Tag Archives: ftnt

Palo Alto Networks Gouges Cisco, Check Point, Fortinet: Survey

Palo Alto Networks ( PANW ) gouged rivals Cisco Systems ( CSCO ) and Check Point Software Technologies ( CHKP ) during Q1, as Fortinet ( FTNT ) and Symantec ( SYMC ) demand toppled, according to a Piper Jaffray survey of 26 resellers and distributors. Meanwhile, cybersecurity vendors Imperva ( IMPV ) and FireEye ( FEYE ) improved on Q4 demand, and CyberArk Software ( CYBR ) and Proofpoint ( PFPT ) demand remained relatively stable. Cybersecurity stocks largely fell as of midday trading on the stock market today , with IBD’s 25-company Computer Software-Security industry group down nearly 1.5%. Proofpoint and Fortinet stocks led the plunge, both down more than 4% midday Tuesday. CyberArk stock was down more than 2%, and Palo Alto Networks stock was down more than 1%. Imperva was down more than 2.5%, and FireEye fell nearly 2%. Symantec and Check Point stocks bucked the trend, trading flat and up 1%, respectively. Check Point is losing to Palo Alto Networks, according to resellers surveyed by Piper Jaffray analyst Andrew Nowinski, but half of the resellers cited Cisco as the rival Palo Alto Networks beats out most frequently. “Cisco and Check Point have consistently been called out by resellers as the vendors most frequently losing to Palo Alto,” Nowinski wrote in a research report. In Q4 and Q3, Juniper Networks was also cited by 13% and 18% of resellers as losing to Palo Alto Networks. “However, this is the first quarter resellers cited Fortinet as competition to Palo Alto, suggesting Fortinet may be moving more upstream into the mid-market enterprise space,” Nowinski wrote. Only 35% of resellers sold more Palo Alto Networks products than they expected, Nowinski wrote, down from 56% in Q4. The largest distributors say Palo Alto Networks demand trends were unchanged, he added. Imperva jumped in Q1, as 20% of resellers were above plan vs. 8% in Q4. And FireEye demand improved to 31% below plan from 36% in Q4. CyberArk and Proofpoint were largely in line. But Fortinet and Symantec declined. In Q1, 31% of Fortinet resellers were below plan vs. 14% in Q4. Symantec fell to 50% below plan vs. 29% in the prior quarter.

