks from Russia will likely generate tailwinds -- not headwinds -- for Fortinet's core business. Fortinet's stock isn't cheap at 66 times forward earnings and 11 times this year's sales, but its robust growth rates and firm financial discipline should easily justify those higher valuations.


2. Palo Alto Networks

Palo Alto Networks competes against Fortinet in the next-gen firewall market with its on-premise security platform Strata. But over the past few years, it expanded its ecosystem with a cloud security platform, Prisma, and an AI-powered threat detection service called Cortex.

These newer next-generation security (NGS) services, which now drive most of its growth, accounted for 29% of Palo Alto's trailing 12-month revenue in its latest quarter. The company's combined ecosystem serves more than 85,000 customers across 150 countries.

Palo Alto's revenue rose 18% in fiscal 2020 and 25% to $4.3 billion in fiscal 2021, and it expects 27%-29% growth in fiscal 2022 (which ends this July). It isn't profitable on a GAAP basis yet, but its non-GAAP EPS increased 26% in fiscal 2021 -- and it expects 18%-19% growth in fiscal 2022.

The bears often claim that Palo Alto relies too heavily on acquisitions to expand its ecosystem and boost its revenue. However, the company continues to develop new features organically, and it doesn't plan to make any more big acquisitions in the near future. Palo Alto's stock isn't cheap at about 80 times forward earnings and 10 times this year's sales, but it could still have plenty of room to grow over the next few decades.


3. CrowdStrike Holdings

Unlike Fortinet and Palo Alto, CrowdStrike doesn't deploy any on-site hardware appliances at all. Instead, it offers all of its end-to-end security services through a cloud-based subscription platform called Falcon. This approach is stickier and easier to scale as an organization expands. It served 16,325 subscription customers at the end of fiscal 2022.

CrowdStrike's disruptive approach enables it to grow at a much faster clip than Fortinet and Palo Alto. Its revenue surged 82% in fiscal 2021 and increased 66% to $1.45 billion in fiscal 2022 (which ended this January), and it expects 47%-49% growth in fiscal 2023.

CrowdStrike's number of customers jumped 65% year over year in the fourth quarter of 2022, and it's kept its dollar-based net retention rate above 120% ever since its IPO in mid-2019. It isn't profitable by GAAP measures yet, but it expects its non-GAAP EPS to grow 54%-69% in fiscal 2023.

CrowdStrike's stock price got a bit overheated in 2021, but it's dropped nearly 40% since hitting its all-time high last November. The stock still looks a bit pricey at about 200 times forward earnings and 20 times this year's sales, but the company's early mover's advantage in cloud-based security, its explosive growth rates, and its high retention rates all justify that premium.

<<<

[gfp927z]

>>> What We Learned About Pegasus, the Smartphone Cracker


https://s.yimg.com/os/creatr-uploaded-images/2022-01/d23992d0-8045-11ec-bfff-88b2e06cfdc7">https://s.yimg.com/os/creatr-uploaded-images/2022-01/d23992d0-8045-11ec-bfff-88b2e06cfdc7" />


This studio photographic illustration shows a smartphone with the website of Israel's NSO Group which features 'Pegasus' spyware, on display in Paris on July 21, 2021. - Private Israeli firm NSO Group has denied media reports its Pegasus software is linked to the mass surveillance of journalists and rights defenders, and insisted that all sales of its technology are approved by Israel's defence ministry.


New York Times

by Michael Levenson

January 28, 2022


https://www.yahoo.com/news/learned-pegasus-smartphone-cracker-133036366.html


It is widely regarded as the world’s most potent spyware, capable of reliably cracking the encrypted communications of iPhone and Android smartphones.

The software, Pegasus, made by an Israeli company, NSO Group, has been able to track terrorists and drug cartels. It has also been used against human rights activists, journalists and dissidents.

Now, an investigation published Friday by The New York Times Magazine has found that Israel, which controls the export of the spyware, just as it does the export of conventional weapons, has made Pegasus a key component of its national security strategy, using it to advance its interests around the world

The yearlong investigation, by Ronen Bergman and Mark Mazzetti, also reports that the FBI bought and tested NSO software for years with plans to use it for domestic surveillance until the agency finally decided last year not to deploy the tools.

The Times found that sales of Pegasus played a critical role in securing the support of Arab nations in Israel’s campaign against Iran and negotiating the Abraham Accords, the 2020 diplomatic agreements, signed at a Trump White House ceremony, that normalized relations between Israel and some of its longtime Arab adversaries.

The U.S. sought the cyberweapon for domestic use.

The U.S. had also moved to acquire Pegasus, the Times found. The FBI, in a deal never previously reported, bought the spyware in 2019, despite multiple reports that it had been used against activists and political opponents in other countries. It also spent two years discussing whether to deploy a newer product, called Phantom, inside the United States.

The discussions at the Justice Department and the FBI continued until last summer, when the FBI ultimately decided not to use NSO weapons.

But Pegasus equipment is still in a New Jersey building used by the FBI. And the company also gave the agency a demonstration of Phantom, which could hack American phone numbers.

A brochure for potential customers, obtained by the Times, says that Phantom allows American law enforcement and spy agencies to “turn your target’s smartphone into an intelligence gold mine.”

The yearlong Times investigation was based on interviews with government officials, leaders of intelligence and law enforcement agencies, cyber experts, business executives and privacy activists in a dozen countries.

It tells the story of NSO’s rise from a startup operating out of a converted chicken coop on an agricultural cooperative to its blacklisting by the Biden administration in November because of its use by foreign governments to “maliciously target” dissidents, journalists and others.

NSO began with two school friends, Shalev Hulio and Omri Lavie, hatching startups in Bnai Zion, an agricultural cooperative outside of Tel Aviv, Israel, in the mid-2000s.

One of their startups, CommuniTake, which offered cellphone tech-support workers the ability to take control of their customers’ devices — with permission — caught the attention of a European intelligence agency, Hulio said.

NSO was born, and the company eventually developed a way to gain access to phones without the user’s permission — no need to click on a malicious attachment or link. (That the company’s name sounded like the NSA was a mere coincidence).

‘You start to believe your every move is watched.’

After NSO began selling Pegasus globally in 2011, Mexican authorities used it to capture Joaquín Guzmán Loera, the drug lord known as El Chapo. And European investigators used it to smash a child-abuse ring with dozens of suspects in more than 40 countries.

But abuses have also been revealed in reports by researchers and news organizations, including the Times.

Mexico used the spyware to target journalists and dissidents. Saudi Arabia used it against women’s rights activists and associates of Jamal Khashoggi, the Washington Post columnist who was killed and dismembered by Saudi operatives in 2018.

That year, the CIA bought Pegasus to help Djibouti, a U.S. ally, fight terrorism, despite long-standing concerns about human rights abuses there, including the persecution of journalists and the torture of dissidents.

In the United Arab Emirates, Pegasus was used to hack the phone of an outspoken critic of the government, Ahmed Mansoor.

Mansoor’s email account was breached, his geolocation was monitored, $140,000 was stolen from his bank account, he was fired from his job and strangers beat him on the street.

“You start to believe your every move is watched,” he said. In 2018, he was sentenced to 10 years in prison for posts he made on Facebook and Twitter.

Through a series of new deals licensed by the Israeli Ministry of Defense, Pegasus has been provided to the far-right leaders of Poland, Hungary, India and other countries.

Then-Prime Minister Benjamin Netanyahu did not order the Pegasus system to be cut off, even when the Polish government enacted laws that many Jews inside and outside of Israel saw as Holocaust denial, or when Prime Minister Mateusz Morawiecki, at a conference attended by Netanyahu himself, falsely listed “Jewish perpetrators” among those responsible for the Holocaust.

The blacklisting of NSO infuriated Israeli officials.

American companies have been trying to build their own tools that could hack phones with the ease of NSO’s “zero click” technology.

One of those companies, Boldend, told Raytheon, the defense-industry giant, in January 2021, that it could hack WhatsApp, the popular messaging service owned by Facebook, but then lost the capability after a WhatsApp update, according to a presentation obtained by the Times.

The claim was especially notable because, according to one of the slides, a major Boldend investor is Founders Fund — a company run by Peter Thiel, the billionaire who was one of Facebook’s first investors and remains on its board.

The recent U.S. blacklisting of NSO could suffocate the company by denying it access to the American technology it needs to run its operations, including Dell computers and Amazon cloud servers.

The rebuke has infuriated Israeli officials who have denounced the move as an attack not only on a crown jewel of the country’s defense industry but on the country itself.

“The people aiming their arrows against NSO,” said Yigal Unna, director general of the Israel National Cyber Directorate until Jan. 5, “are actually aiming at the blue and white flag hanging behind it.”

<<<

[gfp927z]

Fortinet - >>> 3 Top Stocks to Play the Data Center Upgrade Cycle in 2022


The internet is evolving again, and data center construction is picking up pace to facilitate it.


Motley Fool

by Nicholas Rossolillo

Dec 31, 2021


https://www.fool.com/investing/2021/12/31/3-top-stocks-to-play-the-data-center-upgrade-cycle/?source=eptyholnk0000202&utm_source=yahoo-host&utm_medium=feed&utm_campaign=article


Key Points

AMD's CPUs and GPUs have momentum on their side in the important data center market.

Arista Networks is forecasting strong growth for the new year from its data center customers.

Fortinet designs some of the best data center and network security hardware around.


Facebook's recent corporate rebrand to Meta Platforms has set off a firestorm of media headlines surrounding terms like "metaverse," "web 3.0," and "cryptocurrencies." But even before that, lots of organizations had already started upgrading their data centers to get ready for more advanced web-based services and experiences.

A new wave of tech hardware construction is thus underway, and Advanced Micro Devices (NASDAQ:AMD), Arista Networks (NYSE:ANET), and Fortinet (NASDAQ:FTNT) look like top buys right now. Here's why these are three top stocks to play the data center upgrade push.


1. AMD: Gobbling up market share of the web's basic computing unit. It doesn't look like AMD's pending acquisition of fellow chip designer Xilinx (NASDAQ:XLNX) will get done in 2021, as it's still pending sign-off from regulators in China. Management said it hopes to finalize the $35 billion acquisition in early 2022. Xilinx, which is the leader in field-programmable gate arrays (FPGAs), will open up a new front for AMD as it gobbles up market share from Intel (NASDAQ:INTC) in multiple areas.

