This article originally appeared on Source link
As the Russian economy crumbles, state-linked hackers are likely to shift from ransomware crimes to attacks meant to maximize destruction and societal upheaval, the CEO of a top cybersecurity company tells me. Yes, that’s a bit like an umbrella salesman saying it’s getting cloudy. But in this case, the clouds really are dark gray rumblers, and more to the point for investors, umbrella sales are shooting higher.
This was already happening, of course. The rise of cloud computing ballooned the number of devices linked to company and government networks—the “attack surface,” as cybercops call it. The pandemic turned homes into millions of new worksites. Not all workers were the picture of digital hygiene—if mine were bodily hygiene, I fear I’d have been the guy who gets his own car on the train. I’m working on it, and meanwhile, cybersecurity spending will rise to $172 billion this year from $155 billion last year and $137 billion the year before, according to tech researcher Gartner.
Palo Alto Networks
(ticker: PANW) is growing much faster than that: Revenue increased 30% in its most recent quarter. Four years ago, the company was best known for its advanced firewall—a system that monitors and controls data traffic. It hired Nikesh Arora as CEO, who brought business and deal-making savvy from his past work at Google and
but not much cybersecurity experience. His assessment was that the industry had too many companies selling too many tools, and that analysts at customers’ security operations centers, or SOCs, were spending too much time handling routine alerts.
So Arora went on a buying spree—17 companies, a mix of small tuck-ins and midsize deals—which brought new customers and expanded Palo Alto’s capabilities in two broad areas. The first is securing apps that run in the cloud. The second is using data and artificial intelligence to handle routine SOC alerts automatically and help analysts focus on hairier problems. As Palo Alto’s deal making has slowed, it has been winning larger clients. Market share is up to 4.5% from 2.5% under Arora’s watch, and shares have returned an average of 31% a year, about double the return of the S&P 500.
Arora says there’s room for Palo Alto to win 10% to 20% market share. The tech landscape changes every 24 months, he says, and “a new flavor of the year or the decade is born,” as a start-up develops a great product, but then stays in its lane.
“You’ve got to give the customer the comfort that I will be there as we innovate,” he says. “As technology evolves, I will solve the problem. You don’t have to go look for the next start-up.”
As for the Russia threat, Arora says that in the past few weeks he has seen companies that have spoken out about the war in Ukraine face significant DDoS or distributed denial-of-service attacks. Those are designed to overwhelm networks with a flood of traffic. “My fear is that [it] expands as things become desperate for some people,” he says.
Even before the Ukraine invasion, at an investor meeting last September, Palo Alto said that cyber incidents from nation states had doubled in a year, to an average of more than 10 attacks a month. Russian intelligence was linked to a 2016 hack of Democratic National Committee emails; to a 2018 attack on key U.S. infrastructure; and to the SolarWinds breach in 2020. Russia has denied involvement.
That last one was what’s known as a supply-chain attack, which targets a network’s trusted third parties, in this case, a software tool made by SolarWinds. Palo Alto says it caught the attack early, but not everyone did. The hackers infiltrated key government agencies, including Homeland Security and Treasury. Asked for an example of future threats, Arora points to the Colonial Pipeline ransomware shutdown last year, and says to think about the “repercussions if a financial organization was not able to settle trades for three days or more.”
I’m ill-equipped to judge cybersecurity threats and products firsthand. Much of my hacking knowledge comes from a distant recollection of the 1983 film WarGames, wherein Matthew Broderick plays a teen computer whiz who looks for videogames online, and finds one called Global Thermonuclear War, hosted by Norad. Mayhem, as you might imagine, ensues.
Side note: The script writers for WarGames consulted a Rand Corporation computer scientist who in a 1967 paper warned in vain that the burgeoning field of networks made data vulnerable to attack. President Ronald Reagan reportedly saw the movie, asked whether such a breach was possible, learned that it was, and began working on the nation’s first cybersecurity directive.
Where was I? Right. Analysts are overwhelmingly bullish on Palo Alto. I checked in with Brent Thill at Jefferies, who applauds Arora and likes that the deal making appears done for now. He says that there are a lot of companies in tech growing revenue at 20% to 30% a year, but not many doing so with operating margins of over 20%, and even fewer that also have good cash flow.
The shares appear extravagantly priced at more than 60 times forward earnings projections, but in software accounting, revenue and earnings often lag behind free cash flow. Palo Alto’s shares trade at 30 times free cash flow.
Thill says other cyber companies he talks with haven’t said anything about a postpandemic slowdown. Looking more broadly across software, he says that price-to-revenue ratios got overextended over the past two years, but that this year they’ve fallen to more ordinary levels, while fundamentals continue to appear strong.
His favorites: app developer
(IS) and video platform
(VMEO) for small-caps;
(PCOR), a maker of construction software, among mid-caps; and
(MSFT) for large-caps.