FireEye: Disrupting the cybercriminals

Global cybercrime is on the rise, but this US technology company can detect and prevent attacks before they even happen.

Summary: Cybercrime, where co-ordinated attacks are launched to steal confidential information from corporate and government computer networks, or to disable or destroy IT systems, is a rising threat. Companies and governments are spending huge amounts of money to protect themselves, and US company FireEye is well placed to help with its technology solution that enables its customers to detect and prevent attacks before they even happen.
Key take-out: NASDAQ-listed FireEye has achieved strong growth, which is set to continue on the back of a greatly expanded sales force, increasing government business, and new products. At current levels, the stock is a good investment opportunity.
Key beneficiaries: General investors. Category: International Shares.
Recommendation: Buy Price at call: $US30.44 Target price: $US46 Risk: High

FireEye is a US-based company that provides IT security for corporations and government, with 2,500 customers in 60 countries including 130 of the Fortune 500.

The company’s security solutions involve what are called “advanced persistent threats”, or APTs. It has developed a solution based on a proprietary virtual machine that can test web, file, and email traffic and protect against these threats, even if they have never been seen before (zero day attacks).Combining this with its ability to monitor outbound attack traffic in order to disrupt command and control communication, FireEye has a unique solution in the current IT security marketplace.

FireEye went public late last year at $US20, trading up 80 % on the first day to $US36.The stock then had a huge run in the first quarter of 2014, approaching the $US100 mark. Since then the stock has retraced much of that move, and now in the low $US30s it looks like an attractive entry point to what is one of the fastest-growing companies with a powerful disruptive technology in an increasingly important area.

Cybercrimes a growing problem

Cybersecurity is a non-discretionary area of IT spending for any corporate or government entity, large or small. It is also the fastest-growing sub group of IT spending. The total addressable market has been estimated at more than $US30 billion. Recent corporate breaches that have been made public include eBay, Target, Neiman Marcus, Evernote, RSA (an IT security specialist!), the New York Times, Sony’s play station network, and the “Heartbleed” bug, which caused Facebook, Amazon, Yahoo, and Google to urge users to change passwords.

Government agencies such as NATO, Canada’s National Research Council, the Montana Department of Health, the Israeli “Iron Dome” contractors, and even the US Federal Reserve have been compromised recently. In 2012, two major US banks, Wells Fargo and Bank of America, suffered denial of service attacks; banks, brokers and financial institutions remain under threat on a daily basis.

These are the ones we know about – where customer data, passwords, personal details, and proprietary information have been accessed.

So who is committing cybercrimes these days? Young Red Bull fuelled computer nerds trying to “one up” each another getting into sensitive networks? Not anymore. More likely it is nation states (like China and Iran to name a few) and extremely well organised groups and technologically sophisticated groups of cybercriminals wishing to gain financial or strategic advantages and steal intellectual property. For example, as I was composing this piece, the New York Times released an article stating that a Russian crime ring had amassed 1.2 billion user names and passwords as well as 500 million email addresses and was selling them to the highest bidder. The financial media also just reported that giant US retailer Target would take a $US148 million hit from the 2103 data breach that I referred to above. Serious stuff!

Just as the attackers have changed over time, so have the attacks. These “advanced persistent threats” are now delivered over multiple platforms where email, web, and file-based attacks may go undetected, simply because the in-place security systems are defensive in nature and only react to recognisable patterns, signatures and specific paths. Traditional defences such as firewalls, anti-virus software, and email spam filtering are particularly vulnerable.

The FireEye technology

Without getting too technical, FireEye’s approach is revolutionary in that it uses a “Multi-Vector Virtual Execution” engine, or MVX, to detect threats. MVX analyses executable files, PDFs and file types coming into the enterprise in real time, right down to the code level, whereby it identifies potential threats. By analysing the behaviour of the code it believes it can highlight malware (malicious software) and other threats throughout the enterprise that traditional signature-based antivirus solutions miss.

At any rate, it must work, as the company has grown revenues from $US1.6 million in 2009 to $US161.6 million in 2013. While that rate of growth is unsustainable, I believe the company can grow sales at more than 50% over the next three years.

FireEye’s business model is a bit different as well in that it uses products and subscriptions to ensure a reliable and diverse revenue stream. The base platform, threat protection software for email and web are purchased as a one-time cost. Services such as forensic analysis, consulting, mobile security, threat analytics platform and cloud email are delivered via subscription. In 2013, 40% of revenues came from products, 39% from subscriptions, and 24% from services. With this scalable suite of offerings, FireEye is able to serve small business as well as the large enterprise.

