Skip to Content
Stock Strategist Industry Reports

Phishing for Moats

Customers are hooked on cybersecurity vendors' lures.

Mentioned: , , , , , ,

Cybersecurity is at the forefront of business and government decision-makers’ minds. Why? Because several hundred data records were stolen in the time it took to read these two lines. In addition, legislation has led to significantly higher breach costs, while changes to the networking environment make cybersecurity even more complex. These trends should allow the cybersecurity market to command an abundant level of spending as customers look to secure all the data and traffic flowing between on-premises assets, a multitude of cloud-based resources, and always-connected users proliferating the quantity of data being generated.

The cybersecurity vendors we cover have formed economic moats by becoming part of the lifeblood of customers, and we believe the potential disruption associated with changing from these vendors is not worth the risk. Due to the various parts of cybersecurity required for proper security, no company provides all the solutions necessary, and there are multiple ways to develop a moat. However, most competitors fail to develop a moat, and various security subsegments are less moaty than others.

We expect the major themes of entities shifting to hybrid-cloud networks, the need for cybersecurity platforms to simplify security management, and automation to alleviate the overwhelming burden on security teams to drive investment winners for vendors. In our view, cybersecurity pure play Palo Alto Networks (PANW) and networking behemoth Cisco Systems (CSCO) are best positioned to capitalize on these trends. We believe that Palo Alto’s concerted emphasis on automation and expanding its cloud security portfolio as a congruent platform to buttress its firewall leadership positions it best overall. In our view, Cisco’s unique advantages are its ability to embed and sell security offerings within its vast portfolio of networking solutions while also being a one-stop shop for networking and security requirements.

Rising Tide Won’t Lift All Boats
We expect spending in the cybersecurity market to remain elevated as regulations severely ratchet up data breach fines and malicious actors attempt to benefit from the latest networking trends to expose entities with outdated security postures. We think the $100 billion-plus cybersecurity market will expand at a five-year compound annual growth rate of 9%, and we expect certain areas, such as security for cloud-based workloads and applications, alongside automation solutions, to outpace more-traditional offerings. In our view, some vendors will benefit disproportionately, and this rising tide will not lift all boats.

The amalgamation of on-premises and cloud-based resources into hybrid-cloud networks, plus software-as-a-service applications and mobile users being ubiquitously connected, forever changed the security perimeter. This has spurred new ways to develop threats, including cybercrime as a service. In turn, new opportunities have developed for on-premises security vendors to proliferate their offerings outward and the creation of born-in-the-cloud security vendors. As more entities suffer breaches through their public cloud instances or by mismanaging their cloud-based resources, we believe the realization that public cloud security is a shared responsibility will be a boon for the established security vendors.

We believe that the cybersecurity vendor landscape will be shaped by success in three major themes: security for hybrid-cloud ecosystems, cybersecurity platforms, and automation.

Security for hybrid-cloud and multiple-cloud environments is a shared responsibility between the cloud provider and the customer, which creates a bevy of opportunities for malicious actors to pilfer data. The growing list of challenges created by a changing networking environment has created a multitude of cybersecurity products and services that are required to stay secure in today’s network.

Leading vendors are building cybersecurity platforms to combat the proliferation of security tools and complexities associated with managing a multitude of interfaces. The old notion of always buying best-of-breed solutions for new threats has left security teams with a mess of tools to manage. We believe the platform approach of selling various parts of the security stack with a holistic management plane will gain momentum as security teams aim to reduce their existing security vendor footprint.

Security teams are overburdened by security alerts. Too many alerts, not enough time, and a persistently minuscule unemployment rate for security professionals makes the good fight seem impossible. We believe that automation capabilities will become a large component in the future of cybersecurity as teams look to stay ahead of zero-day threats and the deluge of daily alerts. In our view, entities will shift security budgeting from outsourced security operations toward in-house automation capabilities sold by the leading vendors.

Palo Alto Is the Best-Positioned Cybersecurity Security
After dissecting the three major themes that we believe are critical to future success in cybersecurity, the companies under our coverage that we believe are best poised to capitalize on these themes are Palo Alto and Cisco. From a pure-play cybersecurity company perspective, and which we think is best positioned overall, Palo Alto has a distinct platform-based security strategy that covers hybrid-cloud, on-premises, and cloud networks with a concerted effort to make automation replace laborious tasks and outsourced costs.

We believe that Palo Alto Networks (PANW) is using its leadership position in firewalls, the largest portion of product-based cybersecurity expenditures for entities, and its cybersecurity platform approach as a springboard to gain wallet share for cloud-based security. Its focus on developing and supplementing security teams with automation capabilities to alleviate pain points will be a difference maker, in our view. We view Palo Alto as the most attractive investment opportunity in our cybersecurity coverage and one of our best ideas in the technology sector because of strategic efforts in cloud security and automation that will aid in gaining revenue per customer alongside new wins. The company’s sizable customer base continues to expand at an impressive rate, and we expect ample margin expansion to drive operating results.

