The Top Cybersecurity Stocks
Ranking, Research and Analysis of the Best Publicly-Traded Cybersecurity Companies to Invest
The Top Cybersecurity Stocks - Recommendations for Investors
Several Fortune 500 companies have joined the ranks of the cybersecurity elite; enterprises such as IBM, Cisco, and HP bring their technical experience along with hardware and software resources to the problems of security, but they are not alone. Other publicly listed companies, such as FireEye and Palo Alto Networks, are making a name for themselves in cybersecurity, often after rising from roots as relatively modest startup companies. Here's a look at some of the cybersecurity offerings from public companies of all sizes.
IBM (Ticker: IBM)
IBM offers a suite of security services with emphasis on providing expert consulting and deep analytics that help businesses identify risks and deploy solutions. Backed by a global network of BPO resources, IBM is able to offer high-level security solutions with maintenance costs that are affordable for many organizations—particularly when compared with the large expenses associated with data breaches.
In the past few years, IBM has acquired a number of firms with expertise in the cybersecurity market, including access management vendor Crossideas, cybersecurity specialist Trusteer, and another access management and identity firm, Lighthouse Security Group. IBM announced a planned partnership with AT&T in 2014 to establish next-generation security services. IBM's long client list includes notable names such as Dow, Baylor University, BMW, and Heineken.
IBM's acquisitions, along with legacy expertise and systems, have allowed IBM to develop comprehensive security services including:
· Criminal detection services for websites, which combine critical fraud indicators with transaction modeling and device IDs to help site owners identify and protect against fraudulent activity.
· Data activity monitors to prevent leaks, breaches, and unauthorized access.
· Automated firewall monitoring.
· Program and security architecture design services that let organizations evaluate architectures to discover and address cybersecurity risks.
· Software to automate key management and encryption processes for reduced costs and risks.
Cisco (Ticker: CSCO)
Cisco's cybersecurity product line brings adaptive products to companies who are looking for a comprehensive and consistent approach to security. Cisco's approach is architectural in nature and includes services such as:
· Mobile security solutions that increase efficiency while protecting data and processes on a variety of hardware. Mobile security solutions include defending against viruses, preventing the breach of or loss of data, encrypting and tracking emails, and protecting against spam.
· Identity solutions that let organizations track access to the network, limit access, and automate admin operations.
· Wireless security that focuses on external threats and provides methods to reduce or respond to those threats.
· Malware products that protect against suspicious activity and downloads and detects installations and occurrences of malware on the network.
Like IBM, Cisco has built its cybersecurity expertise in part through acquisitions. Recent acquisitions include malware analysis firm ThreatGrid and network security firm SourceFire. Cisco also purchased Cognitive Science, which dealt with AI applications within the cybersecurity industry. Cisco continues to innovate in the cybersecurity industry, and we expect the company to purchase many privately held startups in the near future.
Cisco will also grow its cybersecurity presence by purchasing one of the top companies like FireEye, Palo Alto Networks, CyberArk, or Fortinet.
Hewlett-Packard (Ticker: HPQ)
Hewlett-Packard has seen less merger and acquisition activity than either IBM or Cisco; it did purchase data security analytics firm ArcSight in 2010, but didn't make many other notable acquisitions in the cybersecurity space in recent years. Even so, HP brings its hardware and software experience to the field in the form of integrated security solutions. Companies that use HP solutions include NASCAR and United.
Some of HP's major cybersecurity solutions include a data-specific protection product called HP Atalla Information Protection and Control. Instead of encrypting or protecting the overall structure where the data resides, HP's solution protects the specific data. Protection is applied as soon as the data is created and it lives with the data. The data can be transferred, but it goes out into the world with its security raincoat on, so to speak.
HP also offers a code analyzer that lets companies implement best practices in coding to increase security within all of its software. The product, called Static Code Analyzer, scans the code and provides an analysis of possible vulnerable points. The software even provides tips and guides for addressing security weaknesses in the code.
