Are cybersecurity stocks oversold, or still too pricey?
Cybersecurity stocks have been sending mixed signals as of late — mostly negative, like much of tech.
But some, such as Palo Alto Networks Inc., despite a tough go of it recently, have held up better than most tech names. Others such as CrowdStrike Holdings Inc. had been outperforming broader tech in March but then flipped in May. Okta Inc.’s performance was somewhat tracking along with CrowdStrike for most of the past several months, but then the Okta hack changed the trajectory of that name.
Zscaler Inc. has crossed the critical $1 billion annual revenue run rate milestone and sees a path to $ billion, but the company’s stock fell sharply after its last earnings report and has been on a downtrend since last November. Meanwhile, CyberArk Software Ltd.’s recent beat and raise was encouraging and the stock acted well after its last report.
Security remains the No. 1 initiative priority among information technology organizations, and the spending momentum for many high-flying cyber names remains strong. So what gives in cybersecurity? In this Breaking Analysis, we focus on security and will update you on the latest data from Enterprise Technology Research to try to make sense out of the market and read into what this all means in both the near- and long-term for some of our favorite names in the sector.
First… the news
There’s always something happening in security news cycles:
Costa Rica. The big recent news is new President Rodrigo Chaves declared a national emergency in Costa Rica because of the preponderance of Russian cyberattacks on the country’s critical infrastructure. Such measures are normally reserved for natural disasters such as earthquakes, but this move speaks to the nature of today’s cyberthreats.
Cyberwarfare. Of no surprise is that in modern superpower warfare, even for a depleted power such as Russia, cyber weaponry is a given, as we continue to see in Ukraine.
Cybersecurity IPO? Privately held Arctic Wolf Networks hired Duston Williams as its new chief financial officer. Williams has taken three companies to an initial public offering, including Nutanix Inc. in 2016. Whether AWN chooses to pull the trigger this year or will wait until markets are less choppy remains to be seen, but it’s a pretty clear sign the company is headed to an IPO at some point.
Building security into platforms. A big point of discussion this week at Red Hat Summit in Boston and the prior week at Dell Technologies World was security. In the case of Red Hat Inc., securing the digital supply chain and from Dell Technology Inc., building many security features into its storage arrays and cyber resilience services into its as-a-service offering, APEX. We’re seeing a trend where buyers want to reduce the number of bespoke tools they use.
IDC’s Jim Mercer shared the following on theCUBE at Red Hat Summit:
Around last August, we ran a survey and asked, ‘Where do you want to get your DevSecOps security from, do you want to get it from individual vendors? Or do you want to get it from your platforms that you’re using and deploying changes in Kubernetes?’
>> Great question. What did they say?
The majority of respondents said they’re hoping they can get it built into the platform. That’s really what they want.
Listen to IDC’s Jim Mercer share relevant data from a recent survey they conducted on the topic.
Now we can debate whether that vision is achievable, because you have so much innovation and investment going on from the likes of startups such as Lacework Inc. and Snyk Ltd., as well as security companies trying to build out platforms, such as CrowdStrike, Okta, Zscaler and many others.
The last point we’ll hit is there’s some buzz in the news about Okta. The reaction to what was a relatively benign hack was severe and probably overblown. But Okta’s stock is paying the price of what is generally considered a blown communications plan versus a technical failure. Remember, identity is not an easy thing to rip and replace, and Okta remains a best-of-breed player and leader in the market. So we’ll look at some ETR data later in this segment to try to make sense of the recent action in the market.
The market sends mixed signals in security
Let’s take a look at how some of the names in cybersecurity have fared relative to some of the indices and indicators.
Above we show a Google Finance comparison for a number of names and their performance year to date. At the bottom 0f the list, for comparison, we plot the BUG ETF, which tracks security stocks. We don’t show it here but the tech-heavy Nasdaq is off around 26% year to date, whereas the security ETF is down 18%. But the data are mixed. For example, Okta is way off relative to its peers. That’s a combination of the breach but also the run-up in the stock since COVID. CrowdStrike was faring better but broke this month. We’ll see how its upcoming earnings announcement is received on June 2 after the close.
