PREMIUM SEARCH Search by job title, geography and build a list of executive contacts
Not a week goes by without a disclosure from some chastened big corporation or cutting-edge dot-com that its internal computer systems have been compromised. A recent Computer Security Institute survey for the Federal Bureau of Investigation found that one-third of U.S. companies say outsiders penetrated their networks last year. (Exact figures are impossible to get because many companies are reluctant to report these breaches.) Damage from electronic attacks, analysts say, may exceed $10 billion a year.
That's good news for one group of companies: Sellers of network security software such as firewalls, antivirus programs, and encryption programs. Studies by International Data Corp. in Framingham, Mass., pegged the worldwide market for Internet security software at $3.2 billion in 1998. By 2003, IDC predicts, the sector's revenues will eclipse $8 billion.
Positioned to profit from this boom is Internet Security Systems (ISSX), an Atlanta company with a solid reputation in the field. ISS (www.iss.net) licenses a suite of proprietary software security products. It also sells software that allows computer systems pros to monitor network and database security via the Internet by watching for irregular traffic patterns or other nasty surprises. Among its customers, ISS counts 21 of the 25 largest U.S. commercial banks and 9 of the 10 largest telecommunications companies.
OUTSIDE HELP.
More recently, ISS has started to sell not just software but services such as running the entire security systems of companies that want to outsource that job. The sales pitch for ISS's shift to services is simple: Computer security is a never-ending process that saps strapped systems administrators and diverts the energy of a company -- particularly a small or midsize one -- away from its core work. Therefore, more companies have started looking outside for help.
For its part, ISS hopes to build a fatter bottom line by reaching more customers. Rather than hire an expensive salesforce to peddle its latest offerings, the company has chosen to partner with Internet service providers and bundle its security products with other ISP services. ISS employees work on-site at ISPs to monitor activity of their joint customers and, if necessary, respond to threats or intrusions. ISS also boasts what it calls its X-Force, a hacker security team that scans the Web for dastardly tricks and, if necessary, parachutes in to customers to take care of crises.
The model of selling through ISPs has yet to fully ramp up. "The jury is still out on this," says Stuart McClure, CIO of Foundstone (www.foundstone.com), a competing security outsourcing and consulting company that uses ISS software. ISS CEO Thomas Noonan concedes that McClure's assessment is accurate. But Noonan believes that the jump from software to consulting and outsourcing is a natural evolution. "I don't know how anyone is going to consult in the future if they're not actually in the technology business, building the things they are consulting on," says Noonan.
A LEG UP.
For now, anyway, analysts like the strategy. "This is going to be the way to go for lots of companies," says Paul Saunders, an analyst with Wit Capital Soundview who has a strong buy rating on the stock. What's more, Saunders believes that companies with a core competency in security will gain a leg up on the major consulting firms, which have had trouble holding onto their computer security talent, or big ISPs, which would rather focus on customer service than on maintaining security. "There are significant barriers to entry," he says.
Unlike its primary competitor, Network Associates (NETA), which sells similar services through its myCIO.com operation, ISS is profitable. For the first quarter of 2000, it posted revenues of $39.3 million, a 71% increase over the same quarter a year earlier. Net income on the quarter logged in at $3.1 million, up 158% from the same quarter last year. Analysts believe the company will produce revenues of $161.8 million in 2000, a 38% increase, and $235.4 million in 2001. Earnings for 2000 and 2001 are expected to clock in at 35 cents and 54 cents per share, respectively, up from 17 cents per share last year. Goldman Sachs upgraded the stock from "market outperform" to its "recommended list" on Apr. 13. And that was before the Apr. 19 earnings report.
By the standard of normal valuations, ISS is an expensive stock with a price-to-earnings ratio of 486 as of its Apr. 21 closing price 82 9/16. Analysts (and, of course, Noonan) say they expect ISS to grow into its share price. "This is not about earnings. On a price-to-sales basis, ISS is one of the cheapest stocks in the information security sector," says Saunders. Still, Aram Fuchs, CEO of analyst collective Fertilemind.net, cautions that while ISS may be fairly priced now, it will suffer if it delivers any disappointments in future earnings reports. Analysts may regard ISS as a buy, but before you jump, make sure you understand the risk.
Salkever is a staff reporter for Business Week Online
Get BusinessWeek directly on your desktop with our RSS feeds.
Add BusinessWeek news to your Web site with our headline feed.
Click to buy an e-print or reprint of a BusinessWeek or BusinessWeek Online story or video.
To subscribe online to BusinessWeek magazine, please click here.
Copyright 2000, Bloomberg L.P.
Printer-Friendly Version