Competition is intense in the network security space, with large successful incumbents such as Cisco, Checkpoint Systems, Fortinet and Juniper having a sizable market share. New entrants are coming too, with companies like Palo Alto Networks and Proofpoint gaining traction with solutions that will broadly compete with FireEye. At this point of time, however, there are no offerings that offer total protection against all the threat vectors that are covered by FireEye.

In order to keep its competitive advantage FireEye is expanding its product portfolio, particularly in the Intrusion Prevention Market or IPS. This is a product that constantly monitors inbound and outbound traffic from the enterprise to flag suspicious activity and report them to appropriate authorities. Since they can be deployed literally anywhere on wireless networks or monitoring traffic before the data reaches the firewall, they are a natural and useful extension of FireEye’s base business.

Management

FireEye’s founder, computer scientist Asher Aziz, is still active in the company as Chief Strategy Officer and vice-chairman. He is the inventor of the core technologies underlying the FireEye APT programs. CEO Dave DeWalt is well known among technology investors for turning around Documentum and selling the company to EMC after a stellar stock increase of 83% in the previous nine months. Later, as the CEO of security company McAfee, he made a number of successful strategic investments and then sold the company to Intel for a 52% premium. Kevin Mandia is the COO. He was the founder of Mandiant, famous for pinpointing in February 2013 some 141 cyber espionage attacks against US organisations emanating from an organisation associated with the Chinese Army. FireEye bought his company in early 2014 for $US1 billion.

The Future

Although FireEye’s target market is the corporate enterprise, it wouldn’t surprise me if the company moved into the wireless space next. Android users worldwide are increasingly coming into contact with malware, and FireEye’s technology could be implemented at the carriers’ data centres. Also, the much heralded “Internet of Things”, whereby all varieties of devices will be connected and communicate with each other, will be a fertile area for hackers and purveyors of malware. System security will be paramount to protect personal data, passwords, credit card details etc. FireEye is well placed to counter real time threats and zero day attacks on any connected device at the network level.

Financials

FireEye has grown at an astronomical rate since its inception, but it must spend heavily on sales and marketing to grow its customer base and develop new products. This company will NOT be profitable until late 2016 at the earliest.

My estimates of revenue progression is (from $US165 million in CY 2013), $US440 million in CY2014, $US666 million in CY 2015 and $US =927 million in CY2016. SG&A and R&D is estimated to be 124% of 2014 revenues and will exceed revenue growth until CY2015. Possibly earnings per share will be slightly positive by 3Q 2016 (US0.22) but still negative for CY2016 (-$US1.75) although FireEye could be cash flow positive in 2016. The company should be broadly profitable by CY 2017.

Most Recent Quarterly Report

FireEye reported 2Q 2014 earnings on August 5, 2014. Generally it was a solid report, with FireEye beating consensus estimates of billings, revenues and earnings. More importantly (particularly with stocks like this) the company raised  FY 2014 guidance, which was updated as follows:

  • Total billings of $US560 million to $US580 million, up from $US550 million to $US570 million.
  • Total revenue of $US423 million to $US430 million, up from $US405 million to $US415 million.
  • Gross margin of 69% to 70%, down from 70% to 73%.
  • EPS of ($US2.05) to ($US2.15), up from ($US2.10) to ($US2.30).
  • Q3 total billings were guided to $US150 million to $US155 million, just above the Street estimate of
  • $US150 million.
  • Q3 revenue was guided to $US114 million to $US117 million, above the Street estimate of $US110 million.
  • Q3 gross margin was guided to 68% to 71%.
  • Q3 EPS was guided to ($US0.52) to ($US0.56), versus the Street estimate of ($US0.57).

Other important points made in the earnings release and conference call included that the company has literally doubled its customer base over the last 12 months (to 2,498) and has a diversified portfolio coming from banking, telecom, energy, transport and retail as well as some 50 government intelligence operations.

Hard to believe, but the stock actually traded down 11% on the earnings report – a real buying opportunity in my opinion.

Conclusion and Recommendation

BUY

It looks to me like the company will continue its astronomical rate of growth on the back of a greatly expanded sales force, increasing government business, and of course, new products. Cybersecurity will continue to be one of the most important elements of IT spend for the foreseeable future given the nature, scope and sources of cybercrime and espionage in the wired world.

FireEye will continue to be a VERY volatile stock. Investors expect a lot from these ultra-high growth companies. There will be competition and FireEye, while ahead now, will have to continue to innovate if it wants to get to the $US1 billion revenue rate target alluded to by CEO Dave DeWalt.

Over the medium term FireEye (if everything goes right) should approach an 2015 EV/Sales multiple of 11x, or $US46.

I am a  buyer in the low $US30s  

Risks

Competitors have deep pockets and I would be surprised if some of them did not eventually offer APT products.

Well-funded organisations such as nation states could develop other approaches to breaching networks.

To see FireEye's forecasts and financial summary, click here.

Related Articles