Even should the Xilinx deal get hung up by China (regulators in the U.S., U.K., and Europe have already given the go-ahead), AMD will be just fine. AMD's CPUs for data centers (one of Intel's most important business lines) have been building steam for years. And along with Nvidia, AMD GPUs designed for artificial intelligence are also a key growth driver for the company.

But FPGAs from Xilinx, a flexible chip type that can be reprogrammed at the hardware level, have also been on the offensive. Intel acquired a couple of FPGA firms in recent years, but that segment has mostly stalled out while Xilinx has been growing at a healthy clip. Together, AMD and Xilinx would be a powerful force and help AMD continue to eat away at Intel's massive lead in the semiconductor industry.

Besides sustaining AMD's stand-alone growth momentum, Xilinx will improve AMD's profit margins, and boost research and development spending. Currently, AMD stock trades for 61 times trailing-12-month free cash flow and 44 times next year's expected earnings. This valuation implies another year of rapid growth for the company in 2022, which looks more than viable given the high demand chips are in and the rapid pace of data center upgrades (for example, Meta choosing AMD chips to help power the metaverse). Adding in Xilinx could just be extra gravy. I remain optimistic on AMD's prospects for the long term.


2. Arista Networks: Constructing the backbone of cloud computing
After a few years of struggle, Arista Networks stock was back on the rise in 2021 and set fresh all-time highs throughout the year. The company made a solid rebound from the adverse effects of the U.S.-China trade war that were exacerbated by the early days of the pandemic, and Arista's sales are in strong growth mode once again.

Arista designs open-source switches and other networking equipment. As it's a key ingredient in data centers and other internet infrastructure, a surge in web traffic and cloud computing has Arista's hardware in high demand right now. With order lead times extending well into 2022, management expressed confidence on its last earnings call that it will continue to grow in the new year (through the first nine months of 2021, Arista revenue was up 27% year over year).

Along with its hardware, Arista has also been expanding on its library of software solutions for its data center customers. Together, the company provides a full suite of solutions for enterprises looking to build out new capabilities for the digital world, like cloud operation monitoring and security. In total, it makes for an incredibly profitable business. Arista generated $914 million in free cash flow over the last 12 months, a 33% free cash flow profit margin.

As of this writing, the stock trades for 50 times trailing-12-month free cash flow and nearly 42 times next year's expected earnings. It's the highest premium Arista has traded for in years, but given the company's return to double-digit percentage growth, it's not an unwarranted price tag. This is a great stock to own if you think data center construction, the cloud, and other next-gen web experiences will remain a secular growth trend throughout the 2020s.


3. Fortinet: A best-in-class play for security

Cloud-based security software has been all the rage since the start of the pandemic. Firms like CrowdStrike and Zscaler have been top performers in the cybersecurity industry. But Fortinet, often considered a "legacy" security firm, is no slouch. For every cloud service, a data center is doing the work somewhere, and that physical asset needs to be secured as well.

Fortinet designs some of the top chips on the market for this purpose. Even during lockdowns and corporate freezes on some spending in year one of the pandemic (2020), Fortinet's hardware sales kept growing. And then in 2021 as data center upgrades picked up pace, the company's product sales segment accelerated (up 40% through the first nine months of the year).

But let's not pigeonhole Fortinet as a hardware company. In fact, nearly two-thirds of its revenue is derived from services -- recurring and very sticky software-based sales that get packaged with the company's best-in-class equipment. Even as cybersecurity needs have evolved with proliferating use of the internet, Fortinet has adapted and maintained fast and steady growth for years. Development of a new wave of IT services bodes well for the company's continued success.

As can be expected from a company that has a long track record of profitable growth, Fortinet stock can be purchased for a premium 48 times trailing-12-month free cash flow and 79 times next year's expected earnings (a higher multiple for next year assumes the company invests heavily in research and development in 2022). Nevertheless, I still like Fortinet for the long haul. Expect some turbulence after shares more than doubled in 2021, but if you are focused on the firm's potential over the next five-plus years like I am, this top data center security play deserves attention.

<<<

[gfp927z]

>>> Cybersecurity Stocks To Buy And Watch: Demand Grows For Next-Gen Security


Investor's Business Daily

by REINHARDT KRAUSE

12/28/2021


https://www.investors.com/news/technology/cybersecurity-stocks/?src=A00220


You may think the time is right to move into cybersecurity stocks, if you're reading this IBD investing primer. The IBD Computer-Software Security group ranks No. 20 out of 197 industry groups tracked

The recently disclosed Log4j computer server software vulnerability has spurred a new wave of hacker attacks.

Some cybersecurity stocks, such as CrowdStrike Holdings (CRWD), have pulled back after strong runs.

Ransomware remains a big threat, though fewer highly publicized incidents occurred in the back half of 2021.

The rise of cryptocurrency Bitcoin has been linked to a spike in ransomware attacks. In ransomware attacks, hackers take over computer systems, encrypt files and demand digital payment to restore access to critical data.

Cybersecurity spending worldwide will pop an estimated 13% in 2021 to $172 billion, says market research firm Gartner, accelerating from 8% growth in 2020. In both 2022 and 2023, Gartner forecasts 11% growth in cybersecurity spending.

The financial services industry is a big spender, said Wells Fargo analyst Mike Mayo in a recent report.

"The biggest banks spend as much as $1 billion, or an estimated 10% to 20% of their IT budgets on cyber," said Mayo. He added: "Cyber spending should increase 10% (compound annual growth rate) over the next four years. As banks increasingly rely on digital interactions with customers, the importance of cybersecurity grows."

Cybersecurity Stocks With High Composite Ratings

Fortinet (FTNT) stock, Mimecast (MIME), Zscaler (ZS), Qualys (QLYS) and Palo Alto Networks (PANW) are among cybersecurity stocks with Composite Ratings above 90. FTNT stock was featured in the New America section.

The Composite Rating is a blend of the other five IBD stock ratings: the earnings per share or EPS Rating, Relative Price Strength Rating, Accumulation/Distribution Rating, Industry Group Relative Strength Rating and the SMR Rating.

The latter measures sales growth, profit margins and return on equity. The all-encompassing Composite Rating helps investors easily measure the quality of a stock's fundamental and technical metrics.

No cybersecurity stocks currently are members of the IBD Leaderboard. It's IBD's curated list of leading stocks that stand out on technical and fundamental metrics.

Both CrowdStrike and Zscaler stock have dropped off the IBD 50 roster of growth companies.

Congress has finally passed legislation funding infrastructure projects. The legislation is expected to include funding for federal, state and local cybersecurity infrastructure.

Hot Cybersecurity Startups Eye IPOs

Private equity firms continue to eye cybersecurity stocks. Permira in December agreed to buy Mimecast (MIME) for $5.8 billion. Thoma Bravo in April agreed to buy Proofpoint in an all-cash $12.3 billion deal.

SentinelOne (S)'s initial public offering raised $1.2 billion. SentinelOne is a rival of CrowdStrike in an emerging market.

Meanwhile, analysts say Netskope, Illumio and Menlo Security are among cloud security startups that could launch IPOs. Netskope in early July raised $300 million at a valuation of $7.5 billion.

Analysts say a new wave of startups seems to be taking share from industry incumbents. They include Cybereason, Exabeam, Vectra AI and iBoss.

"Illumio just completed a Series F round for $225 million of 100% primary capital led by Thoma Bravo, where Illumio now sports a $2.75 billion post-round valuation," said Needham analyst Alex Henderson in a report.

Darktrace (DARK) launched its IPO on the London stock exchange in April. Darktrace utilizes self-learning artificial intelligence tools in security automation.

Consolidation may be coming in the cybersecurity industry. Okta in early March acquired privately held Auth0 in a $6.5 billion, all-stock deal. Also, Okta (OKTA) is expanding into new security markets to take on CyberArk Software (CYBR) and SailPoint Technologies (SAIL).

Microsoft Stock A Big Player In Cybersecurity

Also, Microsoft (MSFT) disclosed that its cybersecurity revenues top $10 billion annually. With 400,000 customers, Microsoft's computer security franchise is growing at more than 40%, the company said.

Microsoft in July acquired RiskIQ, a security threat management company. Bloomberg reported that Microsoft paid around $500 million. Microsoft also bought CloudKnox Security in July.

In addition, Microsoft is integrating more security tools into its cloud-based Office 365 software. As it expands cloud-based security services, Microsoft could pressure more industry incumbents, such as Okta, CrowdStrike, and Splunk (SPLK).

"Microsoft is clearly pitching itself as offering a full security suite, a competitive advantage as customers increasingly want a unified view of threats," UBS analyst Karl Keirstead said in a recent note to clients.

Also, one key IBD technical measure for cybersecurity stocks are Relative Strength Ratings. Further, it behooves an investor to know which cybersecurity stocks address ransomware, phishing or other kinds of cyberattacks.

Palo Alto Networks has spent over $3 billion making 10 acquisitions over the past three years. With roots in the "firewall" network security market, Palo Alto aims to build a broad cloud-based security platform.

Further, CrowdStrike uses machine learning and a specialized database to detect malware on laptops, mobile phones and other devices that access corporate networks. In addition, many software companies are using artificial intelligence to get a competitive edge.

In addition, Zscaler is the biggest provider of cloud-based web security gateways that inspect customers' data traffic for malware.

SailPoint, an identity management software maker, is among companies that garner more than 10% of revenue from government agencies.

Coronavirus Outbreak Boosted Demand For Cloud Security

Other cybersecurity firms with a sizable government business include Tenable Holdings (TENB), Rapid7 (RPD) and CyberArk. Tenable in February acquired France-based Alsid, which focuses on identity access management.

Rapid7 and Qualys specialize in vulnerability management services.

Amid the rapid global spread of the coronavirus called Covid-19, many companies instructed employees to work from home. That has increased demand for computer security products that support remote work.

The coronavirus emergency and shift to remote work has accelerated the growth of cloud-based network security. So the industry now has a new term for the infrastructure that supports distributed workers and branch offices.

It's spelled SASE — pronounced "sassy" — and it stands for Secure Access Service Edge.

Cybersecurity Stocks: Remote Work Increases Amid Pandemic

As remote workers access company data via the internet, many businesses are setting up virtual private networks, or VPNs. Some are buying laptops with preinstalled security software.

"We believe corporations are facing challenges in terms of VPN capacity, and protecting workers adequately with next-generation network and endpoint security offerings," William Blair analyst Jonathan Ho said in a report to clients.

