Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
>>> Should You Buy Fortinet After Its Recent Stock Split?
Motley Fool
By Bradley Guichard
Aug 11, 2022
https://www.fool.com/investing/2022/08/11/should-you-buy-fortinet-after-its-recent-stock-spl/?source=eptyholnk0000202&utm_source=yahoo-host&utm_medium=feed&utm_campaign=article
KEY POINTS
Cybersecurity leader Fortinet executed a 5-to-1 stock split less than two months ago.
Last week's Q2 earnings release sent shares tumbling.
Is this an opportune time to pounce on the stock?
Fortinet is a leader in defending against growing cybersecurity threats.
Cybersecurity is one of the defining defense issues of our time. What is unique is that it is largely fought by the private sector. Businesses large and small spend billions each year to defend against breaches, ransomware, and other bad actors. An ounce of prevention is definitely worth a pound of cure.
What's more, it seems it is just a matter of time before a broad cyber conflict takes place. This would be a gigantic catalyst for cybersecurity companies like Fortinet (FTNT) which is at the forefront of network security.
Fortinet's stock split didn't garner nearly the attention of Amazon or Alphabet, but perhaps it should. The stock has outpaced both of these juggernauts over the past one, three, five, and 10-year periods.
Is the market being shortsighted?
Fortinet sells products and services such as its Fortigate Next-Generation Firewall, security subscriptions, and tech support services. Higher-margin services make up over 60% of total sales. The market reacted negatively to Fortinet's second-quarter earnings, but this may be shortsighted.
The tremendous growth in sales and billings has become a hallmark of Fortinet. The company expects to continue this trend this year with sales and billings north of $4.3 billion and $5.5 billion, respectively, as shown below.
Billings growing in excess of sales suggest strong continued growth. These numbers represent revenue that will be earned in future periods.
Cash flow is still king
The cybersecurity industry is full of fast-growing companies that aren't profitable. Fortinet has a solid mix of both. Fortinet had an operating margin of 19% last quarter, far outpacing many competitors. This success allows Fortinet to generate generous free cash flow, which it uses to improve the company and repurchase its stock. Fortinet spent $800 million on buybacks in Q2, rewarding shareholders and offsetting the effect of stock-based compensation. In fact, Fortinet's free-cash-flow margin puts it in the top 10% of the S&P 500.
Room to expand and catalysts
Statista puts global cybersecurity revenue at $160 billion for 2022, ballooning to nearly $300 billion in the next five years. Fortinet has set itself up to capture a significant chunk of this market.
A cybersecurity sector catalyst is also upcoming; we just don't know when. Early examples include the Colonial Pipeline attack and Russian tactics in Ukraine. Just last week, during House Speaker Nancy Pelosi's visit, broad cyberattacks were reported in Taiwan.
Businesses and governments must be ready to meet this challenge and will spend billions doing so. Fortinet has the opportunity to continue outpacing the market for years to come.
<<<
---
>>> Palo Alto Networks, Inc. (PANW) provides cybersecurity solutions worldwide. The company offers firewall appliances and software; Panorama, a security management solution for the control of firewall appliances and software deployed on an end-customer's network and instances in public or private cloud environments, as a virtual or a physical appliance; and virtual system upgrades, which are available as extensions to the virtual system capacity that ships with physical appliances.
It also provides subscription services covering the areas of threat prevention, malware and persistent threat, uniform resource locator filtering, laptop and mobile device protection, and firewall; and DNS security, Internet of Things security, SaaS security API, and SaaS security inline, as well as threat intelligence, and data loss prevention. In addition, the company offers cloud security, secure access, security analytics and automation, and threat intelligence and cyber security consulting; professional services, including architecture design and planning, implementation, configuration, and firewall migration; education services, such as certifications, as well as online and in-classroom training; and support services.
Palo Alto Networks, Inc. sells its products and services through its channel partners, as well as directly to medium to large enterprises, service providers, and government entities operating in various industries, including education, energy, financial services, government entities, healthcare, Internet and media, manufacturing, public sector, and telecommunications. The company was incorporated in 2005 and is headquartered in Santa Clara, California.
<<<
https://finance.yahoo.com/quote/PANW/profile?p=PANW
---
>>> Cybersecurity Stock Sell-off Holding Back Nasdaq, but 1 Tech Stock Is Surging
Motley Fool
By Jason Hall
Aug 4, 2022
https://www.fool.com/investing/2022/08/04/cybersecurity-stock-selloff-has-nasdaq-down-but-1/?source=eptyholnk0000202&utm_source=yahoo-host&utm_medium=feed&utm_campaign=article
KEY POINTS
Fortinet beat second-quarter expectations, but weaker-than-expected guidance and cash flow have investors selling.
Other cybersecurity stocks, including Palo Alto Networks, CrowdStrike, and Zscaler, are also on the decline today.
MercadoLibre is one of the best-performing Nasdaq stocks today, up by double digits after reporting blowout Q2 results.
Fortinet's weak guidance causes sell-off among cybersecurity stocks, while MercadoLibre shares are rocketing higher after stellar quarterly results.
The Nasdaq Composite Index (^IXIC 2.09%) is roughly flat today, Aug. 4, at 2:15 p.m. ET. It's a bit of a bounce-back day for a number of tech stocks that have stumbled in recent days post-earnings. However, the most popular cybersecurity stocks are decidedly not having a good day, following the release of second-quarter earnings from Fortinet (FTNT 3.37%) Wednesday afternoon. At the time of this writing, Fortinet shares are down almost 17%, while Palo Alto Networks (PANW 2.01%), CrowdStrike (CRWD 1.42%), and Zscaler (ZS 2.20%) shares are down between 5.4% and 3.3% on the day.
One of today's best-performing Nasdaq stocks is Latin American payments and e-commerce leader MercadoLibre (MELI 4.71%). Shares are up 16% after the company reported second quarter results that investors loved.
Fortinet: Investors spooked after guidance, weaker cash flow
Cybersecurity stocks, as a cohort, have held up better this year than many other high-growth tech stock sectors. So far this year, shares of Palo Alto Networks and CrowdStrike are down about 22%, while Fortinet shares are down 27%. Before today, the three were down in the teens this year, not a good result, but certainly less bad than plenty of tech stocks in 2022. One key reason is the increasing importance of cybersecurity for organizations of all kinds. As digital transformation ramps up, data security is an imperative, not a luxury, and investors have increasingly viewed the prospects for these companies as being more stable and less likely to be upended by the economic climate.
However, Fortinet's second-quarter earnings report -- or specifically management's Q3 guidance -- might have put some cracks in the wall. The company expects $1.12 billion in revenue this quarter, lower than what Wall Street analysts were counting for in their models. The result is fueling today's sell-off as investors fear that growth could slow even in cybersecurity. With many of the top stocks in the market still reporting GAAP losses and some still burning cash at the operating level, investors are taking a step back to reevaluate things.
MercadoLibre: Payments growing by triple digits, e-commerce up 23%
The leading online shopping and payments platform in Latin America saw combined revenue increase 57% adjusted for currency differences, to $2.6 billion. Operating income surged 51%, while earnings per share were up 77%. The company beat Wall Street's best guess on both the top and bottom lines, as customers bought more goods from its online store and used Mercado Pago to pay for more of those goods and to pay for more things off the company's platform.
With this report coming after many U.S. e-commerce companies have reported less-impressive sales growth, investors are far less concerned about the prospects for MercadoLibre now. While maybe not in a nascent stage anymore, e-commerce and digital payments are still much earlier in their proliferation in Latin America, and MercadoLibre is the undisputed leader there.
Looks like opportunity for buyers
Today's sell-off in cybersecurity stocks and the strong results from MercadoLibre underscore the opportunities available to long-term investors. While the sellers see cracks in the foundation of the potential for cybersecurity, the reality is that the thesis remains very strong, and investors who think (and act) in multiyear time horizons should consider buying shares of the leaders like CrowdStrike, Fortinet, and Zscaler on days like today. For MercadoLibre, even with today's gains, shares still trade at some of their lowest revenue-based valuations in years.
<<<
---
>>> 7 Undervalued Cybersecurity Stocks to Buy Now
Investor Place
by Faizan Farooque
July 22, 2022
https://finance.yahoo.com/news/7-undervalued-cybersecurity-stocks-buy-104500112.html
Cybersecurity stocks are a hot commodity in the stock market right now. Due to the increasing cybersecurity threats businesses and individuals face, cybersecurity stocks are in high demand.
If you’re looking to invest in cybersecurity, now is the time to do it. There are various cybersecurity companies to choose from, so you can find one that aligns with your investment goals. Whether you’re looking for growth potential or income potential, there’s a cybersecurity stock for you. So don’t wait any longer; start investing in cybersecurity today.
This list will provide you with seven cybersecurity stocks that are undervalued versus their potential. Keep these in mind when curating a portfolio of cybersecurity stocks.
Fortinet (FTNT)
Fortinet (NASDAQ:FTNT) provides a wide range of cybersecurity solutions. Both large and small organizations use Fortinet’s products, and the company has a strong presence in both the commercial and government sectors.
Fortinet’s products protect networks, servers, and data from various threats, including malware, viruses, worms, and other malicious software. In addition, Fortinet’s products can also prevent unauthorized access to network resources and provide content filtering to prevent users from accessing inappropriate or harmful websites.
Fortinet is a leader in the cybersecurity industry, and organizations around the world trust its products.
Fortinet is expected to see revenue grow by 28%-29% in fiscal 2022 in a range of $4.350 billion to $4.400 billion. The company forecasts that adjusted earnings per share will increase by 22%-25%. Despite growing rapidly, cybersecurity is still profitable, a rare achievement that makes it one of the undervalued cybersecurity stocks to keep your eye on.
Palo Alto Networks (PANW)
Palo Alto Networks (NASDAQ:PANW) is a company that specializes in providing security solutions for the enterprise. The company offers many products and services to help organizations protect their networks from attack.
Palo Alto Networks is a market leader in network security, and its products are used by some of the largest enterprises in the world.
The company has a strong reputation for innovation and is constantly introducing new products and features to its portfolio. It is a trusted partner for enterprise security, and its products are backed by a team of expert staff who are committed to helping customers stay safe online.
Palo Alto Networks sells its products and services through partners and resellers worldwide. Palo Alto Networks went public on July 20, 2012, and is traded on the NYSE under the ticker symbol “PANW.”
Since 2014, Palo Alto has made several acquisitions to expand its ecosystem into fresh and faster-growing markets. In just 10 years, Palo Alto increased its annual revenue from $255 million to a whopping 4.3 billion.
NortonLifeLock (NLOK)
NortonLifeLock (NASDAQ:NLOK) antivirus software protects computers from viruses, spyware, and other malware. Its long-standing leadership position makes it one of the undervalued cybersecurity stocks to buy.
Norton’s internet security products protect against online threats such as phishing attacks and malicious websites.
LifeLock identity theft protection services help to protect against identity theft and fraud. NortonLifeLock also offers a variety of other security products, including web security, email security, and data security solutions.
A perennial name in the computer world, Norton has dropped off a bit recently. It is not as marketable or vibrant, but it can still provide reliable protection and some of its best-known products like antivirus software.
The chief reasons for the decline are the concern over slowing growth and the delay in its $8.6 billion merger with Avast (OTCMKTS:AVASF). Britain’s Competition and Markets Authority believes that the tie-up might affect competition in the industry.
Zscaler (ZS)
Zscaler (NASDAQ:ZS) is a cloud-based, security-as-a-service provider that offers a suite of solutions for businesses of all sizes.
Its flagship product, Zscaler Internet Security, is a gateway that provides users with access to the internet and blocks malicious content.
Zscaler’s revenue growth galloped along rapidly in fiscal 2021, which ended last July, and through the first nine months of this year. Zscaler has been able to lock in even more large customers that generate over $1 million yearly in annual recurring revenue. The fact that this hasn’t moved the needle much makes this one of the undervalued cybersecurity stocks to watch.
The financials of Zscaler continue to improve, with its gross margins remaining stable and operating margin improving even more so on a non-generally accepted accounting principles (GAAP) basis.
In addition, their free cash flow also continues gaining momentum – an indication that they can make smart investments for future growth opportunities without sacrificing quality to maintain profitability nowadays.
Last quarter, its total customers with more than $1 million in ARR increased 77% and saw a sharp rise in the volume of customers with an ARR that topped $100k.
Qualys (QLYS)
Qualys (NASDAQ:QLYS) is a leading provider of vulnerability management solutions. The company’s “software as a service” model enables organizations of all sizes to scan their networks for vulnerabilities cost-effectively, identify and track potential threats, and mitigate risks.
In addition, Qualys’ real-time monitoring capabilities help organizations quickly identify and respond to potential attacks. As a result, Qualys’ solutions provide an essential layer of protection for organizations of all sizes.
Several companies are benefiting from the rapidly booming cybersecurity industry, with many others joining. But Qualys deserves special mention because it has beaten analyst expectations repeatedly. At the same time, it is growing at a rapid pace.
Qualys’ increased focus on providing solutions to markets that everyone’s focusing on has led to a fast rate of growth that’s set to continue for the foreseeable future. Qualys is well-positioned to continue its rapid growth, and it is an organization to watch in the coming years.
Check Point Software (CHKP)
Check Point (NASDAQ:CHKP) is a leading cyber security company that prevents cyber attacks.
Security solutions from Check Point prevent damage to government and business property, maintain the confidence of stakeholders, protect users’ privacy, and assure legal compliance.
Check Point’s research and development center is located in Herzliya, Israel. Check Point also has offices in the United States, Europe, Asia Pacific, and Latin America.
High-Quality Stocks to Buy That Are Trading Below Fair Value
The company reported a small earnings beat of 1.51% in its latest quarter. Check Point is generating sharp revenue growth and is currently gearing up sales resources to help achieve this goal. The plan is to grow the workforce by 25% to increase sales in 2023.
Check Point is projecting a good year for its profits. Revenue is expected to reach $2.2 to $2.375 billion from $7.02 in the previous fiscal period, and EPS is forecasted in the range of $6.90 to $7.50 versus $7.02 in the prior period.
A10 Networks (ATEN)
A10 Networks (NYSE:ATEN) is a software company that provides cloud-based services for businesses. They provide solutions for companies in the form of APIs and software.
A10 Networks is a cloud-based cybersecurity company that provides solutions for service providers, enterprises, and government agencies. With these solutions, clients can design new APIs to deliver services securely.
Today, A10 Networks’ products are used by some of the world’s largest organizations, including Uber (NYSE:UBER), Softbank (OTCMKTS:SFTBY), and Microsoft (NASDAQ:MSFT). A10 Networks’ products provide three core services:
1) Software as a Service (SaaS),
2) Platform as a Service (PaaS), and
3) Infrastructure as a Service (IaaS).
In its most recent quarterly results, A10 Networks reported an earnings beat of 15%. Revenues grew 14%, while net income flew 138%. In addition to being one of the best undervalued cybersecurity stocks to buy, the company bought back two million shares for $28.3 million in Q1. The quarterly performance sets up the company nicely for the remainder of the year.
<<<
---
>>> Cybersecurity Stocks To Watch: Private Equity Firms Target Sector
Investor's Business Daily
REINHARDT KRAUS
08/08/2022
https://www.investors.com/news/technology/cybersecurity-stocks/?src=A00220
You may think the time is right to move into cybersecurity stocks amid views they're better positioned if a recession hits the U.S. economy. Private equity firms continue to target the sector, with Thoma Bravo acquiring Ping Identity Holdings (PING) for $2.8 billion.
Thoma Bravo has also acquired cybersecurity firms SailPoint Technology, Proofpoint, Sophos and Barracuda. The private equity firm has invested in cybersecurity startups, such as Illumio.
Also, PE firm Permira in May completed its purchase of Mimecast for $5.8 billion. PE firms aren't the only acquirers.
Consolidation Impacts Cybersecurity Stocks
Google-parent Alphabet (GOOGL) on March 7 said it's acquiring cybersecurity firm Mandiant (MNDT) in an all-cash $5.4 billion deal. Mandiant will be part of Google's cloud computing business.
Also Google in January acquired Siemplify, a security orchestration, automation and response provider, for around $500 million.
"Increased acquisition activity is being spurred by depressed valuations in the current uncertain macroeconomy," said Cowen analyst Shaul Eyal in a report. "We believe that acquirers are increasingly seeking targets that demonstrate a balance of growth versus profitability and positive cash flow."
Meanwhile, the iShares Expanded Tech-Software ETF (IGV) climbed 9.5% in July, turning positive for the first time since March.
Earnings Reports Due For Cybersecurity Stocks
Earnings are starting to roll in for cybersecurity stocks. Check Point Software Technologies (CHKP) reported earnings on Aug. 1. CHKP stock fell on guidance.
Fortinet (FTNT) reported Q2 earnings, revenue and billings that topped estimates but the size of the beats disappointed. For the September quarter, Fortinet forecast sales of $1.12 billion, below estimates of $1.13 billion.
Palo Alto Networks (PANW) reports earnings on Aug. 22. Palo Alto Networks has been building a broad cloud-based services platform via acquisitions. Palo Alto Networks has spent more than $3 billion on 10 acquisitions over the past three years.
The IBD Computer-Software Security group ranks No. 110 out of 197 industry groups tracked.
According to a Morgan Stanley survey of chief information officers in July, cloud computing and security software remain at the top of priority lists, followed by business intelligence/analytics, digital transformation and artificial intelligence.
Bank of America in a recent report said cybersecurity stocks that deliver services via cloud computing platforms will be better positioned.
"We believe 'born-in-the-cloud' companies like Zscaler (ZS), Crowdstrike (CRWD) and SentinelOne (S) to be relatively resilient to any spending slowdown, also given how critical their solutions are to cyber defense efforts," said BofA analyst Tal Liani in a note to clients.
Corporate Spending On Cybersecurity
Earnings for CRWD stock are due Aug. 30. Zscaler reports earnings on Sept. 8.
Meanwhile, Qualys (QLYS) and Fortinet have dropped off the IBD 50 roster of growth companies. Qualys reports Q2 earnings on Aug. 8.
At an investor day for FTNT stock on May 10, Fortinet unveiled 2025 financial targets that call for billings of $10 billion and revenue of $8 billion, implying a three-year average growth rate of 22% for both metrics.
Cybersecurity stocks got a lift in February as Russia's invasion of Ukraine began. Analysts said attacks aimed at shutting down websites could increase.
"Expectations have lowered from pre-Q1 where Russia/Ukraine was still firmly in the spotlight, but are still higher than broader software into Q2," UBS analyst Roger Boyd said in a note. "We don't see stocks priced for negative guidance revisions."
Cybersecurity spending worldwide climbed 13% in 2021 to $172 billion, estimated market research firm Gartner, accelerating from 8% growth in 2020. In both 2022 and 2023, Gartner forecasts 11% growth in cybersecurity spending.
Further, Congress has finally passed legislation funding infrastructure projects, which is expected to include funding for federal, state and local cybersecurity infrastructure.
Ransomware remains a big threat, though fewer highly publicized incidents occurred in the back half of 2021.
The rise of cryptocurrency Bitcoin has been linked to a spike in ransomware attacks. In ransomware attacks, hackers take over computer systems, encrypt files and demand digital payment to restore access to critical data.
Cybersecurity Stocks With High Composite Ratings
Cybersecurity stocks with Composite Ratings above 90 include Qualys, Fortinet and Palo Alto Networks.
The Composite Rating is a blend of the other five IBD stock ratings: the earnings per share or EPS Rating, Relative Price Strength Rating, Accumulation/Distribution Rating, Industry Group Relative Strength Rating and the SMR Rating.
The latter measures sales growth, profit margins and return on equity. The all-encompassing Composite Rating helps investors easily measure the quality of a stock's fundamental and technical metrics.
No security stocks currently are members of the IBD Leaderboard. It's IBD's curated list of leading stocks that stand out on technical and fundamental metrics.
Hot Cybersecurity Startups Eye IPOs
And initial public offerings are on the table. SentinelOne's IPO raised $1.2 billion. SentinelOne is a rival of CrowdStrike.
Meanwhile, analysts say Netskope, Illumio and Menlo Security are among cloud security startups that could launch IPOs. Netskope in early July raised $300 million at a valuation of $7.5 billion.
Analysts say a new wave of startups seems to be taking share from industry incumbents.
Darktrace (DARK) launched its IPO on the London stock exchange in April. Darktrace utilizes self-learning artificial intelligence tools in security automation.
Further, consolidation may be coming in the cybersecurity industry. Okta (OKTA) in early 2021 acquired privately held Auth0 in a $6.5 billion, all-stock deal. Also, Okta is expanding into new security markets to take on CyberArk Software (CYBR) and SailPoint.
Microsoft Stock A Big Player In Cybersecurity
Also, Microsoft (MSFT) has moved into this space. The software giant recently disclosed that its cybersecurity revenue tops $10 billion annually. With 400,000 customers, Microsoft's computer security franchise is growing at more than 40%, the company said.
Microsoft in July 2021 acquired RiskIQ, a security threat management company. Bloomberg reported that Microsoft paid around $500 million. Microsoft also bought CloudKnox Security in July.
In addition, Microsoft is integrating more security tools into its cloud-based Office 365 software. As it expands cloud-based security services, Microsoft could pressure more industry incumbents, such as Okta, CrowdStrike, and Splunk (SPLK).
"Microsoft is clearly pitching itself as offering a full security suite, a competitive advantage as customers increasingly want a unified view of threats," UBS analyst Karl Keirstead said in a recent note.
Cybersecurity Stocks: Wide Range Of Products
Further, it behooves an investor to know which cybersecurity stocks address ransomware, phishing or other kinds of cyberattacks.
Meanwhile, CrowdStrike uses machine learning and a specialized database to detect malware on laptops, mobile phones and other devices that access corporate networks. In addition, many software companies are using artificial intelligence to get a competitive edge.
In addition, Zscaler is the biggest provider of cloud-based web security gateways that inspect customers' data traffic for malware.
SailPoint, an identity management software maker, is among companies that garner more than 10% of revenue from government agencies.
Coronavirus Outbreak Boosted Demand For Cloud Security
Other cybersecurity firms with a sizable government business include Tenable Holdings (TENB), Rapid7 and CyberArk. Tenable in 2021 acquired France-based Alsid, which focuses on identity access management.
In addition, Rapid7 and Qualys specialize in vulnerability management services.
Amid the rapid global spread of Covid-19, many companies instructed employees to work from home. That has increased demand for computer security products that support remote work.
The coronavirus emergency and shift to remote work has accelerated the growth of cloud-based network security. So the industry now has a new term for the infrastructure that supports distributed workers and branch offices.
It's spelled SASE — pronounced "sassy" — and it stands for Secure Access Service Edge.
SD-WAN Technology Changes Security Needs
Corporate America has hiked tech spending on security aiming to protect intellectual property as well as consumer privacy. Hackers continue to steal credit card data and intellectual property.
Spending on security technologies has evolved as companies shift business workloads to cloud computing service providers. Amazon Web Services, part of Amazon.com (AMZN), is the biggest cloud services firm. Amazon looms as a potential rival as it builds more security tools into its cloud services.
Also, Fortinet competes with Palo Alto Networks and others in the firewall security market. Firewalls reside between private networks and the internet. They block unauthorized traffic and check web applications for malware.
As large companies shift to off-premise cloud computing services, one view is that firewall technology will play a lesser role. Fortinet has targeted software-defined wide area networks, or SD-WANs, an emerging computer networking technology.
Aiming to catch-up in SD-WAN technology, Palo Alto Networks acquired startup CloudGenix.
Cybersecurity Products Battle Ransomware, Phishing
Cybersecurity stocks span a wide-range of products and services. In addition, some security vendors are shifting to software-based subscription business models from selling hardware appliances. Among them, Proofpoint specializes in email and data-loss protection.
Meanwhile, hackers often aim to compromise networks by targeting employees or management who have administrative access. CyberArk manages privileged accounts. In addition, Okta provides identity management services.
To slow down hackers, more companies are focusing on internal security threats though a strategy known as Zero Trust. In addition, traditional security measures aim to keep the bad guys out of corporate networks. Further, network firewalls focus on intruders from the public internet.
Zero Trust cybersecurity models focus on internal threats, such as hackers stealing someone's security credentials. Security firms verify the identity of network users and limit access to applications.
CrowdStrike, Okta, Netskope and Proofpoint recently formed a Zero Trust alliance. Targeting Zero Trust security, Cisco Systems (CSCO) in 2018 acquired Duo Security for $2.35 billion.
Artificial Intelligence Changing Cybersecurity Market
Also, many fast-growing cybersecurity firms are in the endpoint market. Their tools detect malware on laptops, mobile phones and other devices that access corporate networks.
