The spiraling growth of the Internet has helped companies
strengthen their relations with customers and vendors. It has
also provided a haven for criminal hackers seeking new ways to
steal customer credit card numbers, bank account numbers and
other sensitive data.
Recent breaches at big-name retailers have only scratched the
surface of the problem, says Frederick Ziegel, an analyst for
Topeka Capital Markets.
"You can't pick up a newspaper these days and not see a story
about some security-related issue, whether it's Target or Neiman
Marcus, and you have the whole mobile market ahead of you," he
said, "They have not even begun to figure out what they need to
do to protect their critical infrastructure."
Analyst Daniel Ives with FBR Capital Markets & Co. puts it
in even starker terms. The Internet is a battleground, he says,
and security software is no longer a luxury item.
"The threat level facing networks is nothing like we have ever
seen before," he said. "It's an accelerating market opportunity
where the total addressable market continues to expand."
A set of young companies is growing fast in the sector,
offering better ways to address security gaps. Long-standing
players are hustling to re-invent themselves in order to meet the
Everyone is trying to stay ahead of the crooks, says Mark
McCaffrey, lead global software analyst for
"The more adept security systems become, the more that people
figure out ways to get around it," he said.
Security software comes in several varieties. And not everyone
is chasing the same portion of the market.
NQ Mobile (
) sells mobile security and mobile device management products.AVG
) extends its security products to PCs, mobile devices and small
) sells an email encryption service in cloud-based computing, a
system for storing and accessing data over the Internet.Qualys (
) sells vulnerability management software for managing data
), one of the larger players, sells software that protects data
networks as well as devices such as PCs.
Palo Alto Networks (PANW) is focused on protecting company
firewalls, whileFireEye (FEYE)specifically detects new types of
threats to a company's website, email and data base systems.
"Every security vendor has their own blueprint of attacking
the threat environment," Ives said.
They also show widely varying fundamentals. Some smaller new
issues, including NQ Mobile and Palo Alto, are growing fast on
both the sales and revenue lines.
FireEye has shown explosive revenue growth, but hasn't turned
Symantec has struggled to maintain revenue growth, with
declines in the past two quarters.
Facing The BYOD Challenge
By 2016, global spending on security software will reach $25.3
billion, up 32.2% from the $19.1 billion spent in 2012, says
Increasing amounts of data pushed through cloud-based
computing, mobile devices, social media and Big Data are primary
drivers, says Ruggero Contu, an analyst for Gartner.
"All of those trends are pushing vendor positions in
security," he said.
Mobile is especially critical as sales escalate.
Worldwide smartphone shipments are expected to reach 1.68
billion by 2017, reflecting an annual growth rate of 18.4% from
2013 to 2017, says research firm IDC.
Many companies allow employees to use their personal
smartphones at work. But the bring-your-own-device policy opens
the door to potential threats, says Contu.
"Mobile security is a big problem," he said. "Organizations
are still struggling to find the right approach around how to
deal with the BYOD problem and what level of security policy to
End Of The Anti-Virus Era?
Security markets are changing fast, requiring some of the most
well-known players -- Symantec,Intel 's (INTC) McAfee and Trend
Micro -- to reinvent themselves, Ziegel says.
"The antivirus market, which is 40% of Symantec's business,
and which is a good chunk of McAfee's business -- those
technologies which have been around for a long time just don't
work any longer, so the Symantecs, McAfees and Trend Micros of
the world should be going back to the drawing board," he
Symantec is working through a restructuring program. But there
is no guarantee it can re-ignite revenue growth that has
languished for nearly two years, says analyst Ives.
"They have a great brand, a large customer base, but there is
not that much fuel in the engine," he said.
Another security stalwart,Check Point Software Technologies
(CHKP), reported solid Q4 numbers on Jan. 28. The results beat
views in spite of a quarterly revenue growth locked in single
digits for nearly two years.
On the flip side, newer players including FireEye,Barracuda
Networks (CUDA) and Palo Alto Networks have all posted consistent
double-digit revenue growth, Ives says.
"They have been major market-share gainers and have really
helped redefine the market," he said.
Last year, venture investment in security software companies
reached $856 million, up 26.8% from 2012 and up 321.8% from 2002,
says PwC and the National Venture Capital Association.
The increase in funding isn't surprising, McCaffrey says.
"You are seeing more companies come up with more innovative
technology around security and there is competition in the
space," he said.
M&A activity is also growing, partly from inside the
security software industry, but also as large companies move into
the space via acquisitions.
In early January, FireEye announced plans to acquire Mandiant,
a privately held cybersecurity consulting firm best known for
detecting a group of Chinese hackers last year.
On Jan. 22VMware (VMW), the leading provider of virtualization
software, said it plans to acquire AirWatch, a closely held maker
of mobile security and mobile management software for about $1.54
In October,Cisco Systems (CSCO) spent $2.7 billion to acquire
Sourcefire, a maker of cybersecurity software to boost the
networking equipment company's growing security business.
Security Drives Spending
In 2013 the average cost of cybercrime per organization
worldwide was $11.56 million, up 26% from 2012, says a study
completed by Ponemon Institute, a research company, and sponsored
Spending is dictated by more sophisticated and ruthless
cyberattacks, Ziegel says.
"The price of poker is going up because the rate of change is
accelerating, which means you have to stay on top of that stuff.
So you will continue to see 15% or 20% of every dollar going to
R&D," he said.
Companies such asImperva (IMPV) and Qualys are also built to
protect companies from attacks designed to steal massive amounts
of data at once, says Ives.
"What has popped up in the last few years is more security
products directed at protecting data centers -- that was not a
market three or four years ago," he said.
Sorting Out The Security Picture
Cybersecurity issues are getting worse, and companies have no
choice but continue to address the problem, says McCaffrey.
"The more we are touching consumers in every industry via
mobile, the cloud, advertising, the more security is going to
come into play," he said.
Finding the best solution might be the biggest problem, Ziegel
says, in an environment where huge market opportunities are still
"It will be a lot bigger over time just because security
problems continue to extend across every industry sector," he
Skilled labor is also a critical challenge, as schools turn
out far too few qualified programmers.
"So there is going to be a land grab for what is a very scarce
skill set," Ziegel said.
Investors face two key challenges, Ives says. One is to
determine which security software companies respond best to new,
sophisticated cyberthreats. The other is to monitor larger
companies acquiring their way into the trade.
"The biggest risk is you have a lot of companies playing in
the same sandbox," he said. "There (are) going to be clear
winners and losers, so finding the right vendors to bet on is