He added that "intensifying email and phishing campaigns, identity access management, and control over software applications" are other security issues.

However, industries hard hit by the coronavirus pandemic will spend less on security software. They include airlines, hotels, retail and restaurants.

Meanwhile, one view is that mergers and acquisitions will pick up.


"The cloud has disrupted everything, which presents both threat and opportunity," Jefferies analyst Brent Thill said in a recent note. "The cyber market is riper than ever for ongoing consolidation. Many smaller vendors are attempting to solve the same problems, larger vendors are looking to create security suites, and financing rates are at all-time lows."

Zscaler, Qualys and Ping Identity Holdings (PING) were each featured recently as the IBD Stock of the Day.

In addition, while cybersecurity stocks often get a boost from well-publicized cyberattacks, the impact can be short-lived.

SD-WAN Technology Changes Security Needs

Corporate America has hiked tech spending on security aiming to protect intellectual property as well as consumer privacy. Hackers continue to steal credit card data and intellectual property.

Spending on security technologies has evolved as companies shift business workloads to cloud computing service providers. Amazon Web Services, part of Amazon.com (AMZN), is the biggest cloud services firm. Amazon looms as a potential rival as it builds more security tools into its cloud services.

Also, Fortinet competes with Palo Alto Networks and others in the firewall security market. Firewalls reside between private networks and the internet. They block unauthorized traffic and check web applications for malware.

As large companies shift to off-premise cloud computing services, one view is that firewall technology will play a lesser role. Fortinet has targeted software-defined wide area networks, or SD-WANs, an emerging computer networking technology.

Aiming to catch-up in SD-WAN technology, Palo Alto Networks acquired startup CloudGenix.

Cybersecurity Products Battle Ransomware, Phishing

Cybersecurity stocks span a wide-range of products and services. In addition, some security vendors are shifting to software-based subscription business models from selling hardware appliances.

Proofpoint specializes in email and data-loss protection.

Hackers often aim to compromise networks by targeting employees or management who have administrative access. CyberArk manages privileged accounts. In addition, Okta provides identity management services.

To slow down hackers, more companies are focusing on internal security threats though a strategy known as Zero Trust.

In addition, traditional security measures aim to keep the bad guys out of corporate networks. Further, network firewalls focus on intruders from the public internet.

Zero Trust cybersecurity models focus on internal threats, such as hackers stealing someone's security credentials. Security firms verify the identity of network users and limit access to applications.

CrowdStrike, Okta, Netskope and Proofpoint recently formed a Zero Trust alliance.

Targeting Zero Trust security, Cisco Systems (CSCO) in 2018 acquired Duo Security for $2.35 billion.

Artificial Intelligence Changing Cybersecurity Market

Also, many fast-growing cybersecurity firms are in the endpoint market. Their tools detect malware on laptops, mobile phones and other devices that access corporate networks.

Further, CrowdStrike's initial public offering in June, 2019 raised $612 million, one of the largest cybersecurity offerings. CrowdStrike's rivals include VMware's (VMW) Carbon Black, Palo Alto, FireEye (FEYE) and startup Cybereason. Private equity firms Blackstone and ClearSky recently invested $400 million in FireEye.

In addition, state-sponsored hackers and cybersecurity firms are both using artificial intelligence to get an edge.

Artificial intelligence should improve computer security tools by speeding up incident responses. It could help thwart email-delivered ransomware or swarming botnets that knock out access to websites.


Follow Reinhardt Krause on Twitter @reinhardtk_tech for updates on 5G wireless, artificial intelligence, cybersecurity and cloud computing.

<<<

[gfp927z]

>>> IMF, World Bank & 10 Countries Held Alarming "Simulation" Of Global Financial System Collapse


Zero Hedge

BY TYLER DURDEN

DEC 21, 2021


https://www.zerohedge.com/markets/imf-world-bank-10-countries-hold-alarming-simulation-global-financial-system-collapse


Earlier this month Reuters produced a report which didn't receive nearly enough attention among the American public - its contents would be sure to alarm most people concerned with the outbreak of yet more 'global catastrophes'. At the very least it's curious timing: amid the recent pandemic induced disruption in global supply chains, powerful nations and banking institutions decided to get together to run a global economic collapse scenario.

The report described that Israel led a "10-country simulation of a major cyber attack on the global financial system in an attempt to increase cooperation that could help to minimize any potential damage to financial markets and banks." It was centered on a catastrophic scenario in which "hackers were 10 steps ahead of us," according to one official who took part.

Dubbed "Collective Strength", the exercise was held in Jerusalem (after being moved from the original proposed location of Dubai) and included the participation also of the United States, UK, United Arab Emirates, Austria, Switzerland, Germany, Italy, the Netherlands and Thailand. Officials from the International Monetary Fund (IMF), World Bank and Bank of International Settlements were also involved.

The financial-geopolitical gaming simulation was set amid a scenario where sensitive data was leaked on the Dark Web, which combined with "fake news" reports going viral across societies, resulting in the collapse of global markets and an ensuing run on banks. Further, the simulation envisioned a series of devastating hacks targeting global foreign exchange systems, which also disrupted transactions between importers and exporters, according to Reuters.

The simulation set out a severe crisis period lasting about a week-and-a-half. Events were guided by a film and narrator which related the fast moving 'live' events...

"These events are creating havoc in the financial markets," said a narrator of a film shown to the participants as part of the simulation and seen by Reuters.

Further the report detailed of the simulation hosted under the aegis of Israel's Finance Ministry:

"The banks are appealing for emergency liquidity assistance in a multitude of currencies to put a halt to the chaos as counterparties withdraw their funds and limit access to liquidity leaving the banks in disarray and ruin," the narrator said.

The participants discussed multilateral policies to respond to the crisis, including a coordinated bank holiday, debt repayment grace periods, SWAP/REPO agreements and coordinated delinking from major currencies.

Ostensibly what was a "successful" ten day exercise was aimed toward each country being prepared to contain the global damage coming from some kind of major cyber event or threat. The key takeaway was that only through rapid global cooperation and open communication among nations, would there be opportunity to prevent total collapse of the global (or perhaps rather Western-led) financial system.

Interestingly, some participants said in reality they would in reality move faster than in the simulation in the instance of a cyber disruption of that scale. They said "in a real cyber attack situation governments would take action more quickly than in the simulation," according to Reuters. "One European financial official said that in the case of such of an attack, his country would not wait 10 days to act."

However, we doubt much of the Western public will feel "comforted" by global elites engaged in a simulated global meltdown 'readiness' scenario. Again, as if 2020 and 2021 under the pandemic weren't enough of a "real world" disaster and crisis scenario, one questions the need to game out a 'pretend' scenario in the first place.

<<<

[gfp927z]

>>> The security flaw that's freaked out the internet


AP

By FRANK BAJAK

12-14-21


BOSTON (AP) — Security pros say it's one of the worst computer vulnerabilities they've ever seen. They say state-backed Chinese and Iranian hackers and rogue cryptocurrency miners have already seized on it.

Security experts around the world raced Friday, Dec. 10, 2021, to patch one of the worst computer vulnerabilities discovered in years, a critical flaw in open-source code widely used across industry and government in cloud services and enterprise software. Cybersecurity experts say users of the online game Minecraft have already exploited it to breach other users by pasting a short message into in a chat box.

The Department of Homeland Security is sounding a dire alarm, ordering federal agencies to urgently eliminate the bug because it's so easily exploitable — and telling those with public-facing networks to put up firewalls if they can't be sure. The affected software is small and often undocumented.

Detected in an extensively used utility called Log4j, the flaw lets internet-based attackers easily seize control of everything from industrial control systems to web servers and consumer electronics. Simply identifying which systems use the utility is a prodigious challenge; it is often hidden under layers of other software.

The top U.S. cybersecurity defense official, Jen Easterly, deemed the flaw “one of the most serious I’ve seen in my entire career, if not the most serious” in a call Monday with state and local officials and partners in the private sector. Publicly disclosed last Thursday, it’s catnip for cybercriminals and digital spies because it allows easy, password-free entry.

The Cybersecurity and Infrastructure Security Agency, or CISA, which Easterly runs, stood up a resource page Tuesday to help erase a flaw it says is present in hundreds of millions of devices. Other heavily computerized countries were taking it just as seriously, with Germany activating its national IT crisis center.

A wide swath of critical industries, including electric power, water, food and beverage, manufacturing and transportation, were exposed, said Dragos, a leading industrial control cybersecurity firm. “I think we won’t see a single major software vendor in the world -- at least on the industrial side -- not have a problem with this,” said Sergio Caltagirone, the company’s vice president of threat intelligence.

Eric Goldstein, who heads CISA's cybersecurity division, said Washington was leading a global response. He said no federal agencies were known to have been compromised. But these are early days.

“What we have here is a extremely widespread, easy to exploit and potentially highly damaging vulnerability that certainly could be utilized by adversaries to cause real harm," he said.

A SMALL PIECE OF CODE, A WORLD OF TROUBLE

The affected software, written in the Java programming language, logs user activity on computers. Developed and maintained by a handful of volunteers under the auspices of the open-source Apache Software Foundation, it is extremely popular with commercial software developers. It runs across many platforms — Windows, Linux, Apple’s macOS — powering everything from web cams to car navigation systems and medical devices, according to the security firm Bitdefender.

Goldstein told reporters in a conference call Tuesday evening that CISA would be updating an inventory of patched software as fixes become available. Log4j is often embedded in third-party programs that need to be updated by their owners. “We expect remediation will take some time,” he said.

Apache Software Foundation said the Chinese tech giant Alibaba notified it of the flaw on Nov. 24. It took two weeks to develop and release a fix.

Beyond patching to fix the flaw, computer security pros have an even more daunting challenge: trying to detect whether the vulnerability was exploited — whether a network or device was hacked. That will mean weeks of active monitoring. A frantic weekend of trying to identify — and slam shut — open doors before hackers exploited them now shifts to a marathon.

LULL BEFORE THE STORM

“A lot of people are already pretty stressed out and pretty tired from working through the weekend — when we are really going to be dealing with this for the foreseeable future, pretty well into 2022,” said Joe Slowik, threat intelligence lead at the network security firm Gigamon.

The cybersecurity firm Check Point said Tuesday it detected more than half a million attempts by known malicious actors to identify the flaw on corporate networks across the globe. It said the flaw was exploited to plant cryptocurrency mining malware — which uses computer cycles to mine digital money surreptitiously — in five countries.