Palo Alto Networks is the light blue line and has done better than most and until recently was holding up quite well. Of course SailPoint Inc., another identity specialist, is going private with the acquisition by Thoma Bravo at nearly $7 billion.
So we get mixed signals in cyber these past several months and weeks.
Survey data shows continued spending momentum for the cyber leaders
As we’ve reported, IT spending forecasts at the macro level have come off their 8% highs from the end-of-the-year surveys, but robust tech spending is still expected at nearly 7% within the base of 1,200 ETR respondents. Let’s take a look at the survey data and see how spending is holding up for security players.
The above graphic shows a picture from the ETR survey of the cyber landscape for the April survey. The Y axis is Net Score or spending momentum and the X axis is Overlap – formerly Market Share – which is a measure of pervasiveness in the data set. That dotted red line at 40% indicates highly elevated spending momentum and we’ve filtered the names to only those with 100 or more responses in the survey. The picture is crowded nonetheless.
Note there are several companies above the red dotted line, including Microsoft Corp., which is up to the right. But there’s also Palo Alto, Okta, Auth0, which is now owned by Okta, Zscaler, CyberArk is making moves, SailPoint and Cloudflare are all above the magic 40% line. Cisco Systems Inc. is showing a large presence in the data on the X axis and respectable momentum. Splunk Inc., KnowBe4 Inc. and Tenable Inc. are just below the 40% line, with plenty of names in the very respectable 20% zone.
We’ve included some legacy names that fall below the 0% line with a negative Net Score. That means a larger proportion of their customers in the survey are spending less than those that are spending more. Typically for these legacy names, you’ll have a huge proportion of customers who have flat spending and that pulls Net Score downward.
The bottom line is that spending remains robust for some of the leading names we talked about earlier – despite their rocky stock performance.
Zooming out on the leaders
Let’s filter the data a bit more to make it easier to read. To do that we take out Microsoft because they’re so dominant and we cherry-pick some names to make the data more consumable. The other data point we’ve added is Okta’s Net Score breakdown, shown in the lower right of the chart below.
Focusing for a moment on Okta’s net Score Breakdown, Net Score measure the percentage of customers that are adding the platform new – that’s the lime green at 18% for Okta. The forest green at 42% is the percent of customers in the survey spending 6% or more. The gray is flat spending at 32% of respondents. The pink at 3% is the percent of customers spending less (6% or worse), and the bright red at 3% indicates customers decommissioning the platform.
Subtract the reds from the greens and you get Okta’s Net Score solidly in the mid-50% range.
We highlight Okta because it’s a name we follow closely and customers have given us strong feedback on the company’s technology and consistent execution. But the recent breach has caused us to take a closer look and you may recall we reported with our ETR colleague Erik Bradley that the breach was announced right in the middle of collecting the latest survey data. And while we did see a noticeable downtick in Okta’s Net Score right after the breach was disclosed, you can see above the combination of Okta and Auth0 remains very strong.
We asked Bradley what he thought about Okta at this point and he pointed out that you can’t evaluate this company on its P/E ratio. But its forward sales multiple is now below seven times, and while attractive, these highfliers have to start making a profit at some point. We’ll come back there.
Four-star security firms
Let’s take one more cut of the ETR data to look at our four-star security names. Awhile back we developed a methodology to try to cut through the noise of the crowded security sector using the ETR data to evaluate two key metrics – Net Score and Shared N. The latter is an indicator of presence in the data set – a proxy for market presence. And the former is a measure of spending momentum. We assign four stars to those companies that crack the top 10 in both categories.
The chart above shows the April survey data for those companies with an N greater than or equal to 100 responses. The table on the left is sorted by Net Score and the one of the right by Shared N.
