FireEye Needs to Keep the Heat On

 FireEye Needs to Keep the Heat On

This post was originally published on this site

FireEye Chief Executive Kevin Mandia seen in 2018

FireEye Chief Executive Kevin Mandia seen in 2018

Photo: David Paul Morris/Bloomberg News

Going from predator to prey back to predator again has been a profitable ride for
FireEye
investors. How it works out for the company itself remains to be seen.

High-profile network breaches have often been a boon for cybersecurity stocks, and the massive
SolarWinds
hack has been no exception. The NYSE FactSet Global Cyber Security Index has jumped 13% since the attack was reported on Dec. 13. The 12 largest pure-play vendors on that index are now up an average 20% in that time.

The attack used a flaw in the network-management software sold by SolarWinds, a Texas-based IT company that counts many federal agencies as customers. But ironically, it was brought to light by FireEye, which specializes in hack investigations and was itself a victim of the attack.

It has been a wild ride. FireEye’s shares sank 13% after it reported the breach of its own system on Dec. 8. That seemed like very bad news for a company that is often the first call for other companies who suffer an attack. Citigroup analyst

Walter Pritchard
warned at the time that FireEye faced a clear risk of “reputational damage,” even as the company described the attack as the work of “a highly sophisticated state-sponsored attacker utilizing novel techniques.”

But since more news has dribbled out about the scale of the attack and SolarWinds’ centrality to it, sentiment shifted hard. FireEye’s shares have soared 66% from their initial selloff and are now up 49% this month—beating out even other red-hot cybersecurity names such as
CrowdStrike
and
Zscaler
that analysts believe will be the primary beneficiaries of increased corporate IT security spending. Those two are up 44% and 32% for the month, respectively, and more than 300% for the year. SolarWinds, by contrast, has lost one-third of its market value since the attack became public.

Investors generally treat high-profile breaches as promotional events for cybersecurity companies. But the impact on actual business isn’t always clear-cut. FireEye played a major role in investigating the
Sony
hack in late 2014, but that didn’t stop the company’s revenue growth from decelerating sharply from the triple-digit rates it had been enjoying in previous quarters. And security already was the top spending priority for companies this year, according to a December survey of chief information officers by
Goldman Sachs.

Fatima Boolani
of
UBS
notes that checks with companies since the SolarWinds attack became public “indicate a ‘spending smart’ not ‘spending hard’ mentality.”

So cybersecurity stocks could be setting up for a big correction later as reality sets in. FireEye’s advantage here is that it is still one of the cheapest pure-play cybersecurity vendors, trading at just 5.3 times forward sales. And it isn’t alone in a sector long driven by a hot-or-not approach by investors. CrowdStrike and Zscaler carry multiples ranging from 47 to 50 times forward sales. By contrast,
Palo Alto Networks,
Check Point Software
and
Fortinet
—three of the largest cybersecurity pure plays by annual revenue—trade around eight to nine times forward sales.

But as Mr. Pritchard of Citi noted in a Dec 21 report, the most relevant countermeasures to the SolarWinds hack don’t involve the cloud, where the most highly valued companies specialize. He expects the hack to remind investors “that some ‘legacy’ players are less irrelevant than what is priced into shares.” FireEye just needs to translate that relevance into new business.

Write to Dan Gallagher at dan.gallagher@wsj.com