As yet, no successful ransomware infections leveraging the flaw have been detected. But experts say that’s probably just a matter of time.

“I think what’s going to happen is it’s going to take two weeks before the effect of this is seen because hackers got into organizations and will be figuring out what to do to next.” John Graham-Cumming, chief technical officer of Cloudflare, whose online infrastructure protects websites from online threats.

We’re in a lull before the storm, said senior researcher Sean Gallagher of the cybersecurity firm Sophos.

“We expect adversaries are likely grabbing as much access to whatever they can get right now with the view to monetize and/or capitalize on it later on.” That would include extracting usernames and passwords.

State-backed Chinese and Iranian hackers have already exploited the flaw, presumably for cyberespionage, and other state actors were expected to do so as well, said John Hultquist, a top threat analyst at the cybersecurity firm Mandiant. He wouldn't name the target of the Chinese hackers or its geographical location. He said the Iranian actors are “particularly aggressive” and had taken part in ransomware attacks primarily for disruptive ends.

SOFTWARE: INSECURE BY DESIGN?

The Log4j episode exposes a poorly addressed issue in software design, experts say. Too many programs used in critical functions have not been developed with enough thought to security.

Open-source developers like the volunteers responsible for Log4j should not be blamed so much as an entire industry of programmers who often blindly include snippets of such code without doing due diligence, said Slowik of Gigamon.

Popular and custom-made applications often lack a “Software Bill of Materials” that lets users know what’s under the hood — a crucial need at times like this.

“This is becoming obviously more and more of a problem as software vendors overall are utilizing openly available software,” said Caltagirone of Dragos.

In industrial systems particularly, he added, formerly analog systems in everything from water utilities to food production have in the past few decades been upgraded digitally for automated and remote management. “And one of the ways they did that, obviously, was through software and through the use of programs which utilized Log4j," Caltagirone said.

<<<

[gfp927z]

>>> DHS warns of critical flaw in widely used software


By Sean Lyngaas

CNN

12-11-21


https://www.msn.com/en-us/news/technology/dhs-warns-of-critical-flaw-in-widely-used-software/ar-AARJ5oQ?ocid=uxbndlbing


The Department of Homeland Security's top cyber official on Saturday urged government and private-sector organizations to address a critical flaw in widely used software that hackers were actively using to try to breach networks.

The US Department of Homeland Security says it will brief critical infrastructure firms across the US on Monday.

DHS's Cybersecurity and Infrastructure Security Agency ordered federal civilian agencies to update their software. And Jen Easterly, the head of the agency, warned that the vulnerability was being widely exploited by "a growing set" of hackers.

The vulnerability is in Java-based software known as "Log4j" that large organizations, including some of the world's biggest tech firms, use to configure their applications.

Apple's cloud computing service, security firm Cloudflare and one of the world's most popular video games, Minecraft, are among the organizations that run Log4j, according to security researchers.

The vulnerability can offer a hacker a relatively easy way to access an organization's computer server. From there, an attacker could devise other ways to access systems on an organization's network.

Security experts say that the fallout from the software flaw could continue for days and weeks as organizations race to address the issue.

The situation escalated before the weekend when a tool for exploiting the vulnerability was made public on GitHub, a software repository. That gave malicious hackers a potential roadmap for how to use the vulnerability to break into devices.

Easterly said her agency would hold a call with critical infrastructure firms across the country on Monday to brief them on the situation.

The onus will be on organizations running the software, rather than individual consumers, to apply the fixes. The Apache Software Foundation, which manages the Log4j software, has released a security fix for organizations to apply.

Cybersecurity researchers interviewed by CNN said it was unclear just how many devices on the internet are exposed to the vulnerability. But IT administrators around the world are on notice and preparing for a long weekend of responding to hacks.

Kevin Beaumont, a researcher who keeps a close eye on emerging software flaws, compared the conundrum that organizations are in with the software flaw to "lock[ing] the doors to your car, but then allow[ing] anybody to shout commands at Siri from outside the car to remotely drive it."

"Log4j is buried deep inside products and [organizations], gonna be painful to fix," Beaumont tweeted Friday.

GreyNoise Intelligence, a firm that maps internet traffic, said that the number of devices that were trying to exploit the vulnerability had more than doubled from Friday to Saturday.

GreyNoise founder Andrew Morris said his firm had been consulting with large tech companies and government organizations about mitigating the impact of the malicious cyber activity.

"A lot of really important people are concerned" about the vulnerability, Morris told CNN.

<<<

[gfp927z]

>>> Zscaler - >>> 2 Monster Growth Stocks To Buy and Hold Right Now


Motley Fool

By Trevor Jennewine

Dec 10, 2021


https://www.fool.com/investing/2021/12/10/2-monster-growth-stocks-to-buy-and-hold-right-now/?source=eptyholnk0000202&utm_source=yahoo-host&utm_medium=feed&utm_campaign=article


Zscaler is a pioneer in cloud security. Its platform, called a secure access service edge (SASE), is designed to replace traditional corporate networks. Rather than routing web traffic through a central hub, clients lean on Zscaler's network of over 150 global data centers to enforce security policies, which makes it possible to quickly and safely access corporate resources from any device or location.

Specifically, Zscaler's portfolio includes four products: Zscaler Internet Access and Zscaler Public Access, which allow clients to safely connect to both external and internal applications; and Zscaler Cloud Protection and Zscaler Digital Experience, which secure cloud workloads and help IT teams monitor the performance of networks, applications, and infrastructure.

Broadly speaking, by accelerating and securing corporate resources, Zscaler helps businesses provide employees with a high-quality user experience, whether they are in the office or working remotely. And because Zscaler delivers those services from the cloud, clients avoid the cost and commitment of managing the underlying hardware.

That value proposition is only becoming more compelling, as evidenced by Zscaler's strong financial performance over the past year.

Metric

Q1 2021 (TTM)

Q1 2022 (TTM)

Change

Revenue

$480.3 million

$761.0 million

58%

Free cash flow

$60.3 million

$184.9 million

207%

Source: YCharts. TTM = trailing-12-months. Note: Q1 2022 ended Oct. 31, 2021.

Going forward, Zscaler has a good shot at maintaining that momentum. The company puts its addressable market at $72 billion, and the founder-led management team has already demonstrated its ability to expand the platform and grow the business. Moreover, 92% of employees would recommend the company to a friend, and 98% approve of the founder and CEO Jay Chaudhry, according to Glassdoor. Those impressive statistics suggest a strong corporate culture.

It's noteworthy that Gartner has recognized Zscaler as the industry leader for the last 10 consecutive years, evidencing the company's strong competitive position. Gartner also projects that 60% of organizations will have plans in place to adopt SASE networks by 2025, up from 10% in 2020. That tailwind should be a significant growth driver for Zscaler. That's why this stock belongs in your portfolio.

<<<

[gfp927z]

Fortinet - >>> My Take: 4 Strong Growth Stocks To Buy This Week


Motley Fool

By James Brumley

Dec 10, 2021


https://www.fool.com/investing/2021/12/10/my-take-4-strong-growth-stocks-to-buy-this-week/?source=eptyholnk0000202&utm_source=yahoo-host&utm_medium=feed&utm_campaign=article


KEY POINTS

Cybersecurity, solar energy, data management, and healthcare all have a bright future.

There is little question that demand will continue to rise in each of these sectors.

Each of these companies offers solutions once thought unthinkable in their fields.

If these companies' growth prospects were good enough before the omicron-fueled rout, they're even better now.

Has the omicron-fueled sell-off already run its course? Maybe or maybe not. Given Tuesday's sharp rebound, at the very least it's clear that investors aren't willing to simply throw in the towel at the first sign of trouble. The market is open for business as usual -- even if the current volatility is a bit unusual.

Yet not all stocks have fully recovered. Here are four great growth companies that were beaten down a bit by the recent market sell-off, making them relative bargains to new investors.


Palantir Technologies

It's not a household name, but Palantir Technologies ( PLTR -1.41% ) plays a crucial role in helping organizations handle the deluge of digital data they've been collecting for years now. A bunch of competitors operate in this arena, but Palantir's solutions are more than a means of turning information into insights. They go further, melding digital data with front-line activities like product deliveries, resource allocation, and even medical care.

Palantir's target market isn't just companies. It actually offers the sort of solutions that governments and their agencies need to be fully effective. For instance, the UK's National Health Service tapped Palantir to help manage its response to the COVID-19 pandemic, including the execution of its mass-vaccination effort.

This sort of higher-level capability can be utilized by a wide array of organizations, and they're increasingly doing so. Analysts see sales growing nearly 30% next year following this year's 40% increase. While the company is not profitable yet, progress is being made on that front -- making the shares' 26% slide this past month an even more compelling reason to consider jumping in.


Fortinet

Palantir may not be turning a profit yet, but cybersecurity specialist Fortinet ( FTNT 5.12% ) certainly is. The company has produced $435 million worth of operating income through the first three fiscal quarters of 2021, up 20% year over year, and is en route to what analysts expect will be a 17% gain in full-year earnings. Next year could be even better with forecasts of 19% revenue growth. At the same time, earnings per share are projected to reach $3.91 this year and $4.61 in 2022.

With cybersecurity concerns abounding, there's little reason to think demand for these products will stop growing anytime soon. In fact, it could accelerate as the scope of the true risk continues to come into view. Cybersecurity Ventures estimates that cybercrime will cost the world around $6 trillion this year alone and -- assuming nothing is done to mitigate it -- that cost will grow at an annual pace of 15% to $10.5 trillion by 2025.

In other words, nobody can afford to simply do nothing; the world will have to invest in cyberdefense. So organizations will increasingly need solutions like Fortinet's zero trust network, which ensures that remote employees are connecting to a network securely, or its network firewall, which has earned the Gartner consultancy's top accolades for 12 years in a row. And that's just a sampling of how Fortinet has managed to grow its sales and profits so well.

While the shares have rebounded somewhat, they are still down 10% from their high last month.


Enphase Energy

Speaking of technologies the world is going to need for many years to come, add Enphase Energy ( ENPH -0.61% ) to your list. The solar power outfit is in the right place at the right time -- namely, on the cusp of explosive demand for renewable energy with solar at the forefront. The Solar Energy Industries Association predicts that in the United States alone solar-power production capacity will more than triple over the next 10 years, making it the country's fastest-growing source of electricity over that time frame.

