Tag Archives: chkp

Broad Security Freeze: Palo Alto Demand Stalls; Q2 Views Lukewarm

Palo Alto Networks ( PANW ) stock tumbled Thursday after a Piper Jaffray analyst said that lackluster April demand and Q2 guidance from Check Point Software Technology ( CHKP ), FireEye ( FEYE ) and Imperva ( IMPV ) could signal a broad cybersecurity slowdown. IBD’s 26-company Computer Software-Security industry group is down 18.5% for the year after toppling 32% through Feb. 9, on bleak guidance for IT spending from firms like LinkedIn ( LNKD ) and Tableau Software ( DATA ). Barracuda Networks ( CUDA ), Check Point, FireEye and Fortinet ( FTNT ) recently missed full-year views. Imperva and Proofpoint ‘s ( PFPT ) Q2 outlooks lagged the consensus. Now, channel checks show April demand slowed, Piper Jaffray analyst Andrew Nowinski says. “The key takeaway from Q1 earnings season is that the security sector is starting to show signs of slowing based on the guidance that was provided for Q2 and fiscal 2016,” he wrote in a research report Thursday. Cybersecurity stocks toppled Thursday on Nowinski’s assessment. IBD’s security group was down 2% in morning trading on the stock market today , with Palo Alto Networks and FireEye stocks leading the deluge, down a respective 6% and 4%. Palo Alto Networks stock was at a two-month low, near 130. IBD’s Take: How does Palo Alto Networks stack up, and how does it compare to its rivals? Find out at IBD Stock Checkup But some analysts say Palo Alto Networks could beat guidance when it posts fiscal Q3 earnings on May 26. The company has topped the high-end of its outlook by an average 5.6% for the past 11 quarters. To do so again, Palo Alto would have to report $356 million in sales. The consensus of 43 analysts polled by Thomson Reuters models $339.4 million in April-quarter sales, which would be up 45% vs. the year-earlier quarter. But $549.5 million in July-quarter billings expectations, up 40%, might be too aggressive, Nowinski wrote. During the April quarter, some delays in large contracts likely hurt Palo Alto Networks, Nowinski wrote. “Most (resellers) thought it was simply due to a ‘digestion period’ where customers were still trying to integrate products they purchased in 2015,” he wrote. “The results definitely indicate demand slowed sequentially and also on a year-over-year basis.” Nowinski expects Palo Alto Networks to at least meet estimates, but he cut his price target on Palo Alto Networks stock to 180 from 208. He reiterated an outperform rating, but wrote that “this is the first quarter in at least two years where we picked up any sort of slowdown in Palo Alto’s demand trends.”