Seven companies hit the top 10 for both categories and earned four stars: Palo Alto Networks, Splunk, CrowdStrike, Okta, Proofpoint Inc., Fortinet Inc. and Zscaler. Remember Okta excludes Auth0, which didn’t make the cuts but hits the top 10 for Net Score. So if you add Auth0’s 112 N to Okta, it would put Okta in the No. 2 spot in the survey on the rightmost table with a Shared N of 354. Only Cisco has a higher presence than Okta in the data set and you can see Cisco on the left lands just below the red dotted line in security. So if we were to combine Okta and Auth0 as one, Cisco would make the cut and earn four stars.
Other notables are CyberArk, which is just below the red line on the rightmost chart with 177 Shared N. Again if you combine Auth0 and Okta, CyberArk makes the four-star grade because it’s in the top 10 for Net Score. And SailPoint is notable with a Net Score above 50% and a respectable 122 Shared N.
Despite the market’s choppy waters, we’re seeing some positive signs in the survey data for the more prominent names in security.
What’s the outlook for cyber stocks?
As always when we see these confusing signs, we like to reach out to theCUBE network and one of the sharpest traders out there, Chip Symington, who shared some insights with us that we highlight here.
Good tech stocks are oversold. Technically, almost every good tech stock is oversold and as such we may see a bounce here. We’re certainly seeing that on this Friday the 13th. But the right call tactically has been to sell into the rally these past several months.
Follow the money. The key issue with a name such as Okta and some other momentum names such as CrowdStrike and Zscaler is that when money comes back into tech, it’s going to go to the likes of Facebook Inc., Apple Inc., Amazon.com Inc., Netflix Inc., Alphabet Inc. and Microsoft. We’ll see about Amazon, by the way — it’s out of favor right now as everyone’s focused on retail, but meanwhile its cloud business is booming and that’s where all the profit is.
Profitless prosperity. For these momentum names that don’t make money, they face real headwinds as growth slows and interest rates rise, making the net present value of these investments much less attractive.
Quality wins long term. Longer-term we agree with Symington: Many of these names will be great companies and they’ll weather the storm to lead in their respective markets. As well, expect continued mergers and acquisitions activity in cyber, which could act as a booster shot in the arm of these names.
In 2019 we saw the ETR data point to momentum for CrowdStrike, Zscaler and Okta in the security market, as well as some other names. The pandemic created a surge in these stocks and admittedly they got out over their skis from a valuation perspective. But the data suggests these leading companies have continued momentum and the potential for staying power. Unlike the brand impact of the SolarWinds hack, it seems at this juncture that Okta will recover in the market. But for the reasons we cited, investors may stay away for some time.
Longer-term, there’s a shift in chief information security officer strategies that appears permanently to value cloud-based, modern platforms that will likely continue to gain share and carry their momentum.
Keep in touch
Thanks to Stephanie Chan, who researches topics for this Breaking Analysis. Alex Myerson is on production, the podcasts and media workflows. Special thanks to Kristen Martin and Cheryl Knight, who help us keep our community informed and get the word out, and to Rob Hof, our editor in chief at SiliconANGLE.
Remember we publish each week on Wikibon and SiliconANGLE. These episodes are all available as podcasts wherever you listen.
Email email@example.com, DM @dvellante on Twitter and comment on our LinkedIn posts.
Also, check out this ETR Tutorial we created, which explains the spending methodology in more detail. Note: ETR is a separate company from Wikibon and SiliconANGLE. If you would like to cite or republish any of the company’s data, or inquire about its services, please contact ETR at firstname.lastname@example.org.
Here’s the full video analysis:
All statements made regarding companies or securities are strictly beliefs, points of view and opinions held by SiliconANGLE media, Enterprise Technology Research, other guests on theCUBE and guest writers. Such statements are not recommendations by these individuals to buy, sell or hold any security. The content presented does not constitute investment advice and should not be used as the basis for any investment decision. You and only you are responsible for your investment decisions.