Tag Archives: panw

Booming RSA Pits Security Rivals IBM, CyberArk, Palo Alto Networks

SAN FRANCISCO — CyberArk ( CYBR ) CEO Udi Mokady surveyed the crowd. A man decked in a traditional Native American headdress passed the booth — his movement highlighted by the nearby fire-truck-red semitrailer that Fortinet ( FTNT ) rolled in as its booth, and Palo Alto Networks ‘ ( PANW ) towering blue signage. Tweeted photos show a bright orange fox touting social media security firm ZeroFOX. Open-source manager Black Duck Software handed out “No ducks” T-shirts. And the entire event was overshadowed by a Terminator-Darth Vader mash-up mascot. “A lot of CEOs don’t even walk the floor,” Mokady told IBD at the annual cybersecurity RSA Conference in San Francisco’s Moscone Center convention hall. “But there are a lot of meetings that set the tone for the year, (there are) relationships happening behind closed doors.” If the RSA Conference sets the tone for the cybersecurity industry , 2016 will be marked by roaring noise — mostly in marketing. But execs tend to agree the overarching themes for the year will center on technological leaps and possible collaboration. Platform, Platform, Platform “Platform” is a buzzword for a reason, Needham analyst Scott Zeller wrote in a research report after Palo Alto Networks last month crushed Wall Street’s Q2 expectations. The broad-based platform approach works in security. But Palo Alto wasn’t the only vendor lauding its platform-centric approach at the RSA Conference. An overwhelming majority of companies — IBM ( IBM ), FireEye ( FEYE ) and Fortinet included — touted their platforms. Consumers are confused, Fortinet threat researcher Derek Manky told IBD. That’s where third-party testing comes into play. Fortinet calls it a “security fabric,” which integrates Fortinet’s firewall with threat intelligence data from FortiGuard researchers. “We can say how good we are, but there are a lot of third-party vendors that are doing validation of security,” he said. A recent test by NSS Labs ranked Fortinet’s FortiGuard 3200D and Check Point Software Technology ‘s ( CHKP ) 13800 NGFW Appliance as top products, blocking 99.6% of all exploits. The lab examined 13 leading products comprising 96% of the next-generation firewall market. Palo Alto Networks’ PA-7050 scooted in with 95.9% effectiveness, trailing a Juniper Networks ( JNPR ) offering and two Cisco Systems ( CSCO ) products with a respective 98%, 96.5% and 96.3% scores. Confusion is lending itself to the advent of software-as-a-service (SaaS) offerings, former iSight Partners CEO John Watters told IBD. FireEye acquired iSight in January for $275 million and retained Watters and much of the iSight leadership team. Watters sees SaaS making a play for the platform market. “The big trends line is customers are moving from best-in-class niche product to best-in-class platform,” he said. “And they’re moving from a self-serve model to an as-a-service model.” That shift benefits FireEye. New FireEye-as-a-Service billings nearly doubled in 2015 vs. 2014, CFO Michael Berry told analysts during the company’s Q4 earnings conference call in February. Data Sharing … Or Not Palo Alto Networks, Fortinet, Intel ( INTC ) Security and Symantec ( SYMC ) are leading a sector push to share threat intelligence data across the map. In 2014, the quartet became odd bedfellows in a security collaboration dubbed “the Cyber Threat Alliance.” Davis Hake, Palo Alto Networks director of cybersecurity strategy, told IBD the group’s goal is to reduce the noise generated by low-level, easy-to-launch attacks. “We take that data back out, and we work to democratize it with the rest of the security community,” he said. “It allows us to understand, across the community, attackers’ game plans against all of these other entities.” Palo Alto Networks CEO Mark McLaughlin, on the company’s recent earnings call, said the days of monetizing threat data are over. A company’s value stems from its overall platform, he says. Watters disagrees: “All the people that are driving sharing are people who don’t have a bunch of intellectual property,” he said. “Everybody is filling up each other’s in-boxes with all the same stuff. It’s all the machine-generated event data.” ISight fits into a detection hole in FireEye’s model, he explained. “We detect … everything that leads up the time they hit enter on the keyboard,” he said. “As soon as they hit enter, we went blind because we didn’t have attack surface monitoring.” FireEye’s incident response leg, Mandiant, sees the attack itself, watching how hackers escalate privileges, jump firewalls and burrow through systems. ISight detects the attack prep and follows the fallout on the black market. That intelligence is proprietary, Watters said. Because of that, FireEye doesn’t need to reboot its software every several years; the software is updated every hour. Fortinet makes a similar boast, noting its FortiGuard research updates systems every five minutes. Big Data, Internet of Things and AI Artificial intelligence (AI) won’t look like Haley Joel Osment in the 2001 Steven Spielberg flick. Rather, machine-learning will be bolstered by data-heavy Internet of Things devices, Sol Cates, chief security officer for encryption specialist Vormetric, told IBD. The trend could boost the chip sector. Tesla Motors ( TSLA ) partner Nvidia ( NVDA ) forged alliances with Facebook ( FB ) and Chinese Internet major Alibaba ( BABA ) during Q4 for speedy intelligence chips, Nvidia CFO Colette Kress said during last month. Just as “platform” is a commonplace buzzword, so too are Big Data, the Internet of Things and the cloud, Cates says. But they’ll also be integral to future technology — and that’s either a boon or a bust for the cybersecurity industry. AI generates two big questions for the sector, Cates said. “How do we protect the sensitive data going in? And how do we harness it for security?” he asked. The problem is, the cybersecurity industry often trails innovation. “We have to figure it out after the fact, and we’re not yet experts on it.” IBM, which just acquired Resilient Systems , plans to push machine-learning to accelerate automated penetration testing, Marc van Zadelhoff, the company’s security general manager, told IBD. Penetration testing — purposefully probing a system for vulnerabilities — will become more and more necessary in the security world as the BYOD (bring your own device) trend opens more endpoints. Gemalto exec David Etue argued during an RSA lecture that software updates could right the likely-to-occur wrongs as the cybersecurity sector tackles the Internet of Things market. “If we get this right, this puts us in a position for long-term success,” he said. Fortinet’s Manky says wrangling the Internet of Things and protecting Big Data will be more complicated than that. Industry experts estimate 20 billion-30 billion Internet-capable devices will come online in the next four years. “That generates a lot of noise, and there’s a lot of traffic, you need to inspect all of that,” Manky said. “Anything and everything is a target now. … If you think of any device that has an Internet connection, it’s got memory, it has a processor and a connection, and that’s all hackers need to go after (it).”