Viking Horde Malware Zombifies Phones Via Google Play: Check Point

The Walking Dead trope has nothing on the Viking Horde. On May 5, No. 1 cybersecurity firm Check Point Software Technology ( CHKP ) notified Alphabet ( GOOGL )-owned Google Play of an Android malware campaign that could affect 50,000 to 100,000 smartphones, researcher Jeff Zacuto told IBD on Tuesday. Coined Viking Horde, the malware stems from downloads of five Google Play apps — Viking Jump, Memory Booster, Parrot Copter, Simple 2048 and Wi-Fi Plus — uploaded to Google Play between March 29 and April 15. Late Tuesday, Memory Booster still turned up on a search of Google Play. Google didn’t respond to a request for more information. Together, the five malware-riddled apps have been downloaded 50,000 to 100,000 times, Zacuto said. The Viking Horde malware is completely transparent to the user, but adds the device to a growing botnet programmed to simulate ad clicks for revenue. “It just appears to be a harmless game on your device, but what was actually happening in the background was the malicious code was turning the devices into zombies,” he said. “It made them part of a botnet.” A botnet, or a zombie army of computers, is programmed to transmit data without a user’s knowledge. On a grand scheme, botnet campaigns are far more common to PCs, Zacuto said. The Viking Horde botnet takes advantage of clicks-for-revenue advertising. “I (a website owner) contact one of these groups and say, ‘Hey, could you do me a favor to do some fake ad-clicking for me and in exchange I’ll give you some of the revenue?’ ” Zacuto said. The majority of the downloads (44%) were out of Russia. Of the remainder, 10% were in Lebanon, and the U.S. and Mexico each accounted for 8% of the downloads. But there’s no way to quantify the number of infected devices. Beyond ad fraud, the Viking Horde malware is persistent, Zacuto said. Out of the box, most phones are unrooted, meaning the user can delete the infected app. But on rooted phones — where a user has more control — the malware installs additional components using sneaky names. “It will install components that have names that look like they’re supposed to be there,” he said. “On a rooted device, it can also install additional components that say, ‘Someone is trying to remove this app, let them remove it, but once that’s done reinstall it.’ ” Oftentimes, the app (and malware) will reinstall in a hidden place. Typical mobile anti-virus won’t detect the malware, Zacuto said. And most users won’t note the malware unless they recognize suspicious activity, such as the app’s request for access to root permissions. Furthermore, it can install a program that automatically downloads any malware updates to the app, leaving the door open for additional fraud, Zacuto said. On a rooted device, that means a user either has to buy an entirely new smartphone or perform a hard reset. “On the rooted device since you’ve opened up the ability to do anything on the device, you’re also giving the attacker the ability to do that as well,” he said. “They can steal information from your device, they can jam your data traffic, they can turn on the camera, the microphone.” He added: “They really have the ability to do anything they like.”

