Summary
- There has been an explosion in the number of cybersecurity threats in recent years, leaving both governments and corporations vulnerable to data breaches that are both embarrassing and damaging.
- According to research done by Frost & Sullivan and Interpol, the cybersecurity market is set to be a $155 billion market by 2020, representing an 11.8% CAGR from 2013.
- Crucial growth inflection point – From 2011-2014, CyberArk has seen its top-line growth exceeding 40%. Management has guided for 23-26% growth in 2015, which is fairly conservative, allowing for upside surprise.
Company Description
Founded in 1999, CyberArk (NASDAQ:CYBR) provides security solutions aimed at discovering, monitoring and protecting privileged accounts associated with employees in IT departments and other areas of enterprise in addition to servers, applications and devices. A global company, CyberArk is headquartered in Petach Tikva, Israel, with its U.S. headquarters located in Newton, MA. The company also has offices throughout EMEA and Asia Pacific.
CyberArk completed its IPO on September 24, 2014, issuing 5.36 million new primary shares (6.16 million including the overallotment as of September 30, 2014) at a price of $16/share.
Introduction
There has been a dramatic increase in data breaches in notable organizations like the National Security Agency (NSA), Home Depot (NYSE:HD) andStandard Chartered (OTCPK:SCBFF). There also has been an increase in hacking by hackers, with the latest being Sony (NYSE:SNE). The above highlights the growing threat of cybersecurity to organizations today.
Catalysts:
Cybersecurity, a $155 billion market in 2020. According to INTERPOL World 2015, one main focus this year is the threat of cybersecurity. It also projects cybersecurity to grow at a compounded annual growth rate of 11.8% from 2013 to 2020 based on research taken from Frost & Sullivan’s Global Cybersecurity Market Assessment 2014.
Strong competitive position relative to its peers. CyberArk has the technological advantage of being focused solely on cybersecurity. The issue of cybersecurity is gaining key importance, and in my view, companies are beginning to recognize this. US arms maker Raytheon’s (NYSE:RTN) recentacquisition of Websense for $1.9 billion just last month (April 2015) shows its desire to expand into the cybersecurity space vs. its traditional focus on defense technologies. This comes on the heels of its acquisition of Blackbird Technologies for $420 million in Nov. 2014 last year. CyberArk has the advantage of being a pure cybersecurity play.
Growth inflection point: From 2011 to 2014, top-line revenue has grown at more than 40% (41.5%) CAGR. Noteworthy for investors is that CyberArk represents the rare few cyber plays that are actually profitable vs. FireEye (NASDAQ:FEYE) for example. Net margins for 2014 are a respectable 9.7% vs. 2013’s 10.0%. The decline is mainly attributed to an increase in R&D and sales and marketing expenses, which is common for a new start-up company trying to establish itself in this space.
Steep valuation: The Street has a preference for the EV/sales matrix to value new start-up companies like CyberArk. Based on its last closing price of $62.68 on the 6th of May 2015, this means that it has an historical EV/sales of 16.9x. While the growth opportunities for the company remain intact, the extremely steep valuation suggests a slight degree of overvaluation. I therefore have a hold recommendation on the counter and recommend accumulation at the next correction.
Business Model
CyberArk is focused on the protection of privileged accounts. In order to better understand the business, I think Gartner does a pretty good job in terms of classifying the different aspects of privileged accounts, as highlighted below:
· PSM (privileged session management) solutions are defined by the ability to establish/control sessions and record them for archive or on a real-time basis.
· SAPM (shared account password management) solutions provide an encrypted/hardened password safe or vault for storing credentials, keys or other sensitive information. The products will control access to shared accounts to allow only authorized users to access them. The user may not see the actual password necessary to access the vault when integrated with a PSM solution that automatically initiates a session without disclosing the password.
· SUPM (superuser privilege management) tools are designed to filter or restrict commands that can be run under elevated privileges. Common examples are the Unix/Linux command “sudo” and the Microsoft Windows command “runas” that allow users to run a command under the privilege of another user.
· AAPM (application-to-application password management) tools are usually an add-on to a SAPM solution used to eliminate hard-coded passwords/credentials stored in files. The AAPM tool provides the function to pull credentials from a vault (usually through a trusted session) and interfaces with the application or script that requires the credentials.
