How Secure Are Security Stocks?
SINCE SEPT. 11, 2001, one of the few areas of technology to flourish has been software and hardware aimed at keeping information secure.
The terrorist attacks came roughly 18 months after the stock-market boom started to go bust, adding insult to an already injured economy. Of course, we all know that corporate information technology spending crawled to a halt during the ensuing years, showing signs of life only in recent months. But security tech firms -- makers of anti-virus and firewall products and the like -- were among the few tech names to not only weather the storm but thrive during the darkest days of this young millennium.
No outfit demonstrates this dramatic outcome better than Symantec, the maker of Norton anti-virus software that has been the bellwether of the security software sector. Symantec's shares have more than quadrupled since 9/11, providing the firm with a hefty market value of $14.5 billion.
But while security software and hardware has been a veritable haven during the corporate tech-spending drought, it's possible that the trend could be cooling off.
At least, that is the conclusion of information-security analyst Kevin Trosian of Wedbush Morgan Securities in Los Angeles. In a refreshingly independent and thorough study of the industry, Trosian initiated his coverage of the sector with a Neutral weighting, or Hold, compared to the rest of technology.
While Trosian isn't saying that the sector will dry up and go away, the brokerage analyst is betting that its growth rate will be lower than what most of his peers are forecasting. He is predicting compound annual growth of about 15% through 2007. International Data Corp., the widely quoted industry research outfit, expects around 18%.
Simply put, most brokerage analysts plug IDC's market forecasts into their models, which in this case could inflate their valuations, Trosian argues.
"We believe IDC's market estimates are skewed. Based on our review of their estimates, which many of our competitors take as gospel, we believe that IDC consistently overestimates the rate of growth in most areas of security spending," Trosian charges. An IDC analyst was not available for comment.
Regular readers of this column will note that we have taken IDC and other big technology research outfits to task ourselves. We've been concerned about the reliability of their market data, which is often gleaned in interviews with companies, of which many are lucrative consulting clients (Plugged In, Jan. 20 and 27, 2003).
Trosian points to International Data's habit of having to lower its often inflated sales projections after brokerage analysts had already used them in their economic models for the stocks they cover. During an eight-month period, beginning in 2002, IDC lowered its growth rate for firewall products by 55%, he says. During the same period, a growth-rate prediction for intrusion-protection systems -- products that detect nasty computer viruses, such as the Blaster worm -- had to be adjusted downward by 35%, Trosian says. Trosian adds that he arrived at his sales-growth estimates by checking the distribution channels and talking to customers, rather than just relying on management's guidance and IDC.
This doesn't mean that Trosian thinks that the security-software and hardware businesses are going down the tubes. Nor is he suggesting that it is ripe for shorting. He anticipates that after three or four years of getting a bigger share of the pie than in the recent past, spending on security will decrease modestly as a percentage of total tech spending over the next 18-24 months. Security went from grabbing about 5% of corporate tech spending in 2001 to as much as 10% in 2004. Trosian sees that slipping back to about 7% by 2005.
As tech spending starts to pick up, companies are going to start spending on other items, such as servers, personal computers and application software. What's more, Trosian predicts that there will be a shift in security spending. Since 2001, products that sit on the perimeter, or at the gateway, of corporate computer networks -- such as anti-virus software, firewalls and intrusion- prevention systems -- have grabbed the bulk the of the spending. Think Symantec, Check Point and Network Associates, soon to be named McAfee.
But Trosian contends that technology buyers at big companies are going to buy more "internal" security products. Perimeter products keep the bad guys out, while internal security keeps benign software applications, like Microsoft Outlook e-mail, from doing bad things. The new emphasis will have as much to do with monitoring and filtering outgoing e-mail as keeping contaminated mail from entering the network, Trosian says. Sellers of identity management solutions, such as RSA Security, and makers of Web filtering products, such as Websense, stand to benefit from this trend.
"The ugly truth is that most security incidents are initiated by insiders or perpetrated with the help of insiders," he says.
Anti-Spam IPO is Canned
There will be one less tech IPO on the menu this summer.
Brightmail, a maker of anti-Spam software, has agreed to be bought by Symantec for about $370 million, rather than go public. Showing that it wasn't content to rest on its security laurels, Symantec realized that fighting Spam, or junk e-mail, ranks high on chief technology officers' priority lists.
