Security Company Earnings Reports - Nuggets of Gold (Part 2)

I received some great feedback on my thoughts on the highlights of the Symantec, Checkpoint and Fortinet earnings calls, so through popular demand have continued working my way through security company earnings calls.  In this edition, one of the newer and sexier market players: Sourcefire

Of course, IT security is to 'sexy' what Eddie "the Eagle" Edwards was to ski jumping, so I still wouldn't necessarily be opening with your latest 'penetration testing' gag at the bar later tonight.  Unless the bar happens to be hosting a Star Trek party, in which case, make hay while the sun shines.

Anyway, on with the review.

Sourcefire 

http://seekingalpha.com/article/1387331-sourcefire-management-discusses-q1-2013-results-earnings-call-transcript

sourcefire.png

"Revenue for the first quarter of 2013 came in at $56.2 million, an increase of 21% over the year-ago period."

That's why they're the sexy ones.  21% year-on-year growth.

"21% was below our expectation."

Wow, expectations were high.  But then, when your PE Ratio is 339 (http://ycharts.com/companies/FIRE/pe_ratio), I guess that's what happens to expectations.

"Our U.S. Commercial and International business revenue grew a combined 37% over the same period last year."

Great numbers.  Unsustainable, but good to get them when you can.

"We believe our U.S. Federal business was impacted by funding uncertainties related to sequestration and the continuing resolution that wasn't approved until March 26, resulting in a year-over-year decline of 36%."

OK, should have seen that coming.  Good news first, then the bad news.  A 36% year-over-year decline is huge.  (For those who don't immediately recognise that a 36% loss is much worse than a 37% gain is good, remember that to get back that 36% loss, will require in excess of a 50% gain.)

"This approach starts by first acknowledging that there are 3 distinct phases of security from a defender's point of view. You have heard us refer to this as the attack continuum: a before, during and after phases of an attack."

Which sounds eerily similar to 'Protect, Detect and React' which we've been saying for decades.  Old wine, new bottles.

"Our cybersecurity solutions... address the full attack continuum across all attack sectors and respond at any time, all the time in realtime... This is in contrast to traditional security layers that only operate at a point in time... They have no capability versus a threat later in time."

I think I need to re-read Stephen Hawkings' A Brief History of Time to understand this.  Any time, all the time, in real time, not at a point in time, but definitely later in time.  Got it.  On a serious note, it is interesting to see how the amount of investment being poured in to solutions aimed at detecting pre-existing breaches in an environment; effectively acknowledging the fact that organisations simply cannot prevent the breaches from occurring. 

"Our [Advanced Malware Protection] solution [FireAMP] has capabilities and scope that will have the competition playing catch-up for years"

From what I've seen and read, I think FireAMP is indeed going to be a powerful tool in the security business.  As with all the latest-and-greatest technologies, however, the question will be whether anyone in Australia has the capability to implement it, configure it correctly, and manage/monitor it the way it is intended.  Otherwise it will be the next very expensive paperweight to hit our desks.

"As we continue to scale our International operations, we will benefit from the tax structure implemented last year and believe we can drive our long-term effective tax rate below 30%."

Seems pretty conservative.  Apple have managed to get theirs down to under 2%, with a "Dutch Sandwich" and some Catch-22-esque workmanship resulting in some of Apple's legal entities not being resident anywhere.  

"We don't traditionally break out our International business. I can tell you that it was strong across the board. We added 40 resellers in Q1 and a little bit more than half of them were International. In fact, half of them were in Asia-Pacific. That business is really starting to pick up for us."

Obviously Asia-Pacific is a lot broader than just Australia, but it's interesting to see how many companies are reporting strong demand and growth from this region.  It certainly matches the demand and growth in the domestic information security services sector, and I continue to believe that the services market in particular is growing faster than the supply-side can keep up with.

A question from the floor:

"And regarding the balance sheet, could you give us some color around the trends in deferred revenue? It was flattish quarter-to-quarter. Any color on that?"  

Boom!  Two uses of the buzzword-of-the-moment 'color' in one go!  I am still yet to hear it used at all in Australia, but maybe I'm moving in the wrong circles.  It can only be a matter of time.

In response to a question about which companies the FireAMP product competes with (this is long, but worth reading):

"In terms of who we compete with, there are a number of players in kind of the advanced network space that are out there, and a lot of people who claim they're out there as well. I think you look at the core anti-virus guys, a lot of them will say they're dealing with events now, where you look at newcomers, they're a bunch of startups out there. You have guys like FireEye as well. They're all kind of swirling around the problem right now looking for a solution. I would say that relative to any of them that are out there right now, there are -- some companies are taking a purely network-based approach, some are taking a purely end-point-based approach. Many of them -- well, very few of them consider the totality of networks endpoints, mobile devices and virtual environments. And of all the companies that are out there really, we're the only guys who consider them all. We use one unified detection infrastructure to analyze everything that comes in. We operate on a continuous capability model using streaming telemetry from the devices that we're connected to. And what that means effectively, if you look that this versus any of them that are out there, they all operate in what we call a point in time. They're presented with a piece of data. They make the decision either good or bad, and if they're wrong, they completely miss it and have no opportunity to go back there and do something about it again. We have continuous capability where we can see all the time, in realtime, not just the structure of advanced malware, but also its operations and behavior. And really, at the end of the day, we believe we're a disruptive player in this space because we're one of the first movers and we have a fully scoped solution that addresses the entire problem set that is out there."

A good summary of their positioning and how they see the market.  If FireEye is being included as a competitor, I assume RSA NetWitness, Solera Networks, Australian start-ups like Packetloop, and US-based companies that as far as I know haven't made it to our shores such as Damballa and Invincea should be included in there too.  It's becoming a crowded market and logically will consolidate pretty heavily over the next 1 - 2 years (noting that Blue Coat recently bought Solera Networks; and of course RSA reasonably recently bought NetWitness).  

For those in the IT security professional services industry, providing implementation, configuration, support and management around these 'next generation' tools is a huge opportunity.  While not all the products and vendors in this space will continue to be here in a few years' time, the amount of venture capital being thrown at this part of the market should guarantee short term viability at least.