Further, CrowdStrike's initial public offering in June 2019 raised $612 million, one of the largest cybersecurity offerings. CrowdStrike's rivals include VMware's (VMW) Carbon Black, Palo Alto and startup Cybereason.
The "Human Element" causes at least 75% of cyber breaches, according to a new study by Cowen Research and Boston Consulting Group. Many companies have stepped up employee training to deter ransomware attacks and other threats. Cowen favors Cloudflare (NET), Fortinet, CrowdStrike and KnowBe4 (KNBE).
In addition, state-sponsored hackers and cybersecurity firms are both using artificial intelligence to get an edge.
Artificial intelligence should improve computer security tools by speeding up incident responses. It could help thwart email-delivered ransomware or swarming botnets that knock out access to websites.
<<<
---
>>> Defense Firm Said U.S. Spies Backed Its Bid for Pegasus Spyware Maker
The New York Times
7-10-22
https://www.msn.com/en-us/news/politics/defense-firm-said-us-spies-backed-its-bid-for-pegasus-spyware-maker/ar-AAZqHy1?li=BBnb7Kz
A team of executives from an American military contractor quietly visited Israel numerous times in recent months to try to carry out a bold but risky plan: purchasing NSO Group, the cyber hacking firm that is as notorious as it is technologically accomplished.
The Biden administration blacklisted the cyber hacking firm, saying it had acted “contrary to the national security or foreign policy interests of the United States.”
The impediments were substantial for the team from the American company, L3Harris, which also had experience with spyware technology. They started with the uncomfortable fact that the United States government had put NSO on a blacklist just months earlier because the Israeli firm’s spyware, called Pegasus, had been used by other governments to penetrate the phones of political leaders, human rights activists and journalists.
Pegasus is a “zero-click” hacking tool that can remotely extract everything from a target’s mobile phone, including messages, contacts, photos and videos without the user having to click on a phishing link to give it remote access. It can also turn the mobile phone into a tracking and recording device.
NSO had acted “contrary to the national security or foreign policy interests of the United States,” the Biden administration said in announcing the blacklisting in November, barring American companies from doing any business with the Israeli firm.
But five people familiar with the negotiations said that the L3Harris team had brought with them a surprising message that made a deal seem possible. American intelligence officials, they said, quietly supported its plans to purchase NSO, whose technology over the years has been of intense interest to many intelligence and law enforcement agencies around the world, including the F.B.I. and the C.I.A.
The talks continued in secret until last month, when word of NSO’s possible sale leaked and sent all the parties scrambling. White House officials said they were outraged to learn about the negotiations, and that any attempt by American defense firms to purchase a blacklisted company would be met by serious resistance.
Days later, L3Harris, which is heavily reliant on government contracts, notified the Biden administration that it had scuttled its plans to purchase NSO, according to three United States government officials, although several people familiar with the talks said there have been attempts to resuscitate the negotiations.
Left in place are questions in Washington, other allied capitals and Jerusalem about whether parts of the U.S. government — with or without the knowledge of the White House — had seized an opportunity to try to bring control of NSO’s powerful spyware under U.S. authority, despite the administration’s very public stance against the Israeli firm.
It also left unsettled the fate of NSO, whose technology has been a tool of Israeli foreign policy even as the firm has become a target of intense criticism for the ways its spyware is used by governments against their citizens.
The episode was the latest skirmish in an ongoing battle among nations to gain control of some of the world’s most powerful cyberweapons, and it reveals some of the headwinds faced by a coalition of nations — including the United States under the Biden administration — as it tries to rein in a lucrative global market for sophisticated commercial spyware.
Spokesmen for L3Harris and NSO declined to comment about the negotiations between the companies. A spokeswoman for Avril Haines, the director of national intelligence, declined to comment on whether any American intelligence officials quietly blessed the discussions. A spokesman for the Commerce Department declined to give specifics about any discussions with L3 Harris about purchasing NSO.
A spokesman for the Israeli defense ministry declined to comment, as did a spokeswoman for the Israeli prime minister.
The Biden administration’s decision to put NSO on a Commerce Department blacklist came after years of revelations about how governments had used Pegasus, NSO’s premier hacking tool, as an instrument of domestic surveillance. But the United States itself has also purchased, tested and deployed Pegasus.
In January, The New York Times revealed that the F.B.I. had purchased Pegasus software in 2019, and that government lawyers at the F.B.I. and the Justice Department had debated whether to deploy the spyware for use in domestic law enforcement investigations. The Times also reported that in 2018 the C.I.A. had purchased Pegasus for the government of Djibouti to conduct counterterrorism operations, despite that country’s record of torturing political opposition figures and imprisoning journalists.
A decision by L3 to terminate the acquisition talks would leave NSO’s future in doubt. The company had seen a deal with the American defense contractor as a potential lifeline after being blacklisted by the Commerce Department, which has crippled its business. American firms are not allowed to do business with companies on the blacklist, under penalty of sanctions.
As a result, NSO cannot buy any American technology to sustain its operations — whether it be Dell servers or Amazon cloud storage — and the Israeli firm has been hoping that being sold to a company in the United States could lead to the sanctions being lifted.
For more than a decade, Israel has treated NSO as a de facto arm of the state, granting licenses for Pegasus to numerous countries — including Saudi Arabia, Hungary and India — with which the Israeli government hoped to nurture stronger security and diplomatic ties.
But Israel has also denied Pegasus to countries for reasons of diplomacy. Last year, Israel rejected a request by the government of Ukraine to purchase Pegasus to use against targets in Russia, fearing that the sale would damage Israel’s relations with the Kremlin.
The Israeli government also makes extensive use of Pegasus and other locally made cyber tools for its own intelligence and law enforcement purposes, giving it further incentive to find a way for NSO to survive the American sanctions.
During the discussions about the possible sale of NSO to L3 Harris — which included at least one meeting with Amir Eshel, the director general of the Israeli defense ministry, who would have to approve any deal — the L3Harris representatives said they had received permission from the United States government to negotiate with NSO, despite the company’s presence on the American blacklist.
L3 Harris’s representatives told the Israelis that U.S. intelligence agencies supported the acquisition as long as certain conditions were met, according to five people familiar with the discussions.
One of the conditions, those people said, was that NSO’s arsenal of “zero days” — the vulnerabilities in computer source code that allow Pegasus to hack into mobile phones — could be sold to all of the United States’ partners in the so-called Five Eyes intelligence sharing relationship. The other partners are Britain, Canada, Australia and New Zealand. A senior British diplomat declined to comment on questions about the degree of knowledge British intelligence had about a possible deal between L3 and NSO.
Such a plan would have been highly unusual had it been finalized, since the Five Eyes countries usually only purchase intelligence products that have been developed and manufactured within those countries.
Israeli defense ministry officials were open to this arrangement. But following heavy pressure from the Israeli intelligence community, it balked at another request: that the Israeli government allow NSO to share the computer source code for Pegasus — which allows it to exploit the vulnerabilities in the phones it targets — with the Five Eyes countries. They also did not agree, at least not in the first phase, to allow L3’s cyber experts to come to Israel and join NSO’s development teams at the company’s headquarters north of Tel Aviv.
Representatives of the defense ministry also insisted that Israel retain its authority to grant export licenses for NSO’s products, but said they were willing to negotiate over which countries received the spyware.
Over the course of the discussions, there were numerous issues that would have required the approval of the United States government. L3Harris representatives said that they had discussed the issues with American officials, who had agreed in principle, according to the people familiar with the discussions.
To help negotiate the sale of NSO, L3Harris hired an influential lawyer in Israel with deep ties to Israel’s defense establishment. The lawyer, Daniel Reisner, is the former head of the International Law Department at the Israeli Military Prosecutor’s Office and acted as a special adviser on the Middle East peace process to former Prime Minister Benjamin Netanyahu.
In the months since the Biden administration announced the blacklist in November, and as the Israeli government pressed for a way to keep NSO from going under, the Commerce Department in Washington sent a list of questions to NSO and another Israeli hacking firm that had been blacklisted at the same time, about how the spyware works, who it targets and whether the company has any control over how its nation-state clients deploy the hacking tools.
The list, reviewed by The Times, asked whether NSO maintained “positive control over its products” and whether Americans overseas were protected from having NSO’s products deployed against them.
Another asked if NSO would “shut down access to its products if the U.S. government informs them that there is an unacceptable risk of the tool being used for human rights abuses by a particular customer?”
Separately from the proposed NSO and L3 Harris deal, Israeli officials negotiated unsuccessfully with the Commerce Department about getting NSO removed from the American blacklist in advance of President Biden’s trip to Israel in the coming week.
News last month of L3Harris’s talks to purchase NSO seemed to blindside White House officials. After the website Intelligence Online reported on the possible sale, a top White House official said such a transaction would pose “serious counterintelligence and security concerns for the U.S. government” and that the administration would work to ensure that the deal did not happen.
The official said that an American company, particularly a defense contractor, should have been aware that any transaction “would spur intensive review to examine whether the transaction process poses a counterintelligence threat to the U.S., government and its systems and information.”
Last week, in response to questions from The Times, another U.S. official said “after learning about the potential sale, the IC did an analysis that raised concerns about the sale’s implications and informed the administration’s position.”
While not a household defense industry name like Lockheed Martin or Raytheon, L3Harris earns billions each year from American government contracts at both the federal and state level. According to the company’s most recent annual report, more than 70 percent of the company’s revenue in fiscal year 2021 came from various U.S. government contracts.
USAspending.gov, a website that tracks government contracts, indicates that the Defense Department is L3Harris’ biggest government client.
The company once produced a surveillance system called Stingray that was used by the F.B.I. and local American police forces until the company discontinued production. In 2018, the company purchased Azimuth Security and Linchpin Labs, two Australian cyber firms that Vice reported had sold zero day exploits to the Five Eyes countries.
In 2016, the F.B.I. enlisted Azimuth to help break into the Apple phone of a terrorist who had carried out a deadly shooting in San Bernardino, Calif., killing more than a dozen people, according to a report in the Washington Post.
Azimuth’s work for the F.B.I. ended a standoff between the bureau and Apple, which had pointedly refused to help the F.B.I. unlock the phone in the San Bernardino case. The tech giant argued it had no backdoor to allow the F.B.I. access to the phone, and were loathe to create one because it would weaken the iPhone’s security features it promotes to its customers.
<<<
---
>>> NortonLifeLock Drops 12%; 206 ETFs Affected
ETF.com
March 16, 2022
by Ben Kissam
https://www.etf.com/sections/features-and-news/norton-lifelock-drops-12-206-etfs-affected
NortonLifeLock Inc. (NLOK) dropped more than 12% on Wednesday after the U.K.'s Competition and Markets Authority (CMA) announced its intent to begin phase 2 investigations regarding Norton's proposed merger with Avast, a rival cybersecurity company.
The deal, worth between $8.1 billion and $8.6 billion, was supposed to close in February, but to go through, it needed approval from both Spain (which it received) and the U.K. It is now likely to be delayed another several months, and may not conclude until fall, at the earliest.?
Currently, 206 ETFs hold NLOK shares.?
The Global X Cybersecurity ETF (BUG) has the greatest exposure to NLOK, at 5.74%; followed by the TrueShares Low Volatility Equity Income ETF (DIVZ), with 4.03%.
From there, percentages drop off slightly, with the ETFMG Prime Cyber Security ETF (HACK) at 2.61%, followed by the ASYMshares ASYMmetric S&P 500 ETF (ASPY), at 2.34%; and the First Trust US Equity Dividend Select ETF (RNDV), at 2.20%.
BUG and HACK have seen the greatest 30-day percentage changes as holders of NLOK, at 7.83% and 3.99%, respectively.
A total of 64.3 million shares of NortonLifeLock are held in exchange-traded funds, comprising roughly 11% of the total outstanding shares.?
The top five ETFs with the most NLOK shares overall are not the funds with the most significant exposure but large, broad-based ETFs.
The SPDR S&P 500 ETF Trust (SPY) holds 6.24 million shares, while the iShares Core S&P 500 ETF (IVV) and the Vanguard S&P 500 ETF (VOO), which both track the same index as SPY, hold 4.97 million and 4.01 million shares, respectively.
Interestingly, despite the S&P 500 Index being known as a mostly large cap benchmark, the Vanguard Mid-Cap ETF (VO) holds 4.19 million shares of the stock. Meanwhile, the Vanguard Total Stock Market ETF (VTI) holds 3.38 million shares.
Cap-weighted ETFs are the top strategy holding Norton shares, with 45 funds, but multifactor ETFs and active management ETFs are also involved, with those funds holding NLOK numbering 34 and 27, respectively. ESG ETFs represent 21 funds and fundamental ETFs represent 18 funds, rounding out the top five.
About The Company
NortonLifeLock announced in August 2021 its plans to merge with Avast, a Czech software company. In its initial release, the companies said the merger "has compelling strategic logic and represents an attractive opportunity to create a new, industry leading consumer Cyber Safety business."?
“With this combination, we can strengthen our cyber safety platform and make it available to more than 500 million users,” said Norton CEO Vincent Pilette, when the deal was announced.
NortonLifeLock's products primarily focus on internet identity protection, whereas Avast's products aim to ward off viruses, phishing scams and other spam threats.
Although Avast's headquarters is located in Prague, it trades on the London Stock Exchange. The CMA launched a phase 1 probe into the more than $8 billion cash-plus-stock deal in January and had until March 16 to announce its findings.?
The CMA said that both companies are industry leaders in the cybersecurity field and that a merger could potentially reduce competition in the cyber safety software market of the future.
"Unless the companies can offer a clear-cut solution to address our concerns, we intend to carry out an in-depth phase 2 investigation," said CMA Executive Director David Stewart.
NortonLifeLock and Avast now have five days to submit a proposal to appease those concerns.
However, in response to the investigation, NortonLifeLock was quick to call the CMA's announcement "surprising" and said it doesn't plan to make any phase 1 remedies.
<<<
---
>>> Fortinet Announces Five-for-One Stock Split
Yahoo Finance
Fortinet, Inc.
June 09, 2022
https://finance.yahoo.com/news/fortinet-announces-five-one-stock-130000973.html
News Summary
Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, today announced its intention to implement its previously announced five-for-one forward stock split (the “Stock Split”) on June 22, 2022. Fortinet previously disclosed the Stock Split on April 22, 2022, and further details on the Stock Split were included in Fortinet’s definitive proxy statement (the “Proxy Statement”) relating to Fortinet’s Annual Meeting of Stockholders to be held on June 17, 2022 (the “2022 Annual Meeting”).
The Stock Split is contingent upon stockholder approval at the 2022 Annual Meeting of an Amended and Restated Certificate of Incorporation (the “Restated Certificate”) that would increase the number of authorized shares of Fortinet’s common stock and implement the Stock Split, among certain other changes described in the Proxy Statement.
If Fortinet’s stockholders approve the Stock Split at the 2022 Annual Meeting then, upon the filing of the Restated Certificate, each share of Fortinet’s common stock outstanding on June 22, 2022 will be split into five shares of common stock. Trading is expected to begin on a split-adjusted basis on or around June 23, 2022.
For additional details, please see the Proxy Statement filed with the U.S. Securities and Exchange Commission on May 2, 2022.
This will be the second time that Fortinet has split its stock, having implemented in 2011 a two-for-one stock split.
About Fortinet
Fortinet (NASDAQ: FTNT) makes possible a digital world that we can always trust through its mission to protect people, devices, and data everywhere. This is why the world’s largest enterprises, service providers, and government organizations choose Fortinet to securely accelerate their digital journey. The Fortinet Security Fabric platform delivers broad, integrated, and automated protections across the entire digital attack surface, securing critical devices, data, applications, and connections from the data center to the cloud to the home office. Ranking #1 in the most security appliances shipped worldwide, more than 580,000 customers trust Fortinet to protect their businesses. And the Fortinet NSE Training Institute, an initiative of Fortinet’s Training Advancement Agenda (TAA), provides one of the largest and broadest training programs in the industry to make cyber training and new career opportunities available to everyone
<<<
---
>>> 3 Top Cybersecurity Stocks to Buy in April
Motley Fool
By Jake Lerch
Apr 11, 2022
https://www.fool.com/investing/2022/04/11/3-top-cybersecurity-stocks-to-buy-in-april/?source=eptyholnk0000202&utm_source=yahoo-host&utm_medium=feed&utm_campaign=article
These companies are helping to secure the world's organizations from cybercrime -- and growing quickly because of it.
Cybersecurity is one of the most pressing topics today. Whether big or small, public or private, it seems every organization is vulnerable to hacking. A recent survey of risk management experts conducted by Allianz listed cyber incidents as the most relevant concern for 2022 -- ahead of new regulations, climate change, or even another pandemic.
It's easy to see why. As technology has scaled up, so have the opportunities to infiltrate, disable, or ransom the tools that serve our economy. Amid this backdrop, numerous companies have emerged to meet this critical challenge -- several of which are great investment opportunities. While many stocks have sold off over the last year, shares of Zscaler ( ZS -4.31% ), Fortinet ( FTNT -2.67% ), and Crowdstrike ( CRWD -1.93% ) have outperformed the Invesco NASDAQ 100 ETF. Let's take a look at what makes these companies must-buys in April.
1. Zscaler
You've probably heard the phrase "Trust, but verify." Zscaler, a leader in zero-trust security, takes the proverb one step further. It is guided by the mantra "Never trust, always verify." Its security model relies on mutual authentication, meaning that users and devices must always verify their identity before being granted access to a system.
Customers, particularly large enterprise businesses, have flocked to Zscaler's products. The company has over 5,600 customers in total, including more than 170 companies within the Fortune 500. Zscaler reports that 251 of its customers now generate over $1 million in annual recurring revenue -- up 85% from a year earlier.
Overall revenues are growing fast too. In its latest quarterly earnings report (the period ending Jan. 31, 2022), Zscaler reported quarterly revenues of $256 million, a 63% increase year over year. It reported revenues of $860 million for the most recent 12 months. Moreover, the company turns those revenues into profits. Adjusted earnings-per-share for the most recent quarter was $0.13, beating the consensus estimate of $0.11.
On the horizon, Zscaler sees a great deal of opportunity ahead. It estimates its total market opportunity at $72 billion, given the surging demand for cybersecurity. Looking ahead, analysts expect fiscal 2022 revenues (the 12 months ending Jul. 31, 2022) of $1.05 billion, growing to $1.42 billion in fiscal year 2023. With its sizzling revenue growth, Zscaler is a name to own now.
2. Fortinet
Fortinet delivers various products and services that provide network, endpoint, and cloud security. The company's FortiGate firewall product, along with associated services, makes up 66% of its revenue.
While securing network hardware may not be the most exciting part of the cybersecurity field, it's still essential. And as one of the best-of-breed providers, Fortinet commands pricing power. It boasts 19% operating margins, putting it near the top of its industry in that category. Supply chain issues may present some short-term headwinds, but analysts expect Fortinet's margins to remain basically unchanged through 2023.
While its revenue growth is more modest than some of its competitors (quarterly revenues grew 29% versus last year), Fortinet compensates with profitability. It generated $3.63 of earnings per share (EPS) in 2021, and consensus estimates for 2022 are for EPS of $4.95, growing to $5.96 in 2023.
After turning in a stellar 142% gain in 2021, shares have slumped 7% in 2022. However, given its balanced growth and profitability, investors would be wise to use its recent weakness to pick up shares now -- before the company reports earnings during the first week of May.
3. Crowdstrike
The third stock on my list is Crowdstrike. The company recently reported a fantastic quarterly earnings report, with revenues growing 63% year over year. Crowdstrike is an innovator in the cybersecurity market. It doesn't rely on databases of known viruses and malware. Instead, Crowdstrike's cloud-based artificial intelligence scans customer networks in real-time, looking for suspicious patterns of behavior, and escalating or eliminating risks proactively.
What's more, Crowdstrike sells its products via subscription modules -- allowing its customers to purchase the components most applicable to their needs, and providing Crowdstrike with annual recurring revenue. This plug-and-play approach is paying off. Its subscriber base has jumped to 16,325 -- with over 69% of customers buying four or more modules.
I love Crowdstrike's business model, and so do Wall Street analysts. Of the 33 analysts who cover the stock, 30 rate it as a buy or strong buy.
<<<
Fortinet - >>> Better Cybersecurity Stock: Fortinet vs. Tenable
Motley Fool
By Leo Sun
Mar 29, 2022
https://www.fool.com/investing/2022/03/29/better-cybersecurity-stock-fortinet-vs-tenable/?source=eptyholnk0000202&utm_source=yahoo-host&utm_medium=feed&utm_campaign=article
KEY POINTS
Fortinet is a market leader in next-gen firewalls.
Tenable scans networks for security flaws to proactively stop attacks.
One is clearly a safer investment than the other.
Which cybersecurity player is a better overall investment?
Data breaches, ransomware attacks, and other types of cyberattacks have cost organizations tens of billions of dollars in recent years. The total number of cyberattacks worldwide skyrocketed 50% in 2021, according to Check Point Research, and peaked at a whopping average of 925 weekly attacks per organization last December.
That escalation has sent organizations scrambling to upgrade their digital defenses. It's also turned many leading cybersecurity stocks into evergreen investments that are resistant to macroeconomic headwinds.
Two promising stocks in that sector are Fortinet ( FTNT -0.80% ) and Tenable ( TENB 1.68% ). Let's take a closer look at these two cybersecurity companies and see which is the more well-rounded investment.
What do Fortinet and Tenable do?
Fortinet's main product is a next-gen firewall called Fortigate, which it installs through a network of on-site appliances called the "Fortinet Security Fabric." This platform provides end-to-end protection for on-premise, cloud-based, and Internet of Things (IoT) devices.
Fortinet serves over half a million customers globally, including the majority of the Fortune 500, and leverages its artificial intelligence and machine learning algorithms to analyze over 100 billion events daily.
Tenable's enterprise-facing platform, Nessus Professional, scans an organization's entire infrastructure for security vulnerabilities like weak passwords, misconfigured software, and network flaws. It also offers a free version for home networks. That proactive approach can prevent devastating attacks from ever happening.
Tenable currently serves about 40,000 customers worldwide, including 60% of the Fortune 500 and 40% of the Global 2000.
How fast is Fortinet growing?
Fortinet's revenue rose 20% in 2020 and grew 21% to $3.34 billion in 2021. It expects its revenue to grow 28%-29% this year. Its recent exit from Russia might initially reduce its annual revenue by 2%-3% this year, but it could potentially offset that loss by gaining more customers elsewhere -- especially if Russia escalates its cross-border cyberattacks.
Moreover, Fortinet's 32.5% year-over-year growth in deferred revenue at the end of 2021, which accelerated from its 23.5% growth in 2020, indicates there's still plenty of pent-up demand for its products -- and that its exit from Russia will merely be a speed bump for its long-term growth.
Unlike many other high-growth cybersecurity companies, Fortinet is firmly profitable by both generally accepted accounting principles (GAAP) and non-GAAP measures. Its non-GAAP earnings per share (EPS) increased 34% in 2020 and 19% in 2021, and it expects 22%-25% growth in 2022.
How fast is Tenable growing?
Tenable's revenue rose 24% in 2020 and grew 23% to $541 million in 2021. It expects its revenue to increase 22%-24% in 2022.
Tenable generated 58% of its revenue in the United States in 2021, and no other market accounted for over 10% of its revenue. It doesn't seem to do any significant business in Russia, and it hasn't issued any statements about its exposure to the Russo-Ukrainian war yet.
Last year, Tenable bundled together all of its risk-based exposure tools into a single platform called Tenable.ep. It's also been expanding its subscription-based cloud platform, Tenable.io, to lock in even more customers. Its 30% growth in deferred revenue in 2021, which accelerated from its 2% decline in 2020, indicates there's plenty of pent-up demand for those services.
Tenable remains unprofitable by GAAP measures, but it turned profitable on a non-GAAP basis in 2020. Its non-GAAP EPS jumped 79% in 2021, but it's bracing for a 44%-56% decline this year as it ramps up its spending.
The valuations and verdict
On a non-GAAP basis, Fortinet trades at 65 times forward earnings. Tenable has a forward P/E ratio of more than 300.
Both of those multiples are high, but higher-growth cybersecurity companies are generally valued by their top-line growth until they lose their momentum. By that measure, Fortinet trades at 12 times this year's sales, while Tenable trades at nine times this year's sales. Both price-to-sales ratios are fairly reasonable for companies that generate more than 20% revenue growth.
Fortinet and Tenable are both promising cybersecurity plays, but I believe Fortinet's stronger top-line growth and stable GAAP profits make it a better overall investment in this challenging market.