That said, it's important to note that Enphase Energy's value isn't as a solar panel manufacturer; for better or worse, that area has evolved into a commodity-type business. Rather, Enphase's edge within the fast-growing solar power market is its technology. The company's combination of power inverters, system management apps, and power-storage solutions solves many of the biggest problems that corporations and consumers will face as they transition to solar power.

Plus, Enphase has over 400 patents or pending patents to help keep it (and its hardware) ahead of the competition. So with the stock down some 20% from its high, investors would do well to take a closer look.


DexCom

Finally, investors on the hunt for growth stocks may want to consider DexCom ( DXCM 1.13% ), a maker of continuous glucose monitoring systems (GMS) used by diabetics. The stock is anything but cheap, trading at nearly 200 times this year's expected per-share profits. But this is a company that deserves premium pricing.

That's because of its technology. While it's not the market leader -- that honor still belongs to Abbott Laboratories -- never say never. DexCom's G6 system is the world's "first real-time, integrated CGM that is authorized to work interoperably with a range of connected insulin pen and closed loop system partners." Translation: It's a very flexible device that allows users to integrate other tech and help diabetics better manage their condition.

With its leading-edge G6 system, DexCom should be able to grow at a healthy pace in the highly fragmented and fast-growing glucose monitoring field. Global Market Insights estimates this segment will grow at a 10% annual clip through at least 2027 as more and more diabetics graduate from using the much less convenient finger pricks and paper test strips.

Analysts expect DexCom's revenue will grow 27% this year and 22% next year. That, together with a stock that is still 15% off the highs it reached in mid-November, makes for an investment well worth investors' attention.

<<<

[gfp927z]

>>> 7 Top Cybersecurity Stocks to Buy Heading Into Year-End


Investor Place

by Muslim Farooque

December 3, 2021


https://finance.yahoo.com/news/7-top-cybersecurity-stocks-buy-173310478.html


Businesses are looking to ensure the safety of their data, employees and critical assets. Thus, protection against cyber threats, such as hacking or data breaches, is critical for companies. The Covid-induced push toward digitization has therefore made cybersecurity stocks more appealing.

Recently, many enterprises have also shifted to a hybrid work arrangement, and the structure exposes enterprises to more sophisticated risks. The number of cyberattacks is on the rise, meaning businesses and governments must invest heavily in the sector. This creates a solid tailwind for related stocks.

Cybersecurity is a rapidly-evolving industry. Next-generation security software will be needed to keep up with the increasing threat landscape, and it’s primed for growth over the next decade, thanks in large part to these cutting-edge tools from cloud-native cybersecurity companies.

In 2020, the cybersecurity market was worth more than $156 billion. That value is expected to reach a whopping $352 billion by 2026 with an annual growth rate of 14% over five years. These cybersecurity stocks are poised to benefit:


CrowdStrike (NASDAQ:CRWD)

Palantir Technologies (NYSE:PLTR)

Fortinet (NASDAQ:FTNT)

Okta (NASDAQ:OKTA)

Cloudflare (NYSE:NET)

Palo Alto Networks (NYSE:PANW)

SentinelOne (NYSE:S)



Cybersecurity Stocks: CrowdStrike (CRWD)

Crowdstrike is an expert in endpoint security, providing robust protection to devices users access through various networks. When an attack occurs on a particular device, the information about the incident is sent to other devices and other enterprises.

Consequently, the company’s attack resiliency gets stronger over time as it adds more customers. Crowdstrike has been recognized as a global leader in the cybersecurity realm by top consulting firm Gartner, ahead of its competition.

Business has been great of late for the company. It recently reported a 70% bump in revenues from the prior-year period during the second quarter. Its annual recurring revenues shot up to a mammoth $1.34 billion as Crowdstrike grew its customer base by 81%. Therefore, CRWD stock has a strong growth runway ahead.

Palantir Technologies (PLTR)

Palantir Technologies is not exactly a cybersecurity pure-play. The big data analytics company enables government and private sector businesses to analyze and manage vast amounts of data.

However, businesses face complicated problems like security breaches that require sophisticated solutions. Palantir offers secure datasets, giving it an edge over its peers.

The firm has been adding new customers aggressively with every passing quarter and projects strong growth for the foreseeable future. In its third-quarter this year, revenue has risen by 36% to $392 million. Moreover, its U.S. commercial sales grew 103% from the prior year.

Though its government business was a catalyst in the past, its commercial business is now a bigger growth driver. Moreover, PLTR stock’s current valuation is considerably high, but it will grow into its valuation in time.

Cybersecurity Stocks: Fortinet (FTNT)

Fortinet is one of the top legacy security software providers in the world. It boasts industry-leading financials with robust operating and cash flow margins.

Moreover, the company continues to invest in the organic development of its security platforms to remain competitive. Its Fortinet Security Fabric architecture can deliver without hiccups to more than 500,000 customers for even the most challenging issues.

Fortinet recently reported its third-quarter results, which comfortably beat analyst estimates on both lines. Revenues improved by 33% from the prior-year period to $867 million, with a massive 51% increase in product sales.

Service and billings revenues rose 24% and 42%, respectively. Gross margins for the company remain at a solid 77%, and the company’s FCF margin is 38%. Hence, Fortinet and FTNT stock represent the cream of the crop in the cybersecurity sector.

Okta (OKTA)

Okta utilizes a “zero-trust” approach with its architecture, which requires constant verification before a user can access data and applications. The company is one of the first-movers in identity and access management services.

In a world where cloud and mobile services have become the norm, Okta’s software offerings have been highly demanded by clients across the globe.

Okta has performed incredibly well over the past several years, growing its top-line by double-digits. In its second quarter this year, revenue grew by 57% and Okta forecasts 50% growth next year. Moreover, its adjusted loss per share is steadily improving.

On top of that, the company is making pertinent acquisitions to expand its market share further. Though OKTA stock has been on a negative streak of late, it is a cybersecurity stock for the long haul.

Stocks to Buy: Cloudflare (NET)

Cloudflare is a network services and technology infrastructure platform that offers a suite of products to meet the digital needs of various enterprises.

The Cloudflare network provides consistency, reliability and security for its customers. The rising digitization trends in work, communications and entertainment will see the company benefit from solving different challenges for its clients.

Cloudflare has been a star performer over the past several years, with a five-year average revenue growth rate of roughly 50.5%. Moreover, it recently posted its third-quarter results, showing sales grew 51% from the same period last year.

Management projects the company will close out the year with $648 million in revenues. More importantly, its large base of customers that spend more than $100,000 annually rose 71% from the prior-year quarter. NET stock is expensive, but it’s well worth the premium cost given its solid track record and outlook.

Palo Alto Networks (PANW)

Palo Alto’s specialty is its best-in-class firewall service. It has been named as a top firewall provider by Gartner for a decade.

Over the past few years, the company has been expanding its portfolio of security services, including its Cortex threat detection platform and Prisma cloud security platform. Moreover, its profitable platform has enabled it to acquire several cloud-native businesses to expand its share in the sector.

In fiscal 2021, Palo’s next-generation sequencing (NGS) services made a colossal $1.18 billion in annual recurring revenues. The increase was complemented by healthy growth in its other services, leading to an overall 25% rise in revenue for the whole year.

As it stands, the company serves more than 80,000 customers in comparison to 9,000 customers in 2012. It expects sales to grow by more than 25% in fiscal 2022, boosting PANW stock.

Cybersecurity Stocks: SentinelOne (NYSE:S)

SentinelOne is an endpoint security platform that recently has the largest-ever initial public offering (IPO) for a cybersecurity firm. It raised $1.2 billion in cash during its IPO in June 2021.

The pure-play cybersecurity company more than doubled its sales during pandemic-ridden 2020. Its robust artificial intelligence (AI) platform produces the most effective endpoint security solution on the market at this time.

Revenues in its most recent quarter doubled to $45.8 million compared to the same quarter last year. Moreover, its annualized recurring revenue growth accelerated 127% from the prior-year period in the second quarter.

Total customer count also improved by more than 75% during the quarter, with adjusted gross margins over 60%. Investors have concerns about S stock’s valuation at this time, but based on its incredible outlook, it’s well worth the investment.

On the date of publication, Muslim Farooque did not have (either directly or indirectly) any positions in the securities mentioned in this article. The opinions expressed in this article are those of the writer, subject to the InvestorPlace.com Publishing Guidelines.

<<<

[gfp927z]

Fortinet - >>> Can This Cybersecurity Stock Double Once Again in 2022?

There are several reasons why this stock can keep flying higher.


Motley Fool

by Harsh Chauhan

Nov 24, 2021


https://www.fool.com/investing/2021/11/24/can-this-cybersecurity-stock-double-once-again/?source=eptyholnk0000202&utm_source=yahoo-host&utm_medium=feed&utm_campaign=article


Key Points

Fortinet crushed expectations with solid third-quarter numbers.
The cybersecurity company is enjoying impressive growth.

Fortinet's strong revenue pipeline and longer contract lengths point toward further growth in its top and bottom lines.


Fortinet (NASDAQ:FTNT) stock has shot up more than 120% in 2021 thanks to a string of impressive quarterly performances that have consistently trumped Wall Street's expectations. A similar story unfolded when the cybersecurity specialist released its third-quarter results on Nov. 4.

Fortinet's revenue and earnings easily beat projections, and its robust guidance was the icing on the cake. Let's look at what's driving Fortinet's growth and see why the stock might replicate its terrific performance on the market once again in 2022.

These metrics indicate Fortinet's high growth is sustainable

Fortinet's third-quarter revenue was up 33% year-over-year to $867 million, while adjusted net income increased to $0.99 per share from $0.88 per share in the prior-year period. Wall Street was expecting $0.94 per share in earnings on revenue of $812 million from Fortinet in the third quarter. But the company's strong deal momentum and the stronger sales of high-end products led to a better-than-projected performance.

What's more, Fortinet's guidance for the fourth quarter outpaced expectations. The company anticipates $955 million in revenue at the midpoint of the guidance range, while non-GAAP earnings are expected to range between $1.10 and $1.15 per share. For comparison, analysts were previously looking for $917 million in Q4 revenue from Fortinet.

The midpoint of Fortinet's revenue guidance indicates that it is on track to record year-over-year revenue growth of nearly 28%. The company's bottom line is also slated to improve over the prior-year period's figure of $1.06 per share. However, Fortinet could crush expectations once again as it is witnessing robust demand for its cybersecurity offerings.