Hackers, Insiders Can Threaten M&A Activity, Say IBM, Fortinet

Chinese hackers had already roamed Nortel’s systems for nearly 10 years when, five years after the breach discovery, business communications firm Avaya acquired bankrupt Nortel Enterprise Solutions — and, unknowingly, also acquired that company’s attackers. That was a bellwether moment for the M&A world, says Caleb Barlow, IBM ( IBM ) vice president of security. Until then, an acquisition target’s cybersecurity situation wasn’t a box on the usual M&A checklist. “It was the moment everyone in the M&A community woke up,” Barlow told IBD. “They said, ‘We better be looking at their security posture as well, otherwise you could not only legitimately acquire the company, but also the attacker.” As Barlow recounts, Nortel’s downfall came down to seven passwords, including the chief executive officer’s. Hackers with Chinese IP addresses gained access to Nortel’s network as early as 2000 and so thoroughly dug in that they weren’t discovered until 2004. Avaya, which acquired that Nortel business for $900 million in 2009, didn’t learn of the breach until after its acquisition closed. And even then, the hackers were still entrenched in the system. “No one had really thought about this type of problem before because cybersecurity wasn’t one of the normal things you’d think about in the M&A process,” Barlow said. “In my view, it’s now a critical component.” Quantifying Risk In A Bidding War Consulting firm Deloitte found 70% of 2,500 firms surveyed in 2015 considered security to be a “high” or “very high” priority in M&As. That’s up from 64% in 2014. Both corporate and private equity respondents increased their due diligence efforts over the span of the year. But also in the 2014 Deloitte survey, 78% of firms said security wasn’t a general piece of M&A due diligence, and 66% said rapid-fire M&A bidding made cyber risks “very difficult” to quickly quantify. Deloitte didn’t reiterate those questions in its 2015 survey. Rapid-fire M&As include Apple ( AAPL ) chip supplier Skyworks Solutions ( SWKS ) and Microsemi ( MSCC ) last year facing off in a month-long bidding battle for PMC-Sierra ( PMCS ). Due diligence might or might not have been rushed in that deal, but such aggressive bidding wars are infrequent, Fortinet ( FTNT ) CFO Drew Del Matto told IBD. More often, an acquirer examines a target’s products, financials, policies and systems. IT security is just a new layer of the necessary due diligence. This mindset is new, and there are built-in risks with every piece of due diligence, NSS Labs CEO Vikram Phatak says. NSS Labs independently tests and reports on the efficiency of cybersecurity products, similar to Consumer Reports. It’s likely an acquirer has “a really good handle on the debt the company will have, the expense structure of the company, the historical growth rates,” he told IBD. “Where you get a little sticky is they may not have time to do all the (security-related) due diligence by calling the customers.” Cybersecurity works along the same lines, Phatak says. Tech companies, especially, should have a keen understanding of the security measures in place, BitSight CEO Stephen Boyer told IBD. BitSight rates the cybersecurity posture of about 40,000 companies, similar to a FICO score, so customers can assess their own security risk but also the risks of potential or current partners, vendors and customers. “If you go in and say, ‘Who’s in charge of this (security)?’ and everyone looks around, then you probably have a problem,” Boyer said. Avoiding Post-Merger Slip Even including cybersecurity within due diligence isn’t a surefire protection, Boyer said. Former telecom provider Pacnet discovered a breach on April 3, 2015, after Telstra finalized its $697 million acquisition of Pacnet. Telstra was notified on April 16 — the day the merger completed. An SQL code injection on a Pacnet Web service application server opened hackers to the network, email and administrative processes. Acquirers should be “monitoring that window of due diligence up until the week the deal closes,” Boyer said. “Monitor it all through the process, because there would be a slip-up along the way.” Before signing off on a merger, an acquirer should get a sense of the target’s cybersecurity culture, Barlow says. Examine past incidents — processes, logs and reports. if those documents aren’t available, then there might be a problem. That goes double for a tech company. “If they don’t have those policies in place, then you start asking other questions,” Barlow said. “If they weren’t paying attention to security, what else weren’t they looking at?” Phatak suggests acquirers also scope out a target’s security vendors. Not every cybersecurity vendor is built the same and the quality of a target’s security purchases can be very telling, he told IBD. “Make sure the company you’re acquiring didn’t skimp on security,” he said. “(Products) are not all equal, but from a compliance perspective, a check-box perspective, they all look the same.” Breaches From The Inside Del Matto estimates two-thirds of breaches come from the inside, at the hands of either careless or disgruntled employees. M&A, often accompanied by layoffs, can breed the latter. “When people feel like they’re at risk, they’re more likely to do something that may expose the company to a cyber risk,” Del Matto said. More benign actions, like inadvertently visiting an infected website, can lead to malware attaching on the system. But Del Matto is more concerned about the damage a disgruntled employee with absolute access can wreak. Barlow suggests a company identify its “crown jewel” and then tuck it into a protected place with limited access. That crown jewel could be IP, financial information, client lists, personal information — basically anything worth stealing, Phatak told IBD. “If someone is able to get into the customer list, they could see what deals are in the (pipeline),” Del Matto said. “They may monetize those by selling them or, worse, leaving the company with those lists in their hands.” Beyond guarding that data, an M&A-engaged company should embrace employees into the new culture, he said. Because, “when you buy a company, you buy a competitive advantage. If that leaks out in some other way, you’re destroying the value of the M&A.”