· AD (Active Directory) bridging tools are used to allow users and groups defined within the Active Directory to be recognized on Unix and Linux systems. Gartner notes that AD bridging tools are not strictly privileged account management tools, but are often sold or used in combination with SUPM.
Financials
CyberArk’s financials reveal the growth inflection point discussed above. Moving forward, I see top- and bottom-line expansion from 1) Greater need for companies to upgrade their cybersecurity infrastructure, and 2) Reduced costs from marketing and advertising as they gain greater prominence and visibility.
Source: Company data and reports
The catalyst for the above would be high profile breaches resulting in companies taking greater precautions to boosting their cybersecurity infrastructure. Their gross margins also reflect a level of stability for investors in the company.
Improving operating margins: The company has been able to improve operating margins over the last four years. This in my view reflects the management’s ability to control costs and grow sustainably over time, avoiding costly cash burn that’s typically evident in new start-ups. FireEye for instance has seen its expenses in sales and marketing rise faster than revenue – this is not evident here.
Fundraising
The company just completed a secondary offering in March 2015 for 4,000,000 ordinary shares at a price of $51.00 per share. The company has no debt and could raise debt in the future to finance its growth.
Management
It is important that investors know the background of the management given that CyberArk was a start-up firm created by the founder who also is the CEO. I took a close look at its management team and feel that investors will have confidence in its ability to execute moving forward.
Udi Mokady, founder and CEO of CyberArk, was also the COO of CyberArk from 1999 to 2005. During his capacity as head of operations, he focused on strategy and sales operations/expansion prior to taking over as CEO. In my view, CEOs with operations background tend to be better in terms of setting strategic directions for the business.
Investment Thesis:
Strong competitive position: The emerging threat of cybersecurity put firms at risk of having their privileged and customer data compromised. It is my view that companies today are themselves still uncertain of how to deal with this emerging threat. Moving forward, they are likely to increase expenditures on this area, which is a positive for companies like CyberArk (pure play).
Seen in the above light, customers are likely to shortlist companies with a proven track record and capability in dealing with such threats, and CyberArk is, in my view, well positioned to take advantage of this. FireEye recently reported its 1H15 results which showed top-line improvement of 69% vs. 1H14. CyberArk is due to report its results on the 8th of May 15, and should also see top-line expansion. The massive upside surprise the company generated in Q4’14 with EPS of $0.21 vs. Street’s expectations of $0.05 has resulted in a big move in the stock price.
Rise in new business growth: Based on its Q4’14 results, CyberArk now has a total customer count of 1,800, with 30% of the customer base buying additional products annually. For full-year 2014, CyberArk saw deals over $100K grow 41% to 217 vs. 154 in 2013.
Management Guidance
Management has guided for 23-26% year-on-year growth for full-year 2015. In my view, this is likely to be easily reached. And management’s attempt to manage expectations is positive in my view, which allows it to surprise on the upside.
Competitors
I scoured for the list of competitors that were closest to CyberArk in terms of offerings, size and technology and narrowed them down to a few I think investors will compare CyberArk with. They are Qualys (NASDAQ:QLYS), Imperva (NYSE:IMPV), Fortinet (NASDAQ:FTNT), Proofpoint (NASDAQ:PFPT) and FireEye.
As mentioned above, I used the EV/sales matrix as the valuation matrix most comparable for firms in this industry. And at current levels, CyberArk is trading at more than 50% premium above the industry average around 7x EV/sales.
Risks
New competitors entering the market: I looked at a list of venture capital sites and found a great deal of new start-ups focused on this area. In my view, these start-ups could pose a threat to CyberArk given the relatively low barriers to entry and constantly evolving cybersecurity threat in this area.
Conclusion
FireEye recently reported 1H15 results, which showed top-line improving by 69% vs. 1H14. CyberArk is due to report its results on the 8th of May 15, and should also see top-line expansion. The massive upside surprise the company generated in the fourth quarter has resulted in a big move in the stock price. Even if it surprises on the upside in its latest results, a lot need to go right for the company given its strong run in the share price, which is a risk investors need to consider. Nonetheless, as seen above, this industry is starting to see M&A activity taking place, which could be a plus for CyberArk if it should be acquired.
Source: http://ift.tt/1dSMVUk
from cyber security caucus http://ift.tt/1zREJhh
via IFTTT
No comments:
Post a Comment