Palo Alto’s stated goal is to secure the enterprise, secure the cloud, and secure the future. We believe the company’s position as the firewall leader, with sales durably outpacing its firewall peers in the largest part of a security team’s product-based budget, solidified itself with security teams. Palo Alto’s narrow moat rating comes from its development of customer switching costs. The success gained by its firewalls becoming engrained in networking ecosystems is now spreading into securing cloud resources. The development of security platforms that service on-premises networks, hybrid-cloud, and multi-cloud environments allow customers to expand their networking footprint and secure their instances with their preferred vendor and familiar capabilities. Shrewd acquisitions, funded by vigorous free cash flow generation, to gain skillsets in cloud security, automation, and analytics have kept the company aligned with how security must be delivered and the functions required to secure today’s network of dispersed individuals, SaaS applications, and cloud resources always connected.

Cisco Systems’ (CSCO) interweaving of security and networking solutions as a one-stop shop for IT teams should keep it as a formidable player. Although Cisco’s security arm accounts for only 5% of its total revenue, the company is still one of the biggest three enterprise security players, and we expect management to keenly focus on expanding its platform approach that expands the needs of hybrid-cloud ecosystems. We anticipate Cisco will use its strong capitalization to focus on acquiring security technologies in areas like automation and cloud. Also, Cisco has the advantage of selling security solutions into its massive base of networking customers.

The interconnection of the security and networking markets, alongside acquiring key security capabilities, has enabled Cisco to develop one of the largest enterprise security businesses. As the networking behemoth, Cisco’s expansive reach with IT teams can make its security products the preferred solution to keep congruency between security and networking functions. We also credit Cisco’s efforts to expand an area of its business that is being scrutinized as a growing area of importance by its customer base. We assign Cisco a narrow moat rating stemming from customer switching costs and intangible assets, which we expect to be buttressed by efforts to expand its security business. We believe the company is one of the leaders in the overall shift to hybrid-cloud ecosystems and understands the importance of ensuring its products work together while automating aspects of security.

Firewall players Check Point Software Technologies (CHKP) and Fortinet (FTNT) are building out their security platforms to include solutions for cloud concerns. We expect both narrow-moat companies to remain industry stalwarts but to be less aggressive in the push to diversify into cloud-based security and automation.

Check Point, a firewall pioneer, is expanding its portfolio via its Infinity platform to cover security in areas such as cloud and endpoint. The Israel-based company is typically more prudent in pursuing growth but showcases operating margins that are heads and shoulders above peers. We believe this company will be a mainstay in network and cloud security.

Fortinet, a top contender in the firewall market, has moved its product offerings into the stickier segments of enterprise and government from its small to medium-size business roots. Its security fabric ties together various aspects of networking and cloud resources for simplified security management.

We think Check Point and Fortinet could be considered very well positioned when assessing whether vendors have embraced hybrid-cloud ecosystems, looked to automation, and can provide a cybersecurity platform. However, we believe that these two companies will need to focus more on automation capabilities that can help reduce the strain on security teams, which will then shift customer security expenditures from external security operation centers to the vendors.

Being born in the cloud for the networking environment of the future has made Zscaler (ZS) a disruptive force in the security market. In our view, Zscaler will remain a mainstay in cloud security and is evolving its portfolio to contend with established players attacking its beachhead.

Zscaler was created for the rise in enterprises adopting cloud-based resources and shifting spending from on-premises protection to include cloud-delivered protection. This narrow-moat company has established itself as a main player in secure web gateways and is expanding into tangential areas.

In our view, entities using SaaS applications and embracing direct Internet access over the traditional hub-and-spoke traffic methodology should remain a market dynamic, which places Zscaler as a mainstay in cloud-based security; however, we believe the company has a way to go before building out a dominant platform with strong automation capabilities that span multiple aspects of security.

No-moat FireEye (FEYE) and NortonLifeLock (NLOK) have not carved out sustainable competitive advantages, and we do not have confidence in their ability to deliver excess returns on invested capital. FireEye’s sandboxing expertise was emulated by the firewall players, and now the company is focused on leveraging its threat intelligence and services for security concerns. A renowned leader in security remediation and services, FireEye has shifted its product portfolio to focus on cloud-based solutions. With an aim to supplement customers’ security teams, this no-moat name offers expertise on demand and its Helix platform to resolve a variety of security concerns.

NortonLifeLock is the consumer-focused vendor that emerged after Symantec agreed to sell its enterprise security business, including the Symantec brand, to Broadcom for $10.7 billion in August. This no-moat name is focused on selling individuals security through its Norton antivirus and LifeLock identity protection solutions.

Mark Cash does not own (actual or beneficial) shares in any of the securities mentioned above. Find out about Morningstar’s editorial policies.