Booming RSA Pits Security Rivals IBM, CyberArk, Palo Alto Networks

SAN FRANCISCO — CyberArk ( CYBR ) CEO Udi Mokady surveyed the crowd. A man decked in a traditional Native American headdress passed the booth — his movement highlighted by the nearby fire-truck-red semitrailer that Fortinet ( FTNT ) rolled in as its booth, and Palo Alto Networks ‘ ( PANW ) towering blue signage. Tweeted photos show a bright orange fox touting social media security firm ZeroFOX. Open-source manager Black Duck Software handed out “No ducks” T-shirts. And the entire event was overshadowed by a Terminator-Darth Vader mash-up mascot. “A lot of CEOs don’t even walk the floor,” Mokady told IBD at the annual cybersecurity RSA Conference in San Francisco’s Moscone Center convention hall. “But there are a lot of meetings that set the tone for the year, (there are) relationships happening behind closed doors.” If the RSA Conference sets the tone for the cybersecurity industry , 2016 will be marked by roaring noise — mostly in marketing. But execs tend to agree the overarching themes for the year will center on technological leaps and possible collaboration. Platform, Platform, Platform “Platform” is a buzzword for a reason, Needham analyst Scott Zeller wrote in a research report after Palo Alto Networks last month crushed Wall Street’s Q2 expectations. The broad-based platform approach works in security. But Palo Alto wasn’t the only vendor lauding its platform-centric approach at the RSA Conference. An overwhelming majority of companies — IBM ( IBM ), FireEye ( FEYE ) and Fortinet included — touted their platforms. Consumers are confused, Fortinet threat researcher Derek Manky told IBD. That’s where third-party testing comes into play. Fortinet calls it a “security fabric,” which integrates Fortinet’s firewall with threat intelligence data from FortiGuard researchers. “We can say how good we are, but there are a lot of third-party vendors that are doing validation of security,” he said. A recent test by NSS Labs ranked Fortinet’s FortiGuard 3200D and Check Point Software Technology ‘s ( CHKP ) 13800 NGFW Appliance as top products, blocking 99.6% of all exploits. The lab examined 13 leading products comprising 96% of the next-generation firewall market. Palo Alto Networks’ PA-7050 scooted in with 95.9% effectiveness, trailing a Juniper Networks ( JNPR ) offering and two Cisco Systems ( CSCO ) products with a respective 98%, 96.5% and 96.3% scores. Confusion is lending itself to the advent of software-as-a-service (SaaS) offerings, former iSight Partners CEO John Watters told IBD. FireEye acquired iSight in January for $275 million and retained Watters and much of the iSight leadership team. Watters sees SaaS making a play for the platform market. “The big trends line is customers are moving from best-in-class niche product to best-in-class platform,” he said. “And they’re moving from a self-serve model to an as-a-service model.” That shift benefits FireEye. New FireEye-as-a-Service billings nearly doubled in 2015 vs. 2014, CFO Michael Berry told analysts during the company’s Q4 earnings conference call in February. Data Sharing … Or Not Palo Alto Networks, Fortinet, Intel ( INTC ) Security and Symantec ( SYMC ) are leading a sector push to share threat intelligence data across the map. In 2014, the quartet became odd bedfellows in a security collaboration dubbed “the Cyber Threat Alliance.” Davis Hake, Palo Alto Networks director of cybersecurity strategy, told IBD the group’s goal is to reduce the noise generated by low-level, easy-to-launch attacks. “We take that data back out, and we work to democratize it with the rest of the security community,” he said. “It allows us to understand, across the community, attackers’ game plans against all of these other entities.” Palo Alto Networks CEO Mark McLaughlin, on the company’s recent earnings call, said the days of monetizing threat data are over. A company’s value stems from its overall platform, he says. Watters disagrees: “All the people that are driving sharing are people who don’t have a bunch of intellectual property,” he said. “Everybody is filling up each other’s in-boxes with all the same stuff. It’s all the machine-generated event data.” ISight fits into a detection hole in FireEye’s model, he explained. “We detect … everything that leads up the time they hit enter on the keyboard,” he said. “As soon as they hit enter, we went blind because we didn’t have attack surface monitoring.” FireEye’s incident response leg, Mandiant, sees the attack itself, watching how hackers escalate privileges, jump firewalls and burrow through systems. ISight detects the attack prep and follows the fallout on the black market. That intelligence is proprietary, Watters said. Because of that, FireEye doesn’t need to reboot its software every several years; the software is updated every hour. Fortinet makes a similar boast, noting its FortiGuard research updates systems every five minutes. Big Data, Internet of Things and AI Artificial intelligence (AI) won’t look like Haley Joel Osment in the 2001 Steven Spielberg flick. Rather, machine-learning will be bolstered by data-heavy Internet of Things devices, Sol Cates, chief security officer for encryption specialist Vormetric, told IBD. The trend could boost the chip sector. Tesla Motors ( TSLA ) partner Nvidia ( NVDA ) forged alliances with Facebook ( FB ) and Chinese Internet major Alibaba ( BABA ) during Q4 for speedy intelligence chips, Nvidia CFO Colette Kress said during last month. Just as “platform” is a commonplace buzzword, so too are Big Data, the Internet of Things and the cloud, Cates says. But they’ll also be integral to future technology — and that’s either a boon or a bust for the cybersecurity industry. AI generates two big questions for the sector, Cates said. “How do we protect the sensitive data going in? And how do we harness it for security?” he asked. The problem is, the cybersecurity industry often trails innovation. “We have to figure it out after the fact, and we’re not yet experts on it.” IBM, which just acquired Resilient Systems , plans to push machine-learning to accelerate automated penetration testing, Marc van Zadelhoff, the company’s security general manager, told IBD. Penetration testing — purposefully probing a system for vulnerabilities — will become more and more necessary in the security world as the BYOD (bring your own device) trend opens more endpoints. Gemalto exec David Etue argued during an RSA lecture that software updates could right the likely-to-occur wrongs as the cybersecurity sector tackles the Internet of Things market. “If we get this right, this puts us in a position for long-term success,” he said. Fortinet’s Manky says wrangling the Internet of Things and protecting Big Data will be more complicated than that. Industry experts estimate 20 billion-30 billion Internet-capable devices will come online in the next four years. “That generates a lot of noise, and there’s a lot of traffic, you need to inspect all of that,” Manky said. “Anything and everything is a target now. … If you think of any device that has an Internet connection, it’s got memory, it has a processor and a connection, and that’s all hackers need to go after (it).”