<<<
>>> 3 Cybersecurity Stocks That Could Help Make You a Fortune
Motley Fool
By Leo Sun
Mar 10, 2022
https://www.fool.com/investing/2022/03/10/3-cybersecurity-stocks-that-could-help-make-you-a/?source=eptyholnk0000202&utm_source=yahoo-host&utm_medium=feed&utm_campaign=article
KEY POINTS
Fortinet’s next-gen firewalls will keep networks secure.
Palo Alto’s blend of firewalls, cloud services, and AI threat detection platforms makes it a well-rounded cybersecurity play.
CrowdStrike’s cloud-native approach gives it plenty of room to grow.
Fortinet, Palo Alto Networks, and CrowdStrike are all great long-term plays on the cybersecurity market.
Russia's invasion of Ukraine, which sparked sanctions against the country, has also sparked fears worldwide of retaliatory Russian cyberattacks. But long before that conflict broke out, many organizations had already been hardening their cybersecurity defenses to counter data breaches, ransomware attacks, and other threats.
That secular trend has turned the cybersecurity sector into a defensive one that is resistant to macroeconomic threats like inflation and higher interest rates. So today, let's take a closer look at three evergreen plays in that sector -- Fortinet ( FTNT 2.00% ), Palo Alto Networks ( PANW 1.85% ), and CrowdStrike ( CRWD 7.63% ) -- and why they could help make you amass a fortune.
1. Fortinet
Fortinet's core platform Fortigate is a next-gen firewall that runs on on-site appliances. It links its services together with the Fortinet Security Fabric, which provides end-to-end protection for an organization's on-premise, cloud-based, and Internet of Things (IoT) services. It currently serves more than half a million customers worldwide, including the majority of the Fortune 500, and leverages its artificial intelligence (AI) and machine learning algorithms to analyze over 100 billion events daily.
Fortinet's revenue rose 20% in fiscal 2020 and 29% to $3.34 billion in fiscal 2021, and it expects 28%-29% growth in fiscal 2022. It's profitable by both generally accepted accounting principles (GAAP) and non-GAAP metrics, and its operating margins improved by both measures last year. It expects its non-GAAP earnings per share (EPS) to grow 22%-25% in fiscal 2022.
Fortinet's stock price recently dipped after it suspended its operations in Russia in response to its invasion of Ukraine, but it generates less than 3% of its revenue from the country. Furthermore, an escalation of cyberattacks from Russia will likely generate tailwinds -- not headwinds -- for Fortinet's core business. Fortinet's stock isn't cheap at 66 times forward earnings and 11 times this year's sales, but its robust growth rates and firm financial discipline should easily justify those higher valuations.
2. Palo Alto Networks
Palo Alto Networks competes against Fortinet in the next-gen firewall market with its on-premise security platform Strata. But over the past few years, it expanded its ecosystem with a cloud security platform, Prisma, and an AI-powered threat detection service called Cortex.
These newer next-generation security (NGS) services, which now drive most of its growth, accounted for 29% of Palo Alto's trailing 12-month revenue in its latest quarter. The company's combined ecosystem serves more than 85,000 customers across 150 countries.
Palo Alto's revenue rose 18% in fiscal 2020 and 25% to $4.3 billion in fiscal 2021, and it expects 27%-29% growth in fiscal 2022 (which ends this July). It isn't profitable on a GAAP basis yet, but its non-GAAP EPS increased 26% in fiscal 2021 -- and it expects 18%-19% growth in fiscal 2022.
The bears often claim that Palo Alto relies too heavily on acquisitions to expand its ecosystem and boost its revenue. However, the company continues to develop new features organically, and it doesn't plan to make any more big acquisitions in the near future. Palo Alto's stock isn't cheap at about 80 times forward earnings and 10 times this year's sales, but it could still have plenty of room to grow over the next few decades.
3. CrowdStrike Holdings
Unlike Fortinet and Palo Alto, CrowdStrike doesn't deploy any on-site hardware appliances at all. Instead, it offers all of its end-to-end security services through a cloud-based subscription platform called Falcon. This approach is stickier and easier to scale as an organization expands. It served 16,325 subscription customers at the end of fiscal 2022.
CrowdStrike's disruptive approach enables it to grow at a much faster clip than Fortinet and Palo Alto. Its revenue surged 82% in fiscal 2021 and increased 66% to $1.45 billion in fiscal 2022 (which ended this January), and it expects 47%-49% growth in fiscal 2023.
CrowdStrike's number of customers jumped 65% year over year in the fourth quarter of 2022, and it's kept its dollar-based net retention rate above 120% ever since its IPO in mid-2019. It isn't profitable by GAAP measures yet, but it expects its non-GAAP EPS to grow 54%-69% in fiscal 2023.
CrowdStrike's stock price got a bit overheated in 2021, but it's dropped nearly 40% since hitting its all-time high last November. The stock still looks a bit pricey at about 200 times forward earnings and 20 times this year's sales, but the company's early mover's advantage in cloud-based security, its explosive growth rates, and its high retention rates all justify that premium.
<<<
>>> What We Learned About Pegasus, the Smartphone Cracker
https://s.yimg.com/os/creatr-uploaded-images/2022-01/d23992d0-8045-11ec-bfff-88b2e06cfdc7">https://s.yimg.com/os/creatr-uploaded-images/2022-01/d23992d0-8045-11ec-bfff-88b2e06cfdc7" />
This studio photographic illustration shows a smartphone with the website of Israel's NSO Group which features 'Pegasus' spyware, on display in Paris on July 21, 2021. - Private Israeli firm NSO Group has denied media reports its Pegasus software is linked to the mass surveillance of journalists and rights defenders, and insisted that all sales of its technology are approved by Israel's defence ministry.
New York Times
by Michael Levenson
January 28, 2022
https://www.yahoo.com/news/learned-pegasus-smartphone-cracker-133036366.html
It is widely regarded as the world’s most potent spyware, capable of reliably cracking the encrypted communications of iPhone and Android smartphones.
The software, Pegasus, made by an Israeli company, NSO Group, has been able to track terrorists and drug cartels. It has also been used against human rights activists, journalists and dissidents.
Now, an investigation published Friday by The New York Times Magazine has found that Israel, which controls the export of the spyware, just as it does the export of conventional weapons, has made Pegasus a key component of its national security strategy, using it to advance its interests around the world
The yearlong investigation, by Ronen Bergman and Mark Mazzetti, also reports that the FBI bought and tested NSO software for years with plans to use it for domestic surveillance until the agency finally decided last year not to deploy the tools.
The Times found that sales of Pegasus played a critical role in securing the support of Arab nations in Israel’s campaign against Iran and negotiating the Abraham Accords, the 2020 diplomatic agreements, signed at a Trump White House ceremony, that normalized relations between Israel and some of its longtime Arab adversaries.
The U.S. sought the cyberweapon for domestic use.
The U.S. had also moved to acquire Pegasus, the Times found. The FBI, in a deal never previously reported, bought the spyware in 2019, despite multiple reports that it had been used against activists and political opponents in other countries. It also spent two years discussing whether to deploy a newer product, called Phantom, inside the United States.
The discussions at the Justice Department and the FBI continued until last summer, when the FBI ultimately decided not to use NSO weapons.
But Pegasus equipment is still in a New Jersey building used by the FBI. And the company also gave the agency a demonstration of Phantom, which could hack American phone numbers.
A brochure for potential customers, obtained by the Times, says that Phantom allows American law enforcement and spy agencies to “turn your target’s smartphone into an intelligence gold mine.”
The yearlong Times investigation was based on interviews with government officials, leaders of intelligence and law enforcement agencies, cyber experts, business executives and privacy activists in a dozen countries.
It tells the story of NSO’s rise from a startup operating out of a converted chicken coop on an agricultural cooperative to its blacklisting by the Biden administration in November because of its use by foreign governments to “maliciously target” dissidents, journalists and others.
NSO began with two school friends, Shalev Hulio and Omri Lavie, hatching startups in Bnai Zion, an agricultural cooperative outside of Tel Aviv, Israel, in the mid-2000s.
One of their startups, CommuniTake, which offered cellphone tech-support workers the ability to take control of their customers’ devices — with permission — caught the attention of a European intelligence agency, Hulio said.
NSO was born, and the company eventually developed a way to gain access to phones without the user’s permission — no need to click on a malicious attachment or link. (That the company’s name sounded like the NSA was a mere coincidence).
‘You start to believe your every move is watched.’
After NSO began selling Pegasus globally in 2011, Mexican authorities used it to capture Joaquín Guzmán Loera, the drug lord known as El Chapo. And European investigators used it to smash a child-abuse ring with dozens of suspects in more than 40 countries.
But abuses have also been revealed in reports by researchers and news organizations, including the Times.
Mexico used the spyware to target journalists and dissidents. Saudi Arabia used it against women’s rights activists and associates of Jamal Khashoggi, the Washington Post columnist who was killed and dismembered by Saudi operatives in 2018.
That year, the CIA bought Pegasus to help Djibouti, a U.S. ally, fight terrorism, despite long-standing concerns about human rights abuses there, including the persecution of journalists and the torture of dissidents.
In the United Arab Emirates, Pegasus was used to hack the phone of an outspoken critic of the government, Ahmed Mansoor.
Mansoor’s email account was breached, his geolocation was monitored, $140,000 was stolen from his bank account, he was fired from his job and strangers beat him on the street.
“You start to believe your every move is watched,” he said. In 2018, he was sentenced to 10 years in prison for posts he made on Facebook and Twitter.
Through a series of new deals licensed by the Israeli Ministry of Defense, Pegasus has been provided to the far-right leaders of Poland, Hungary, India and other countries.
Then-Prime Minister Benjamin Netanyahu did not order the Pegasus system to be cut off, even when the Polish government enacted laws that many Jews inside and outside of Israel saw as Holocaust denial, or when Prime Minister Mateusz Morawiecki, at a conference attended by Netanyahu himself, falsely listed “Jewish perpetrators” among those responsible for the Holocaust.
The blacklisting of NSO infuriated Israeli officials.
American companies have been trying to build their own tools that could hack phones with the ease of NSO’s “zero click” technology.
One of those companies, Boldend, told Raytheon, the defense-industry giant, in January 2021, that it could hack WhatsApp, the popular messaging service owned by Facebook, but then lost the capability after a WhatsApp update, according to a presentation obtained by the Times.
The claim was especially notable because, according to one of the slides, a major Boldend investor is Founders Fund — a company run by Peter Thiel, the billionaire who was one of Facebook’s first investors and remains on its board.
The recent U.S. blacklisting of NSO could suffocate the company by denying it access to the American technology it needs to run its operations, including Dell computers and Amazon cloud servers.
The rebuke has infuriated Israeli officials who have denounced the move as an attack not only on a crown jewel of the country’s defense industry but on the country itself.
“The people aiming their arrows against NSO,” said Yigal Unna, director general of the Israel National Cyber Directorate until Jan. 5, “are actually aiming at the blue and white flag hanging behind it.”
<<<
Fortinet - >>> 3 Top Stocks to Play the Data Center Upgrade Cycle in 2022
The internet is evolving again, and data center construction is picking up pace to facilitate it.
Motley Fool
by Nicholas Rossolillo
Dec 31, 2021
https://www.fool.com/investing/2021/12/31/3-top-stocks-to-play-the-data-center-upgrade-cycle/?source=eptyholnk0000202&utm_source=yahoo-host&utm_medium=feed&utm_campaign=article
Key Points
AMD's CPUs and GPUs have momentum on their side in the important data center market.
Arista Networks is forecasting strong growth for the new year from its data center customers.
Fortinet designs some of the best data center and network security hardware around.
Facebook's recent corporate rebrand to Meta Platforms has set off a firestorm of media headlines surrounding terms like "metaverse," "web 3.0," and "cryptocurrencies." But even before that, lots of organizations had already started upgrading their data centers to get ready for more advanced web-based services and experiences.
A new wave of tech hardware construction is thus underway, and Advanced Micro Devices (NASDAQ:AMD), Arista Networks (NYSE:ANET), and Fortinet (NASDAQ:FTNT) look like top buys right now. Here's why these are three top stocks to play the data center upgrade push.
1. AMD: Gobbling up market share of the web's basic computing unit. It doesn't look like AMD's pending acquisition of fellow chip designer Xilinx (NASDAQ:XLNX) will get done in 2021, as it's still pending sign-off from regulators in China. Management said it hopes to finalize the $35 billion acquisition in early 2022. Xilinx, which is the leader in field-programmable gate arrays (FPGAs), will open up a new front for AMD as it gobbles up market share from Intel (NASDAQ:INTC) in multiple areas.
Even should the Xilinx deal get hung up by China (regulators in the U.S., U.K., and Europe have already given the go-ahead), AMD will be just fine. AMD's CPUs for data centers (one of Intel's most important business lines) have been building steam for years. And along with Nvidia, AMD GPUs designed for artificial intelligence are also a key growth driver for the company.
But FPGAs from Xilinx, a flexible chip type that can be reprogrammed at the hardware level, have also been on the offensive. Intel acquired a couple of FPGA firms in recent years, but that segment has mostly stalled out while Xilinx has been growing at a healthy clip. Together, AMD and Xilinx would be a powerful force and help AMD continue to eat away at Intel's massive lead in the semiconductor industry.
Besides sustaining AMD's stand-alone growth momentum, Xilinx will improve AMD's profit margins, and boost research and development spending. Currently, AMD stock trades for 61 times trailing-12-month free cash flow and 44 times next year's expected earnings. This valuation implies another year of rapid growth for the company in 2022, which looks more than viable given the high demand chips are in and the rapid pace of data center upgrades (for example, Meta choosing AMD chips to help power the metaverse). Adding in Xilinx could just be extra gravy. I remain optimistic on AMD's prospects for the long term.
2. Arista Networks: Constructing the backbone of cloud computing
After a few years of struggle, Arista Networks stock was back on the rise in 2021 and set fresh all-time highs throughout the year. The company made a solid rebound from the adverse effects of the U.S.-China trade war that were exacerbated by the early days of the pandemic, and Arista's sales are in strong growth mode once again.
Arista designs open-source switches and other networking equipment. As it's a key ingredient in data centers and other internet infrastructure, a surge in web traffic and cloud computing has Arista's hardware in high demand right now. With order lead times extending well into 2022, management expressed confidence on its last earnings call that it will continue to grow in the new year (through the first nine months of 2021, Arista revenue was up 27% year over year).
Along with its hardware, Arista has also been expanding on its library of software solutions for its data center customers. Together, the company provides a full suite of solutions for enterprises looking to build out new capabilities for the digital world, like cloud operation monitoring and security. In total, it makes for an incredibly profitable business. Arista generated $914 million in free cash flow over the last 12 months, a 33% free cash flow profit margin.
As of this writing, the stock trades for 50 times trailing-12-month free cash flow and nearly 42 times next year's expected earnings. It's the highest premium Arista has traded for in years, but given the company's return to double-digit percentage growth, it's not an unwarranted price tag. This is a great stock to own if you think data center construction, the cloud, and other next-gen web experiences will remain a secular growth trend throughout the 2020s.
3. Fortinet: A best-in-class play for security
Cloud-based security software has been all the rage since the start of the pandemic. Firms like CrowdStrike and Zscaler have been top performers in the cybersecurity industry. But Fortinet, often considered a "legacy" security firm, is no slouch. For every cloud service, a data center is doing the work somewhere, and that physical asset needs to be secured as well.
Fortinet designs some of the top chips on the market for this purpose. Even during lockdowns and corporate freezes on some spending in year one of the pandemic (2020), Fortinet's hardware sales kept growing. And then in 2021 as data center upgrades picked up pace, the company's product sales segment accelerated (up 40% through the first nine months of the year).
But let's not pigeonhole Fortinet as a hardware company. In fact, nearly two-thirds of its revenue is derived from services -- recurring and very sticky software-based sales that get packaged with the company's best-in-class equipment. Even as cybersecurity needs have evolved with proliferating use of the internet, Fortinet has adapted and maintained fast and steady growth for years. Development of a new wave of IT services bodes well for the company's continued success.
As can be expected from a company that has a long track record of profitable growth, Fortinet stock can be purchased for a premium 48 times trailing-12-month free cash flow and 79 times next year's expected earnings (a higher multiple for next year assumes the company invests heavily in research and development in 2022). Nevertheless, I still like Fortinet for the long haul. Expect some turbulence after shares more than doubled in 2021, but if you are focused on the firm's potential over the next five-plus years like I am, this top data center security play deserves attention.
<<<
>>> Cybersecurity Stocks To Buy And Watch: Demand Grows For Next-Gen Security
Investor's Business Daily
by REINHARDT KRAUSE
12/28/2021
https://www.investors.com/news/technology/cybersecurity-stocks/?src=A00220
You may think the time is right to move into cybersecurity stocks, if you're reading this IBD investing primer. The IBD Computer-Software Security group ranks No. 20 out of 197 industry groups tracked
The recently disclosed Log4j computer server software vulnerability has spurred a new wave of hacker attacks.
Some cybersecurity stocks, such as CrowdStrike Holdings (CRWD), have pulled back after strong runs.
Ransomware remains a big threat, though fewer highly publicized incidents occurred in the back half of 2021.
The rise of cryptocurrency Bitcoin has been linked to a spike in ransomware attacks. In ransomware attacks, hackers take over computer systems, encrypt files and demand digital payment to restore access to critical data.
Cybersecurity spending worldwide will pop an estimated 13% in 2021 to $172 billion, says market research firm Gartner, accelerating from 8% growth in 2020. In both 2022 and 2023, Gartner forecasts 11% growth in cybersecurity spending.
The financial services industry is a big spender, said Wells Fargo analyst Mike Mayo in a recent report.
"The biggest banks spend as much as $1 billion, or an estimated 10% to 20% of their IT budgets on cyber," said Mayo. He added: "Cyber spending should increase 10% (compound annual growth rate) over the next four years. As banks increasingly rely on digital interactions with customers, the importance of cybersecurity grows."
Cybersecurity Stocks With High Composite Ratings
Fortinet (FTNT) stock, Mimecast (MIME), Zscaler (ZS), Qualys (QLYS) and Palo Alto Networks (PANW) are among cybersecurity stocks with Composite Ratings above 90. FTNT stock was featured in the New America section.
The Composite Rating is a blend of the other five IBD stock ratings: the earnings per share or EPS Rating, Relative Price Strength Rating, Accumulation/Distribution Rating, Industry Group Relative Strength Rating and the SMR Rating.
The latter measures sales growth, profit margins and return on equity. The all-encompassing Composite Rating helps investors easily measure the quality of a stock's fundamental and technical metrics.
No cybersecurity stocks currently are members of the IBD Leaderboard. It's IBD's curated list of leading stocks that stand out on technical and fundamental metrics.
Both CrowdStrike and Zscaler stock have dropped off the IBD 50 roster of growth companies.
Congress has finally passed legislation funding infrastructure projects. The legislation is expected to include funding for federal, state and local cybersecurity infrastructure.
Hot Cybersecurity Startups Eye IPOs
Private equity firms continue to eye cybersecurity stocks. Permira in December agreed to buy Mimecast (MIME) for $5.8 billion. Thoma Bravo in April agreed to buy Proofpoint in an all-cash $12.3 billion deal.
SentinelOne (S)'s initial public offering raised $1.2 billion. SentinelOne is a rival of CrowdStrike in an emerging market.
Meanwhile, analysts say Netskope, Illumio and Menlo Security are among cloud security startups that could launch IPOs. Netskope in early July raised $300 million at a valuation of $7.5 billion.
Analysts say a new wave of startups seems to be taking share from industry incumbents. They include Cybereason, Exabeam, Vectra AI and iBoss.
"Illumio just completed a Series F round for $225 million of 100% primary capital led by Thoma Bravo, where Illumio now sports a $2.75 billion post-round valuation," said Needham analyst Alex Henderson in a report.
Darktrace (DARK) launched its IPO on the London stock exchange in April. Darktrace utilizes self-learning artificial intelligence tools in security automation.
Consolidation may be coming in the cybersecurity industry. Okta in early March acquired privately held Auth0 in a $6.5 billion, all-stock deal. Also, Okta (OKTA) is expanding into new security markets to take on CyberArk Software (CYBR) and SailPoint Technologies (SAIL).
Microsoft Stock A Big Player In Cybersecurity
Also, Microsoft (MSFT) disclosed that its cybersecurity revenues top $10 billion annually. With 400,000 customers, Microsoft's computer security franchise is growing at more than 40%, the company said.
Microsoft in July acquired RiskIQ, a security threat management company. Bloomberg reported that Microsoft paid around $500 million. Microsoft also bought CloudKnox Security in July.
In addition, Microsoft is integrating more security tools into its cloud-based Office 365 software. As it expands cloud-based security services, Microsoft could pressure more industry incumbents, such as Okta, CrowdStrike, and Splunk (SPLK).
"Microsoft is clearly pitching itself as offering a full security suite, a competitive advantage as customers increasingly want a unified view of threats," UBS analyst Karl Keirstead said in a recent note to clients.
Also, one key IBD technical measure for cybersecurity stocks are Relative Strength Ratings. Further, it behooves an investor to know which cybersecurity stocks address ransomware, phishing or other kinds of cyberattacks.
Palo Alto Networks has spent over $3 billion making 10 acquisitions over the past three years. With roots in the "firewall" network security market, Palo Alto aims to build a broad cloud-based security platform.
Further, CrowdStrike uses machine learning and a specialized database to detect malware on laptops, mobile phones and other devices that access corporate networks. In addition, many software companies are using artificial intelligence to get a competitive edge.
In addition, Zscaler is the biggest provider of cloud-based web security gateways that inspect customers' data traffic for malware.
SailPoint, an identity management software maker, is among companies that garner more than 10% of revenue from government agencies.
Coronavirus Outbreak Boosted Demand For Cloud Security
Other cybersecurity firms with a sizable government business include Tenable Holdings (TENB), Rapid7 (RPD) and CyberArk. Tenable in February acquired France-based Alsid, which focuses on identity access management.
Rapid7 and Qualys specialize in vulnerability management services.
Amid the rapid global spread of the coronavirus called Covid-19, many companies instructed employees to work from home. That has increased demand for computer security products that support remote work.
The coronavirus emergency and shift to remote work has accelerated the growth of cloud-based network security. So the industry now has a new term for the infrastructure that supports distributed workers and branch offices.
It's spelled SASE — pronounced "sassy" — and it stands for Secure Access Service Edge.
Cybersecurity Stocks: Remote Work Increases Amid Pandemic
As remote workers access company data via the internet, many businesses are setting up virtual private networks, or VPNs. Some are buying laptops with preinstalled security software.
"We believe corporations are facing challenges in terms of VPN capacity, and protecting workers adequately with next-generation network and endpoint security offerings," William Blair analyst Jonathan Ho said in a report to clients.
He added that "intensifying email and phishing campaigns, identity access management, and control over software applications" are other security issues.
However, industries hard hit by the coronavirus pandemic will spend less on security software. They include airlines, hotels, retail and restaurants.
Meanwhile, one view is that mergers and acquisitions will pick up.
"The cloud has disrupted everything, which presents both threat and opportunity," Jefferies analyst Brent Thill said in a recent note. "The cyber market is riper than ever for ongoing consolidation. Many smaller vendors are attempting to solve the same problems, larger vendors are looking to create security suites, and financing rates are at all-time lows."
Zscaler, Qualys and Ping Identity Holdings (PING) were each featured recently as the IBD Stock of the Day.
In addition, while cybersecurity stocks often get a boost from well-publicized cyberattacks, the impact can be short-lived.
SD-WAN Technology Changes Security Needs
Corporate America has hiked tech spending on security aiming to protect intellectual property as well as consumer privacy. Hackers continue to steal credit card data and intellectual property.
Spending on security technologies has evolved as companies shift business workloads to cloud computing service providers. Amazon Web Services, part of Amazon.com (AMZN), is the biggest cloud services firm. Amazon looms as a potential rival as it builds more security tools into its cloud services.
Also, Fortinet competes with Palo Alto Networks and others in the firewall security market. Firewalls reside between private networks and the internet. They block unauthorized traffic and check web applications for malware.
As large companies shift to off-premise cloud computing services, one view is that firewall technology will play a lesser role. Fortinet has targeted software-defined wide area networks, or SD-WANs, an emerging computer networking technology.
Aiming to catch-up in SD-WAN technology, Palo Alto Networks acquired startup CloudGenix.
Cybersecurity Products Battle Ransomware, Phishing
Cybersecurity stocks span a wide-range of products and services. In addition, some security vendors are shifting to software-based subscription business models from selling hardware appliances.
Proofpoint specializes in email and data-loss protection.
Hackers often aim to compromise networks by targeting employees or management who have administrative access. CyberArk manages privileged accounts. In addition, Okta provides identity management services.
