FireEye’s (FEYE) growth factor will continue to improve as the cloud and professional services segments become a more dominant portion of overall revenue. FireEye has invested in solid technologies to capture more market share in the cloud security space. As it continues to optimize the cost of capital of its on-prem business, the expected multiple expansion will be unlocked. As a result, long-term investors should continue to hold on to shares of FireEye.
Demand (Rating: Bullish)
Source: Author (using data from Seeking Alpha)
Enterprise spending on cloud security solutions is predicted to increase from $636M in 2020 to $1.63B in 2023, attaining a 26.5% CAGR.
FireEye has largely positioned itself as the vendor that puts in a bit more intelligence and expertise where other security players stop. During and post COVID-19, FireEye will have the chance to prove its mettle. FireEye’s cloud solutions and professional services will benefit from the growing need for organizations to stay on top of the latest cyber threat as they move more of their workloads online. The attack surface of connected networks and devices will multiply. The huge volume of data lanes that can be hijacked by rogue hackers means organizations need to continue to view security as an important IT budget.
Analysts have been concerned about FireEye’s ability to monetize its solutions, given that the work from home trend means less on-prem engagements. I believe the remote work trend is going to be positive because deploying solutions and consulting remotely are FEYE’s strong points. CISOs would appreciate vendors who can operate remotely since most rogue hackers operate remotely.
As an investor, having digested the volatile impact of the transition to a security as a service model, we can focus on the long-term growth drivers, which is the platform cloud and managed services business.
Going forward, FireEye will continue to lap up strong wins from its cloud security solutions because of the depth of its expertise, and its capabilities to orchestrate, monitor, and assess its customer’s security posture.
FireEye’s solutions ought to be highly valued due to the depth of its threat intelligence and the ability to stop the most sophisticated attacks. However, these features are more admired by CISOs than CFOs. This period can finally crown FireEye’s efforts in security as it expresses the ROI-generating capabilities of its offerings.
Going forward, the Street will have to overlook the flattish revenue growth guidance until the solid growth of its platform, cloud sub, and managed services segment is picked up by algos and APIs.
Business/Financials (Rating: Neutral)
Source: Author (using data from Seeking Alpha)
On-prem: this has impacted billings and future growth forecasts. Less renewal and less on-prem refresh mean less deferred revenue. It also means less cash in the door. Near term, FireEye’s 95%+ net retention rate for its on-prem business is encouraging as some customers still opt for an on-premise security deployment. However, the long-term trend suggests more customers will be refreshing to the cloud. This means its on-prem/appliance business won’t necessarily be lost business; it will only change billings modeling.
Cloud: FireEye prepared for this period via its acquisition of Cloudvisory and its iBoss partnership. Cloudvisory is a solution for performing cloud security audits, compliance checks, vulnerability management, policy management, threat detection, and response. The iBoss partnership will also come in handy. iBoss is a visionary in Gartner’s analysis of the secure web gateway space.
iboss + FireEye Cloud Network Security is an advanced threat protection and breach detection solution designed to quickly and easily protect end traffic, users, devices, networks, assets, and data from known and unknown threats.
The aim of the partnership is to protect customer’s security regardless of their location.
FireEye also has Detection on Demand. This is a cloud-based offering that provides intelligence on analyzed content. This service is available to developers. Devs and pentesters will find DoD attractive for threat intelligence. This has the potential to drive FEYE’s popularity amongst startups.
Lastly, FireEye has a network security solution (using Helix) available for users migrating to AWS. This is an advanced security solution that can be layered on AWS’s security services.
The rise of ransomware attacks will hasten the adoption of FireEye’s email, endpoint, and cloud offerings. Its SIEM solution should also record a spike in adoption as organizations deploy analysts to monitor security logs and alerts. The ROI of its offerings will be easier to prove as the cost of cleaning up a data breach will rise, given that more organizations now depend on their online channel to run their operations. Getting crippled by a denial of service attack or losing confidential information to a spear phishing attack will be more costly to manage than ever before.
Services: Mandiant services and other professional engagements shouldn’t see a decline in this period. As a CISO, I understand most attacks on my network and endpoints will be launched remotely. This makes it logical for me to engage a forensic team that can remotely simulate the intent of rogue hackers on my system. FireEye’s recent acquisition of Verodin for security instrumentation does a nice job at this. Depending on how it is sold to its existing and potential customers, I expect CISOs to rely heavily on its services because they now have little visibility when securing remote endpoints. With Mandiant Validation, FireEye can leverage the depth of its threat intelligence to assess remote endpoints and networks. All misconfigured security appliances and policies can be hastily identified and patched.
Also, FireEye recently extended Expertise on Demand through its solutions. This means it can provide technical expertise via its solutions. This has contributed to a 66% growth in EoD billings y/y.
As a security professional fingerprinting a remote device, simulating an attack on the identified device in a sandbox with the latest malware, shellcode, and payloads, can provide quick visibility into the security posture of a remote device.
It’s important to focus on the future, which will consist of cloud deployments and professional services. Both offerings are growing in the double-digit range. It’s tough to predict how the on-prem business will affect billings and growth linearity. However, cost optimization can help buffer liquidity. This explains the expense reduction in the on-prem business. Since customers aren’t expected to renew and drive billings at the historical rate, it’s important to match future spend with growth expectations.
