For Proofpoint (PFPT), COVID-19 hit close to home. Proofpoint has to live with a new reality as its seat-based pricing model means furloughs and layoffs will affect ARR growth in the short term. This is a temporary headwind to its growth factor, which has done the bulk of the heavy lifting to make Proofpoint’s valuation attractive in a frothy SaaS space. Going forward, it is essential to understand Proofpoint’s platform evolution and how the macro environment will dictate its moves in the coming quarters. We believe this will help short- and long-term investors calibrate their risk appetite.
Proofpoint has had a great run as a leader in the email security space. The ubiquity of email-based attacks has driven the relevance and demand for best of breed email security solutions. While enjoying this favorable demand-side tailwind, Proofpoint didn’t hesitate to add more capabilities to its platform. The most attractive add-on is its advanced threat capability. This is important because the more sophisticated the cyber threat, the more victims lose. This often results in a huge incident response bill for enterprises. Other add-ons include capabilities in archiving and compliance, social and web security, security awareness training, and data loss prevention.
It’s a no-brainer for CISOs to go for the best email security vendor due to the sophistication of email-based attacks. Given the prevalence of spear-phishing attacks and other vectors that target C-level execs, making the case to management to adopt email security solutions isn’t expected to be complicated. Today, Proofpoint has over 50% of Fortune 1000 companies as its customers. Proofpoint’s add-ons assisted its land and expand strategy until last year when it was expedient for Proofpoint to rethink its strategy to play into three emerging trends: increasing adoption of cloud platforms, security consolidation, and Zero Trust. The adoption of cloud platforms drove the emergence of cloud security solutions to protect access to cloud networks, apps, and workloads residing in them. Security consolidation followed the natural push by enterprises to optimize the total cost of ownership of their security offerings. Zero Trust was a new security standard that emerged as more endpoints and users moved out of the traditional network perimeter.
According to Gartner by 2022, 80% of new digital business applications opened up to ecosystem partners will be accessed through zero trust network access (ZTNA), and by 2023 60% of enterprises will phase out their remote access virtual private networks (VPN) in favor of ZTNA.
Luckily, Proofpoint acquired most of these capabilities just in time before COVID-19 hit. Proofpoint added Meta Networks, which gave it ZTNA (Zero Trust) capabilities. The acquisition of Meta Networks means Proofpoint has the chance to grow its capabilities in providing remote work solutions. Meta Networks provided an SDN-driven replacement for VPNs (for remote network access). While this move is great, it puts Proofpoint in competition with network security vendors with strong remote network access solutions. Investors following the last two earnings seasons will observe the strong performance of Zscaler (ZS), Fortinet (FTNT), and Palo Alto Networks (PANW) in the remote access security segment. During the last earnings, Proofpoint didn’t say much about Meta Networks as it continued the integration of the platform with its cloud security offering.
In the meantime, Proofpoint has been improving its cloud security capabilities.
As with the EDR previous example, enrichment of DLP events with insider activity information can provide a new, more accurate assessment of DLP event severity or uncover broader patterns of concern
Proofpoint has chosen to use the DLP route to differentiate its cloud security offering. This strategy gains from its insider threat security capabilities via the acquisition of ObserveIT. The DLP market was regarded as mature by Gartner some years back, and the annual magic quadrant for the DLP segment was retired. The DLP space features top players like McAfee, Symantec, Forcepoint, and Microsoft (MSFT). Traditional DLP players have mostly offered on-prem solutions. Since Proofpoint has been an email security replacement vendor for McAfee and Symantec customers, this makes the future of the DLP space more appealing to it compared to other players. Going forward, it will have to worry about Forcepoint, Zscaler, and Microsoft.
To innovate, it is exploring the option of adding cloud and endpoint DLP capabilities to its email-centric DLP offering. This will build upon its capabilities in cloud access security. The acquisition of ObserveIT includes endpoint agents for visibility, threat detection, and monitoring. This gives Proofpoint the assets it needs to understand endpoints and how users interact with them. Because ObserveIT comes with insider threat security capabilities, the entire framework ties into Proofpoint’s people-centric approach to security: monitor user activity and prevent malicious attacks. With this setup, Proofpoint prevents itself from being seen as a threat to the endpoint and identity security players. Instead, it has chosen to partner with them. With CrowdStrike (OTC:CRWD), joint customers enjoy two-way threat intelligence sharing. With identity players like Okta (OKTA), risk scores provided by Proofpoint can extend threat hunting activities into account lockdown (access control) capabilities.
It is easy to see how Proofpoint has subtly crept into promising segments of the cybersecurity space without triggering potential competitors. This is important as it explores new ways to defend its market share while exploring new cash flow generating opportunities. This is also attractive when modeling the sustainability of its future cash flow.
Proofpoint addresses a $13B+ market. It is demonstrating the strength to grow market share in most of its operating segments. In the meantime, investors will revel in the hopes of a promising future, which includes capabilities in remote network access, cloud security, and its leadership in email, archiving, and security awareness training.
Given its positive operating cash flow and the ample cash on its balance sheet, the possibility of using the M&A route to acquire more next-generation security capabilities shouldn’t be underestimated.
Proofpoint has developed the capabilities to protect one of the data routes that will receive the most traffic on the internet: humans/endpoints to cloud apps/networks. This is both a long- and short-term growth and value driver. Proofpoint also plays into favorable near-term tech trends (remote network access). Lastly, the evolution of its Zero Trust platform around users and data protection should not be underestimated as enterprises shift to the best security platforms. This evolution is differentiated with capabilities in insider threat management, compliance, enterprise data loss prevention, and security awareness training.
The relationship between its bundling strategy and its platform evolution needs to be better fleshed out. As enterprises demand more consolidation and integration of security appliances, Proofpoint needs to prove that it can dominate with its high-end security bundles. In the short term, the temporary headwind from COVID-19 makes it tough to calibrate the strength of its evolving land and expand strategy.
If you enjoyed this article and wish to receive updates on our latest research, click “Follow” next to my name at the top of this article.
Disclosure: I/we have no positions in any stocks mentioned, and no plans to initiate any positions within the next 72 hours. I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it (other than from Seeking Alpha). I have no business relationship with any company whose stock is mentioned in this article.