To slow down hackers, more companies are focusing on internal security threats though a strategy known as Zero Trust.
In addition, traditional security measures aim to keep the bad guys out of corporate networks. Further, network firewalls focus on intruders from the public internet.
Zero Trust cybersecurity models focus on internal threats, such as hackers stealing someone's security credentials. Security firms verify the identity of network users and limit access to applications.
CrowdStrike, Okta, Netskope and Proofpoint recently formed a Zero Trust alliance.
Targeting Zero Trust security, Cisco Systems (CSCO) in 2018 acquired Duo Security for $2.35 billion.
Artificial Intelligence Changing Cybersecurity Market
Also, many fast-growing cybersecurity firms are in the endpoint market. Their tools detect malware on laptops, mobile phones and other devices that access corporate networks.
Further, CrowdStrike's initial public offering in June, 2019 raised $612 million, one of the largest cybersecurity offerings. CrowdStrike's rivals include VMware's (VMW) Carbon Black, Palo Alto, FireEye (FEYE) and startup Cybereason. Private equity firms Blackstone and ClearSky recently invested $400 million in FireEye.
In addition, state-sponsored hackers and cybersecurity firms are both using artificial intelligence to get an edge.
Artificial intelligence should improve computer security tools by speeding up incident responses. It could help thwart email-delivered ransomware or swarming botnets that knock out access to websites.
Follow Reinhardt Krause on Twitter @reinhardtk_tech for updates on 5G wireless, artificial intelligence, cybersecurity and cloud computing.
<<<
>>> IMF, World Bank & 10 Countries Held Alarming "Simulation" Of Global Financial System Collapse
Zero Hedge
BY TYLER DURDEN
DEC 21, 2021
https://www.zerohedge.com/markets/imf-world-bank-10-countries-hold-alarming-simulation-global-financial-system-collapse
Earlier this month Reuters produced a report which didn't receive nearly enough attention among the American public - its contents would be sure to alarm most people concerned with the outbreak of yet more 'global catastrophes'. At the very least it's curious timing: amid the recent pandemic induced disruption in global supply chains, powerful nations and banking institutions decided to get together to run a global economic collapse scenario.
The report described that Israel led a "10-country simulation of a major cyber attack on the global financial system in an attempt to increase cooperation that could help to minimize any potential damage to financial markets and banks." It was centered on a catastrophic scenario in which "hackers were 10 steps ahead of us," according to one official who took part.
Dubbed "Collective Strength", the exercise was held in Jerusalem (after being moved from the original proposed location of Dubai) and included the participation also of the United States, UK, United Arab Emirates, Austria, Switzerland, Germany, Italy, the Netherlands and Thailand. Officials from the International Monetary Fund (IMF), World Bank and Bank of International Settlements were also involved.
The financial-geopolitical gaming simulation was set amid a scenario where sensitive data was leaked on the Dark Web, which combined with "fake news" reports going viral across societies, resulting in the collapse of global markets and an ensuing run on banks. Further, the simulation envisioned a series of devastating hacks targeting global foreign exchange systems, which also disrupted transactions between importers and exporters, according to Reuters.
The simulation set out a severe crisis period lasting about a week-and-a-half. Events were guided by a film and narrator which related the fast moving 'live' events...
"These events are creating havoc in the financial markets," said a narrator of a film shown to the participants as part of the simulation and seen by Reuters.
Further the report detailed of the simulation hosted under the aegis of Israel's Finance Ministry:
"The banks are appealing for emergency liquidity assistance in a multitude of currencies to put a halt to the chaos as counterparties withdraw their funds and limit access to liquidity leaving the banks in disarray and ruin," the narrator said.
The participants discussed multilateral policies to respond to the crisis, including a coordinated bank holiday, debt repayment grace periods, SWAP/REPO agreements and coordinated delinking from major currencies.
Ostensibly what was a "successful" ten day exercise was aimed toward each country being prepared to contain the global damage coming from some kind of major cyber event or threat. The key takeaway was that only through rapid global cooperation and open communication among nations, would there be opportunity to prevent total collapse of the global (or perhaps rather Western-led) financial system.
Interestingly, some participants said in reality they would in reality move faster than in the simulation in the instance of a cyber disruption of that scale. They said "in a real cyber attack situation governments would take action more quickly than in the simulation," according to Reuters. "One European financial official said that in the case of such of an attack, his country would not wait 10 days to act."
However, we doubt much of the Western public will feel "comforted" by global elites engaged in a simulated global meltdown 'readiness' scenario. Again, as if 2020 and 2021 under the pandemic weren't enough of a "real world" disaster and crisis scenario, one questions the need to game out a 'pretend' scenario in the first place.
<<<
>>> The security flaw that's freaked out the internet
AP
By FRANK BAJAK
12-14-21
BOSTON (AP) — Security pros say it's one of the worst computer vulnerabilities they've ever seen. They say state-backed Chinese and Iranian hackers and rogue cryptocurrency miners have already seized on it.
Security experts around the world raced Friday, Dec. 10, 2021, to patch one of the worst computer vulnerabilities discovered in years, a critical flaw in open-source code widely used across industry and government in cloud services and enterprise software. Cybersecurity experts say users of the online game Minecraft have already exploited it to breach other users by pasting a short message into in a chat box.
The Department of Homeland Security is sounding a dire alarm, ordering federal agencies to urgently eliminate the bug because it's so easily exploitable — and telling those with public-facing networks to put up firewalls if they can't be sure. The affected software is small and often undocumented.
Detected in an extensively used utility called Log4j, the flaw lets internet-based attackers easily seize control of everything from industrial control systems to web servers and consumer electronics. Simply identifying which systems use the utility is a prodigious challenge; it is often hidden under layers of other software.
The top U.S. cybersecurity defense official, Jen Easterly, deemed the flaw “one of the most serious I’ve seen in my entire career, if not the most serious” in a call Monday with state and local officials and partners in the private sector. Publicly disclosed last Thursday, it’s catnip for cybercriminals and digital spies because it allows easy, password-free entry.
The Cybersecurity and Infrastructure Security Agency, or CISA, which Easterly runs, stood up a resource page Tuesday to help erase a flaw it says is present in hundreds of millions of devices. Other heavily computerized countries were taking it just as seriously, with Germany activating its national IT crisis center.
A wide swath of critical industries, including electric power, water, food and beverage, manufacturing and transportation, were exposed, said Dragos, a leading industrial control cybersecurity firm. “I think we won’t see a single major software vendor in the world -- at least on the industrial side -- not have a problem with this,” said Sergio Caltagirone, the company’s vice president of threat intelligence.
Eric Goldstein, who heads CISA's cybersecurity division, said Washington was leading a global response. He said no federal agencies were known to have been compromised. But these are early days.
“What we have here is a extremely widespread, easy to exploit and potentially highly damaging vulnerability that certainly could be utilized by adversaries to cause real harm," he said.
A SMALL PIECE OF CODE, A WORLD OF TROUBLE
The affected software, written in the Java programming language, logs user activity on computers. Developed and maintained by a handful of volunteers under the auspices of the open-source Apache Software Foundation, it is extremely popular with commercial software developers. It runs across many platforms — Windows, Linux, Apple’s macOS — powering everything from web cams to car navigation systems and medical devices, according to the security firm Bitdefender.
Goldstein told reporters in a conference call Tuesday evening that CISA would be updating an inventory of patched software as fixes become available. Log4j is often embedded in third-party programs that need to be updated by their owners. “We expect remediation will take some time,” he said.
Apache Software Foundation said the Chinese tech giant Alibaba notified it of the flaw on Nov. 24. It took two weeks to develop and release a fix.
Beyond patching to fix the flaw, computer security pros have an even more daunting challenge: trying to detect whether the vulnerability was exploited — whether a network or device was hacked. That will mean weeks of active monitoring. A frantic weekend of trying to identify — and slam shut — open doors before hackers exploited them now shifts to a marathon.
LULL BEFORE THE STORM
“A lot of people are already pretty stressed out and pretty tired from working through the weekend — when we are really going to be dealing with this for the foreseeable future, pretty well into 2022,” said Joe Slowik, threat intelligence lead at the network security firm Gigamon.
The cybersecurity firm Check Point said Tuesday it detected more than half a million attempts by known malicious actors to identify the flaw on corporate networks across the globe. It said the flaw was exploited to plant cryptocurrency mining malware — which uses computer cycles to mine digital money surreptitiously — in five countries.
As yet, no successful ransomware infections leveraging the flaw have been detected. But experts say that’s probably just a matter of time.
“I think what’s going to happen is it’s going to take two weeks before the effect of this is seen because hackers got into organizations and will be figuring out what to do to next.” John Graham-Cumming, chief technical officer of Cloudflare, whose online infrastructure protects websites from online threats.
We’re in a lull before the storm, said senior researcher Sean Gallagher of the cybersecurity firm Sophos.
“We expect adversaries are likely grabbing as much access to whatever they can get right now with the view to monetize and/or capitalize on it later on.” That would include extracting usernames and passwords.
State-backed Chinese and Iranian hackers have already exploited the flaw, presumably for cyberespionage, and other state actors were expected to do so as well, said John Hultquist, a top threat analyst at the cybersecurity firm Mandiant. He wouldn't name the target of the Chinese hackers or its geographical location. He said the Iranian actors are “particularly aggressive” and had taken part in ransomware attacks primarily for disruptive ends.
SOFTWARE: INSECURE BY DESIGN?
The Log4j episode exposes a poorly addressed issue in software design, experts say. Too many programs used in critical functions have not been developed with enough thought to security.
Open-source developers like the volunteers responsible for Log4j should not be blamed so much as an entire industry of programmers who often blindly include snippets of such code without doing due diligence, said Slowik of Gigamon.
Popular and custom-made applications often lack a “Software Bill of Materials” that lets users know what’s under the hood — a crucial need at times like this.
“This is becoming obviously more and more of a problem as software vendors overall are utilizing openly available software,” said Caltagirone of Dragos.
In industrial systems particularly, he added, formerly analog systems in everything from water utilities to food production have in the past few decades been upgraded digitally for automated and remote management. “And one of the ways they did that, obviously, was through software and through the use of programs which utilized Log4j," Caltagirone said.
<<<
>>> DHS warns of critical flaw in widely used software
By Sean Lyngaas
CNN
12-11-21
https://www.msn.com/en-us/news/technology/dhs-warns-of-critical-flaw-in-widely-used-software/ar-AARJ5oQ?ocid=uxbndlbing
The Department of Homeland Security's top cyber official on Saturday urged government and private-sector organizations to address a critical flaw in widely used software that hackers were actively using to try to breach networks.
The US Department of Homeland Security says it will brief critical infrastructure firms across the US on Monday.
DHS's Cybersecurity and Infrastructure Security Agency ordered federal civilian agencies to update their software. And Jen Easterly, the head of the agency, warned that the vulnerability was being widely exploited by "a growing set" of hackers.
The vulnerability is in Java-based software known as "Log4j" that large organizations, including some of the world's biggest tech firms, use to configure their applications.
Apple's cloud computing service, security firm Cloudflare and one of the world's most popular video games, Minecraft, are among the organizations that run Log4j, according to security researchers.
The vulnerability can offer a hacker a relatively easy way to access an organization's computer server. From there, an attacker could devise other ways to access systems on an organization's network.
Security experts say that the fallout from the software flaw could continue for days and weeks as organizations race to address the issue.
The situation escalated before the weekend when a tool for exploiting the vulnerability was made public on GitHub, a software repository. That gave malicious hackers a potential roadmap for how to use the vulnerability to break into devices.
Easterly said her agency would hold a call with critical infrastructure firms across the country on Monday to brief them on the situation.
The onus will be on organizations running the software, rather than individual consumers, to apply the fixes. The Apache Software Foundation, which manages the Log4j software, has released a security fix for organizations to apply.
Cybersecurity researchers interviewed by CNN said it was unclear just how many devices on the internet are exposed to the vulnerability. But IT administrators around the world are on notice and preparing for a long weekend of responding to hacks.
Kevin Beaumont, a researcher who keeps a close eye on emerging software flaws, compared the conundrum that organizations are in with the software flaw to "lock[ing] the doors to your car, but then allow[ing] anybody to shout commands at Siri from outside the car to remotely drive it."
"Log4j is buried deep inside products and [organizations], gonna be painful to fix," Beaumont tweeted Friday.
GreyNoise Intelligence, a firm that maps internet traffic, said that the number of devices that were trying to exploit the vulnerability had more than doubled from Friday to Saturday.
GreyNoise founder Andrew Morris said his firm had been consulting with large tech companies and government organizations about mitigating the impact of the malicious cyber activity.
"A lot of really important people are concerned" about the vulnerability, Morris told CNN.
<<<
>>> Zscaler - >>> 2 Monster Growth Stocks To Buy and Hold Right Now
Motley Fool
By Trevor Jennewine
Dec 10, 2021
https://www.fool.com/investing/2021/12/10/2-monster-growth-stocks-to-buy-and-hold-right-now/?source=eptyholnk0000202&utm_source=yahoo-host&utm_medium=feed&utm_campaign=article
Zscaler is a pioneer in cloud security. Its platform, called a secure access service edge (SASE), is designed to replace traditional corporate networks. Rather than routing web traffic through a central hub, clients lean on Zscaler's network of over 150 global data centers to enforce security policies, which makes it possible to quickly and safely access corporate resources from any device or location.
Specifically, Zscaler's portfolio includes four products: Zscaler Internet Access and Zscaler Public Access, which allow clients to safely connect to both external and internal applications; and Zscaler Cloud Protection and Zscaler Digital Experience, which secure cloud workloads and help IT teams monitor the performance of networks, applications, and infrastructure.
Broadly speaking, by accelerating and securing corporate resources, Zscaler helps businesses provide employees with a high-quality user experience, whether they are in the office or working remotely. And because Zscaler delivers those services from the cloud, clients avoid the cost and commitment of managing the underlying hardware.
That value proposition is only becoming more compelling, as evidenced by Zscaler's strong financial performance over the past year.
Metric
Q1 2021 (TTM)
Q1 2022 (TTM)
Change
Revenue
$480.3 million
$761.0 million
58%
Free cash flow
$60.3 million
$184.9 million
207%
Source: YCharts. TTM = trailing-12-months. Note: Q1 2022 ended Oct. 31, 2021.
Going forward, Zscaler has a good shot at maintaining that momentum. The company puts its addressable market at $72 billion, and the founder-led management team has already demonstrated its ability to expand the platform and grow the business. Moreover, 92% of employees would recommend the company to a friend, and 98% approve of the founder and CEO Jay Chaudhry, according to Glassdoor. Those impressive statistics suggest a strong corporate culture.
It's noteworthy that Gartner has recognized Zscaler as the industry leader for the last 10 consecutive years, evidencing the company's strong competitive position. Gartner also projects that 60% of organizations will have plans in place to adopt SASE networks by 2025, up from 10% in 2020. That tailwind should be a significant growth driver for Zscaler. That's why this stock belongs in your portfolio.
<<<
Fortinet - >>> My Take: 4 Strong Growth Stocks To Buy This Week
Motley Fool
By James Brumley
Dec 10, 2021
https://www.fool.com/investing/2021/12/10/my-take-4-strong-growth-stocks-to-buy-this-week/?source=eptyholnk0000202&utm_source=yahoo-host&utm_medium=feed&utm_campaign=article
KEY POINTS
Cybersecurity, solar energy, data management, and healthcare all have a bright future.
There is little question that demand will continue to rise in each of these sectors.
Each of these companies offers solutions once thought unthinkable in their fields.
If these companies' growth prospects were good enough before the omicron-fueled rout, they're even better now.
Has the omicron-fueled sell-off already run its course? Maybe or maybe not. Given Tuesday's sharp rebound, at the very least it's clear that investors aren't willing to simply throw in the towel at the first sign of trouble. The market is open for business as usual -- even if the current volatility is a bit unusual.
Yet not all stocks have fully recovered. Here are four great growth companies that were beaten down a bit by the recent market sell-off, making them relative bargains to new investors.
Palantir Technologies
It's not a household name, but Palantir Technologies ( PLTR -1.41% ) plays a crucial role in helping organizations handle the deluge of digital data they've been collecting for years now. A bunch of competitors operate in this arena, but Palantir's solutions are more than a means of turning information into insights. They go further, melding digital data with front-line activities like product deliveries, resource allocation, and even medical care.
Palantir's target market isn't just companies. It actually offers the sort of solutions that governments and their agencies need to be fully effective. For instance, the UK's National Health Service tapped Palantir to help manage its response to the COVID-19 pandemic, including the execution of its mass-vaccination effort.
This sort of higher-level capability can be utilized by a wide array of organizations, and they're increasingly doing so. Analysts see sales growing nearly 30% next year following this year's 40% increase. While the company is not profitable yet, progress is being made on that front -- making the shares' 26% slide this past month an even more compelling reason to consider jumping in.
Fortinet
Palantir may not be turning a profit yet, but cybersecurity specialist Fortinet ( FTNT 5.12% ) certainly is. The company has produced $435 million worth of operating income through the first three fiscal quarters of 2021, up 20% year over year, and is en route to what analysts expect will be a 17% gain in full-year earnings. Next year could be even better with forecasts of 19% revenue growth. At the same time, earnings per share are projected to reach $3.91 this year and $4.61 in 2022.
With cybersecurity concerns abounding, there's little reason to think demand for these products will stop growing anytime soon. In fact, it could accelerate as the scope of the true risk continues to come into view. Cybersecurity Ventures estimates that cybercrime will cost the world around $6 trillion this year alone and -- assuming nothing is done to mitigate it -- that cost will grow at an annual pace of 15% to $10.5 trillion by 2025.
In other words, nobody can afford to simply do nothing; the world will have to invest in cyberdefense. So organizations will increasingly need solutions like Fortinet's zero trust network, which ensures that remote employees are connecting to a network securely, or its network firewall, which has earned the Gartner consultancy's top accolades for 12 years in a row. And that's just a sampling of how Fortinet has managed to grow its sales and profits so well.
While the shares have rebounded somewhat, they are still down 10% from their high last month.
Enphase Energy
Speaking of technologies the world is going to need for many years to come, add Enphase Energy ( ENPH -0.61% ) to your list. The solar power outfit is in the right place at the right time -- namely, on the cusp of explosive demand for renewable energy with solar at the forefront. The Solar Energy Industries Association predicts that in the United States alone solar-power production capacity will more than triple over the next 10 years, making it the country's fastest-growing source of electricity over that time frame.
That said, it's important to note that Enphase Energy's value isn't as a solar panel manufacturer; for better or worse, that area has evolved into a commodity-type business. Rather, Enphase's edge within the fast-growing solar power market is its technology. The company's combination of power inverters, system management apps, and power-storage solutions solves many of the biggest problems that corporations and consumers will face as they transition to solar power.
Plus, Enphase has over 400 patents or pending patents to help keep it (and its hardware) ahead of the competition. So with the stock down some 20% from its high, investors would do well to take a closer look.
DexCom
Finally, investors on the hunt for growth stocks may want to consider DexCom ( DXCM 1.13% ), a maker of continuous glucose monitoring systems (GMS) used by diabetics. The stock is anything but cheap, trading at nearly 200 times this year's expected per-share profits. But this is a company that deserves premium pricing.
That's because of its technology. While it's not the market leader -- that honor still belongs to Abbott Laboratories -- never say never. DexCom's G6 system is the world's "first real-time, integrated CGM that is authorized to work interoperably with a range of connected insulin pen and closed loop system partners." Translation: It's a very flexible device that allows users to integrate other tech and help diabetics better manage their condition.
With its leading-edge G6 system, DexCom should be able to grow at a healthy pace in the highly fragmented and fast-growing glucose monitoring field. Global Market Insights estimates this segment will grow at a 10% annual clip through at least 2027 as more and more diabetics graduate from using the much less convenient finger pricks and paper test strips.
Analysts expect DexCom's revenue will grow 27% this year and 22% next year. That, together with a stock that is still 15% off the highs it reached in mid-November, makes for an investment well worth investors' attention.
<<<
>>> 7 Top Cybersecurity Stocks to Buy Heading Into Year-End
Investor Place
by Muslim Farooque
December 3, 2021
https://finance.yahoo.com/news/7-top-cybersecurity-stocks-buy-173310478.html
Businesses are looking to ensure the safety of their data, employees and critical assets. Thus, protection against cyber threats, such as hacking or data breaches, is critical for companies. The Covid-induced push toward digitization has therefore made cybersecurity stocks more appealing.
Recently, many enterprises have also shifted to a hybrid work arrangement, and the structure exposes enterprises to more sophisticated risks. The number of cyberattacks is on the rise, meaning businesses and governments must invest heavily in the sector. This creates a solid tailwind for related stocks.
Cybersecurity is a rapidly-evolving industry. Next-generation security software will be needed to keep up with the increasing threat landscape, and it’s primed for growth over the next decade, thanks in large part to these cutting-edge tools from cloud-native cybersecurity companies.
In 2020, the cybersecurity market was worth more than $156 billion. That value is expected to reach a whopping $352 billion by 2026 with an annual growth rate of 14% over five years. These cybersecurity stocks are poised to benefit:
CrowdStrike (NASDAQ:CRWD)
Palantir Technologies (NYSE:PLTR)
Fortinet (NASDAQ:FTNT)
Okta (NASDAQ:OKTA)
Cloudflare (NYSE:NET)
Palo Alto Networks (NYSE:PANW)
SentinelOne (NYSE:S)
Cybersecurity Stocks: CrowdStrike (CRWD)
Crowdstrike is an expert in endpoint security, providing robust protection to devices users access through various networks. When an attack occurs on a particular device, the information about the incident is sent to other devices and other enterprises.
Consequently, the company’s attack resiliency gets stronger over time as it adds more customers. Crowdstrike has been recognized as a global leader in the cybersecurity realm by top consulting firm Gartner, ahead of its competition.
Business has been great of late for the company. It recently reported a 70% bump in revenues from the prior-year period during the second quarter. Its annual recurring revenues shot up to a mammoth $1.34 billion as Crowdstrike grew its customer base by 81%. Therefore, CRWD stock has a strong growth runway ahead.
Palantir Technologies (PLTR)
Palantir Technologies is not exactly a cybersecurity pure-play. The big data analytics company enables government and private sector businesses to analyze and manage vast amounts of data.
However, businesses face complicated problems like security breaches that require sophisticated solutions. Palantir offers secure datasets, giving it an edge over its peers.
The firm has been adding new customers aggressively with every passing quarter and projects strong growth for the foreseeable future. In its third-quarter this year, revenue has risen by 36% to $392 million. Moreover, its U.S. commercial sales grew 103% from the prior year.
Though its government business was a catalyst in the past, its commercial business is now a bigger growth driver. Moreover, PLTR stock’s current valuation is considerably high, but it will grow into its valuation in time.
Cybersecurity Stocks: Fortinet (FTNT)
Fortinet is one of the top legacy security software providers in the world. It boasts industry-leading financials with robust operating and cash flow margins.
Moreover, the company continues to invest in the organic development of its security platforms to remain competitive. Its Fortinet Security Fabric architecture can deliver without hiccups to more than 500,000 customers for even the most challenging issues.
Fortinet recently reported its third-quarter results, which comfortably beat analyst estimates on both lines. Revenues improved by 33% from the prior-year period to $867 million, with a massive 51% increase in product sales.
Service and billings revenues rose 24% and 42%, respectively. Gross margins for the company remain at a solid 77%, and the company’s FCF margin is 38%. Hence, Fortinet and FTNT stock represent the cream of the crop in the cybersecurity sector.
Okta (OKTA)
Okta utilizes a “zero-trust” approach with its architecture, which requires constant verification before a user can access data and applications. The company is one of the first-movers in identity and access management services.
In a world where cloud and mobile services have become the norm, Okta’s software offerings have been highly demanded by clients across the globe.
Okta has performed incredibly well over the past several years, growing its top-line by double-digits. In its second quarter this year, revenue grew by 57% and Okta forecasts 50% growth next year. Moreover, its adjusted loss per share is steadily improving.
On top of that, the company is making pertinent acquisitions to expand its market share further. Though OKTA stock has been on a negative streak of late, it is a cybersecurity stock for the long haul.
Stocks to Buy: Cloudflare (NET)
Cloudflare is a network services and technology infrastructure platform that offers a suite of products to meet the digital needs of various enterprises.
The Cloudflare network provides consistency, reliability and security for its customers. The rising digitization trends in work, communications and entertainment will see the company benefit from solving different challenges for its clients.
Cloudflare has been a star performer over the past several years, with a five-year average revenue growth rate of roughly 50.5%. Moreover, it recently posted its third-quarter results, showing sales grew 51% from the same period last year.