It’s also logical that FEYE no longer gives billings and cash flow guidance. FEYE provided ARR and revenue guide. ARR will help paint a clear growth picture. Revenue is easy to forecast, given that deferred revenue is front end loaded. This will ensure that billings guide will stop distorting short-term expectations. While algos won’t necessarily pick up ARR guide as the dwindling on-prem business continues to mask true growth, it provides a nice color for long-term growth investors to skate where the puck will be.
On its balance sheet, DSO will grow as customers delay new IT procurements. FireEye has raised its bad debt reserve in anticipation of revenue collection volatility. It is reassuring to know that FEYE has enough cash to cover its near term financial obligations.
Macro/Competitors (Rating: Neutral)
Right now, as a security company, you want to be the one protecting (firewall) physical data centers and cloud infrastructure. Cloud service providers are now the backbone of global internet trade. That’s where Palo Alto Networks (NYSE:PANW), Fortinet (FTNT), Cisco (NASDAQ:CSCO), and players with SDWAN capabilities win. If you’re not doing that, you want to provide enterprises and their employees with a VPN or CASB (cloud access security broker) to access remote networks and cloud services. This is where players like Zscaler (ZS) and Symantec win. And if you’re not doing that, you want your lightweight security agent to be installed on remote endpoints to provide active threat detection and protection. That’s the job of CrowdStrike (NASDAQ:CRWD) and Cylance. Lastly, security providers can also win by assessing and patching endpoints for the latest security vulnerabilities. That’s the job of Rapid7 (RPD), Tenable (TENB), and Qualys (QLYS).
FireEye comes in as a backup to most of these players. On every network, you need deep threat intelligence to understand the most violent cyber threat. You need to perform vulnerability management (Verodin) of your security devices to ensure they are properly configured. You need to actively log and alert your security team on the latest cyber threat, which FireEye takes care of with Helix. Also, if it gets to it and you’ve been breached, you need incident responders (Mandiant). Everyone is important. Though, in some cases, you have network security vendors with multiple capabilities, which means niche players can’t continue to command a huge premium on their offerings.
FireEye used to be a leader in the APT (advanced persistent threat) space. It has now fallen to the specialist spot, according to Radicati. I won’t put a lot of confidence in the analysis from a technical standpoint. Putting on the cap of a CISO, I regard FireEye as a leader in blocking APTs. However, Radicati cited weaknesses which include its lack of firewalls, mobile security, limited CASB, and DLP (data loss prevention) offerings. These are more interesting to a CFO whose KPIs revolve around justifying ROI on IT spend.
FireEye doesn’t rank in the SWG (secure web gateway) analysis provided by Gartner. However, it acquired SWG capabilities via iBoss. Leaders in the SWG space include Zscaler and Symantec. Symantec is now living a new life with Broadcom (NASDAQ:AVGO). Zscaler’s growth momentum has been tough to catch. As a visionary in this space, iBoss’s strengths include the depth of its partnerships and its ease of deployment across multiple cloud form factors.
FireEye doesn’t show up in Gartner’s analysis of the email security space. That niche has been marshaled by Mimecast (MIME) and Proofpoint (PFPT), who have developed robust capabilities in email security. Cisco, Barracuda, Symantec, and Forcepoint are also top contenders in the email security space, while network security vendors like Fortinet and Palo Alto Networks have email security capabilities to cross-sell to their existing customer.
The overall competition landscape suggests every security vendor has to enter RFPs with its A-game. It also points to the possibility of more discounting as top players fight for market share.
The macro-environment favors cloud security players. However, it affects renewals and refresh of its physical appliances. This is a win for FireEye’s pivot to a security as a service model. Understanding this will help investors manage their expectations while calibrating their risk appetite.
Besides that, the coming election season is a tide that will lift all boats in the security space. I anticipate more wins in the Fed/Govt vertical.
Investors/Valuation (Rating: Bullish)
Source: Author (using data from Seeking Alpha)
FireEye’s valuation has been range-bound because the Street has struggled to digest the evolution of its shift to being a cloud security player. The momentum of other cloud players sometimes gives the feeling that FireEye could do a lot more. Also, the level of congestion in most of the security segments it plays suggests additional market share will be captured at a huge cost of capital.
Since algos don’t appear to be using ARR growth and cloud solutions (platform, cloud, and managed services) growth to value FEYE, FEYE’s valuation will be range-bound until cloud solutions and professional services become a more dominant driver of future growth.
If we assume FireEye’s revenue and billings growth will continue to expand as cloud subscription and ARR cover the narrative of the dwindling on-prem business, then we can expect multiple expansion to lead to a rerating of FEYE’s valuation towards more upside. This also assumes the cost of capital required to grow the cloud business covers the cost of capital required to keep managing the on-prem business. The long-term margins and cash flow guidance provide some assurance.
The rapid pace of innovation in the cloud security space indicates a low entry barrier for new entrants. Also, globalization risk induced by COVID-19 will continue to affect wins from the sharing economy and countries with poor stimulus packages.
Conclusion (Overall Rating: Hold)
Betting on the gradual improvement of FireEye’s growth factor also assumes a steady improvement in its cost of capital. The level of competition in the cybersecurity space doesn’t instill much confidence. Regardless, FEYE will continue to capitalize on its expertise and experience to grow and retain its customers. As a result, investors should maintain a long-term outlook.
If you enjoyed this article and wish to receive updates on our latest research, click “Follow” next to my name at the top of this article.
Disclosure: I/we have no positions in any stocks mentioned, and no plans to initiate any positions within the next 72 hours. I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it (other than from Seeking Alpha). I have no business relationship with any company whose stock is mentioned in this article.