The company struck 83 deals worth more than $1 million last quarter, up from 48 in the year-ago period. The number of deals worth more than $500,000 also increased substantially to 232 in Q3 from 168 in the same quarter last year. Fortinet also saw an increase in the number of entry-level customers and struck more than 3,000 deals valued at over $50,000, up from 2,267 in the year-ago period.

Additionally, Fortinet's product mix improved during the quarter as high-end customers accounted for 37.7% of its FortiGate next-generation firewall (NGFW) solution, up from 36.5% in the prior-year period. The number of deals for securing software-defined wide area networks (SD-WAN) also doubled year over year to 19 during the quarter.

These numbers indicate that Fortinet has gained impressive traction in the fast-growing niches of the cybersecurity market. The secure SD-WAN market, for instance, is projected to clock an annual growth rate of 20% through 2024 as per a third-party estimate. Meanwhile, the demand for NGFW is forecasted to grow at 12% a year in the long run, according to Mordor Intelligence.

Another interesting thing to note about Fortinet last quarter was the increase in its average contract term to 29 months, up from 26 months in the year-ago period. So, Fortinet customers are not only signing bigger deals in terms of the transaction size, but they are also committing to longer contracts. Not surprisingly, Fortinet's deferred revenue increased 30% year over year in the third quarter to $3.11 billion, which is nearly equal to the company's trailing-twelve-month revenue of $3.13 billion.

The deferred revenue refers to the money collected in advance for services that will be delivered later. It is recognized on the income statement once the services are delivered, so Fortinet's strong level of deferred revenue points toward a robust customer engagement that should lead to consistent revenue growth.

The stock's hot rally could continue

It won't be surprising to see Fortinet stock replicate its stunning performance in 2022. The company is set to close this year on a high, and analysts expect the momentum to continue into the new year. Analysts also estimate that Fortinet's revenue and earnings are likely to jump nearly 18% in 2022.

More importantly, the company's strong deferred revenue pipeline, impressive deal momentum, and presence in fast-growing cybersecurity niches such as SD-WAN and NGFW could help it exceed expectations. All of this indicates that Fortinet could remain a top cybersecurity stock to hold on to for long-term gains.

<<<

[gfp927z]

>>> Cybersecurity Stocks To Buy And Watch: Demand Grows For Next-Gen Security


Investor's Business Daily

REINHARDT KRAUSE

11/15/2021


https://www.investors.com/news/technology/cybersecurity-stocks/?src=A00220


You may think the time is right to move into cybersecurity stocks, if you're reading this IBD investing primer. Cybersecurity is in the news amid a big jump in ransomware attacks.

The IBD Computer-Software Security group ranks No. 9 out of 197 industry groups tracked. Still, some cybersecurity stocks are extended after strong runs.

Earnings reports for the September/October quarters are still coming in. Palo Alto Networks (PANW) reports fiscal first quarter earnings late Nov. 18. CrowdStrike Holdings (CRWD), Zscaler (ZS) and Okta (OKTA) all report earnings on Dec. 1.

Congress has finally passed legislation funding infrastructure projects. The legislation is expected to include funding for federal, state and local cybersecurity infrastructure.

Meanwhile, the cybersecurity market will grow 11% in 2021 to $73.54 billion, estimates research firm Gartner. The rise of cryptocurrency Bitcoin has been linked to a spike in ransomware attacks. In ransomware attacks, hackers take over computer systems, encrypt files and demand digital payment to restore access to critical data.

Cyber and information security ranked at the top of planned investments for 2022, with 66% of all respondents expecting to increase associated investments in the next year, in a Gartner survey of 2,000 global chief information officers.

Cybersecurity Stocks With High Composite Ratings

Fortinet (FTNT) stock, CrowdStrike, Mimecast (MIME), Zscaler and Palo Alto Networks are among cybersecurity stocks with Composite Ratings above 90. FTNT stock was featured in the New America section.

The Composite Rating is a blend of the other five IBD stock ratings: the earnings per share or EPS Rating, Relative Price Strength Rating, Accumulation/Distribution Rating, Industry Group Relative Strength Rating and the SMR Rating.

The latter measures sales growth, profit margins and return on equity. The all-encompassing Composite Rating helps investors easily measure the quality of a stock's fundamental and technical metrics.

No cybersecurity stocks currently are members of the IBD Leaderboard. It's IBD's curated list of leading stocks that stand out on technical and fundamental metrics.

However, Zscaler stock ranks No. 9 on the IBD 50 roster of growth companies. CRWD stock ranks No. 28.

Hot Cybersecurity Startups Eye IPOs

Private equity firms continue to eye cybersecurity stocks. Thoma Bravo in April agreed to buy Proofpoint in an all-cash $12.3 billion deal.

SentinelOne (S)'s initial public offering raised $1.2 billion. SentinelOne is a rival of CrowdStrike in an emerging market.

Meanwhile, analysts say Netskope, Illumio and Menlo Security are among cloud security startups that could launch IPOs. Netskope in early July raised $300 million at a valuation of $7.5 billion.

Analysts say a new wave of startups seems to be taking share from industry incumbents. They include Cybereason, Exabeam, Vectra AI and iBoss.

"Illumio just completed a Series F round for $225 million of 100% primary capital led by Thoma Bravo, where Illumio now sports a $2.75 billion post-round valuation," said Needham analyst Alex Henderson in a report.

Darktrace (DARK) launched its IPO on the London stock exchange in April. Darktrace utilizes self-learning artificial intelligence tools in security automation.

Consolidation may be coming in the cybersecurity industry. Okta in early March acquired privately held Auth0 in a $6.5 billion, all-stock deal. Also, Okta (OKTA) is expanding into new security markets to take on CyberArk Software (CYBR) and SailPoint Technologies (SAIL).

Microsoft Stock A Big Player In Cybersecurity

Also, Microsoft (MSFT) disclosed that its cybersecurity revenues top $10 billion annually. With 400,000 customers, Microsoft's computer security franchise is growing at more than 40%, the company said.

Microsoft in July acquired RiskIQ, a security threat management company. Bloomberg reported that Microsoft paid around $500 million. Microsoft also bought CloudKnox Security in July.

In addition, Microsoft is integrating more security tools into its cloud-based Office 365 software. As it expands cloud-based security services, Microsoft could pressure more industry incumbents, such as Okta, CrowdStrike, and Splunk (SPLK).

"Microsoft is clearly pitching itself as offering a full security suite, a competitive advantage as customers increasingly want a unified view of threats," UBS analyst Karl Keirstead said in a recent note to clients.

Cybersecurity Stocks: Relative Strength Ratings

Also, one key IBD technical measure for cybersecurity stocks are Relative Strength Ratings.

Further, CrowdStrike uses machine learning and a specialized database to detect malware on laptops, mobile phones and other devices that access corporate networks. In addition, many software companies are using artificial intelligence to get a competitive edge.

In addition, Zscaler is the biggest provider of cloud-based web security gateways that inspect customers' data traffic for malware.

SailPoint, an identity management software maker, is among companies that garner more than 10% of revenue from government agencies.

Coronavirus Outbreak Boosted Demand For Cloud Security

Other cybersecurity firms with a sizable government business include Tenable Holdings (TENB), Rapid7 (RPD) and CyberArk. Tenable in February acquired France-based Alsid, which focuses on identity access management.

Rapid7 and Qualys (QLYS) specialize in vulnerability management services.

Amid the rapid global spread of the coronavirus called Covid-19, many companies instructed employees to work from home. That has increased demand for computer security products that support remote work.

The coronavirus emergency and shift to remote work has accelerated the growth of cloud-based network security. So the industry now has a new term for the infrastructure that supports distributed workers and branch offices.

It's spelled SASE — pronounced "sassy" — and it stands for Secure Access Service Edge.

Cybersecurity Stocks: Remote Work Increases Amid Pandemic

As remote workers access company data via the internet, many businesses are setting up virtual private networks, or VPNs. Some are buying laptops with preinstalled security software.

"We believe corporations are facing challenges in terms of VPN capacity, and protecting workers adequately with next-generation network and endpoint security offerings," William Blair analyst Jonathan Ho said in a report to clients.

He added that "intensifying email and phishing campaigns, identity access management, and control over software applications" are other security issues.

However, industries hard hit by the coronavirus pandemic will spend less on security software. They include airlines, hotels, retail and restaurants.

Meanwhile, one view is that mergers and acquisitions will pick up.

"The cloud has disrupted everything, which presents both threat and opportunity," Jefferies analyst Brent Thill said in a recent note. "The cyber market is riper than ever for ongoing consolidation. Many smaller vendors are attempting to solve the same problems, larger vendors are looking to create security suites, and financing rates are at all-time lows."

Zscaler, Qualys and Ping Identity Holdings (PING) were each featured recently as the IBD Stock of the Day.

In addition, while cybersecurity stocks often get a boost from well-publicized cyberattacks, the impact can be short-lived.

SD-WAN Technology Changes Security Needs

Corporate America has hiked tech spending on security aiming to protect intellectual property as well as consumer privacy. Hackers continue to steal credit card data and intellectual property.

Spending on security technologies has evolved as companies shift business workloads to cloud computing service providers. Amazon Web Services, part of Amazon.com (AMZN), is the biggest cloud services firm. Amazon looms as a potential rival as it builds more security tools into its cloud services.

Also, Fortinet competes with Palo Alto Networks and others in the firewall security market. Firewalls reside between private networks and the internet. They block unauthorized traffic and check web applications for malware.

As large companies shift to off-premise cloud computing services, one view is that firewall technology will play a lesser role. Fortinet has targeted software-defined wide area networks, or SD-WANs, an emerging computer networking technology.

Aiming to catch-up in SD-WAN technology, Palo Alto Networks acquired startup CloudGenix.

Cybersecurity Products Battle Ransomware, Phishing

Cybersecurity stocks span a wide-range of products and services. In addition, some security vendors are shifting to software-based subscription business models from selling hardware appliances.

Further, it behooves an investor to know which cybersecurity stocks address ransomware, phishing or other kinds of cyberattacks. Proofpoint specializes in email and data-loss protection.

Cloud security vendors include Zscaler, Palo Alto Networks, Okta, Mimecast and Rapid7.

Hackers often aim to compromise networks by targeting employees or management who have administrative access. CyberArk manages privileged accounts. In addition, Okta provides identity management services.

To slow down hackers, more companies are focusing on internal security threats though a strategy known as Zero Trust.

In addition, traditional security measures aim to keep the bad guys out of corporate networks. Further, network firewalls focus on intruders from the public internet.