Exclusive Q&A: IBM Security’s Marc van Zadelhoff 100 Days In

Tech giant IBM ( IBM ) outplayed the cybersecurity industry in 2015, with its security sales ramping 12% to $2 billion, outpacing pure players Symantec ( SYMC ) and Check Point Software Technology ( CHKP ), and topping Palo Alto Networks ( PANW ), Proofpoint ( PFPT ), Fortinet ( FTNT ) and FireEye ( FEYE ). Fellow broad-based tech giant  Cisco Systems ( CSCO ) also posted 12% growth in its security business in 2015, as the sector becomes more crucial to some of tech’s biggest companies. IBM’s overall sales fell 12% in 2015 to $81.5 billion, so the five-year-old security business still accounts for only 2.4% of total sales. In Q1, the pace quickened. IBM Security sales, on a constant currency basis, jumped 20% year over year to $400 million, where the company’s overall revenue slipped 2% on a constant currency basis. Wall Street sees the beginning of a battle pitting IBM, Cisco and other giants salivating over the ripe cybersecurity market against the younger pure players, many of which aren’t yet 10 years separated from their IPOs. After 100 days on the job — which included acquiring incident response company Resilient Systems — General Manager Marc van Zadelhoff says that IBM Security is ready for the donnybrook. In 2015, IBM Security hired 1,000 employees, bringing its staff to more than 7,000. This year, van Zadelhoff told IBD, he hopes to match that as IBM delves further into the red-hot cybersecurity game, backed by the company’s Big Data, analytics and cognition expertise. He recently spoke with IBD. IBD : What key takeaways do you have after 100 days with IBM Security? Van Zadelhoff: I think we’re in the sweet spot. I think when you move into a general manager chair managing 7,000 people, you get the vibe. And the vibe I get after 100 days is the team is really excited. Our customers are jazzed. We put an idea together five years ago. It’s never been more clear than on my 100th day in this job that the idea is resonating with customers. IBD : Where is IBM Security excelling? Van Zadelhoff: What’s working well is the unique combination of software, SaaS (software as a service) and services that we’ve built over the last five years. The core of the strategy was people needed something beyond the moats and castles, firewalls and antivirus. They needed analytics and intelligence in their software and in their managed service, and they needed not just technology, they needed people to help them transform. Over in Europe, we have so many customers where we have been in the midst of building their new security teams, their new security operations centers (SOCs). To handle modern security issues, you need a high-tech chief information security officer and office to deal with this, and that’s what we’ve been building with our customers. IBD : How does security fit in with IBM’s overall strategy? Van Zadelhoff: It’s become a sizable unit within IBM that handles all the issues customers have in security. But it’s also an integral part of some of these other businesses. We are incredibly active in securing customers’ migration to IBM cloud. IBM cloud is growing very rapidly, and we are the security layer that people can use to move through the cloud. We are increasingly collaborating with (IBM supercomputer) Watson in the cognitive area. We have always been very important in helping to secure analytics and our Big Data business. And if you look at our global technology service and our outsourcing customers, we have a lot of partnerships including our products and services to help our outsourcing customers stay secure. Each part of IBM provides us the opportunity to talk about the security you need to go to as you’re innovating. You cannot say no to innovation as a security team. The net (result) is security, is an integrated unit and (is) sprinkled across everything IBM is doing. IBD : How does IBM Security differentiate from pure players in the market? Van Zadelhoff: The average large customer has something like 100-150 security tools from 30-40 vendors. That’s the history we saw five years ago when we put our strategy together. Fundamentally, our strategy is very simple. It is to put a different option on the table for customers, ones where they can adopt a system of capabilities that spans multiple areas. The part we’ve been doing in addition to being in 14 different segments of the market is we’re meeting best in class. If you look at Forrester, Gartner, IDC, they would have us as an A leader or a B leader in virtually every one of those segments. Big is great, but you have to be best in class. And the third piece is integration. But we know we also have to integrate and be open. So we’re integrated across our entire portfolio. We also have over 400 separate vendors who have integrated with the IBM Security stack. IBD : What cybersecurity trends do you see highlighting 2016? Van Zadelhoff: Customers are placing controls in place of security, but they’re missing the big picture of a Big Data security platform and a team, a SOC (system on a chip) that leverages Big Data analytics — our QRadar platform — and has the ability to hunt for the attacker as opposed to looking at historical data. We’re enabling them to transform their security operations with forward and predictive analytics around attacks, compliance and insiders. I think this year will be the year of the SOC transformation that’s going to be driven by the increase in ransomware, the increase in high-value data theft like health care data. It’s ransomware, it’s the theft of high-value data, it’s the emergence of IoT (Internet of Things) and cloud — all these things mean you have to have a highly-analytical SOC in place, and that’s what we’re helping customers to do. IBD : Obama is dedicating $3.1 billion to modernizing government cybersecurity infrastructures. How do you see the industry benefiting? Van Zadelhoff: I think what Obama and every CISO (chief information security officer) is realizing is that there are more intelligence systems available to do analytics but also to do identity and access management (IAM) — where we have a leading portfolio — patch management, mobile security or data security. We’re too slow to adopt that. We’re hanging on to 1980s versions of doing patch management, where you can’t patch something for a month or two after finding a vulnerability in your system. Well, the technology in my portfolio can do that in an hour, so why are you using yesterday’s technology to do that? We’re seeing governments trying to catch up to the innovation in the private sector, and the money you mentioned will help the government to modernize. IBD : Will 2016 be a year of M&A in the cybersecurity industry, and how does IBM’s recent acquisition of Resilient Systems fit into its strategy? Van Zadelhoff: I think you’re going to continue to see acquisitions in the industry. We always weigh off buying capability, building it or partnering, and you’ve seen us do all flavors of that for the last 18 months. Where the industry has invested too little is in technology that does incident response. In those modern SOCs, because you’re gathering so much data, by definition you’re developing incidents. Those incidents, once you discover them, need to be resolved. You need the next step in the process; that’s what Resilient does. Take 20,000 records leaked, for example, half in the U.K. and half in California. You detect that in your SOC, you bump that up into the Resilient app, and then Resilient will walk you through. “The 10,000 records that were in the U.K.: Here’s the regulator, here’s the process, here’s a lawyer, and here’s what you have to do to inform the customers. For the ones in California, different regulatory regime, different process, different lawyer, here’s how you get the resolution on that half of the incident.” Image provided by Shutterstock .