As part of the ArcSight purchase, HP gained an analytics and event correlation product. Called ArcSight ESM, the product categorizes as many as 100,000 events each second, analyzing events for potential security threats or oddities. The constant monitor provides instant detection for numerous security threats, letting organizations react immediately to stop an attack or reduce the impact of one.
Led by innovative leader, Meg Whitman, HP is at an inflection point; by recently separating their hardware and software divisions, HP should consider acquiring a leader in cybersecurity. By doing so, they’ll complement their software division and be able to offer a one-stop shop for small and mid-sized companies who need to protect their networks.
FireEye (Ticker: FEYE)
A young company, FireEye went public in September 2013. The company raised $304 million during its initial public offering and has gone on to purchase at least one other cybersecurity firm. FireEye acquired Mandiant in December 2013. Mandiant was a firm providing computer forensic services.
FireEye offers automated malware protection and threat forensics. Its product was able to identify the threat to Target's retail systems before or right at the time of the 2013 holiday breach, however, Target did not act in a timely manner to stop the attack. Other companies that use FireEye include the University of California at Berkeley, Investis, and Finansbank.
Some of FireEye's product offerings include:
· A test environment that lets organizations replay and document malware activities on their networks. The ability to investigate such activity lets organizations manage compliance and investigation needs following an incident, but it also provides technical resources with learning and process improvement opportunities.
· A threat intelligence product that automates detection processes so that advanced cyber attacks are less likely to go unnoticed for long periods of time. The product also provides intelligence and analysis regarding threats.
· A complete defense framework that protects organizations and networks, even against cyber attacks that bypass traditional security protocols.
CyberArk (Ticker: CYBR)
Even younger than FireEye or Palo Alto, CyberArk went public in September 2014. It raised $85.8 million in its initial public offering and scored a market capitalization of about 11 times revenue. CyberArk differs from many of the other companies discussed in this chapter because its services are directed toward internal threats rather than those coming from outside the organization. Some of CyberArk's primary security services include:
· SSH Key Manager, which controls access to secure accounts by managing access to SSH keys. The manager integrates authentication solutions with encryption to provide high-level protection to keys at all times.
· Enterprise Password Vault, which lets organizations track access to all internal privileged accounts. The product works across disparate operating systems and in the cloud; it can also be deployed in various environments including applications, databases, and devices.
· A threat analytics product that monitors internal activity on the network and generates an automated response or report when threatening behavior is detected. CyberArk has built patent-pending analytical capabilities into the product, which use both conventional logic and user-based data to create appropriate reporting regarding the activity on each specific network. Immediate reporting of any possible threat from the CyberArk product lets teams respond quickly to mitigate the damage caused by internal breaches.
CyberArk's client list includes companies such as Novartis and Pizza Hut.
Speech and Transcript from Cybersecurity Investor and Expert on Cybersecurity Venture Capital - Ross Blankenship
"The hottest companies in public companies, the publicly traded companies in cybersecurity, include Cisco (CSCO), FireEye (FEYE) Palo Alto Networks, (PANW) is their ticker. Other large companies, like IBM, which has been around forever. IBM is the stock ticker. Hewlett Packard. I look at those five, FireEye, et cetera, as the biggest companies that are investing proactively in cybersecurity. Obviously FireEye and Palo Alto Networks, that's all they do. We understand why they might invest in it. I like the fact that they're dedicated to not only the product side but also the service side.
Give you an example, FireEye purchased the company called Mandiant, which was a company out in Virginia, that does forensics. If you're ever attacked by a cyber attacker, and you need to find out what happened or who attacked you, how they attacked you, you'd go to FireEye and they would literally do a forensic analysis of the cyber attack, and then they would also recommend products. FireEye's a great company within the public sector.
Cisco is also investing quite a bit in the hardware side of cyber security. The routers, the WIFI networks that so often you see in public and you're home as well as in public. Those are the big companies. FireEye, Palo Alto Networks, Cisco, IBM, Hewlett Packard. I like those. I think those are companies you should think about investing in on the public side of cybersecurity."