Management projects the company will close out the year with $648 million in revenues. More importantly, its large base of customers that spend more than $100,000 annually rose 71% from the prior-year quarter. NET stock is expensive, but it’s well worth the premium cost given its solid track record and outlook.
Palo Alto Networks (PANW)
Palo Alto’s specialty is its best-in-class firewall service. It has been named as a top firewall provider by Gartner for a decade.
Over the past few years, the company has been expanding its portfolio of security services, including its Cortex threat detection platform and Prisma cloud security platform. Moreover, its profitable platform has enabled it to acquire several cloud-native businesses to expand its share in the sector.
In fiscal 2021, Palo’s next-generation sequencing (NGS) services made a colossal $1.18 billion in annual recurring revenues. The increase was complemented by healthy growth in its other services, leading to an overall 25% rise in revenue for the whole year.
As it stands, the company serves more than 80,000 customers in comparison to 9,000 customers in 2012. It expects sales to grow by more than 25% in fiscal 2022, boosting PANW stock.
Cybersecurity Stocks: SentinelOne (NYSE:S)
SentinelOne is an endpoint security platform that recently has the largest-ever initial public offering (IPO) for a cybersecurity firm. It raised $1.2 billion in cash during its IPO in June 2021.
The pure-play cybersecurity company more than doubled its sales during pandemic-ridden 2020. Its robust artificial intelligence (AI) platform produces the most effective endpoint security solution on the market at this time.
Revenues in its most recent quarter doubled to $45.8 million compared to the same quarter last year. Moreover, its annualized recurring revenue growth accelerated 127% from the prior-year period in the second quarter.
Total customer count also improved by more than 75% during the quarter, with adjusted gross margins over 60%. Investors have concerns about S stock’s valuation at this time, but based on its incredible outlook, it’s well worth the investment.
On the date of publication, Muslim Farooque did not have (either directly or indirectly) any positions in the securities mentioned in this article. The opinions expressed in this article are those of the writer, subject to the InvestorPlace.com Publishing Guidelines.
<<<
Fortinet - >>> Can This Cybersecurity Stock Double Once Again in 2022?
There are several reasons why this stock can keep flying higher.
Motley Fool
by Harsh Chauhan
Nov 24, 2021
https://www.fool.com/investing/2021/11/24/can-this-cybersecurity-stock-double-once-again/?source=eptyholnk0000202&utm_source=yahoo-host&utm_medium=feed&utm_campaign=article
Key Points
Fortinet crushed expectations with solid third-quarter numbers.
The cybersecurity company is enjoying impressive growth.
Fortinet's strong revenue pipeline and longer contract lengths point toward further growth in its top and bottom lines.
Fortinet (NASDAQ:FTNT) stock has shot up more than 120% in 2021 thanks to a string of impressive quarterly performances that have consistently trumped Wall Street's expectations. A similar story unfolded when the cybersecurity specialist released its third-quarter results on Nov. 4.
Fortinet's revenue and earnings easily beat projections, and its robust guidance was the icing on the cake. Let's look at what's driving Fortinet's growth and see why the stock might replicate its terrific performance on the market once again in 2022.
These metrics indicate Fortinet's high growth is sustainable
Fortinet's third-quarter revenue was up 33% year-over-year to $867 million, while adjusted net income increased to $0.99 per share from $0.88 per share in the prior-year period. Wall Street was expecting $0.94 per share in earnings on revenue of $812 million from Fortinet in the third quarter. But the company's strong deal momentum and the stronger sales of high-end products led to a better-than-projected performance.
What's more, Fortinet's guidance for the fourth quarter outpaced expectations. The company anticipates $955 million in revenue at the midpoint of the guidance range, while non-GAAP earnings are expected to range between $1.10 and $1.15 per share. For comparison, analysts were previously looking for $917 million in Q4 revenue from Fortinet.
The midpoint of Fortinet's revenue guidance indicates that it is on track to record year-over-year revenue growth of nearly 28%. The company's bottom line is also slated to improve over the prior-year period's figure of $1.06 per share. However, Fortinet could crush expectations once again as it is witnessing robust demand for its cybersecurity offerings.
The company struck 83 deals worth more than $1 million last quarter, up from 48 in the year-ago period. The number of deals worth more than $500,000 also increased substantially to 232 in Q3 from 168 in the same quarter last year. Fortinet also saw an increase in the number of entry-level customers and struck more than 3,000 deals valued at over $50,000, up from 2,267 in the year-ago period.
Additionally, Fortinet's product mix improved during the quarter as high-end customers accounted for 37.7% of its FortiGate next-generation firewall (NGFW) solution, up from 36.5% in the prior-year period. The number of deals for securing software-defined wide area networks (SD-WAN) also doubled year over year to 19 during the quarter.
These numbers indicate that Fortinet has gained impressive traction in the fast-growing niches of the cybersecurity market. The secure SD-WAN market, for instance, is projected to clock an annual growth rate of 20% through 2024 as per a third-party estimate. Meanwhile, the demand for NGFW is forecasted to grow at 12% a year in the long run, according to Mordor Intelligence.
Another interesting thing to note about Fortinet last quarter was the increase in its average contract term to 29 months, up from 26 months in the year-ago period. So, Fortinet customers are not only signing bigger deals in terms of the transaction size, but they are also committing to longer contracts. Not surprisingly, Fortinet's deferred revenue increased 30% year over year in the third quarter to $3.11 billion, which is nearly equal to the company's trailing-twelve-month revenue of $3.13 billion.
The deferred revenue refers to the money collected in advance for services that will be delivered later. It is recognized on the income statement once the services are delivered, so Fortinet's strong level of deferred revenue points toward a robust customer engagement that should lead to consistent revenue growth.
The stock's hot rally could continue
It won't be surprising to see Fortinet stock replicate its stunning performance in 2022. The company is set to close this year on a high, and analysts expect the momentum to continue into the new year. Analysts also estimate that Fortinet's revenue and earnings are likely to jump nearly 18% in 2022.
More importantly, the company's strong deferred revenue pipeline, impressive deal momentum, and presence in fast-growing cybersecurity niches such as SD-WAN and NGFW could help it exceed expectations. All of this indicates that Fortinet could remain a top cybersecurity stock to hold on to for long-term gains.
<<<
>>> Cybersecurity Stocks To Buy And Watch: Demand Grows For Next-Gen Security
Investor's Business Daily
REINHARDT KRAUSE
11/15/2021
https://www.investors.com/news/technology/cybersecurity-stocks/?src=A00220
You may think the time is right to move into cybersecurity stocks, if you're reading this IBD investing primer. Cybersecurity is in the news amid a big jump in ransomware attacks.
The IBD Computer-Software Security group ranks No. 9 out of 197 industry groups tracked. Still, some cybersecurity stocks are extended after strong runs.
Earnings reports for the September/October quarters are still coming in. Palo Alto Networks (PANW) reports fiscal first quarter earnings late Nov. 18. CrowdStrike Holdings (CRWD), Zscaler (ZS) and Okta (OKTA) all report earnings on Dec. 1.
Congress has finally passed legislation funding infrastructure projects. The legislation is expected to include funding for federal, state and local cybersecurity infrastructure.
Meanwhile, the cybersecurity market will grow 11% in 2021 to $73.54 billion, estimates research firm Gartner. The rise of cryptocurrency Bitcoin has been linked to a spike in ransomware attacks. In ransomware attacks, hackers take over computer systems, encrypt files and demand digital payment to restore access to critical data.
Cyber and information security ranked at the top of planned investments for 2022, with 66% of all respondents expecting to increase associated investments in the next year, in a Gartner survey of 2,000 global chief information officers.
Cybersecurity Stocks With High Composite Ratings
Fortinet (FTNT) stock, CrowdStrike, Mimecast (MIME), Zscaler and Palo Alto Networks are among cybersecurity stocks with Composite Ratings above 90. FTNT stock was featured in the New America section.
The Composite Rating is a blend of the other five IBD stock ratings: the earnings per share or EPS Rating, Relative Price Strength Rating, Accumulation/Distribution Rating, Industry Group Relative Strength Rating and the SMR Rating.
The latter measures sales growth, profit margins and return on equity. The all-encompassing Composite Rating helps investors easily measure the quality of a stock's fundamental and technical metrics.
No cybersecurity stocks currently are members of the IBD Leaderboard. It's IBD's curated list of leading stocks that stand out on technical and fundamental metrics.
However, Zscaler stock ranks No. 9 on the IBD 50 roster of growth companies. CRWD stock ranks No. 28.
Hot Cybersecurity Startups Eye IPOs
Private equity firms continue to eye cybersecurity stocks. Thoma Bravo in April agreed to buy Proofpoint in an all-cash $12.3 billion deal.
SentinelOne (S)'s initial public offering raised $1.2 billion. SentinelOne is a rival of CrowdStrike in an emerging market.
Meanwhile, analysts say Netskope, Illumio and Menlo Security are among cloud security startups that could launch IPOs. Netskope in early July raised $300 million at a valuation of $7.5 billion.
Analysts say a new wave of startups seems to be taking share from industry incumbents. They include Cybereason, Exabeam, Vectra AI and iBoss.
"Illumio just completed a Series F round for $225 million of 100% primary capital led by Thoma Bravo, where Illumio now sports a $2.75 billion post-round valuation," said Needham analyst Alex Henderson in a report.
Darktrace (DARK) launched its IPO on the London stock exchange in April. Darktrace utilizes self-learning artificial intelligence tools in security automation.
Consolidation may be coming in the cybersecurity industry. Okta in early March acquired privately held Auth0 in a $6.5 billion, all-stock deal. Also, Okta (OKTA) is expanding into new security markets to take on CyberArk Software (CYBR) and SailPoint Technologies (SAIL).
Microsoft Stock A Big Player In Cybersecurity
Also, Microsoft (MSFT) disclosed that its cybersecurity revenues top $10 billion annually. With 400,000 customers, Microsoft's computer security franchise is growing at more than 40%, the company said.
Microsoft in July acquired RiskIQ, a security threat management company. Bloomberg reported that Microsoft paid around $500 million. Microsoft also bought CloudKnox Security in July.
In addition, Microsoft is integrating more security tools into its cloud-based Office 365 software. As it expands cloud-based security services, Microsoft could pressure more industry incumbents, such as Okta, CrowdStrike, and Splunk (SPLK).
"Microsoft is clearly pitching itself as offering a full security suite, a competitive advantage as customers increasingly want a unified view of threats," UBS analyst Karl Keirstead said in a recent note to clients.
Cybersecurity Stocks: Relative Strength Ratings
Also, one key IBD technical measure for cybersecurity stocks are Relative Strength Ratings.
Further, CrowdStrike uses machine learning and a specialized database to detect malware on laptops, mobile phones and other devices that access corporate networks. In addition, many software companies are using artificial intelligence to get a competitive edge.
In addition, Zscaler is the biggest provider of cloud-based web security gateways that inspect customers' data traffic for malware.
SailPoint, an identity management software maker, is among companies that garner more than 10% of revenue from government agencies.
Coronavirus Outbreak Boosted Demand For Cloud Security
Other cybersecurity firms with a sizable government business include Tenable Holdings (TENB), Rapid7 (RPD) and CyberArk. Tenable in February acquired France-based Alsid, which focuses on identity access management.
Rapid7 and Qualys (QLYS) specialize in vulnerability management services.
Amid the rapid global spread of the coronavirus called Covid-19, many companies instructed employees to work from home. That has increased demand for computer security products that support remote work.
The coronavirus emergency and shift to remote work has accelerated the growth of cloud-based network security. So the industry now has a new term for the infrastructure that supports distributed workers and branch offices.
It's spelled SASE — pronounced "sassy" — and it stands for Secure Access Service Edge.
Cybersecurity Stocks: Remote Work Increases Amid Pandemic
As remote workers access company data via the internet, many businesses are setting up virtual private networks, or VPNs. Some are buying laptops with preinstalled security software.
"We believe corporations are facing challenges in terms of VPN capacity, and protecting workers adequately with next-generation network and endpoint security offerings," William Blair analyst Jonathan Ho said in a report to clients.
He added that "intensifying email and phishing campaigns, identity access management, and control over software applications" are other security issues.
However, industries hard hit by the coronavirus pandemic will spend less on security software. They include airlines, hotels, retail and restaurants.
Meanwhile, one view is that mergers and acquisitions will pick up.
"The cloud has disrupted everything, which presents both threat and opportunity," Jefferies analyst Brent Thill said in a recent note. "The cyber market is riper than ever for ongoing consolidation. Many smaller vendors are attempting to solve the same problems, larger vendors are looking to create security suites, and financing rates are at all-time lows."
Zscaler, Qualys and Ping Identity Holdings (PING) were each featured recently as the IBD Stock of the Day.
In addition, while cybersecurity stocks often get a boost from well-publicized cyberattacks, the impact can be short-lived.
SD-WAN Technology Changes Security Needs
Corporate America has hiked tech spending on security aiming to protect intellectual property as well as consumer privacy. Hackers continue to steal credit card data and intellectual property.
Spending on security technologies has evolved as companies shift business workloads to cloud computing service providers. Amazon Web Services, part of Amazon.com (AMZN), is the biggest cloud services firm. Amazon looms as a potential rival as it builds more security tools into its cloud services.
Also, Fortinet competes with Palo Alto Networks and others in the firewall security market. Firewalls reside between private networks and the internet. They block unauthorized traffic and check web applications for malware.
As large companies shift to off-premise cloud computing services, one view is that firewall technology will play a lesser role. Fortinet has targeted software-defined wide area networks, or SD-WANs, an emerging computer networking technology.
Aiming to catch-up in SD-WAN technology, Palo Alto Networks acquired startup CloudGenix.
Cybersecurity Products Battle Ransomware, Phishing
Cybersecurity stocks span a wide-range of products and services. In addition, some security vendors are shifting to software-based subscription business models from selling hardware appliances.
Further, it behooves an investor to know which cybersecurity stocks address ransomware, phishing or other kinds of cyberattacks. Proofpoint specializes in email and data-loss protection.
Cloud security vendors include Zscaler, Palo Alto Networks, Okta, Mimecast and Rapid7.
Hackers often aim to compromise networks by targeting employees or management who have administrative access. CyberArk manages privileged accounts. In addition, Okta provides identity management services.
To slow down hackers, more companies are focusing on internal security threats though a strategy known as Zero Trust.
In addition, traditional security measures aim to keep the bad guys out of corporate networks. Further, network firewalls focus on intruders from the public internet.
Zero Trust cybersecurity models focus on internal threats, such as hackers stealing someone's security credentials. Security firms verify the identity of network users and limit access to applications.
CrowdStrike, Okta, Netskope and Proofpoint recently formed a Zero Trust alliance.
Targeting Zero Trust security, Cisco Systems (CSCO) in 2018 acquired Duo Security for $2.35 billion.
Artificial Intelligence Changing Cybersecurity Market
Also, many fast-growing cybersecurity firms are in the endpoint market. Their tools detect malware on laptops, mobile phones and other devices that access corporate networks.
Further, CrowdStrike's initial public offering in June, 2019 raised $612 million, one of the largest cybersecurity offerings. CrowdStrike's rivals include VMware's (VMW) Carbon Black, Palo Alto, FireEye (FEYE) and startup Cybereason. Private equity firms Blackstone and ClearSky recently invested $400 million in FireEye.
In addition, state-sponsored hackers and cybersecurity firms are both using artificial intelligence to get an edge.
Artificial intelligence should improve computer security tools by speeding up incident responses. It could help thwart email-delivered ransomware or swarming botnets that knock out access to websites.
<<<
>>> U.S. blacklists Israeli hacking tool vendor NSO Group
Reuters
By Christopher Bing
https://www.reuters.com/technology/us-blacklists-four-companies-israel-russia-singapore-citing-spyware-2021-11-03/
WASHINGTON, Nov 3 (Reuters) - The U.S. Commerce Department added Israel's NSO Group and Candiru to its trade blacklist on Wednesday, saying they sold spyware to foreign governments that used the equipment to target government officials, journalists and others.
Positive Technologies of Russia, and Computer Security Initiative Consultancy PTE LTD, from Singapore, were also listed. The Department said they trafficked in cyber tools used to gain unauthorized access to computer networks.
The companies' addition to the list, for engaging in activities contrary to U.S. national security or foreign policy interests, means that exports to them from U.S counterparts are restricted. It for instance makes it far harder for U.S. security researchers to sell them information about computer vulnerabilities.
"We are not taking action against countries or governments where these entities are located," said a spokesperson for the U.S. State Department.
Suppliers will need to apply for a license before selling to them, which is likely to be denied.
In the past, the NSO Group and Candiru have been accused of selling hacking tools to authoritarian regimes. NSO says it only sells its products to law enforcement and intelligence agencies and takes steps to curb abuse.
'DISMAYED'
An NSO spokesperson said the company was "dismayed" by the decision since its technologies "support U.S. national security interests and policies by preventing terrorism and crime, and thus we will advocate for this decision to be reversed."
NSO will present information regarding its "rigorous" compliance and human rights programs, "which already resulted in multiple terminations of contacts with government agencies that misused our products," the spokesperson said in an e-mailed statement to Reuters.
The Israeli defence ministry, which grants export licenses to NSO, declined to comment on the matter.
Contact information for Candiru was not available.
The Biden administration imposed sanctions on Positive Technologies, a Russian cybersecurity firm, this year for providing support to Russian security services. The company denies any wrongdoing.
Positive Technologies said the new sanctions will not affect their business and will not prevent the company from a planned public listing.
"We do not know on what grounds the U.S. Commerce Department added us to the list," General Director Denis Baranov said in an emailed comment.
"Anyway we repelled sanction risks earlier and they do not pose additional threats for us now," he wrote.
Computer Security Initiative Consultancy PTE LTD, also known as COSEINC, did not immediately respond to requests for comment.
A former U.S. official familiar with Positive Technologies, who spoke on condition of anonymity, said the firm had helped establish computer infrastructure used in Russian cyberattacks on U.S. organizations.
COSEINC founder Thomas Lim is known for organizing a security conference, named SyScan, which was sold to Chinese technology firm Qihoo 360, a sanctioned entity. An email published by WikiLeaks in 2015 suggested Lim had also previously offered to sell hacking tools to infamous Italian spyware vendor HackingTeam.
Lim did not immediately respond to a request for comment sent to a social media account he owns.
Export control experts say the designation could have a far broader impact on the listed companies than simply limiting their access to U.S. technology.
"Many companies choose to avoid doing business with listed entities completely in order to eliminate the risk of an inadvertent violation and the costs of conducting complex legal analyses," said Kevin Wolf, former assistant secretary of Commerce for Export Administration during the Obama administration.
The entity list was increasingly used for national security and foreign policy aims during the Trump administration. Chinese telecom company Huawei (HWT.UL) was added in 2019, cutting it off from some key U.S. suppliers and making it difficult for them to produce mobile handsets.
<<<
>>> Security Software Is Booming, Goldman Sachs Says. Why It Downgraded Crowdstrike and Check Point.
Barron's
By Eric J. Savitz
Sept. 13, 2021
https://www.barrons.com/articles/security-software-stocks-goldman-sachs-51631547296?siteid=yhoof2
Essex said Check Point's rivals in the firewall business are growing faster than it is.
Stock in CrowdStrike Holdings and Check Point Software Technologies headed lower after Goldman Sachs security-software analyst Brian Essex offered an upbeat view of the sector but cut his ratings on the two firms’ shares.
“Now is the time to own security software,” Essex said in a research note. Financial results for the second quarter provided “evidence that digital transformation, expansion of attack surfaces, an elevated threat environment, and widely publicized security incidents continue to drive accelerated demand for next gen security,” he said. The group is seeing “one of the most substantial firewall-related spending cycles we’ve seen in years,” Essex said.
Essex said his favorite names in the group include SentinelOne (S), which focuses on endpoint security; Ping Identity (PING), in the identity-management sector; Palo Alto Networks (PANW), in network security; AvePoint (AVPT), in data security; and Tenable (TENB), in vulnerability assessment and management. He also has Buy ratings on Okta (OKTA), Rapid7 (RPD), SailPoint (SAIL), and Verint (VRNT).
On Check Point (CHKP), though, he reduced his rating to Sell from Neutral, lowering his target for the stock price to $121, from $133. Check Point shares were down 1.9% at $118.88 in morning trading.
Essex noted that the company’s rivals in the firewall segment are growing faster than it is. “While firewall demand remains robust as seen by Check Point’s peers’ ability to accelerate into the high twenty percent to low thirty percent range, on the contrary we are seeing Checkpoint growth remain in low single digit territory,” he wrote.
CrowdStrike (CRWD), Essex said, was one of the few players in the group to show year-over-year deceleration in the latest quarter. He said that while he expects CrowdStrike to perform well and has an opportunity to gain market share, he downgraded the stock to Neutral from Buy because that stronger performance appears to be already reflected in the stock price.
Essex kept his $305 price target on the stock. The shares were down 3.5% at $252.74.
Essex also has Sell ratings on Secureworks (SCWX) and Qualys (QLYS). “We are cautious on platforms that are losing share, have execution challenges, and/or where companies have under invested in emerging technology and platform expansion,” he said.
Essex says that Check Point, Secureworks and Qualys all fall into that category. “These companies are showing similar trends of revenue deceleration, and we expect incremental margin compression ahead as they spend to catch up with peers in their respective security segments,” he said.
<<<
>>> RSA, the security division of EMC, is the premier provider of security solutions for business acceleration.
https://www.crunchbase.com/organization/rsa-security?utm_source=yahoo&utm_medium=referral&utm_content=profile_cta&utm_campaign=yahoo_finance
As the chosen security partner of more than 90% of the Fortune 500, they help the world's leading organizations succeed by solving their most complex and sensitive security challenges.
RSA's information-centric approach to security protects the integrity and confidentiality of information throughout its lifecycle no matter where it moves, who accesses it or how it is used. RSA offers industry-leading solutions in identity assurance & access control, encryption & key management, compliance & security information management, and fraud protection. These solutions bring trust to millions of user identities, the transactions they perform, and the data that is generated.
With RSA, customers are confident their information assets are protected, and free to realize new business possibilities.
<<<
>>> Biden expected to make new cybersecurity announcements alongside private sector leaders
Washington Examiner
Christian Datoc
August 25, 2021
https://finance.yahoo.com/news/biden-expected-cybersecurity-announcements-alongside-143300574.html
Biden expected to make new cybersecurity announcements alongside private sector leaders
President Joe Biden will host representatives from dozens of private sector companies at the White House Wednesday for what administration officials say are "advanced" discussions on improving the nation's cybersecurity capabilities.
The discussions, broken into three separate sessions, will be attended by the members of Biden's Cabinet and executives from the financial, tech, energy, water, and education industries. Officials from Bank of America, JPMorgan Chase, TIAA, U.S. Bancorp, Apple, Alphabet, ADP, Amazon, IBM, and Microsoft will all be in attendance.
BIDEN 'RESERVES THE RIGHT' TO ACT IF RUSSIA DOESN'T STOP RANSOMWARE ATTACKS
According to White House officials, the three sessions themselves will focus on critical infrastructure resilience, building enduring cybersecurity, and the cybersecurity workforce. They will be respectively lead by Homeland Security Secretary Alejandro Mayorkas and Energy Secretary Jennifer Granholm, Commerce Secretary Gina Raimondo and Small Business Administration Administrator Isabella Guzman, and National Cyber Director Chris Inglis.
The meeting "reflects the president's commitment to public-private partnership and won't be his last engagement with the private sector on cybersecurity," one administration official told reporters during a briefing Tuesday afternoon. "He's very much committed to this. Both the U.S. public- and private-sector entities increasingly face sophisticated malicious cyberactivity. These incidents affect businesses small and large, small towns and cities in every corner of the country, and can hit the pocketbooks of middle-class families."
Biden pledged to hold such a meeting with private sector companies back in July following a string of escalating cyberattacks carried out by Russian actors.
At the time, the president signed the National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems, which directed the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and the Department of Commerce’s National Institute of Standards and Technology to outline new cybersecurity deliverables for the government, energy sector, and other critical industries.
Wednesday's meeting is expected to feature a number of "announcements" regarding those deliverables, according to a senior administration official.
White House press secretary Jen Psaki additionally told reporters back in July that Biden reserves the right to retaliate against Russian actors, both those involved with the government or isolated criminal organizations, should Russian President Vladimir Putin not take action to curb such cyber-intrusions.
"If the Russian government cannot or will not take action against criminal actors residing in Russia, we will take action or reserve the right to take action on our own," she stated. "It's important to, of course, protect our critical infrastructure, but also protect it, do it, play what role we can from the federal government to ensure that impacts on smaller businesses, on mom and pop shops, are minimized as well."