IBM To Acquire Resilient Systems, Undercut Cisco, Symantec, FireEye

Tech giant IBM ( IBM ) plans to undercut Cisco Systems ( CSCO ), Symantec ( SYMC ), FireEye ( FEYE ) and Rapid7 ( RPD ) by acquiring incident response firm Resilient Systems and partnering with endpoint security provider Carbon Black, the company announced Monday. The announcement comes a week after IBM unveiled a deeper tie to No. 1 cybersecurity pure-play Check Point Software Technology ( CHKP ) to pool research and integrate systems. IBM stock was up 0.9% in morning trading on the stock market today . IBD’s 25-company Computer Software-Security industry group was down a fraction Monday as companies headed to the RSA Conference, a massive cybersecurity industry gathering that runs all week in San Francisco. Caleb Barlow, vice president of IBM Security, described the Resilient Systems acquisition as the cornerstone of a three-prong strategy to protect, defend and respond to cyberbreaches. Per IBM policy, he wouldn’t disclose the price tag for the privately held, 100-employee company. “This ultimately gives us the ability to expand from protecting and defending the enterprise to also being able to respond to a breach,” Barlow told IBD. “This combination of a new acquisition and the associated partnerships really make a move into the incident-response space.” Carbon Black Has Big Share Of Endpoint Security In conjunction with the acquisition, IBM will partner with endpoint security firm Carbon Black. Privately held Carbon Black owns 37% of the endpoint market, according to industry tracker IDC. Carbon Black’s platform will allow IBM analysts to conduct security forensics on compromised endpoint devices. Resilient Systems will be integrated into IBM’s incident-response platform, dubbed X-Force Incident Response Services. Via X-Force, IBM will counsel clients through all parts of a cyberbreach and on ways to avoid such breaches. Barlow likened the service to a fire drill. “Most companies don’t have good incident-response plans,” he said. “There’s a binder on the shelf for what to do in the case of a fire or what to do in the case of a flood, but not necessarily what to do in the case of a cyber incident.” That “binder” includes pertinent leadership, disclosure and public relations keys in case of a breach, he said. IBM’s move allows the company to “pivot” from protecting and defending to responding to a breach, he says. It’s all part of IBM’s push into the cybersecurity market. In 2015, IBM pulled in $2 billion in security revenue. That was up 12% but still accounted for only 2.4% of IBM’s total revenue of more than $81 billion, which fell 12%. But the dollar amount topped total sales for security pure-players Palo Alto Networks ( PANW ), Proofpoint ( PFPT ), Fortinet ( FTNT ) and FireEye. And IBM’s security business also outgrew Symantec and Check Point. The security unit was launched four years ago, Barlow says. Since then, it has added 7,300 employees — 1,000 last year alone — and operates in 133 countries globally. “Imagine if that were the conversation about a Silicon Valley startup,” he said.