Zero Trust cybersecurity models focus on internal threats, such as hackers stealing someone's security credentials. Security firms verify the identity of network users and limit access to applications.

CrowdStrike, Okta, Netskope and Proofpoint recently formed a Zero Trust alliance.

Targeting Zero Trust security, Cisco Systems (CSCO) in 2018 acquired Duo Security for $2.35 billion.

Artificial Intelligence Changing Cybersecurity Market

Also, many fast-growing cybersecurity firms are in the endpoint market. Their tools detect malware on laptops, mobile phones and other devices that access corporate networks.

Further, CrowdStrike's initial public offering in June, 2019 raised $612 million, one of the largest cybersecurity offerings. CrowdStrike's rivals include VMware's (VMW) Carbon Black, Palo Alto, FireEye (FEYE) and startup Cybereason. Private equity firms Blackstone and ClearSky recently invested $400 million in FireEye.

In addition, state-sponsored hackers and cybersecurity firms are both using artificial intelligence to get an edge.

Artificial intelligence should improve computer security tools by speeding up incident responses. It could help thwart email-delivered ransomware or swarming botnets that knock out access to websites.

<<<

[gfp927z]

>>> U.S. blacklists Israeli hacking tool vendor NSO Group


Reuters

By Christopher Bing


https://www.reuters.com/technology/us-blacklists-four-companies-israel-russia-singapore-citing-spyware-2021-11-03/


WASHINGTON, Nov 3 (Reuters) - The U.S. Commerce Department added Israel's NSO Group and Candiru to its trade blacklist on Wednesday, saying they sold spyware to foreign governments that used the equipment to target government officials, journalists and others.

Positive Technologies of Russia, and Computer Security Initiative Consultancy PTE LTD, from Singapore, were also listed. The Department said they trafficked in cyber tools used to gain unauthorized access to computer networks.

The companies' addition to the list, for engaging in activities contrary to U.S. national security or foreign policy interests, means that exports to them from U.S counterparts are restricted. It for instance makes it far harder for U.S. security researchers to sell them information about computer vulnerabilities.

"We are not taking action against countries or governments where these entities are located," said a spokesperson for the U.S. State Department.

Suppliers will need to apply for a license before selling to them, which is likely to be denied.

In the past, the NSO Group and Candiru have been accused of selling hacking tools to authoritarian regimes. NSO says it only sells its products to law enforcement and intelligence agencies and takes steps to curb abuse.

'DISMAYED'

An NSO spokesperson said the company was "dismayed" by the decision since its technologies "support U.S. national security interests and policies by preventing terrorism and crime, and thus we will advocate for this decision to be reversed."

NSO will present information regarding its "rigorous" compliance and human rights programs, "which already resulted in multiple terminations of contacts with government agencies that misused our products," the spokesperson said in an e-mailed statement to Reuters.

The Israeli defence ministry, which grants export licenses to NSO, declined to comment on the matter.

Contact information for Candiru was not available.

The Biden administration imposed sanctions on Positive Technologies, a Russian cybersecurity firm, this year for providing support to Russian security services. The company denies any wrongdoing.

Positive Technologies said the new sanctions will not affect their business and will not prevent the company from a planned public listing.

"We do not know on what grounds the U.S. Commerce Department added us to the list," General Director Denis Baranov said in an emailed comment.

"Anyway we repelled sanction risks earlier and they do not pose additional threats for us now," he wrote.

Computer Security Initiative Consultancy PTE LTD, also known as COSEINC, did not immediately respond to requests for comment.

A former U.S. official familiar with Positive Technologies, who spoke on condition of anonymity, said the firm had helped establish computer infrastructure used in Russian cyberattacks on U.S. organizations.

COSEINC founder Thomas Lim is known for organizing a security conference, named SyScan, which was sold to Chinese technology firm Qihoo 360, a sanctioned entity. An email published by WikiLeaks in 2015 suggested Lim had also previously offered to sell hacking tools to infamous Italian spyware vendor HackingTeam.


Lim did not immediately respond to a request for comment sent to a social media account he owns.

Export control experts say the designation could have a far broader impact on the listed companies than simply limiting their access to U.S. technology.

"Many companies choose to avoid doing business with listed entities completely in order to eliminate the risk of an inadvertent violation and the costs of conducting complex legal analyses," said Kevin Wolf, former assistant secretary of Commerce for Export Administration during the Obama administration.

The entity list was increasingly used for national security and foreign policy aims during the Trump administration. Chinese telecom company Huawei (HWT.UL) was added in 2019, cutting it off from some key U.S. suppliers and making it difficult for them to produce mobile handsets.

<<<

[MInvesting4867]

Nice board. Added.

[gfp927z]

>>> Security Software Is Booming, Goldman Sachs Says. Why It Downgraded Crowdstrike and Check Point.


Barron's

By Eric J. Savitz

Sept. 13, 2021


https://www.barrons.com/articles/security-software-stocks-goldman-sachs-51631547296?siteid=yhoof2


Essex said Check Point's rivals in the firewall business are growing faster than it is.

Stock in CrowdStrike Holdings and Check Point Software Technologies headed lower after Goldman Sachs security-software analyst Brian Essex offered an upbeat view of the sector but cut his ratings on the two firms’ shares.

“Now is the time to own security software,” Essex said in a research note. Financial results for the second quarter provided “evidence that digital transformation, expansion of attack surfaces, an elevated threat environment, and widely publicized security incidents continue to drive accelerated demand for next gen security,” he said. The group is seeing “one of the most substantial firewall-related spending cycles we’ve seen in years,” Essex said.

Essex said his favorite names in the group include SentinelOne (S), which focuses on endpoint security; Ping Identity (PING), in the identity-management sector; Palo Alto Networks (PANW), in network security; AvePoint (AVPT), in data security; and Tenable (TENB), in vulnerability assessment and management. He also has Buy ratings on Okta (OKTA), Rapid7 (RPD), SailPoint (SAIL), and Verint (VRNT).

On Check Point (CHKP), though, he reduced his rating to Sell from Neutral, lowering his target for the stock price to $121, from $133. Check Point shares were down 1.9% at $118.88 in morning trading.

Essex noted that the company’s rivals in the firewall segment are growing faster than it is. “While firewall demand remains robust as seen by Check Point’s peers’ ability to accelerate into the high twenty percent to low thirty percent range, on the contrary we are seeing Checkpoint growth remain in low single digit territory,” he wrote.

CrowdStrike (CRWD), Essex said, was one of the few players in the group to show year-over-year deceleration in the latest quarter. He said that while he expects CrowdStrike to perform well and has an opportunity to gain market share, he downgraded the stock to Neutral from Buy because that stronger performance appears to be already reflected in the stock price.

Essex kept his $305 price target on the stock. The shares were down 3.5% at $252.74.

Essex also has Sell ratings on Secureworks (SCWX) and Qualys (QLYS). “We are cautious on platforms that are losing share, have execution challenges, and/or where companies have under invested in emerging technology and platform expansion,” he said.

Essex says that Check Point, Secureworks and Qualys all fall into that category. “These companies are showing similar trends of revenue deceleration, and we expect incremental margin compression ahead as they spend to catch up with peers in their respective security segments,” he said.

<<<

[gfp927z]

>>> RSA, the security division of EMC, is the premier provider of security solutions for business acceleration.


https://www.crunchbase.com/organization/rsa-security?utm_source=yahoo&utm_medium=referral&utm_content=profile_cta&utm_campaign=yahoo_finance


As the chosen security partner of more than 90% of the Fortune 500, they help the world's leading organizations succeed by solving their most complex and sensitive security challenges.

RSA's information-centric approach to security protects the integrity and confidentiality of information throughout its lifecycle no matter where it moves, who accesses it or how it is used. RSA offers industry-leading solutions in identity assurance & access control, encryption & key management, compliance & security information management, and fraud protection. These solutions bring trust to millions of user identities, the transactions they perform, and the data that is generated.

With RSA, customers are confident their information assets are protected, and free to realize new business possibilities.

<<<

[gfp927z]

>>> Biden expected to make new cybersecurity announcements alongside private sector leaders


Washington Examiner

Christian Datoc

August 25, 2021


https://finance.yahoo.com/news/biden-expected-cybersecurity-announcements-alongside-143300574.html


Biden expected to make new cybersecurity announcements alongside private sector leaders

President Joe Biden will host representatives from dozens of private sector companies at the White House Wednesday for what administration officials say are "advanced" discussions on improving the nation's cybersecurity capabilities.

The discussions, broken into three separate sessions, will be attended by the members of Biden's Cabinet and executives from the financial, tech, energy, water, and education industries. Officials from Bank of America, JPMorgan Chase, TIAA, U.S. Bancorp, Apple, Alphabet, ADP, Amazon, IBM, and Microsoft will all be in attendance.

BIDEN 'RESERVES THE RIGHT' TO ACT IF RUSSIA DOESN'T STOP RANSOMWARE ATTACKS

According to White House officials, the three sessions themselves will focus on critical infrastructure resilience, building enduring cybersecurity, and the cybersecurity workforce. They will be respectively lead by Homeland Security Secretary Alejandro Mayorkas and Energy Secretary Jennifer Granholm, Commerce Secretary Gina Raimondo and Small Business Administration Administrator Isabella Guzman, and National Cyber Director Chris Inglis.

The meeting "reflects the president's commitment to public-private partnership and won't be his last engagement with the private sector on cybersecurity," one administration official told reporters during a briefing Tuesday afternoon. "He's very much committed to this. Both the U.S. public- and private-sector entities increasingly face sophisticated malicious cyberactivity. These incidents affect businesses small and large, small towns and cities in every corner of the country, and can hit the pocketbooks of middle-class families."

Biden pledged to hold such a meeting with private sector companies back in July following a string of escalating cyberattacks carried out by Russian actors.

At the time, the president signed the National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems, which directed the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and the Department of Commerce’s National Institute of Standards and Technology to outline new cybersecurity deliverables for the government, energy sector, and other critical industries.

Wednesday's meeting is expected to feature a number of "announcements" regarding those deliverables, according to a senior administration official.

White House press secretary Jen Psaki additionally told reporters back in July that Biden reserves the right to retaliate against Russian actors, both those involved with the government or isolated criminal organizations, should Russian President Vladimir Putin not take action to curb such cyber-intrusions.