<<<
>>> 2 cybercrime moves businesses oppose
Yahoo Finance
Rick Newman
August 25, 2021
https://finance.yahoo.com/news/2-cybercrime-moves-businesses-dont-want-191218719.html
CEOs of Apple, Amazon, Microsoft and other top American companies went to the White House on August 25 to brainstorm about the burgeoning problems of ransomware and other types of cybercrime. The Biden administration is aggressively pushing for better cooperation between the public and private sectors to stem the surge of digital attacks from Russia, China and elsewhere.
But businesses are leery of some measures that experts say would be sensible ways to improve U.S. defenses against the types of cyberattacks that recently disabled big firms such as Colonial Pipeline and meatpacker JBL. One simple change would be requiring businesses to report cyberattacks to the government—especially if they make a ransom payment. Since many cyberattacks remain secret, the government lacks a full accounting of the problem and of many details that could aid in defense. Bipartisan legislation in Congress would require any company involved with critical infrastructure to report hacks.
Some policymakers would go further and ban the payment of ransoms, to eliminate the profit incentive that drives the whole underground ransomware industry; if you can’t collect a ransom, there’s no point holding anybody hostage. Former U.S. ambassador to Russia Michael McFaul said in June that the United States and other western governments should “criminalize ransom payments” to hackers and indict cybercriminals, as a way of raising pressure on Russia and other nations that harbor them.
Businesses, however, have pushed back against measures that would increase regulation and raise costs, even if such measures would save some companies millions of dollars in ransom payments. Business interests helped defeat a 2012 bill that would have set cybersecurity standards for key industries. The U.S. Chamber of Commerce, the biggest business lobby, wants the government to shoulder the burden for a cybercrime victims’ fund and tougher enforcement, but it does not support tougher standards on businesses themselves.
One reason American firms are vulnerable to cybercrimes is reluctance among some businesses to spend what it takes to defend themselves. "Companies basically treat it as a business loss,” says Scott Bethel, CEO of cybersecurity firm Integrity ISR. “They don’t want to spend the money to meaningfully defend against it. With ransomware, we don’t have a strong enough set of firewalls. Whatever they’re asking, we’ll pay it.”
Ransomware insurance
Many firms have insurance that covers the cost of cybercrime, which is both a defense and a problem. While insurance helps firms cover losses, it can also create a false sense of security and a disincentive to establish tough digital defenses. An April report from a tech-industry ransomware task force cited evidence that hackers specifically target firms with ransomware insurance, since they’re more likely to nab a big payout. Colonial tapped insurance to pay at least some of the $4.4 million ransom it paid to a hacking group in June. The task force recommended better coordination among insurance firms to set security standards for companies buying coverage and share data on hacking organizations.
Whether governments should ban ransomware payments is a thornier issue. The argument in favor of a ban is pretty simple: if companies can’t pay, hackers will stop targeting them. In practical terms, however, the consequences of a ban could be ugly. Hackers could shut down some companies unable to pay, harming customers, employers and shareholders. Attacks might dry up eventually, but only after collateral damage that could be considerable.
U.S. pipeline operators will be required for the first time to conduct a cybersecurity assessment under a Biden administration directive to be issued Thursday in response to the ransomware hack that disrupted gas supplies in several states this month.
Governments could create funds to assist ransomware victims, but that would raise questions of fairness if funds went to firms with weak security against attacks. The ransomware task force argued that before banning ransom payments, the government should establish standards for cybersecurity and provide liability coverage for businesses that suffer an outage due to hackers. Any ban should be phased in, starting with critical industries and businesses first.
Biden signed an executive order in June requiring businesses that provide IT services to the federal government to report cybercrimes. It would take Congressional legislation to insulate this order from legal appeals and extend it to other companies more broadly. The August 25 gathering of CEOs yielded some further developments. Microsoft and Google said they'll spend billions of dollars during the next five years to improve cybersecurity. Amazon said it will open its in-house cybersecurity training to the public. Coalition, an insurer, said it will make its cyber risk assessment tools publicly available. The government's standard-setting body will work closer with industry to protect supply chains.
It's a start. But it remains unclear if Congress will prioritize matters requiring legislation, such as a mandate to report attacks. Biden has said cybercrime targeted at U.S. companies has become so serious it could trigger a “real shooting war” with Russia or another adversary. America’s CEOs don’t want that, but they also don’t want a to bear responsibility for a costly and complicated problem if Uncle Sam could handle it for them.
<<<
>>> Palantir Invests in More SPAC Companies, and Buys $51 Million in Gold Bars
Barron's
By Eric J. Savitz
Aug. 16, 2021
https://www.barrons.com/articles/palantir-spac-investment-gold-bars-51629150154
Data-analytics-software firm Palantir disclosed more investments in firms going public through special-purpose acquisition companies, and a large stash of gold bars.
Palantir Technologies has expanded its portfolio of investments in companies going public via SPACs, or special-purpose acquisition companies, to well over $300 million.
As previously reported, Palantir (ticker: PLTR) has started a program of investing in the young companies in return for multi-year commitments to use the company’s software.
In its June quarter financial filing with the Securities and Exchange Commission, Palantir disclosed $250 million in commitments to a group of 10 companies through June 30. That includes eight identified by name, all previously announced — Lilium, Sarcos Robotics, Roivant Sciences, Celularity (CELU), Wejo, Babylon Health, Boxed, Pear Therapeutics — and two others described only as “mobility company” and “autonomous vehicle company.” Palantir said it has commercial contracts with that group of companies with a potential value of $428 million. All of those transactions were signed in the period from March 30 to June 22, and to date, none have been completed, the filing shows.
A provider of data-analytics software for both commercial and government customers, Palantir also said that since June 30, it has committed an additional $60 million in new investments, including: $20 million for Fast Radius, which offers a “cloud manufacturing platform”; $15 million for Tritium, a developer of electric vehicle chargers; $15 million for AdTheorent, which sells machine-learning driven advertising software; and $10 million for FinAccel, an Asian financial-services company with offices in Singapore and Jakarta.
Palantir also disclosed it has completed equity investments of $25 million in an “electric vehicle company,” $3 million in an “autonomous aerial vehicle company,” and $5 million in Astrocast, which operates a network of nanosatellites. That brings the total investment commitment to more than $330 million.
Palantir also disclosed that it purchased $50.7 million in 100-ounce gold bars. “Such purchase will initially be kept in a secure third-party facility located in the northeastern United States and the company is able to take physical possession of the gold bars stored at the facility at any time with reasonable notice,” Palantir said in the filing.
The company did not provide a reason for the gold purchase.
As of June 30, Palantir had about $2.4 billion in cash.
<<<
>>> Palantir Buys Over $50 Million Of Gold Bars: "Preparing For A Future With More Black Swans"
Zero Hedge
BY TYLER DURDEN
AUG 18, 2021
https://www.zerohedge.com/markets/palantir-buys-gold-bars-preparing-future-more-black-swans
Anyone watching Tuesday's US market cash session sees red across the board. One of the strongest selling programs in months dumped stocks, and equity volatility exploded to the upside. Quite frankly, this could be the beginning of a market storm.
Ahead of what could be further market turmoil, Palantir Technologies warned about an upcoming "black swan event," according to Bloomberg.
The software company, co-founded by the technology billionaire Peter Thiel and CEO Alex Karp, wrote in a filing last week that it stockpiled $50.7 million in gold bars earlier this month.
The filing also said it acquired technology startups, blank-check companies, and even cryptocurrencies. Palantir had previously said it would accept Bitcoin as a form of payment for its services, along with payment in precious metals.
Bloomberg quoted a spokeswoman from Palantir who said no clients have paid in Bitcoin or gold yet.
Shyam Sankar, the COO of Palantir, said accepting nontraditional forms of payment "reflects more of a worldview," adding:
"You have to be prepared for a future with more black swan events."
The filing was initially discovered by Barron's. Palantir's 100-ounce gold bars are expected to be stored in an undisclosed vault in the US Northeast.
"The company can take physical possession of the gold bars stored at the facility at any time with reasonable notice," Palantir wrote.
None of this comes as a surprise that the loss of faith in those "who control the money" [Federal Reserve] - cryptocurrencies and precious physical metals are becoming a popular hedge for when the system implodes.
Palantir co-founder Joe Lonsdale was quoted not too long ago, saying, "idiots are running the Fed."
Lonsdale is likely referencing the unconventional monetary policy that has helped balloon the national debt by over $5 trillion since early March 2020, to $28.4 trillion.
What is remarkable is that foreign holders of US Treasury Debt accounted for only a quarter of the spiking US National Debt (red line, right scale), the second-lowest end-of-quarter percentage since 2007 (via Wolf Street):
Palantir's move into physical gold and cryptocurrencies is continuing the global de-dollarization trend...
Mike Krieger of Liberty Blitzkrieg tweeted about Palantir's gold buying and warning of another "black swan event" by saying: "When the spooks tell you a false flag is coming, a false flag is coming."
Palantir is not alone as SchiffGold notes that Chinese gold demand rebounded sharply in the first half of 2021 after plummeting in 2020, according to data released by the China Gold Association (CGA). China ranks as the world’s number one gold consumer and the Chinese market has a significant impact on global demand.
Demand was up 69.2%, coming in at just over 547 tons through the first 6 months of the year. China’s year-on-year gold consumption surged 93.9% in the first quarter alone. Gold demand wasn’t just up compared to 2020, a year of economic distress due to coronavirus. It was up 4.49% above pre-pandemic levels in 2019.
<<<
>>> Palantir Technologies Inc. (PLTR) builds and deploys software platforms for the intelligence community in the United States to assist in counterterrorism investigations and operations. The company provides Palantir Gotham, a software platform for government operatives in the defense and intelligence sectors, which enables users to identify patterns hidden deep within datasets, ranging from signals intelligence sources to reports from confidential informants, as well as facilitates the handoff between analysts and operational users, helping operators plan and execute real-world responses to threats that have been identified within the platform. It also offers Palantir Foundry, a platform that transforms the ways organizations operate by creating a central operating system for their data; and allows individual users to integrate and analyze the data they need in one place. Palantir Technologies Inc. was founded in 2003 and is headquartered in Denver, Colorado.
<<<
>>> Palantir Buys Gold as Hedge Against ‘Black Swan Event’
by Lizette Chapman
August 18, 2021
https://finance.yahoo.com/news/palantir-buys-gold-bars-hedge-175654233.html
(Bloomberg) -- Palantir Technologies Inc. said it’s preparing for another “black swan event” by stockpiling gold bars.
The company spent $50.7 million this month on gold, part of an unusual investment strategy that also includes startups, blank-check companies and possibly Bitcoin.
Palantir had previously said it would accept Bitcoin as a form of payment. A spokeswoman for Palantir said no one has yet done so.
Embracing nontraditional currencies “reflects more of a worldview,” Shyam Sankar, the chief operating officer, said in an interview. “You have to be prepared for a future with more black swan events.”
The gold purchase was buried in a securities filing last week for its quarterly financial results and reported earlier this week by Barron’s.
Palantir’s 100-ounce gold bars will be kept in a secure location in the northeastern U.S., according to the filing. “The company is able to take physical possession of the gold bars stored at the facility at any time with reasonable notice,” Palantir wrote.
Palantir, co-founded by the technology billionaire Peter Thiel and Chief Executive Officer Alex Karp, makes software used by governments and businesses. It fashions itself as a company of free thinkers. Palantir relocated to Denver last year and mocked its peers in Silicon Valley on the way out. In the interview, Sankar compared Palantir’s culture with an “artist colony,” rather than a tech company churning out software on an assembly line.
Governments have strongly embraced Palantir software to help them make sense of the coronavirus pandemic, the current so-called black swan, a random and unpredictable event.
The company has some $2.3 billion in cash and is exploring creative uses for that money. Palantir said in May that it was considering investing in Bitcoin. And it’s taking stakes in startups that are customers of Palantir software, an approach that helped buoy sales results in the second quarter.
<<<
>>> ETF Explainer: BUG
ETF.com
August 01, 2021
by Heather Bell
https://www.etf.com/publications/etfr/etf-explainer-bug
Each month, we look at an ETF selected by ETF.com based on its performance and importance to investors. This month, we consider the performance of the $552 million Global X Cybersecurity ETF (BUG), a thematic fund covering the cybersecurity space. All the companies mentioned below are holdings in BUG, unless otherwise noted (*).
JUL 8 Zscaler shares jump more than 6% on positive comments and upgrades by analysts. The company’s stock rises more than 18% during the month.
AUG 10 CrowdStrike’s stock price plunges along with other Nasdaq-listed technology stocks over multiple trading days.
DEC 22 Several Fortune 500 companies report being hit by the SolarWinds hack, leading to boosts in share price for Check Point Software Technologies and CyberArk.
FEB 5 A South Korea lawmaker claims Pfizer computers in the country were breached by North Korea hackers seeking to steal COVID-19 vaccine data, sending cybersecurity stocks into a sell-off.
MAR 10 Fortinet stock rises after it makes strong projections exceeding Wall Street estimates during its investor day.
MAY 11 NortonLifeLock notches record revenues and profits in its 4Q earnings report, and announces a $1.5 billion share buyback program, boosting the share price 20% over the next three days.
<<<
>>> Israeli Firm’s Spyware Found on Phones Worldwide, Post Says
Bloomberg
By Yueqi Yang
July 18, 2021
https://www.bloomberg.com/news/articles/2021-07-18/israeli-firm-s-spyware-found-on-phones-worldwide-post-says?srnd=premium
Investigation shows phones of journalists, activists targeted
NSO Group denies findings, calls them exaggerated and baseless
Israeli company NSO Group Ltd.’s Pegasus spyware was used in attempted and successful hacks of 37 smartphones belonging to journalists, activists and business executives worldwide, according to an investigation by The Washington Post and its media partners.
Among the findings is that the spyware was used to target the smartphones of both the wife and the fiancee of murdered Saudi columnist Jamal Khashoggi. Their phone numbers appeared on a list of more than 50,000 numbers, which the consortium said were possible targets for surveillance by governments using Pegasus.
Also on the list are phone numbers of overseas journalists for news organizations, including CNN, the Associated Press, Voice of America, the New York Times, the Wall Street Journal, Bloomberg News, Le Monde in France, the Financial Times and Al Jazeera in Qatar.
“The sort of surveillance being reported is an appalling violation of press freedoms and we strongly condemn it,” said a Bloomberg News spokesperson.
The media consortium, led by the Paris-based not-for-profit Forbidden Stories, said it was revealing evidence extracted from the phones through digital forensic analysis by Amnesty International’s security lab.
Pegasus, sold to select governments and law enforcement agencies, can hack into mobile phones through a link and secretly record emails, calls and text messages. In some cases, it can activate itself without the victim clicking on the link, the Post said. It’s unknown how many of the phones on the list were targeted or surveilled, the Post said.
In response to the consortium, NSO denied that its technology was used against Khashoggi and said the investigation contained flawed assumptions and factual errors.
Last month, NSO Group published its first annual “Transparency and Responsibility Report,” which said its products have been used by states to thwart major terrorist attacks and dismantle drug trafficking rings.
More findings from the investigation will be rolled out in the next three days, the Post said.
<<<
Okta - >>> 3 Growth Stocks for the Next 10 Years and Beyond
Fast-growing businesses with plenty more growth to come.
Motley Fool
by Rich Duprey
Jul 13, 2021
https://www.fool.com/investing/2021/07/13/3-growth-stocks-for-the-next-10-years-and-beyond/
Fastly's outage dovetails nicely with the next stock, cybersecurity expert Okta (NASDAQ:OKTA), which offers cloud-based identity verification solutions by providing tools for controlling access to corporate networks.
Much like CDN is necessary for businesses delivering the content to end users, the nature of cloud-based data makes securing it even more important. Using artificial intelligence for systems that are based in the cloud, Okta is able to quickly offer security solutions in excruciatingly granular detail that grow increasingly adept at identifying threats to a network. But perhaps more important is that as its customers grow in size, Okta's technology can scale upwards as well.
And Okta's business is scaling up, too. With over 10,000 customers worldwide, revenue for the first quarter of fiscal year 2022 jumped 37% from last year while subscription revenue grew fast at 38%. That recurring revenue stream will eventually enable this cybersecurity stock to turn profitable.
Yes, Okta is currently posting losses, and forecasts it will continue to do so for at least the coming year, but with an $80 billion total addressable market, it will be able to grow into profits while providing investors remarkable returns for the next decade or more.
<<<
>>> Microsoft Is Said to Be Buying Cybersecurity Company RiskIQ
Software giant said to pay more than $500 million in cash for the San Francisco company
Bloomberg
By Katie Roof and Dina Bass
July 11, 2021
https://www.bloomberg.com/news/articles/2021-07-11/microsoft-is-said-to-be-buying-cybersecurity-company-riskiq?srnd=premium
Microsoft Corp. has agreed to acquire RiskIQ, a security software maker, as the tech giant tries to expand its products and better protect customers amid a rising tide of global cyberattacks, according to people familiar with the matter.
The deal will be announced as soon as the next few days, said the people, who asked not to be identified speaking about an acquisition that isn’t yet public. Microsoft will pay more than $500 million in cash for the company, one of the people said.
San Francisco-based RiskIQ makes cloud software for detecting security threats, helping clients understand where and how they can be attacked on complex webs of corporate networks and devices. Its customers include Facebook Inc., BMW AG, American Express Co. and the U.S. Postal Service, according to the company’s web site.
Known for its annual report on security called the “Evil Internet Minute,” RiskIQ has raised $83 million from firms like Summit Partners and Battery Ventures, according to Crunchbase. It was founded in 2009.
A spokesman for Microsoft declined to comment and RiskIQ didn't immediately respond to a request for comment.
Microsoft has been adding security features to products like Windows and its Azure cloud services to protect individual machines and detect attacks on networks. The company has also added personnel who probe Microsoft’s own products for vulnerabilities, help clients clean up after a cyberattack, and runs a lab called the Microsoft Threat Intelligence Center that closely tracks nation-state hackers.
The software maker has also acquired several companies to expand its security capabilities. Last month, Microsoft bought ReFirm Labs, a maker of technology to secure Internet of Things devices, for an undisclosed amount. In a blog post announcing the deal, the company said it has 3,500 employees working on security at Microsoft and a mission to help protect customers “from the chip to the cloud.”
Microsoft and the rest of the U.S. technology industry, as well as companies and government agencies, have also spent the past eight months grappling with a series of damaging and widespread cyberattacks.
This month, hackers launched a mass ransomware attack that exploited multiple previously unknown vulnerabilities in IT management software made by Kaseya Ltd. In March, hackers linked to China used flaws in the code of Microsoft Exchange to break into tens of thousands of organizations, and in an attack disclosed in December, suspected Russian hackers compromised popular software from Texas-based firm SolarWinds Corp., inserting malicious code into updates for SolarWinds software.
<<<
>>> Massive Ransomware Attack May Impact Thousands of Victims
Bloomberg
By William Turton and Jennifer Jacobs
July 3, 2021
https://www.bloomberg.com/news/articles/2021-07-03/number-of-victims-continues-to-grow-in-massive-ransomware-attack?srnd=premium
Russia-linked REvil accused of hack weeks after Biden warning
Biden orders a ‘deep dive,’ says not sure yet on Russian link
Just weeks after President Joe Biden implored Vladimir Putin to curb cyber crime, a notorious, Russia-linked ransomware gang has been accused of pulling off an audacious attack on the global software supply chain.
REvil, the group blamed for the May 30 ransomware attack of meatpacking giant JBS SA, is believed to be behind hacks on at least 20 managed-service providers, which provide IT services to small- and medium-sized businesses. More than 1,000 businesses have already been impacted, a figure that’s expected to grow, according to the cybersecurity firm Huntress Labs Inc.
“Based on a combination of the service providers reaching out to us for assistance along with the comments we’re seeing in the thread we are tracking on our Reddit, it’s reasonable to think this could potentially be impacting thousands of small businesses,” according to John Hammond, a cybersecurity researcher at Huntress Labs.
Biden said he had ordered a “deep dive” by U.S. intelligence officials on what happened in the attacks. At this point, he said “we’re not sure” that Russia is behind them.
“I directed the intelligence community to give me a deep dive on what’s happened and I’ll know better tomorrow,” Biden said, recalling that he told Putin during their meeting in June that the U.S. would respond to cyber transgressions. He added that he hasn’t called the Russian president about the latest case.
Biden Says ‘Not Sure’ If Russia Is Behind Latest Cyberattack
“We’re not sure it’s the Russians,” he said. “The initial thinking was, it was not Russian government, but we’re not sure yet.”
Attacking MSPs is a particularly devious method of hacking, since it may allow the attackers to then infiltrate their customers as well. Hammond said more than 20 MSPs have been affected so far.
In Sweden, most of grocery chain Coop’s more than 800 stores couldn’t open on Saturday after the attack led to a malfunction of their cash registers, spokesperson Therese Knapp told Bloomberg News.
There are victims in 17 countries so far, including the U.K., South Africa, Canada, Argentina, Mexico and Spain, according to Aryeh Goretsky, a distinguished researcher at cybersecurity firm ESET.
The ransomware attack is the latest in a string of devastating hacks in recent months, making cybersecurity an increasingly pressing national security issue for the Biden administration. At a summit on June 16, Biden warned Russian President Putin that 16 types of critical infrastructure -- including food and agriculture, emergency services and health care -- were off limits to future attacks. It’s not yet known if the U.S. victims of the latest ransomware attack fell within those sectors.
A software supply chain attack revealed in December included nine U.S. agencies and about 100 businesses as victims. Russian-state sponsored hackers were accused of the attack, where hackers implanted malicious code in updates for popular software for SolarWinds Corp. Customers who downloaded the updates inadvertently created a backdoor that the hackers could then exploit. It was particularly sophisticated and highlighted the terrifying potential of supply-chain hacks.
More recently, ransomware attacks on Colonial Pipeline Co., the operator of the nation’s largest fuel pipeline, and JBS have revealed gaping security vulnerabilities in crucial U.S. businesses. Both Colonial and JBS paid the hackers millions of dollars. The hackers behind the Colonial attack, a group called DarkSide, have also been tied to Russia.
Friday’s attack appears to combine a supply-chain attack with ransomware, vastly increasing the number of potential victims and presumably, the payout. Ransomware is a type of attack in which hackers encrypt computer files and then demand payment to unlock them.
Among the companies targeted was Kaseya Ltd., a Miami-based developer of software for managed service providers, as a way to attack its customers, according to cybersecurity experts.
“What makes this attack stand out is the trickle-down effect, from the managed service provider to the small business,” Hammond said. “Kaseya handles large enterprise all the way to small businesses globally, so ultimately, it has the potential to spread to any size or scale business.”
In a statement, Kaseya said it has notified the FBI. The company said it had so far identified less than 40 customers that were impacted by the attack.
Allan Liska, a senior threat analyst at cybersecurity firm Recorded Future Inc., said REvil was behind the attacks.
Eric Goldstein, the executive assistant director for cybersecurity at the U.S. Cybersecurity and Infrastructure Security Agency said the group is closely monitoring this situation.
“We are working with Kaseya and coordinating with the FBI to conduct outreach to possibly impacted victims,” he said in a statement. “We encourage all who might be affected to employ the recommended mitigations and for users to follow Kaseya’s guidance to shut down VSA servers immediately. As always, we stand ready to assist any impacted entities.”
Two of the affected MSPs include Synnex Corp. and Avtex LLC, according to two people familiar with the breaches. Avtex President George Demou told Bloomberg News in a text message on Friday night, “Hundreds of MSPs have been impacted by what appears to be a Global Supply Chain hack.”
“We are working with those customers who have been impacted to help them to recover,” he added.
A Synnex spokesperson didn’t immediately respond to requests for comment. The Republican National Committee said it was alerted that its vendor Synnex may have been affected.
“Today, Microsoft informed us that one of our vendors, Synnex, systems may have been exposed,” said Mike Reed, a spokesman for the RNC. “There is no indication the RNC was hacked or any RNC information was stolen. We are investigating the matter and have informed DHS and the FBI.”
<<<
Cyber Polygon is next week (July 9) -
https://www.weforum.org/projects/cyber-polygon
>>> World Economic Forum
Cyber Polygon
This project is part of the World Economic Forum’s Centre for Cybersecurity Platform
Digitalisation is accelerating everywhere. New digital ecosystems are forming all around us, creating unnoticed linkages across services and supply chains.
As the world grows more interconnected, the speed of development makes it difficult to assess the impact of change.
A secure approach to digital development today will determine the shape of our future for decades to come. Having the right skills in place is key to protecting organisations from attack now.
What is Cyber Polygon?
Cyber Polygon is a unique cybersecurity event that combines the world's largest technical training exercise for corporate teams and an online conference featuring senior officials from international organisations and leading corporations.