Intuit Beats With Q3 Guidance But Doesn’t Raise Full-Year Outlook

No. 1 tax-preparation software maker Intuit ( INTU ) — as it heads into its busy season — posted Q2 earnings and Q3 revenue guidance that beat Wall Street expectations, only to see its shares fall. One analyst says that the shares might be falling because the company didn’t raise its guidance for the year. At least two analysts raised their price targets on Intuit stock after the earnings release, and another was bullish on the tax season. Yet Intuit stock was down 5%, near 95, in afternoon trading on the stock market today . In an interview after the earnings release late Thursday, Intuit CFO Neil Williams said that the company’s “momentum is really continuing into Q3.” Intuit said that sales for its fiscal Q2, which ended Jan. 31, rose 23% from the year-earlier quarter to $923 million. The company swung to a 25-cent per-share profit minus items from a 6-cent loss in the year-earlier quarter. Analysts polled by Thomson Reuters had expected $893 million and 19 cents. The company doesn’t give earnings guidance, but it expects Q3 sales of $2.2 billion to $2.26 billion — at the midpoint up only 4.4% from the year-earlier quarter but above the $2.2 billion analyst consensus. Wall Street expects EPS ex items to rise 10%, to $3.15 per share. For the fiscal year, Intuit sees revenue of $4.5 billion to $4.6 billion, up 8.5% at the midpoint. But the company didn’t raise its guidance for the year, RBC Capital Markets analyst Ross MacMillan told IBD, and there are questions about the company’s underlying growth potential. Another factor could be the strong earnings and guidance this week from software makers Salesforce.com ( CRM ) and Palo Alto Networks ( PANW ). Intuit, MacMillan says, is regarded as a “defensive” stock play, but if other stocks are doing well, Intuit is less attractive. In a research note, MacMillan said that Intuit’s TurboTax sales stood out last quarter, rising 9%. He hiked his price target on Intuit stock — but only to 93 from 91. UBS analyst Brent Thill called the results the “best start to tax season in 13 years.” The fiscal Q3 tax season is always the company’s biggest quarter. “We’re in the third year of a multiyear journey and are beginning to see a sea change in how Americans prepare their taxes, driven by the massive innovation across the TurboTax experience combined with a breakthrough marketing campaign that makes our product the hero,” Sasan Goodarzi, executive vice president and general manager of Intuit’s Consumer Tax Group, said in the earnings release. Part of Intuit’s plan to drive consumer tax growth is to leverage its do-it-yourself tax packages, CFO Williams told IBD. “Think about growing the DIY market as growing our total addressable market,” he said. Thill also says that Intuit is a good defensive play. Williams agrees, saying that the small businesses that comprise much of Intuit’s customer base often turn to its software packages when the economy heads south. Besides TurboTax, Intuit is known for its Quicken and QuickBooks small-business software. “Our products are needed most when small-business owners are maybe facing some headwinds economically.” Williams said. “We do well with economic uncertainty.” Wedbush analyst Gil Luria raised his price target on Intuit stock to 100 from 90. Intuit rival H&R Block ( HRB ), which makes the other major tax-preparation software product, is slated to report fiscal Q3 earnings on Thursday.