"If the Russian government cannot or will not take action against criminal actors residing in Russia, we will take action or reserve the right to take action on our own," she stated. "It's important to, of course, protect our critical infrastructure, but also protect it, do it, play what role we can from the federal government to ensure that impacts on smaller businesses, on mom and pop shops, are minimized as well."

<<<

[gfp927z]

>>> 2 cybercrime moves businesses oppose


Yahoo Finance

Rick Newman

August 25, 2021


https://finance.yahoo.com/news/2-cybercrime-moves-businesses-dont-want-191218719.html


CEOs of Apple, Amazon, Microsoft and other top American companies went to the White House on August 25 to brainstorm about the burgeoning problems of ransomware and other types of cybercrime. The Biden administration is aggressively pushing for better cooperation between the public and private sectors to stem the surge of digital attacks from Russia, China and elsewhere.

But businesses are leery of some measures that experts say would be sensible ways to improve U.S. defenses against the types of cyberattacks that recently disabled big firms such as Colonial Pipeline and meatpacker JBL. One simple change would be requiring businesses to report cyberattacks to the government—especially if they make a ransom payment. Since many cyberattacks remain secret, the government lacks a full accounting of the problem and of many details that could aid in defense. Bipartisan legislation in Congress would require any company involved with critical infrastructure to report hacks.

Some policymakers would go further and ban the payment of ransoms, to eliminate the profit incentive that drives the whole underground ransomware industry; if you can’t collect a ransom, there’s no point holding anybody hostage. Former U.S. ambassador to Russia Michael McFaul said in June that the United States and other western governments should “criminalize ransom payments” to hackers and indict cybercriminals, as a way of raising pressure on Russia and other nations that harbor them.

Businesses, however, have pushed back against measures that would increase regulation and raise costs, even if such measures would save some companies millions of dollars in ransom payments. Business interests helped defeat a 2012 bill that would have set cybersecurity standards for key industries. The U.S. Chamber of Commerce, the biggest business lobby, wants the government to shoulder the burden for a cybercrime victims’ fund and tougher enforcement, but it does not support tougher standards on businesses themselves.

One reason American firms are vulnerable to cybercrimes is reluctance among some businesses to spend what it takes to defend themselves. "Companies basically treat it as a business loss,” says Scott Bethel, CEO of cybersecurity firm Integrity ISR. “They don’t want to spend the money to meaningfully defend against it. With ransomware, we don’t have a strong enough set of firewalls. Whatever they’re asking, we’ll pay it.”

Ransomware insurance

Many firms have insurance that covers the cost of cybercrime, which is both a defense and a problem. While insurance helps firms cover losses, it can also create a false sense of security and a disincentive to establish tough digital defenses. An April report from a tech-industry ransomware task force cited evidence that hackers specifically target firms with ransomware insurance, since they’re more likely to nab a big payout. Colonial tapped insurance to pay at least some of the $4.4 million ransom it paid to a hacking group in June. The task force recommended better coordination among insurance firms to set security standards for companies buying coverage and share data on hacking organizations.

Whether governments should ban ransomware payments is a thornier issue. The argument in favor of a ban is pretty simple: if companies can’t pay, hackers will stop targeting them. In practical terms, however, the consequences of a ban could be ugly. Hackers could shut down some companies unable to pay, harming customers, employers and shareholders. Attacks might dry up eventually, but only after collateral damage that could be considerable.

U.S. pipeline operators will be required for the first time to conduct a cybersecurity assessment under a Biden administration directive to be issued Thursday in response to the ransomware hack that disrupted gas supplies in several states this month.

Governments could create funds to assist ransomware victims, but that would raise questions of fairness if funds went to firms with weak security against attacks. The ransomware task force argued that before banning ransom payments, the government should establish standards for cybersecurity and provide liability coverage for businesses that suffer an outage due to hackers. Any ban should be phased in, starting with critical industries and businesses first.

Biden signed an executive order in June requiring businesses that provide IT services to the federal government to report cybercrimes. It would take Congressional legislation to insulate this order from legal appeals and extend it to other companies more broadly. The August 25 gathering of CEOs yielded some further developments. Microsoft and Google said they'll spend billions of dollars during the next five years to improve cybersecurity. Amazon said it will open its in-house cybersecurity training to the public. Coalition, an insurer, said it will make its cyber risk assessment tools publicly available. The government's standard-setting body will work closer with industry to protect supply chains.

It's a start. But it remains unclear if Congress will prioritize matters requiring legislation, such as a mandate to report attacks. Biden has said cybercrime targeted at U.S. companies has become so serious it could trigger a “real shooting war” with Russia or another adversary. America’s CEOs don’t want that, but they also don’t want a to bear responsibility for a costly and complicated problem if Uncle Sam could handle it for them.

<<<

[gfp927z]

>>> Palantir Invests in More SPAC Companies, and Buys $51 Million in Gold Bars


Barron's

By Eric J. Savitz

Aug. 16, 2021


https://www.barrons.com/articles/palantir-spac-investment-gold-bars-51629150154


Data-analytics-software firm Palantir disclosed more investments in firms going public through special-purpose acquisition companies, and a large stash of gold bars.

Palantir Technologies has expanded its portfolio of investments in companies going public via SPACs, or special-purpose acquisition companies, to well over $300 million.

As previously reported, Palantir (ticker: PLTR) has started a program of investing in the young companies in return for multi-year commitments to use the company’s software.

In its June quarter financial filing with the Securities and Exchange Commission, Palantir disclosed $250 million in commitments to a group of 10 companies through June 30. That includes eight identified by name, all previously announced — Lilium, Sarcos Robotics, Roivant Sciences, Celularity (CELU), Wejo, Babylon Health, Boxed, Pear Therapeutics — and two others described only as “mobility company” and “autonomous vehicle company.” Palantir said it has commercial contracts with that group of companies with a potential value of $428 million. All of those transactions were signed in the period from March 30 to June 22, and to date, none have been completed, the filing shows.

A provider of data-analytics software for both commercial and government customers, Palantir also said that since June 30, it has committed an additional $60 million in new investments, including: $20 million for Fast Radius, which offers a “cloud manufacturing platform”; $15 million for Tritium, a developer of electric vehicle chargers; $15 million for AdTheorent, which sells machine-learning driven advertising software; and $10 million for FinAccel, an Asian financial-services company with offices in Singapore and Jakarta.

Palantir also disclosed it has completed equity investments of $25 million in an “electric vehicle company,” $3 million in an “autonomous aerial vehicle company,” and $5 million in Astrocast, which operates a network of nanosatellites. That brings the total investment commitment to more than $330 million.

Palantir also disclosed that it purchased $50.7 million in 100-ounce gold bars. “Such purchase will initially be kept in a secure third-party facility located in the northeastern United States and the company is able to take physical possession of the gold bars stored at the facility at any time with reasonable notice,” Palantir said in the filing.


The company did not provide a reason for the gold purchase.

As of June 30, Palantir had about $2.4 billion in cash.

<<<

[gfp927z]

>>> Palantir Buys Over $50 Million Of Gold Bars: "Preparing For A Future With More Black Swans"


Zero Hedge

BY TYLER DURDEN

AUG 18, 2021


https://www.zerohedge.com/markets/palantir-buys-gold-bars-preparing-future-more-black-swans


Anyone watching Tuesday's US market cash session sees red across the board. One of the strongest selling programs in months dumped stocks, and equity volatility exploded to the upside. Quite frankly, this could be the beginning of a market storm.

Ahead of what could be further market turmoil, Palantir Technologies warned about an upcoming "black swan event," according to Bloomberg.

The software company, co-founded by the technology billionaire Peter Thiel and CEO Alex Karp, wrote in a filing last week that it stockpiled $50.7 million in gold bars earlier this month.

The filing also said it acquired technology startups, blank-check companies, and even cryptocurrencies. Palantir had previously said it would accept Bitcoin as a form of payment for its services, along with payment in precious metals.

Bloomberg quoted a spokeswoman from Palantir who said no clients have paid in Bitcoin or gold yet.

Shyam Sankar, the COO of Palantir, said accepting nontraditional forms of payment "reflects more of a worldview," adding:

"You have to be prepared for a future with more black swan events."

The filing was initially discovered by Barron's. Palantir's 100-ounce gold bars are expected to be stored in an undisclosed vault in the US Northeast.

"The company can take physical possession of the gold bars stored at the facility at any time with reasonable notice," Palantir wrote.

None of this comes as a surprise that the loss of faith in those "who control the money" [Federal Reserve] - cryptocurrencies and precious physical metals are becoming a popular hedge for when the system implodes.

Palantir co-founder Joe Lonsdale was quoted not too long ago, saying, "idiots are running the Fed."

Lonsdale is likely referencing the unconventional monetary policy that has helped balloon the national debt by over $5 trillion since early March 2020, to $28.4 trillion.

What is remarkable is that foreign holders of US Treasury Debt accounted for only a quarter of the spiking US National Debt (red line, right scale), the second-lowest end-of-quarter percentage since 2007 (via Wolf Street):

Palantir's move into physical gold and cryptocurrencies is continuing the global de-dollarization trend...

Mike Krieger of Liberty Blitzkrieg tweeted about Palantir's gold buying and warning of another "black swan event" by saying: "When the spooks tell you a false flag is coming, a false flag is coming."

Palantir is not alone as SchiffGold notes that Chinese gold demand rebounded sharply in the first half of 2021 after plummeting in 2020, according to data released by the China Gold Association (CGA). China ranks as the world’s number one gold consumer and the Chinese market has a significant impact on global demand.

Demand was up 69.2%, coming in at just over 547 tons through the first 6 months of the year. China’s year-on-year gold consumption surged 93.9% in the first quarter alone. Gold demand wasn’t just up compared to 2020, a year of economic distress due to coronavirus. It was up 4.49% above pre-pandemic levels in 2019.

<<<

[gfp927z]

>>> Palantir Technologies Inc. (PLTR) builds and deploys software platforms for the intelligence community in the United States to assist in counterterrorism investigations and operations. The company provides Palantir Gotham, a software platform for government operatives in the defense and intelligence sectors, which enables users to identify patterns hidden deep within datasets, ranging from signals intelligence sources to reports from confidential informants, as well as facilitates the handoff between analysts and operational users, helping operators plan and execute real-world responses to threats that have been identified within the platform. It also offers Palantir Foundry, a platform that transforms the ways organizations operate by creating a central operating system for their data; and allows individual users to integrate and analyze the data they need in one place. Palantir Technologies Inc. was founded in 2003 and is headquartered in Denver, Colorado.

<<<