|BUSINESSWEEK ONLINE : FEBRUARY 21, 2000 ISSUE|
Why Internet Security Stocks Could Be a Safe Play
Not everyone agrees, but the recent attacks could spur businesses to crank up their buying of security products and services
Opportunistic investors often take advantage of major news events for short-term gains. That clearly happened after a series of attacks took down some of the biggest sites on the Web on Feb. 8 and 9. While shares of victims like Yahoo! (YHOO), E*Trade (EGRP), and Amazon (AMZN) fell as business on their sites was disrupted, stocks of companies that provide Internet security software and services got a big bounce. That continued on Feb. 10, even as the attacks abated.
In those three days alone, VeriSign, the leading Internet security stock, ran up 20%, closing on Feb. 10 at 219 3/4. And Check Point Software Technologies (CHKP) gained 30%, closing at 180 7/32. Smaller online security companies like WatchGuard Technologies (WGRD) and SonicWall (SNWL) boasted even bigger gains, rising 60% and 70%, respectively, Feb. 8 through Feb. 10. WatchGuard closed on Feb. 10 at 50, and SonicWall at 99.
But rather than cheering, the price hikes left many Wall Street analysts who cover Internet security chuckling. The fact is the kinds of solutions those companies provide -- encryption to protect credit-card data or firewalls to ward off hackers -- have little to do with the recent problems at major sites. These sites were taken down by an orchestrated deluge of bogus traffic. This time, at least, no data was stolen or sites corrupted.
"WHAT'S THE STORY?" "What does this have to do with security?" asks an amused Mark Fernandes, a Merrill Lynch analyst who follows VeriSign and its smaller competitor, Entrust Technologies (ENTU). He has an "accumulate" rating on both stocks (valuation concerns keep him from rating them a "buy"), and he hasn't altered his opinion or estimates as a result of the recent attacks. "Is somebody going to go out and buy their products to fix these problems? No," he says. "Are earnings and revenues going to change? No. What's the story here?"
But Wall Street may be thinking too literally. The larger message of the attacks is that the Internet remains vulnerable to determined hackers. Even the biggest, beefiest sites can be taken down. "Clearly, these companies have let us down," says Michael Dubrow, senior analyst at the Jacob Internet Fund who said he was particularly surprised that a leading financial site like E*Trade wasn't better prepared. Yahoo! and Amazon lost revenues for the hours their sites were down, and Buy.com, missed out on a one-time opportunity -- a huge surge in traffic it anticipated getting the day of its initial public offering (see BW Online, 2/9/00/ "Buy.Com's IPO Soared, While Its Site Stalled").
"There's nothing like an event like this to drive home the message to CEOs that they need to spend money to make sure their sites are robust and durable," says William E. Whyman, an analyst at Legg Mason's Precursor Group. This may be the front-page, cover-grabbing event that changes the popular mind-set. And security, which has been receding as a major concern in recent years, could become the Internet's next growth business as a result.
SMALL-BIZ LINK. There's another angle to security stocks that analysts, who tend to focus on the largest companies in the group, may have also overlooked. Although it's unclear how the attacks were done, one theory is that hackers infiltrated the computer systems of small businesses and consumers, and used them to barrage the big sites with data. Part of the solution to preventing such attacks could be to make sure that even small companies have firewalls in place to prevent their systems from being hacked, says Dubrow. That would fuel sales at the security companies that cater to small businesses -- an idea that many investors apparently caught on to. The biggest gains in security stocks went to companies like WatchGuard and SonicWall, which sell security solutions to small businesses.
Now is probably not the right time for serious long-term investors to jump into Net security stocks. After a few days of sharp gains, the shares are likely to slide back near-term as the same traders who drove them up take profits. Even before this week, many analysts judged VeriSign a little too pricey. It now has a $22.5 billion market capitalization, but its 1999 revenues were only $85 million, and net income was a scant $4 million. If hackers don't return, the spate of attacks could amount to "a one-time marketing blip" for security companies, says Whyman.
And even if the attacks continue, security experts will have to know exactly how the hackers pulled off the attacks before investors can figure out which companies will be responsible for coming up with solutions to prevent them. Fernandes believes companies that sell sites products to control traffic, like F5 Networks (FFIV) and Alteon WebSystems (ATON), may ultimately come up with the solution to ward off these kinds of attacks. Whyman says Web-hosting services that can show they can ward off such attacks could also prosper. "It could drive a shift to high-quality outsourcing," he says. Exodus Communications (EXDS), probably the main public company in the hosting business, is keeping pretty quiet so far. Dubrow thinks networking companies may be able to design more intelligent routers and faster switches to solve the problem.
NOT A QUITE A QUILT. It's really too early to say which companies will come out on top, says Ashok Kumar, an analyst at U.S. Bancorp Piper Jaffray. He believes Internet companies ultimately will have to come up with a whole new kind of solution to protect against hackers. While sites mainly protect their front door from security breaches, "To really have a low failure rate and a high level of protection, the security has to permeate the backbone, at the spine of the network." That will require all kinds of companies to work together. "Right now, everybody has their own patchwork solution, but there is nothing that stitches all these into a quilt," he says.
But it's clear that the business world's attitude toward Net security won't be the same after seeing sites like Yahoo!, Amazon, and E*Trade so easily taken down. Investing close on the heels of major news can often backfire, and the security stocks that have run up the fastest will probably slide back as short-term traders focus on the next big news event. Still, taking a closer look at these companies makes sense now -- even if you wait until the sector cools to jump in. Some analysts may be chuckling, but renewed concern over security is the kind of change in the Net zeitgeist that long-term investors should take seriously.
By Amey Stone in New York
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
BACK TO TOP
COVER IMAGE: Cyber Crime
CHART: Computer Security Breaches Are on the Rise...And the Most Popular Route In Is the Net...Ad
TABLE: How This Happened to Yahoo!, eBay, and E*Trade
TABLE: Storming the Fortress
ONLINE ORIGINAL: Take an Information-Systems Security Test
ONLINE ORIGINAL: Why Internet Security Stocks Could Be a Safe Play
E-Mail to Business Week Online