Symantec already owns 11% of Brightmail, which had filed to go public earlier this spring, and agreed to pay about 14 times trailing 12-month revenues of $26 million. Smith Barney software analyst Tom Berquist suggested that the price might be on the high side, contending that Brightmail's approach to blocking spam is somewhat "backward-looking" in the way it blocks spam.
In the short run, the acquisition should give Symantec an important product to offer, given the appetite for anti-spam solutions. But critics wonder whether Brightmail wasn't pushed into Symantec's arms because of a lukewarm reception to a potential offering. "The market has really moved and is demanding a much broader solution than just blocking spam," contends Gary Steele, chief executive of ProofPoint, a privately held competitor to Brightmail. "And if the market has moved since you entered the field, you're often-times better to find a safe harbor."
Not So Hot Spots
Wi-Fi technology is fun, convenient and addictive, but try making money at it. Cometa Networks announced last week that it was folding its wireless tent. The wholesaler of Wi-Fi hotspots was unable to raise more money to continue the buildout of its U.S. network just 18 months after launching. The joint-venture had drawn much fanfare because it included tech and telecom giants IBM, Intel and AT&T.
The company, which employs 40 people in Seattle, San Francisco and Schaumburg, Ill., posted on its Website that it would soon suspend operations.
Wi-Fi Networking News, a trade publication that broke the story, says the company contended that its Seattle test-market operations were profitable but that Cometa needed more capital to go national. The start-up had partnered with McDonald's to provide wireless broadband service in some 150 New York locations. But it eventually lost out to Wayport, a Wi-Fi rival, in its bid to secure most of McDonald's U.S. locations.
信息安全类股有多安全?
自从2001年9月11日以来,科技行业为数不多保持繁荣的领域当属保护信息安全的软件和硬件行业了。
911恐怖袭击事件发生在股市泡沫开始破裂的18个月之后,这使本来就"很受伤"的美国经济雪上加霜。当然,我们都知道,公司信息技术支出在随后几年中陷入接近停滞的状态,直到最近几个月才显出一丝起死回生的迹象。但是,生产杀毒软件、防火墙以及类似产品的安全技术公司不但挺过了这个新世纪最严酷的经济寒冬,而且还在蓬勃发展。
没有谁比赛门铁克(Symantec)更能展示这种戏剧性了。作为诺顿杀毒软件的开发商、安全软件行业领头羊,赛门铁克的股价从911事件以来,已飙升了3倍还多,公司市值也一跃超过了145亿美元。
尽管安全软件和硬件行业在公司科技支出的枯水期一度成了真正的世外桃源,但这种势头恐怕也会逐渐冷却。
至少,Wedbush Morgan Securities驻洛杉矶的信息安全行业分析师特罗夏(Kevin Trosian)得出了这样的结论。他对信息安全行业进行了一次全新、独立且深入全面的调查,并据此向整个信息安全类股给予了中性的初始评级。
