Fears of a broad cybersecurity freeze could amplify after vendors Palo Alto Networks (PANW) and FireEye (FEYE) missed April-quarter expectations and Check Point Software Technology (CHKP), Fortinet (FTNT) and Imperva (IMPV) guided toward slower growth.
Then again, rather than a broad slowdown, the pure-play security leaders might in fact be losing some business to tech giants Cisco Systems (CSCO) and IBM (IBM), which are expanding deeper into security, and to specialized security vendors such as CyberArk Software (CYBR), Proofpoint (PFPT) and Mimecast (MIME).
"Investors tend to look at security as a single sector, and the reality is you have a lot of different plays here," Pacific Crest analyst Rob Owens told IBD. "In aggregate, we're seeing relatively consistent spending. There is some shifting that is happening, but that makes sense."
Security spending overall rose 13% year over year in Q1, barely down from 14% growth in Q4, Owens says. He says those growth rates are consistent with the past two years.
Palo Alto, Fortinet and Check Point all had been hot stocks in 2014 and much of 2015 on the strength of their broad security platforms, but not this year. The focus has shifted to specific security areas such as privileged account management, email and cloud security, and endpoint protection, analysts say. So, while some vendors might be slowing, others are rising, Owens says.
Fears of a broad security slowdown go back to last year, Owens told IBD.
"We've been having this end-of-the-world discussion for a year now," he said. "Certain vendors that may have been growing at rapid rates (have) decelerated."
Guidance Lags Among Pure Players
Palo Alto Networks -- the No. 2 security software company by market cap, behind Check Point -- is an industry bellwether.
Last month, Palo Alto disappointed Wall Street. It guided to 37% year-over-year sales growth for the current quarter, which would be great for most companies but would represents the highflier's slowest-ever growth. Last quarter was the first in eight where its sales rose less than 50%.
But the slowdown is relative, Pacific Crest's Owens says.
"Palo Alto will continue to perform well, but it can't continue to grow at four times the industry," he said. "Fifty percent to 60% growth is unsustainable."
Piper Jaffray analyst Andrew Nowinski anticipated slow April demand for Palo Alto products, citing checks with resellers.
But Dougherty analyst Catharine Trebnick characterized the April slowdown as a "blip" in a typically seasonally weak quarter. She blamed FireEye CEO David DeWalt for the panic. During FireEye's fiscal Q3 earnings call in November 2015, DeWalt said "emergency spending" in the wake of the notable Target (TGT) and Home Depot (HD) breaches had normalized.
"The CEO of FireEye last year said, 'You're just not having all these big breaches and we're not getting attacked from China as much, so spending is slow,'" she said. "So, everyone has been chanting the mantra."
(DeWalt is set to step down June 15, leaving COO and Mandiant founder Kevin Mandia to take the reins. FireEye acquired Mandiant in 2014.)
Palo Alto Networks wasn't the only pure player to spot braking growth. On May 5, FireEye guided to its slowest quarter ever, and Imperva's outlook for this quarter would mark a fourth straight quarter of sales deceleration. In April, Check Point guided to 6% growth for Q2, down from six straight periods of 9% growth.
Fortinet expects sales growth to slow to 27% in Q2 from 34% growth in the prior quarter. And even email specialist Proofpoint -- among those analysts peg as on the rise -- guided to its slowest quarterly growth in 11 quarters, to 32% growth from 37% the prior quarter.
IBD's 26-company Computer Software-Security industry group reflects fears of a general tech slowdown. The group was down as much as 34% for the year in early February, hitting a two-year low, as many tech stocks tanked on dour views from LinkedIn (LNKD) and Tableau Software (DATA). The group has since recovered in part, but is still down nearly 16% for the year.
Not a Slowdown -- A Shift
Cybersecurity Ventures Managing Editor Steve Morgan says pure players like Palo Alto, Check Point and Fortinet are no longer good barometers for the health of the industry. Instead, thousands of venture-capital-backed startups -- as well as tech giants increasingly expanding their security presence -- are gouging share.
In Q1, IBM pulled in $400 million in security sales -- topping Palo Alto, Fortinet and FireEye, and closing in on Symantec (SYMC) -- up 18% vs. the year-earlier quarter and accelerating from 12% growth in all of 2015. Its overall sales fell 5%. For its fiscal Q3 ended April 30, Cisco said its security sales jumped 17% year over year, accelerating from 11% growth in fiscal Q2.
Still, the accelerating growth for the IBM and Cisco security businesses falls short of the decelerating growth for most of the pure players. The big companies, though, aren't going away.
Microsoft (MSFT) swept three cybersecurity players off the public map in 2015 via acquisitions, but the company doesn't break out its cybersecurity revenue, Morgan points out. And Dell subsidiary SonicWall, acquired in 2012, is potentially pulling in billions, but since Dell is now privately held those figures aren't reported publicly.
"That revenue just goes away from what's reported in the public market," Morgan told IBD. "Unless you cover the market really carefully, you won't hear about it."
But the cybersecurity VC market is still booming, he says. In 2015, Dow Jones estimated that $1.9 billion in VC funding was spent backing cybersecurity startups, Morgan says. At one time, it was unheard of for cybersecurity startups to raise more than high single digits in funding, and "now we're routinely seeing (funding hit) $50 million, $75 million, $100 million."
Those VC-backed companies are "competing aggressively in the market," Morgan said. "But if they're not public, their revenue figures aren't necessarily being reported."
As private businesses like MalwareBytes, the Herjavec Group (tied to Robert Herjavec of the "Shark Tank" TV show) and Black Duck Software begin to achieve scale, they'll further steal share from the publicly traded security firms, Morgan says.
Pacific Crest's Owens sees pent-up demand. He says companies still aren't spending enough on security. He ballparks annual IT spending overall near $1 trillion, and cybersecurity spending at $25 billion to $30 billion.
"I think security has been an under-spend area for decades," he said. "You're spending about 3% of your capex (capital expenditures) that's focused on IT on security. That's relatively low. Some regulated industries like health care might be two or three times that, but there's still a long way to go."
Building up security spending takes time, Owens says.
"There's that perception that you're able to spend an unlimited amount of dollars overnight within security, but that's just not the case in reality," he said. "It's not an overnight type of thing."
Network security still has headroom, Owens says, and he sees products focused on authentication, detection, remediation and endpoint solutions as leaders. Summit Research analyst Srini Nandury pegs privileged account management -- CyberArk's bread and butter -- as the industry's next growth vector. Dougherty's Trebnick expects email security providers like Proofpoint and Mimecast to pick up share. Morgan's bet is on cloud security.
Meanwhile, Symantec, Juniper Networks (JNPR), Barracuda Networks (CUDA) and FireEye will continue to struggle, Owens says. Symantec may "throw out billions in cash flow" to survive attempts to transition from legacy antivirus to next-generation endpoint protection. FireEye is shifting to a subscription model. Juniper and Barracuda deal with broader macro issues outside cybersecurity, he says.
So, back to the original question: Is security spending slowing?
Not for many, Morgan says.
"What I think you're seeing is a squeeze on the pure-play company," he said. But overall, instead of any slowdown, "I think we're entering an uptick. Spending is up, undoubtedly."