The 2021 conference discusses the key risks of digitalisation and best practice for the secure development of digital ecosystems.
The 2021 technical exercise builds and tests the skills needed to protect our industries, centering on a targeted supply-chain attack.
Every year, the training brings together a global businesses and government agencies to collaborate on technical exercises. The live stream draws in millions of spectators from across the world.
2020 results
120 teams from 29 countries took part in the technical cybersecurity training in 2020. The live stream viewership reached 5 million from 57 nations.
A comprehensive report with detailed results of Cyber Polygon 2020 is available here.
Cyber Polygon in 2021
This year discussions during the live-streamed conference will centre on secure development of ecosystems. With global digitalisation further accelerating and people, companies, and countries becoming ever more interconnected, security of every single element of a supply-chain is key to ensuring the sustainability of the whole system.
During the technical exercise, participants will hone their practical skills in mitigating a targeted supply chain attack on a corporate ecosystem in real time.
The event will be held online on July 9th. Applications from organisations wishing to join the training are open. See further details on the official website.
<<<
Cyber Polygon - World Economic Forum (WEF) -
https://www.weforum.org/projects/cyber-polygon
Cyber Polygon
This project is part of the World Economic Forum’s Centre for Cybersecurity Platform
Digitalisation is accelerating everywhere. New digital ecosystems are forming all around us, creating unnoticed linkages across services and supply chains.
As the world grows more interconnected, the speed of development makes it difficult to assess the impact of change.
A secure approach to digital development today will determine the shape of our future for decades to come. Having the right skills in place is key to protecting organisations from attack now.
What is Cyber Polygon?
Cyber Polygon is a unique cybersecurity event that combines the world's largest technical training exercise for corporate teams and an online conference featuring senior officials from international organisations and leading corporations.
The 2021 conference discusses the key risks of digitalisation and best practice for the secure development of digital ecosystems.
The 2021 technical exercise builds and tests the skills needed to protect our industries, centering on a targeted supply-chain attack.
Every year, the training brings together a global businesses and government agencies to collaborate on technical exercises. The live stream draws in millions of spectators from across the world.
2020 results
120 teams from 29 countries took part in the technical cybersecurity training in 2020. The live stream viewership reached 5 million from 57 nations.
A comprehensive report with detailed results of Cyber Polygon 2020 is available here.
Cyber Polygon in 2021
This year discussions during the live-streamed conference will centre on secure development of ecosystems. With global digitalisation further accelerating and people, companies, and countries becoming ever more interconnected, security of every single element of a supply-chain is key to ensuring the sustainability of the whole system.
During the technical exercise, participants will hone their practical skills in mitigating a targeted supply chain attack on a corporate ecosystem in real time.
The event will be held online on July 9th. Applications from organisations wishing to join the training are open. See further details on the official website.
<<<
>>> Recorded Future is a privately held cybersecurity company founded in 2009 with headquarters in Somerville, Massachusetts. The company specializes in the collection, processing, analysis, and dissemination of threat intelligence. Recorded Future uses patented machine learning and natural language processing methods to continuously collect and organize data from open web, dark web, and technical sources. The resulting information is displayed within a software-as-a-service portal. <<<
>>> Varonis Systems, Inc. (VRNS) provides software products and services that allow enterprises to manage, analyze, and secure enterprise data in North America, Europe, the Middle East, Africa, and internationally. Its software enables enterprises to protect data stored on premises and in the cloud, including sensitive files and emails; confidential personal data belonging to customers, and patients and employees' data; financial records; strategic and product plans; and other intellectual property. The company offers DatAdvantage that captures, aggregates, normalizes, and analyzes every data access event for users on Windows and UNIX/Linux servers, storage devices, email systems, and Intranet servers; and DatAlert that profiles users and their behaviors related to systems and data, detects and alerts on deviations that indicate compromise, and provides a Web-based dashboard and investigative interface. It also provides Data Classification Engine that identifies and tags data based on criteria set in various metadata dimensions, and provides business and information technology (IT) personnel with actionable intelligence about data; and DataPrivilege, which provides a self-service Web portal that allows users to request access to data necessary for their business functions, and owners to grant access without IT intervention. In addition, the company offers Data Transport Engine, which provides an execution engine that unifies the manipulation of data and metadata, translating business decisions, and instructions into technical commands, such as data migration or archiving; and DatAnswers that offers search functionality for enterprise data. It sells its products and services through a network of distributors and resellers. The company serves IT, security, and business personnel. Varonis Systems, Inc. was incorporated in 2004 and is headquartered in New York, New York.
<<<
>>> Return of the Darkside: Analysis of a Large-Scale Data Theft Campaign
INCIDENT RESPONSE, THREAT DETECTION, THREAT RESEARCH
Inside Out Security Blog » Cybersecurity News » Threat Research » Return of the Darkside: Analysis of a Large-Scale Data Theft Campaign
BY Snir Ben Shimol
UPDATED: 3/18/2021
https://www.varonis.com/blog/darkside-ransomware/
Our team has recently led several high-profile investigations of attacks attributed to an up-and-coming cybercrime group, Darkside. These highly targeted campaigns were conducted in several phases over weeks or months, ultimately targeting theft and encryption of sensitive data, including backups. In this technical blog post, we will review the tactics, techniques, and procedures (TTPs) we’ve observed.
About Darkside, inc.
The Darkside ransomware group announced their RaaS (Ransomware-as-a-Service) in August of 2020 via a “press release.” Since then, they have become known for their professional operations and large ransoms. They provide web chat support to victims, build intricate data leak storage systems with redundancy, and perform financial analysis of victims prior to attacking.
Want to learn ransomware basics and earn a CPE credit? Try our free course.
“In just one hour, I’ll teach you the fundamentals of Ransomware and what you can do to protect and prepare for it.”
The group’s name, Darkside, evokes the image of a good guy (or gal) that has turned from the light. While we can’t conclude that the group is comprised of former IT security professionals, their attacks reveal a deep knowledge of their victims’ infrastructure, security technologies, and weaknesses.
They have publicly stated that they prefer not to attack hospitals, schools, non-profits, and governments, but rather big organizations that can afford to pay large ransoms.
Our reverse engineering revealed that Darkside’s malware will check device language settings to ensure they don’t attack Russia-based organizations. They have also answered questions on Q&A forums in Russian and are actively recruiting Russian-speaking partners.
The group has both Windows and Linux toolsets. Much like NetWalker and REvil, Darkside has an affiliate program that offers anyone who helps spread their malware 10-25% of the payout.
Anatomy of an Attack
The Darkside ransomware attack campaigns stood out for their use of stealthy techniques, especially in the early stages. The group performed careful reconnaissance and took steps to ensure that their attack tools and techniques would evade detection on monitored devices and endpoints.
While their initial entry vectors vary, their techniques are more standardized once inside, and their endgame is coldly efficient.
Stealth tactics include:
Command and control over TOR
Avoiding nodes where EDR is running
Waiting periods & saving noisier actions for later stages
Customized code and connection hosts for each victim
Obfuscation techniques like encoding and dynamic library loading
Anti-forensics techniques like deleting log files
During the later stages of their attack sequence, they:
Harvest credentials stored in files, in memory, and on domain controllers
Utilize file shares to distribute attack tools and store file archives
Relax permissions on file shares for easy harvesting
Delete backups, including shadow copies
Deploy customized ransomware
Initial Access: Finding the Weak Link
Darkside ransomware gained initial entry through weak links – remotely exploitable accounts and systems.
We observed Darkside use compromised contractor accounts to access Virtual Desktop Infrastructure (VDI) that had been put in place to facilitate remote access during the pandemic. Though, contractor accounts did not.
We also observed them exploit servers, and then quickly deploy an additional RDP that would preserve access should the vulnerable server be patched.
While neither of these vectors is novel, they should serve as a warning that sophisticated threat actors are easily bypassing perimeter defenses. They illustrate the need for multi-factor authentication on all internet-facing accounts and rapid patching of internet-facing systems.
Command and Control
The Darkside ransomware attackers established command and control primarily with an RDP client running over port 443, routed through TOR. After installing a Tor browser, they modified its configuration to run as a persistent service, redirecting traffic sent to a local (dynamic) port through TOR via HTTPS over port 443, so it would be indistinguishable from normal web traffic. These connections were persistent, so the attackers could establish RDP sessions to and through the compromised hosts, facilitating lateral movement.
We found traces of TOR clients across many servers and observed dozens of active TOR connections.
The attackers used Cobalt Strike as a secondary command and control mechanism. We observed dozens of customized stagers that downloaded customized beacons that connected to specific servers. The stagers (named file.exe) were deployed remotely on specific targeted devices using WinRM, each one configured differently. Cobalt-Strike stagers established connections to a dedicated C2 server to download the Cobalt Strike Beacon.
Threat actors commonly use only a few C2 servers per victim, but Darkside configured each beacon to connect to a different C2 server with a different user agent. This would indicate that Darkside operates a large, well-established attack infrastructure.
The stagers and TOR executables were stored in network shares for easy distribution. The actors avoided installing backdoors on systems monitored by EDR solutions.
Detection of the beacon being downloaded into a compromised server
We observed the threat actors log into the Virtual Desktop environment with many accounts, sometimes concurrently. Each time the threat actor logged on, .lnk files were created in the compromised user’s home folders. The .lnk file activity helped determine which accounts and VDI environments had been compromised and when each account was used in the attack.
Recon and Credential Harvesting
Darkside ransomware is known for living off the land (LOtL), but we observed them to scan networks, run commands, dump processes, and steal credentials. Like the command and control code, the attack tools were also executed on hosts that had minimal detection and blocking capabilities. Well-known tools included advanced_ip_scanner.exe, psexec, Mimikatz, and more.
From the initial set of compromised hosts, ticket requests, and NTLM connections to gain access to additional systems and accounts. After a waiting period, the actor used an Active Directory reconnaissance tool (ADRecon.ps1) to gather additional information about users, groups, and privilege, storing results in a file called, DC.txt. Each of their attack tools was deleted after use. The attacker temporarily stored the recon results and credential information on a very active windows server. Interesting file names written and deleted on the server included: Typed_history.zip, Appdata.zip, IE_Passwords.zip, AD_intel, and ProcessExplorer.zip.
In addition to credential harvesting, the attacker mined credentials from User profile folders, including:
Users\<user name>\Appdata\[Roaming\Local]\Microsoft [Credentials\Vault]
Users\<user name>\Appdata\Roaming\Mozilla\Firefox\Profiles
Users\<user name>\\Appdata\Local\Google\Chrome
The threat actor used Invoke-mimikatXz.ps1 to extract credentials from unmonitored servers and stored them in a file called “dump.txt.” This operation was performed on a high-value target with minimal detective capabilities.
Once the attacker obtained domain admin credentials, accessed domain controllers. In later stages they performed the well-known DCSync attack, where the attacker pretends to be a legitimate domain controller and utilizes the Directory Replication Service to replicate AD information, gaining access to password data for the entire domain, including the KRBTGT HASH.
Data Collection and Staging
The active Windows server also served as a hub to store data before exfiltration. Data was mined from hundreds of servers with a batch routine (dump.bat) located in \Desktop\Dump, writing files to the same location, compressing them into 7zip archives with a simple naming convention, *.7z.[001]-[999].
Though they had accumulated elevated privileges, we observed the attacker relax the permissions on file systems, opening them up so that they could access the files with any domain user account. The batch file, target data, and the archives were deleted by the attackers within hours of collection
Encryption
Darkside doesn’t deploy ransomware until they’ve mapped the environment, exfiltrated interesting data, gained control of privileged accounts, and identified all backup systems, servers, and applications. We observed several connections to primary backup repositories using compromised services accounts shortly before encryption. By holding off on the encryption phase of the attack, they put themselves in a position to maximize damage and profit.
The ransomware code is delivered through established backdoors (TOR-RDP or Cobalt Strike) and is customized for each victim. The payload includes the executable, a unique extension, and a unique victim ID that allows the victim to access Darkside’s website and make payment.
By using unique executables and extensions, the ransomware easily evades signature-based detection mechanisms. Darkside also provides customized ransomware to other threat actors (Ransomware as a Service) and takes a part of the profit in successful attacks.
One version of the customized code was named, “Homie.exe.” In addition to being customized, we found it also uses anti-forensics and anti-debugging techniques, such as self-injection, virtual machine detection, and dynamic library loading. It also deletes shadow copies on victim devices.
Darkside Ransomware Stage 1 – Self Injection
On execution, the malware copies itself to the path
“C:\Users\admin\AppData\Local\Temp\” and injects its code into the existing process with a CMD command:
If the malware finds indications that it is being debugged or run in a VM, it immediately stops.
To avoid detection by AV and EDR solutions, the ransomware dynamically loads its libraries, without registering them in its imports section:
Malware dynamically loads libraries
Only 3 libraries are imported, which indicates that other libraries’ names resolved dynamically during the malware’s run instead of being explicitly imported.
Ransomware Stage 2 – Deletion of Shadow Copies
Using an obfuscated PowerShell command, the malware attempts to delete the shadow copies on the victim device. The obfuscated command:
The de-obfuscated command:
Ransomware Stage 3 – Encryption of Files
After the deletion of the shadow copies, the malware first closes specific processes to avoid locked files that can delay encryption, and then begins its encryption routine.
List of processes:
sql
oracle
ocssd
dbsnmp
synctime
agntsvc
isqlplussvc
xfssvccon
mydesktopservice
ocautoupds
encsvc
firefox
tbirdconfig
mydesktopqos
ocomm
dbeng50
sqbcoreservice
excel
infopath
msaccess
mspub
onenote
outlook
powerpnt
steam
thebat
thunderbird
visio
winword
wordpad
notepad
During encryption, the malware appends an 8-character string to the end of the encrypted file names.
Dark side ransomware avoids encrypting files with the following extensions:
386,adv,ani,bat,bin,cab,cmd,com,cpl,cur,deskthemepack,diagcab,diagcfg,diagpkg,dll,drv,exe,hlp,icl,icns,ico,ics,idx,ldf,lnk,mod,mpa,msc,msp,msstyles,msu,nls,nomedia,ocx,prf,ps1,rom,rtp,scr,shs,spl,sys,theme,themepack,wpx,lock,key,hta,msi,pdb
It creates a ransom instructions (“README…txt”) to contact the ransomware creator for decryption:
How to Prepare for Threat Actors in 2021
Find and fix the weak links before attackers do
Any internet-facing account that doesn’t require MFA is a brute-force attack away from a compromise. Any unpatched internet-facing server is an exploit away from script-kiddie payday.
Assume breach and fix weak links inside
Threat actors look for quick ways to obtain domain admin credentials. Service or admin accounts with SPNs that also have weak encryption, or worse still, privileged accounts with weak or no password requirements are too-easy targets.
In too many organizations, attackers don’t even need elevated credentials to harvest data – the average employee has access to far more data than they require. Lockdown sensitive data so that only the right accounts have access, and then monitor file systems for unusual access and change events.
More lights, please, especially on stuff that matters
Organizations with comprehensive monitoring solutions detect and investigate attacks like these more quickly. If you have blind spots on core data stores, in Active Directory, DNS, remote access systems, or in web connections, you’ll struggle to determine which systems were compromised and whether sensitive data was stolen.
If you detect a breach, let Active Directory triangulate the blast radius
Active Directory events can help you quickly identify compromised accounts and devices. Instead of focusing on one endpoint at a time, once one compromised account or system has been identified, query Active Directory for signs of lateral movement by that account or accounts used on that system.
If you have any reason to believe you’ve been targeted by Darkside or any other group, please don’t hesitate to reach out for incident response and forensics help via https://www.varonis.com/help.
A special thanks to Rotem Tzadok for leading our Darkside investigations and analysis.
Snir Ben Shimol
Director of Cyber Security, Varonis Snir is the Head of Cyber Security at Varonis, a software company specializing in data security and insider threat detection. Snir began his career in the IDF Technology and Intelligence Unit and continued as a Security Researcher in the Israeli Prime Minister’s Office. Since then he has worked in the Advanced Security Center of EY as the Cyber Security Advisory Leader, managing red-team operations and risk assessments. He has advised major international corporations and high-profile individuals to build their security resilience and protect their organization. Prior to his current role, he led Radware’s Cyber Security Research Division, responsible for innovation and security solution capabilities.
<<<
>>> Recorded Future
From Wikipedia, the free encyclopedia
https://en.wikipedia.org/wiki/Recorded_Future
This article contains content that is written like an advertisement. Please help improve it by removing promotional content and inappropriate external links, and by adding encyclopedic content written from a neutral point of view. (November 2018) (Learn how and when to remove this template message)
Recorded Future, Inc.
RF-Logo-Standard.png
Type Privately Held
Industry Cybersecurity, Threat Intelligence
Founded 2009
Founders Christopher Ahlberg,
Staffan Truvé
Headquarters Somerville, Massachusetts, United States
Number of locations Washington, D.C.,
Gothenburg, Sweden,
London, United Kingdom,
Singapore,
Tokyo, Japan
Area served Worldwide
Products Threat Intelligence Platform, SaaS Portal, Browser Extension, Security Control Feeds, Third-Party Risk, Finished Intelligence Reports
Number of employees 450 (December 2019)
Website www.recordedfuture.com
Recorded Future is a privately held cybersecurity company founded in 2009 with headquarters in Somerville, Massachusetts. The company specializes in the collection, processing, analysis, and dissemination of threat intelligence. Recorded Future uses patented machine learning and natural language processing methods to continuously collect and organize data from open web, dark web, and technical sources. The resulting information is displayed within a software-as-a-service portal.
Contents
1 History
2 Services
3 Organization
4 Analysis
4.1 China Vulnerability Database Report
4.2 Al-Qaeda Report
4.3 Occupy Wall Street Media Monitoring Report
5 Controversies
6 See also
7 References
8 External links
History
In 2007, co-founders Christopher Ahlberg and Staffan Truvé, both Ph.D.s in computer science from Chalmers University of Technology, filed for Recorded Future’s first patent (granted in 2013 as United States patent US8468153B2) - Data Analysis System with Automated Query and Visualization Environment Setup.[1] The patent laid the foundation for continuous collection and processing of data and information from sources across the open, deep, and dark web, facilitated by machine learning. Recorded Future was officially incorporated in 2009.
The company received initial funding from Google and In-Q-Tel, as reported in a July 2010 introduction to Recorded Future published by Wired.[2]
Recognizing that its algorithms and visualization software matched needs within the intelligence community,[3] Recorded Future entered the cyber threat intelligence market in January 2012.
In 2014, the company launched Recorded Future Dark Web, integrating open and dark web sourcing as well as dark web forum access and analysis.
In 2016, Recorded Future was named a partner for threat intelligence by Splunk,[4] Palo Alto Networks,[5] and Vencore GEOINT.[6]
In May 2017, Recorded Future introduced Insikt Group,[7] the company’s threat intelligence research arm. The word “insikt” is Swedish, a nod to Recorded Future's co-founders, and means “insight.” Insikt Group is responsible for delivering analyst-generated assessments, insights, and recommended actions to customers and the public.
In May 2019, New York-based private equity firm Insight Partners acquired Recorded Future for $780 million.[8]
In November 2019, the company opened a second office in Somerville with the goal of building a “campus” in the Davis Square area. Recorded Future currently employs more than 430 people around the world.[9]
Services
Using what they call a "Temporal Analytics Engine," Recorded Future provides forecasting and analysis tools to help analysts predict future events by scanning sources on the internet, and extracting, measuring, and visualizing the information to show networks and patterns in the past, present, and future.[10] As of 2015, the engine was described as "Web Intelligence Engine."[11] Likewise, the Washington Post, in an article authored by Stewart Baker - the former General Counsel of the National Security Agency (1992–1994), which had described the company as a predictive analytics web intelligence firm deleted the term upon request of RF.[12] The software analyzes sources and forms "invisible links" between documents to find links that tie them together and may possibly indicate the entities and events involved. Noah Schachtmann from WIRED – who first wrote about Google and the CIA both investing in RF – described the company in an interview as follows: "Recorded Future is a company that strips out from web pages the sort of who, what, when, where, why — sort of who’s involved, [...] where are they going, what kind of events are they going to."[13]
Clients initially included the financial sector with quantitative investors, but since 2013 they have changed to businesses seeking cyber security, per Ahlberg, for example SITA (IT company), a global air transport IT company.[14]
Organization
The company was founded in 2009 by Christopher Ahlberg[11] and had 20 employees as of November 2011.[15] Google Ventures and In-Q-Tel invested "under $10 million each" into the Recorded Future shortly after the company was founded. Google published this on May 3, 2010[16] In-Q-Tel is an investment arm of the CIA.[17] As of 2015, it had partnerships with IBM, HP ArcSight, Cimation, Ethnographic Edge, Tiberium Security, and Malformity Labs LLC per its company profile published by Businessweek.[11]
Analysis
China Vulnerability Database Report
In November 2017, Recorded Future published analysis asserting that the Ministry of State Security (China) influences or alters their National Vulnerability Database (CNNVD) to coverup espionage activities.[18] The analysis concludes "vulnerabilities commonly exploited by malware linked to Chinese APT groups" are inconsistent with CNNVD publication practices. The company presented further analysis in March 2018 at the Kaspersky Labs Analyst Summit, presenting evidence that the Chinese government retroactively changed the original publication dates.[19][20]
Al-Qaeda Report
In May 2014, Recorded Future released a report called "How Al-Qaeda Uses Encryption Post-Snowden (Part 1)."[21] Part 2 of the report was released on August 1, 2014, supposedly with a strengthened "earlier hypothesis about Snowden leaks influencing Al-Qaeda’s crypto product innovation." On the same day National Public Radio aired Recorded Future claims of "tangible evidence" that Edward Snowden harmed national security by prompting terrorists to develop more sophisticated encryption programs.[22] Glenn Greenwald and Andrew Fishman criticized Recorded Future's report did not prove causation between Snowden's leak and improved encryption by al-Qaeda.[23]
Occupy Wall Street Media Monitoring Report
In 2011, Recorded Future reported, "... gaining online momentum for the Occupy Wall Street movement. When we look more carefully at influencers in this discussion using our Influencer Map, we find that Iran Press TV is the second largest influencer after the U.S. media!"[24]
Controversies
In April 2015, a coding website accused Recorded Future of violating internet privacy by analyzing private Facebook messages, which it denied. The accusation was disproven when the assumed private link for private Facebook chat was found posted publicly online via a server log.[14]
See also
Cyber Threat Intelligence
Open Source Intelligence
Corporate Security
Managed Security Service
Operational Intelligence
Palantir Technologies
Intelligence Engines
References
https://patents.google.com/patent/US8468153
Shachtman, Noah (July 28, 2010). "Exclusive: Google, CIA Invest in 'Future' of Web Monitoring". WIRED.
Temple-Raston, Dina (October 8, 2012). "Predicting The Future: Fantasy Or A Good Algorithm?". NPR.
Kodama, Matt (February 22, 2016). "Announcing Recorded Future for Splunk". Recorded Future. Recorded Future. Retrieved January 2, 2020. Enrichment dashboards show intel on-demand inside Splunk, while monitoring and correlation dashboards apply our threat intel to your events and infrastructure.
Wong, Glenn (April 4, 2016). "Announcing Recorded Future for Palo Alto Networks". Recorded Future. Recorded Future. Retrieved January 2, 2020. We’re very excited to join the Palo Alto Networks NextWave Technology Partners Program.
McKeon, Amanda (May 17, 2016). "Announcing Recorded Future and Vencore GEOINT Partnership". Recorded Future. Recorded Future. Retrieved January 2, 2020. We’re very excited to announce a partnership with Vencore to combine our unique open source intelligence (OSINT) datasets with its geospatial system integration and analytic capabilities.
Future, Recorded. "Recorded Future Launches Threat Research Arm to Enhance Threat Intelligence Offering". www.prnewswire.com. Retrieved 2021-03-11.
Miller, Ron (May 30, 2019). "Insight Partners acquires threat intel company Recorded Future for $780M". TechCrunch.
Maffei, Lucia (October 28, 2019). "Threat intel firm to open new office, add 130 jobs in the Boston area". Boston Business Journal.
Holliday, Maynard; Holden, Chris (July 15, 2014). "Advanced Web-Based Temporal Analytics for Arms Control Verification and Compliance". Science & Diplomacy. 3 (3).
"Recorded Future, Inc". BusinessWeek. Retrieved July 29, 2010.
Stewart Baker (August 3, 2014). "As evidence mounts, it's getting harder to defend Edward Snowden". Washington Post. Retrieved 31 May 2015. “While this may seem like splitting hairs, in the world of data analysis software “predictive analytics” has specific technical meaning which implies something different. We use the term web intelligence to reduce this confusion.”