虽然特罗夏并不认为该行业将日渐衰退并最终消失,但他对信息安全行业的增长速度的预期要低于多数同行。特罗夏预计,信息安全行业到2007年期间的综合年度增长率将为15%左右,而备受信赖的科技行业研究机构国际数据公司(International Data Corp.,简称IDC)所预计的年增长幅度大约为18%。
特罗夏表示,简而言之,大多数经纪业分析师都在他们的预期模型中直接套用了IDC的预期数字,而这将导致他们对股价的估值过高。
特罗夏指出,IDC的市场预期有些扭曲。他说,"虽然我们的许多竞争对手将IDC的预期奉为真理,但基于对IDC所作预期的评估,我们认为,长期以来IDC一直就过高估计了多数信息安全支出领域的增长速度。"记者未能立即联系到IDC分析师就此置评。
本栏目的老读者可能会注意到,我们也经常引用IDC以及其他一些重要科技行业研究公司的数字。我们也一直对这些市场数据的可靠性感到担忧,因为这些数据常常是公司接受采访时所提供的,而其中的许多公司对于IDC或者其他科技行业研究公司来说都是颇为有利可图的咨询客户。
特罗夏指出,IDC有一个习惯,就是在经纪业分析师已经在分析股票的经济模型中使用了IDC数据之后下调其过高的销售额预期。他说,从2002年初开始的8个月中,IDC将防火墙产品的销售额增长预期下调了55%之多;还将入侵防御系统的增长预期向下调整了35%。特罗夏还表示,他的预期是经过对分销渠道的调查以及与客户的交谈而得到的,而不是仅仅以公司管理层提供预期数字或者IDC的预期。
当然,特罗夏并非预计软硬件安全产品业务就将一落千丈,也不是在暗示目前是作空这类股票的恰当时机。他认为,在过去三四年的时间里,信息安全产品在总体公司科技支出中所占的比重已经有所扩大,但在未来的18至24月内将温和下滑。
到2004年,信息安全支出占公司科技支出的比例已经从2001年的约5%上升至10%。特罗夏预计,到2005年,该比例将回落至大约7%。
随著科技支出的增加,公司将开始加大在伺服器、个人电脑以及应用软件等其他项目上的开销。更重要的是,特罗夏认为,信息安全产品支出的重点将发生转变。自从2001年以来,杀毒软件、防火墙以及入侵预防系统等公司电脑网络外围安全产品占了信息安全支出的绝大部分。赛门铁克、Check Point、以及即将改名为McAfee的网络联盟(Network Associates)等公司的业务因此而取得了长足的发展。
但特罗夏认为,大型公司的科技产品采购人员将开始购买更多的内部安全产品。外围安全产品将捣蛋的家伙拒之门外,而内部安全产品则可以防止Microsoft Outlook等正当的应用软件作出不利于公司的事情。特罗夏说,在新的公司信息安全策略中,监控以及过滤发往外部的邮件将与防止恶意邮件进入公司内部网络平分秋色。出售身份管理解决方案的RSA Security以及网络过滤产品开发商Websense等公司将因此受益。
特罗夏说,一个令人难以置信的事实是,多数信息安全事故都是由内部人士制造或者在内部人士的协助下发生的。
防垃圾邮件公司Brightmail的首次公开募股取消
有一家科技公司将从今年夏季的科技行业首次公开募股名单中消失。
防垃圾邮件软件开发商Brightmail已经同意放弃公开上市计划,并接受了赛门铁克以大约3.70亿美元收购该公司的方案。这表明,赛门铁克并没有满足于目前在信息安全领域取得的成绩,而是认识到杜绝垃圾邮件已经位居公司首席技术长优先解决的名单前列。 赛门铁克已经持有Brightmail 11%的股份。在今年早春,Brightmail提交了公开上市申请,但后来同意以过去12个月大约2,600万美元往绩收入14倍左右的价格被赛门铁克收购。美邦(Smith Barney)软件行业分析师伯奎斯特(Tom Berquist)认为,赛门铁克的收购价有些太高。
鉴于目前市场对防垃圾邮件解决方案的热烈需求,从短期来看,收购Brightmail会使赛门铁克增加一种重要的产品。但批评人士认为,或许是市场对Brightmail的上市计划反应冷淡才导致该公司投入了赛门铁克的怀抱。Brightmail的竞争对手、私人持股公司ProofPoint的首席执行长斯蒂尔(Gary Steele)说,市场形势已经发生了巨大变化,因此只能提供防垃圾邮件解决方案这一种产品不会受到欢迎。
"热点"并非很热
无线保真技术(Wi-Fi)的确非常好玩,使用方便而且容易令人上瘾,但靠它赚钱却不是件容易的事情。Cometa Networks上周宣布将停止无线业务。公司开展无线保真这项热点技术的批发业务,但在美国市场推出仅仅18个月之后就再资金枯竭。该公司由科技和电信业巨头国际商业机器公司(IBM)、英特尔(Intel)以及美国电话电报(AT&T)等几家公司合资组建而成,因此一度成为万众瞩目的焦点。
Cometa Networks在西雅图、旧金山以及伊利诺伊州的绍姆堡共有40名员工。该公司在其网站上宣布,将很快停止运营。
报导Cometa Networks终止运营消息的行业刊物《Wi-Fi Networking News》称,Cometa Networks认为,其西雅图测试市场业务是盈利的,但该公司需要更多资金才能将该业务向全美推广。Cometa Networks曾与麦当劳(McDonald's)合作,在纽约的大约150个麦当劳餐厅提供无线宽频服务。但在争取麦当劳其他店址同类服务供应合约时,该公司输给了竞争对手Wayport。
