Threat Boom Boosts Cybersecurity Vendors


By: Mary Jander

Recent earnings reports from publicly traded cybersecurity players, including Akamai, CyberArk, Fortinet, and Qualys, among others, show how well — or not so well — vendors are keeping pace with enterprise security.

These vendors are coupling software and/or firewall gear with subscription services that stay ahead of malware trends. At the same time, they’re focused on moving their products to a software-as-a-service (SaaS) model, albeit slowly, and they are intent on colonizing the network edge, particularly in anticipation of 5G mobile broadband.

Here’s a rundown of recent reports:

Akamai (Nasdaq: AKAM) credits the ability to protect customers of its international content delivery network against a variety of Web-based attacks for impressive financial results announced on February 11, including fourth-quarter 2019 revenues of $772 million, up 8% year-over-year and 9% in constant currency (when adjusted for foreign currency rates); and total revenues for 2019 of $2.894 billion, up 7% year-over-year or 8% in constant currency.

On the earnings Webcast, CEO Tom Leighton said the recent revenue grew mostly from sales of managed security services. Astonishingly, in 2019, Leighton said over 1,500 enterprise customers mitigated 46 billion malicious log-ins and 6 billion application attacks — all representing a 150% increase over threats in 2018.

Akamai also has an eye on software that ensures enterprise compliance with government regulations, a potentially lucrative space given the emphasis on guarding personally identifiable information.

CyberArk (Nasdaq: CYBR) showed solid quarterly and year-end results on February 12, thanks in part to its focus on security threats involving access rights. “IT environments are changing at an unprecedented rate driven by digital transformation and cloud migration strategies,” said CEO Udi Mokady on the earnings Webcast. “These trends are expanding the attack surface, while at the same time there is a sprawl of privileged activity.” This expanding enterprise access is where ransomware has gained a foothold, he said.

CyberArk’s total fourth-quarter revenue was $129.7 million, up 19% compared with the fourth quarter of 2018. Quarterly earnings were $37.8 million, or $0.97 per diluted share, compared to $33.4 million, or $0.89 per diluted share, last year. Total annual revenue was $433.9 million, up 26% compared with 2018.

CyberArk is focused on outreach to channel and technology partners. The company’s 450-plus channel partners were responsible for 67% of 2019 revenues. And advisory firms such as Deloitte, PwC, KPMG, and Accenture boosted last year’s sales by over 50%, execs said. On the technology side, the company’s C3 Alliance includes RedHat, UiPath, Blue Prism, Rapid7, Tenable, AWS and Microsoft. “Security is a team sport,” said Mokady.

On the downside, CyberArk lowered EPS guidance for 2020, prompting a negative market reaction despite the good results.

Fortinet (Nasdaq: FTNT), as it has before, touted secure SD-WAN and its proprietary ASICs in its latest earnings report on February 6. For the full year 2019, total revenue of $2.16 billion was up 20% from 2018. Earnings for the quarter were 76 cents a share, up 22% from a year earlier. And the vendor announced an agreement with Equinix to supply secure SD-WAN equipment to that carrier.

That deal is even more interesting given Equinix’s recent acquisition of Packet, a provider of so-called bare metal services, or dedicated hardware, to multi-cloud service providers. Given the rise of multi-cloud deployments incorporating public and private clouds, as well as the growing popularity of SD-WAN managed services, Fortinet’s probably picked a great time to supply Equinix.

Qualys (Nasdaq: QLYS) had good news in its earnings report February 12: Fourth-quarter revenues rose 14% to $84.7 million, and for the year 2019, revenues rose 15% to $321.6 million. Net income for 2019 was $96.4 million, up 31%, and annual earnings per share rose 33% to $2.33.

Like its successful competitors, Qualys is working to improve its threat protection through alliances and internal development aimed at unifying its security services for easier management and oversight. It's extending its partnerships with major cloud providers, such as Microsoft and Google. Perhaps most important, though, Qualys is hooking up with service partners, including security service provider Proficio, and Coalfire, a cybersecurity advisory service. Both moves should help Qualys keep pace with the rising tide of threats, while ensuring its reach among managed service providers.

Those with Questions ...

As noted, some cybersecurity vendors lowered guidance for 2020, for a range of reasons. But in at least two cases, the moves beg a deeper look into what's happening.

Cisco (Nasdaq: CSCO) drew market sighs when it announced second-quarter 2020 results on February 12. As with preceding results, executives blamed "a bit of a pause" in customer decision-making for lackluster numbers. Revenues of $12 billion were down 4% year-over-year; net income was flat at $3.3 billion, and earnings per share grew 5% year-over-year to $.77.

As Cisco struggles to shift its business from reliance on hardware to one that emphasizes software and services, customers remain confused about the role of new Silicon One ASICs, as well as the company's focus on 400-Gbit/s and 5G wares. Even more confusing was CEO Chuck Robbins's statement on the recent earnings Webcast: "Over the past several quarters, we've made tremendous progress integrating automation, analytics, and security across our enterprise networking portfolio while at the same time shifting to a subscription-based model."

Not surprisingly, Cisco's shares dropped precipitously after the call. In midmorning trading on February 13, they were changing hands at 46.88, down -3.06 (-6.12%).

FireEye (Nasdaq: FEYE) announced on February 5 that fourth-quarter 2019 revenues increased 8% year-over-year to $235 million. Annual 2019 revenues were $889 million, up 7%. But net income was down for the year to $11,559 million, nearly 30% below 2018, and earnings per share were $0.05 compared to $0.08 in 2018.

Like Cisco, FireEye is intent on transforming its business. Like Cisco, its history is in hardware, and like Cisco, it's aiming to move away from that model. But perhaps unlike Cisco, it's more sincere about a wholesale shift to cloud and services. So far, things look promising: Revenues for Mandiant Services, the firm's flagship security service, grew 29% in the fourth quarter of 2019. To boost its capabilities, the company purchased security instrumentation supplier Verodin for $250 million n May 2019 and in January 2020 finalized the purchase of Cloudvisory (terms not disclosed), a startup that offers cloud-based security and compliance tracking and mitigation.

More on the Way

Earnings season's not over yet for cybersecurity firms. Still to weigh in are Palo Alto Networks, Splunk, and Zscaler. It will be interesting to watch how the market reshaping around secure SD-WAN, edge mobility, threat expansion, and compliance will further materialize. There may be some surprises in store.