Amy Goodman, Juan González (July 30, 2010). "Google Teams Up with CIA to Fund "Recorded Future" Startup Monitoring Websites, Blogs & Twitter Accounts". Democracy Now. Retrieved May 31, 2015.
Cale Guthrie Weissman (May 26, 2015). "Inside the company that can predict the future by analyzing every piece of information on the web". Business Insider. Retrieved May 31, 2015.
Cheshire, Tom (November 10, 2011). "The News Forecast". Wired UK. Retrieved December 25, 2011.
Mastrull, Amanda (May 4, 2010). "Google invests in company, Recorded Future, that tries to predict the future". The New York Daily News. Retrieved July 29, 2010.
Shachtman, Noah (July 28, 2010). "Exclusive: Google, CIA Invest in 'Future' of Web Monitoring". Wired. Retrieved July 29, 2010.
Recorded Future (November 20, 2017). "China's Ministry of State Security Likely Influences National Network Vulnerability Publications". Recorded Future. Retrieved November 17, 2017.
ALFRED NG (March 9, 2018). "China isn't being honest with its vulnerabilities database". CNET. Retrieved March 8, 2018.
Insikt (March 9, 2018). "China Altered Public Vulnerability Data to Conceal MSS Influence". Recorded Future. Retrieved March 8, 2018.
C (May 8, 2014). "How Al-Qaeda Uses Encryption Post-Snowden (Part 1)". Recorded Future. Retrieved August 14, 2014. The timeline above tells a compelling story showing how four to five months after the Snowden disclosures both mainstream AQ, as well as the break-off group ISIS, launches three new encryption tools.
Dina Temple-Raston (August 14, 2014). "Big Data Firm Says It Can Link Snowden Data To Changed Terrorist Behavior". Morning Edition. National Public Radio. Retrieved August 14, 2014.
Glenn Greenwald; Andrew Fishman (August 12, 2014). "NPR Is Laundering CIA Talking Points to Make You Scared of NSA Reporting". The Intercept. First Look Productions, Inc. Retrieved August 14, 2014.
Holden (October 1, 2014). "Iran's Growing Influence & Occupy Wall Street Protests". Recorded Future. Retrieved August 14, 2014.
<<<
>>> Cyberattack forces Colonial Pipeline to shut major fuel line
Colonial Pipeline says it transports 45 percent of East Coast fuel supply.
May 8, 2021, 4:18
By Reuters
https://www.nbcnews.com/news/us-news/cyberattack-forces-colonial-pipeline-shut-major-fuel-line-n1266737
Top U.S. fuel pipeline operator Colonial Pipeline has shut its entire network after a cyberattack, the company said in a statement on Friday.
Colonial's network supplies fuel from U.S refiners on the Gulf Coast to the populous eastern and southern United States. The company transports 2.5 million barrels per day of gasoline, diesel, jet fuel and other refined products through 5,500 miles of pipelines.
Colonial Pipeline says it transports 45 percent of East Coast fuel supply.
The company learned of the attack on Friday and took systems offline to contain the threat, it said in the statement. That action has temporarily halted operations and affected some of its IT systems, it said.
The company has engaged a third-party cybersecurity firm to launch an investigation, and Colonial has contacted law enforcement and other federal agencies, it said.
Colonial did not give further details or say for how long its pipelines would be shut.
The operator had shut its main gasoline and distillate lines, Reuters reported earlier on Friday.
During the trading session on Friday, Gulf Coast cash prices for gasoline and diesel edged lower.
Both gasoline and diesel futures on the New York Mercantile Exchange rose more than crude prices during the day. Gasoline futures gained 0.6 percent to settle at $2.1269 a gallon, while diesel futures rose 1.1 percent to settle at $2.0106 a gallon.
Longer-term price effects will depend on the amount of time that the lines are shut. If barrels are not able to make it onto the lines, Gulf Coast prices could weaken further, while prices in New York Harbor could rise, one market participant said.
Colonial significantly shut down its gasoline and distillate lines during Hurricane Harvey, which hit the Gulf Coast in 2017.
During that time, spot Gulf Coast gasoline prices rose to a five-year high, while diesel prices rose to around a four-year high.
<<<
>>> Best Cybersecurity ETFs for Q2 2021
BUG, IHAK, and CIBR are the best cybersecurity ETFs for Q2 2021
Investopedia
By NATHAN REIFF
Feb 4, 2021
https://www.investopedia.com/articles/etfs-mutual-funds/042616/2-cybersecurity-etfs-consider-cibr-hack.asp?utm_campaign=quote-yahoo&utm_source=yahoo&utm_medium=referral
The global cybersecurity market is expected to expand at a healthy compound annual growth rate (CAGR) of 10.0% through 2027 as cybercrime affects more individuals, companies, and governments.1?? Investors seeking to profit from this trend may consider owning a wide spectrum of cybersecurity stocks through exchange-traded funds (ETFs). Betting on individual stocks can be especially risky in young, fast-evolving industries. Cybersecurity ETFs offer diversification across the sector, thus avoiding the risks associated with trying to pick individual winners.
KEY TAKEAWAYS
The cybersecurity industry has outperformed the broader market in the past year.
The ETFs with the best 1-year trailing total return are BUG, IHAK, and CIBR.
The top holding of each of these ETFs is class A shares of CrowdStrike Holdings Inc.
There are 4 ETFs that trade in the U.S. focused on the cybersecurity sector: the Global X Cybersecurity ETF (BUG), the First Trust NASDAQ CEA Cybersecurity ETF (CIBR), the iShares Cybersecurity and Tech ETF (IHAK), and the ETFMG Prime Cyber Security ETF (HACK). The sector, as measured by the S&P Kensho Cyber Security Index, has outperformed the broader market with a total return of 33.0% over the past 12 months compared to the S&P 500's total return of 20.8%, as of February 2, 2021.2?? The best-performing cybersecurity ETF, based on performance over the past year, is BUG. We examine the top 3 best cybersecurity ETFs below. All numbers below are as of February 3, 2021.
Global X Cybersecurity ETF (BUG)
Performance over 1-Year: 66.1%
Expense Ratio: 0.50%
Annual Dividend Yield: 0.45%
3-Month Average Daily Volume: 231,654
Assets Under Management: $266.4 million
Inception Date: October 28, 2019
Issuer: Global X
BUG tracks the Indxx Cybersecurity Index, which gauges the performance of companies that operate within the cybersecurity industry.3??? The ETF invests in companies that are positioned to benefit from increasing adoption of cybersecurity technology, including companies that offer security against intrusion and attacks on systems, networks, applications, computers, and mobile devices. The fund focuses on cybersecurity growth stocks across the market-cap spectrum. About three quarters of its 28 holdings are based in the U.S., with the remaining quarter spread across Israel, Britain, Japan, and South Korea.4??? Its top three holdings include class A shares of CrowdStrike Holdings Inc. (CRWD), a holding company whose subsidiaries provide cyber security platforms; Palo Alto Networks, Inc. (PANW), a provider of network security solutions; and Zscaler Inc. (ZS), a cloud-based security software company.5???
iShares Cybersecurity and Tech ETF (IHAK)
Performance over 1-Year: 49.6%
Expense Ratio: 0.47%
Annual Dividend Yield: 0.39%
3-Month Average Daily Volume: 127,119
Assets Under Management: $348.1 million
Inception Date: June 11, 2019
Issuer: iShares
IHAK is a multi-cap fund focused on cybersecurity companies. The fund tracks the NYSE FactSet Global Cyber Security Index, which is composed of cybersecurity and technology stocks. The ETF invests in companies engaged in cyber security hardware, software, products, and services. Nearly 80% of the fund's 48 holdings are based in the U.S., with the rest based in Israel, Japan, Canada, and Taiwan.6??? It follows a blended strategy, investing in a mix of growth and value stocks. The fund's top holdings include class A shares of CrowdStrike Holdings; BlackBerry Limited (BB:TSE), a Canadian multinational that provides software and services; and Palo Alto Networks Inc.7???
First Trust NASDAQ CEA Cybersecurity ETF (CIBR)
Performance over 1-Year: 48.1%
Expense Ratio: 0.60%
Annual Dividend Yield: 1.09%
3-Month Average Daily Volume: 735,500
Assets Under Management: $3.5 billion
Inception Date: July 6, 2015
Issuer: First Trust
CIBR is a multi-cap growth fund targeting U.S.-listed stocks. The ETF tracks the NASDAQ CTA Cyber Security Index, which is designed to gauge the performance of cybersecurity companies within the technology and industrials sectors. Each of the fund's 41 holdings must be classified as a cybersecurity company by the Consumer Technology Association, have a minimum market cap of $250 million, and must meet certain liquidity requirements.8??? Its top three holdings include class A shares of CrowdStrike Holdings; Zscaler Inc.; and Cisco Systems Inc. (CSCO), the maker of telecommunications and networking hardware and software.
<<<
Okta - >>> 3 Software Stocks to Pick Up in the Next Market Crash
Software stocks could be in for a nasty correction this year. Here are three to keep on your watchlist if that happens.
Motley Fool
by Billy Duberstein
Feb 2, 2021
https://www.fool.com/investing/2021/02/02/3-software-stocks-to-pick-up-in-the-next-market-cr/
Some of the biggest winners from the very odd year of 2020 were cloud software stocks. In fact, business was so good that many software unicorns decided to go public amid surging stock prices. If your product enabled work-from-home, facilitated better and faster data use, or secured enterprise infrastructure, your stock likely rocketed higher.
However, after a stunning 2020, these names could be in for a correction. Many trade at nosebleed valuations. Meanwhile, recent short squeezes may cause hedge funds to sell other big winners, including these enterprise software stocks. The rollout of vaccines may cause investors to gravitate toward "reopening" stocks in travel, financials, and other cyclical stocks at the expense of cloud software.
But while SaaS stocks may face a challenging year ahead, all are ushering in a powerful new data era. So if there's a pullback in the space, long-term investors may get an attractive entry position. The following three cloud leaders are currently on my radar.
JFrog
JFrog (NASDAQ:FROG) is one of the high-flying SaaS companies that went public in the busy month of September 2020. JFrog's tools enable "liquid software" updates, or continuous updates and patching of applications, rather than the traditional method of constructing an entirely new code every few months (or longer).
Source code must transform into binary code in order to be deployed, and JFrog's platform allows for the storage, organization, automation, and deployment of these binary code packages. Even better, it works across all clouds, on-premises data centers, and programming languages.
As of last quarter, JFrog software was used by 75% of the Fortune 100 and 27% of the Global 2000. That may seem like JFrog has already penetrated a lot of its market. However, the company's 136% net expansion rate suggests existing customers increase their JFrog usage over time and upgrade to higher-priced tiers.
Though revenue grew "only" 40% last quarter, this may have been due to the pandemic slowing the sales cycle to new customers. Still, 40% growth is pretty good. JFrog has also shown the ability to expand gross margins and operating margins as it grows, and the company is already generating free cash flow (though it still has GAAP losses due to stock-based compensation).
JFrog anticipates it will end the year with about $150 million in revenue. At the current $5.7 billion market cap, it seems expensive, at around 38 times sales.
Nevertheless, being a cloud-neutral first-mover in an important niche is a great place to be. That's why JFrog is on my radar in case software stocks pull back in 2021.
Okta
Like JFrog, Okta (NASDAQ:OKTA) is a cloud-neutral first-mover with mission-critical functionality. Okta's identity-as-a-service software allows employees of an organization to access critical data and applications, no matter where they are. Okta has therefore been tremendously helpful in the current work-from-home environment, and should remain a strong grower as workforces become more distributed.
In fact, Okta identifies its workforce identity market opportunity at $30 billion. If the company can expand into customer-facing identity sign-on, that's another $25 billion opportunity. Meanwhile, Okta projects only $823 million in revenue for its current fiscal year, so there's a lot of room to grow.
Last quarter, Okta showed strength across the board. Customers grew 27%, and high-value customers grew 34%. Net expansion of 123% accelerated from 117% in the year-ago quarter, leading to 42% revenue growth. Remaining performance obligations, which take into account future revenue yet to be recognized, grew an even higher 53%. Gross margins, operating margins, and free cash flow margins all expanded, showing profitability is in Okta's future, even if the company currently posts GAAP losses.
Despite all this goodness, Okta currently trades at 42 times trailing 12-month sales, or about 40 times its enterprise value to FY 2021 estimates. That's high. Even if Okta hits its growth target of 35% revenue growth through 2024 and hits its free cash flow margin target of 25%, it would still make only about $683 million in free cash flow. That means the stock currently trades at 49 times its 2024 estimated cash flow. As great a company as Okta is, that doesn't give it a whole lot of margin of safety. Still, it will surely be at the top of my list should the SaaS sector fall out of favor.
Snowflake
Perhaps was Snowflake (NYSE:SNOW) was arguably the poster child for the 2020 IPO mania. Like the two aforementioned names, Snowflake is a first-mover in cloud-based data warehousing and data management. It offers a cloud neutrality that's resonating with customers. Snowflake's founders decided to go all-in on the cloud early, ignoring traditional on-premises data management. The results of that early decision have been downright impressive.
Snowflake is growing the fastest of any large software company that you might find, but it's also the most expensive. Revenue grew a stunning 118% last quarter, but like JFrog, its remaining performance obligations -- essentially pre-payments toward future usage -- doubled that rate at 240%. Customers grew 84%, and customers who spend over $1 million grew 110% as well. Fortune 500 customers grew 56% to 165. Net expansion with existing customers grew a ridiculous 162%. Over the past two years, gross margins have expanded 10 percentage points from 58% to 68%.
Snowflake's cloud platform is clearly resonating, as it's broken down the barriers and silos that previously separated various forms of data. Companies large and small can dump everything into Snowflake to discover, manipulate, and run machine learning on its data cloud. Snowflake's revolutionary data exchange allows different enterprises and data providers to safely and securely share data with each other, leading to even more and better insights. Twenty-three percent of Snowflake's customers currently use data sharing capabilities. That's likely to increase going forward.
Despite all this great news, Snowflake's stock is quite pricey indeed, having more than doubled over its IPO price of $120, which itself was raised 50% from the expected IPO price. It also trades at a lofty 158 times sales. At that height, it's possible for the business to do quite well even as the stock stagnates.
Snowflake is currently too rich for my blood, but it's an impressive company with a promising management team and future. Add it to your watchlist in the event of a market or tech sector meltdown.
<<<
>>> Can This Cybersecurity Play Become a Growth Stock in 2021?
This cybersecurity stock is showing signs of life after years of underperformance.
Motley Fool
Harsh Chauhan
Feb 1, 2021
https://www.fool.com/investing/2021/02/01/cybersecurity-play-be-growth-stock-check-point/
Check Point Software Technologies (NASDAQ:CHKP) has been a perennial stock market underperformer over the years despite operating in the fast-growing cybersecurity industry. The company's cautious approach toward the cybersecurity market has failed to dazzle investors when compared to the likes of Palo Alto Networks (NYSE:PANW) and Fortinet (NASDAQ:FTNT).
But can Check Point Software Technologies hit a higher gear in 2021 and outpace its rivals? Let's find out.
Check Point Software is trying to step on the gas
Check Point's anemic top-line growth has been holding the stock back. Revenue for the first nine months of 2020 increased only 3.4% year over year. Its fourth-quarter guidance was also disappointing. Check Point estimates $550 million in revenue for the quarter that ended in December 2020, missing Wall Street's expectation of $555 million.
What's more, Check Point's 2020 revenue will increase just 2.8% over 2019 levels if it hits the midpoint of its guidance range. That would be disappointing as the company's revenue had increased at a faster rate of 4% in 2019. However, the novel coronavirus pandemic should share a part of the blame for this slowing revenue growth.
Gartner originally anticipated cybersecurity spending to increase 8.7% in 2020. But the pandemic forced the firm to revise its estimate to a growth of just 2.4%. Check Point seems to have done well by that yardstick, as its 2020 revenue increase is likely to be in line with the broader market's growth. However, the company's performance pales in comparison to Fortinet and Palo Alto.
Fortinet's and Palo Alto's outperformance isn't surprising, as both companies are tapping into hot cybersecurity trends such as cloud security. Spending on cloud security was expected to jump 33% in 2020 as per a third-party estimate, and Check Point's rivals made the most of that opportunity. Fortinet, for instance, saw a sharp rise in its cloud-related business as organizations scrambled to protect critical data in the wake of a jump in remote workers.
Similarly, the demand for Palo Alto Networks' cloud security offerings increased amid the pandemic. The number of Fortune 100 companies using Palo Alto's integrated cloud security platform -- Prisma Cloud -- increased from 43% to 70% quarter over quarter. Additionally, 20% of the Global 2000 companies were using Prisma Cloud last quarter as compared to 14% in the preceding one.
Meanwhile, Check Point's cloud security business isn't big enough just yet to move the needle in a big way for the company. Cloud accounted for less than 10% of the company's revenue in the second quarter of 2020, though management pointed out that cloud-related revenue was up 70% year over year during the quarter.
Check Point's cloud security subscriptions surpassed 10% of the total revenue in the third quarter. The good news for Check Point investors is that it is trying to step on the gas in cloud security. It acquired cloud cybersecurity start-up Odo Security in September 2020 and got its hands on a service that could differentiate it from rivals' cloud offerings.
So, Check Point could see its cloud business become stronger in 2021, and that would be the key to an acceleration in its top-line growth. Analysts expect just 3% revenue growth from Check Point in 2021, but a strong showing from the cloud business could help the company surpass those expectations.
What should investors do?
In the third quarter of 2020, the legacy products and licenses accounted for nearly 24% of the company's revenue. The segment's revenue fell slightly year over year, extinguishing the 9.7% gains scored by the security subscriptions business. So, investors will have to remain patient and wait for the legacy business's influence on Check Point's top line to decline, while expecting the subscription business to pick up the pace.
The good part is that investors willing to bet on Check Point's accelerated top-line growth can still buy the stock at a reasonable valuation. Its trailing price-to-earnings (P/E) ratio of 22 is in line with the five-year average, while the forward earnings multiple of 18 points toward bottom-line growth. What's more, Check Point already has a strong margin profile as compared to rivals.
A stronger contribution from the higher-margin subscription business can boost Check Point's earnings power and turn it into a growth stock this year after years of underperformance.
<<<
>>> BlackBerry Limited (BB) provides intelligent security software and services to enterprises and governments worldwide. The company leverages artificial intelligence and machine learning to deliver solutions in the areas of cybersecurity; safety and data privacy; and endpoint security management, encryption, and embedded systems. It offers BlackBerry Spark software platform that includes a suite of security software products and services comprising BlackBerry Cylance, BlackBerry UEM, BlackBerry Dynamics, and BlackBerry Workspaces; and BlackBerry Spark SDK to promote the evolution of a platform ecosystem by enabling enterprise and independent software vendor developers to integrate the security features of BlackBerry Spark into their own mobile and web applications. BlackBerry Limited also provides BlackBerry Internet of Things (IoT) solutions, including BlackBerry QNX, BlackBerry AtHoc, SecuSUITE, BlackBerry Certicom, BlackBerry Radar, and other IoT applications; and manages and monetizes BlackBerry patents and applications. As of February 29, 2020, the company owned approximately 38,000 worldwide patents and applications. BlackBerry Limited has a partnership with the University of Windsor to develop and deliver a cybersecurity curriculum for the university's graduate master's program in applied computing; and an agreement with Amazon Web Services, Inc. to develop and market BlackBerry's intelligent vehicle data platform. The company was formerly known as Research In Motion Limited and changed its name to BlackBerry Limited in July 2013. BlackBerry Limited was founded in 1984 and is headquartered in Waterloo, Canada.
<<<
BioCatch (private) - >>> The Leader in AI-Driven Behavioral Biometrics
https://www.biocatch.com/company/our-story
BioCatch was founded in 2011 by experts in neural science, artificial intelligence (AI), machine learning and cyberterrorism. The newly-founded company had a significant mission: to address next-generation digital identity challenges by focusing on online user behavior rather than static authentication measures, like passwords or endpoint security. They discovered an untapped goldmine.
Powerful behavioral insights — gleaned from the analysis of more than 2,000 physical and cognitive behavioral parameters — were able to support different use cases across the digital identity lifecycle. The technology enabled the holy grail of the modern digital era — seamless and secure online experiences. Behavioral biometrics, a technology used to identify people based on their behavioral parameters, was born.
BioCatch founder Avi Turgeman began pursuing a theory that people interact with machines in unique, measurable ways while serving in military intelligence. Drawing on years of experience exploring white-hat hacking, system vulnerability management and cyberterrorist operations, Turgeman turned his attention to online fraudsters and their identifiable signatures, co-founding BioCatch with Benny Rosenbaum.
In developing their AI-driven platform to passively identify both human and non-human behaviors online, BioCatch upended the paradigm of having to choose between security and convenience. Today, the company continues its commitment to innovation through an unparalleled IP portfolio of more than 60 granted or pending patents.
The BioCatch platform is deployed by major banks and other global enterprises to help manage their digital identity challenges. The technology prevents new account fraud, authenticates online users, prevents account takeover fraud and detects vishing scams, generating impressive returns on investment that come from catching more fraud as well as reducing false positives and unnecessary escalations.
BioCatch has been recognized for its industry leadership and cutting-edge approach to behavioral biometrics and digital identity in the CB Insights AI 100, One World Identity Leading Innovators in Identity, Deloitte Technology Fast 500, Florin Awards for Best Innovation in Securing Transactions and more.
<<<
Name | Symbol | % Assets |
---|---|---|
Zscaler Inc | ZS | 7.58% |
CrowdStrike Holdings Inc Class A | CRWD | 6.69% |
Accenture PLC Class A | ACN | 6.31% |
Okta Inc A | OKTA | 6.27% |
Cisco Systems Inc | CSCO | 5.90% |
Cloudflare Inc | NET | 3.89% |
Fortinet Inc | FTNT | 3.81% |
Varonis Systems Inc | VRNS | 3.76% |
CyberArk Software Ltd | CYBR | 3.51% |
Palo Alto Networks Inc | PANW | 3.36% |
Name | Symbol | % Assets |
---|---|---|
Check Point Software Technologies Ltd | CHKP | 8.24% |
Palo Alto Networks Inc | PANW | 7.93% |
Fortinet Inc | FTNT | 6.71% |
NortonLifeLock Inc | NLOK | 5.74% |
Avast PLC | AVST.L | 5.47% |
Tenable Holdings Inc | TENB | 4.85% |
Trend Micro Inc | 4704 | 4.78% |
Zscaler Inc | ZS | 4.75% |
Okta Inc Class A | OKTA | 4.71% |
CrowdStrike Holdings Inc Class A | CRWD | 4.60% |
Name | Symbol | % Assets |
---|---|---|
Cisco Systems Inc | CSCO | 3.04% |
KnowBe4 Inc Ordinary Shares - Class A | KNBE | 3.04% |
Cloudflare Inc | NET | 2.88% |
Splunk Inc | SPLK | 2.85% |
Fortinet Inc | FTNT | 2.44% |
SailPoint Technologies Holdings Inc | SAIL | 2.44% |
Palo Alto Networks Inc | PANW | 2.40% |
Darktrace PLC | DARK.L | 2.39% |
FireEye Inc | FEYE | 2.26% |
Sumo Logic Inc Ordinary Shares | SUMO | 2.25% |
Name | Symbol | % Assets |
---|---|---|
Check Point Software Technologies Ltd | CHKP | 5.45% |
Citrix Systems Inc | CTXS | 5.05% |
Fortinet Inc | FTNT | 4.71% |
Palo Alto Networks Inc | PANW | 4.71% |
Juniper Networks Inc | JNPR | 4.48% |
VMware Inc Class A | VMW | 4.09% |
Akamai Technologies Inc | AKAM | 4.06% |
Booz Allen Hamilton Holding Corp Class A | BAH | 3.83% |
CrowdStrike Holdings Inc Class A | CRWD | 3.82% |
DocuSign Inc | DOCU | 3.65% |
Name | Symbol | % Assets |
---|---|---|
SolarEdge Technologies Inc | SEDG | 8.06% |
NICE Ltd | NICE | 7.93% |
Wix.com Ltd | WIX | 7.92% |
NovoCure Ltd | NVCR | 7.52% |
Check Point Software Technologies Ltd | CHKP | 6.86% |
Amdocs Ltd | DOX | 5.86% |
Fiverr International Ltd | FVRR | 5.24% |
Varonis Systems Inc | VRNS | 3.83% |
Playtika Holding Corp Ordinary Shares | PLTK | 3.54% |
CyberArk Software Ltd | CYBR | 3.26% |
Volume | |
Day Range: | |
Bid Price | |
Ask Price | |
Last Trade Time: |