In May 2014, Target CEO Gregg Steinhafel lost his job. This came a few months after the U.S. retail chain’s customer database was hacked. The details of some 40 million credit-card holders were stolen, along with personal information on tens of millions of other customers.
Steinhafel may have received a golden parachute worth some $27 million, but he’ll be remembered as the first CEO of a major firm forced to resign because of a cyber attack.
Quite a few other cyber incidents have hit the headlines in recent years. Another well-known case involved the hacking of Sony and the theft of its movie “The Interview” before the film was even released to the theaters. Other famous cases included the hacking of Apple’s cloud services and the theft of naked pictures of famous actresses.
But these incidents are just the tip of the iceberg. Cyber experts believe the past 12 months marked a change in direction concerning the seriousness of cyber attacks – as well as the importance of the global information security industry, which is trying to defend against such attacks. As a result, these firms have been called on to develop ever more sophisticated technology.
In the past, attackers would generally focus on breaking through the outer security perimeter. Today, many of them have much more sophisticated methods of attack, reminiscent of well-planned military operations. The hackers identify weak points, penetrate the network with a low level of intensity, collect more and more information, make their plans – and then strike.
Israeli firms: 10% of global market
In the case of Target, it was credit-card data. In other cases, the attacks can be for purposes such as industrial or government espionage, stealing money or shutting down operations of both private and government organizations – whether for business or ideological reasons. This rise in awareness and demand for cyber security has helped lift the share prices of many companies that operate in the industry – a few of which are relatively old-timers.
The best-known is Check Point Software Technologies, an Israeli firm founded by Gil Shwed, Marius Nacht and Shlomo Kramer. Check Point has a market capitalization of $15 billion. Another large Israeli firm in the sector is CyberArk Software, whose CEO is Udi Mokady. CyberArk has a market cap of $2.2 billion, after its IPO last September.
Israel is considered to be an international cyber superpower, and is trying to brand itself accordingly. Check Point was founded by three newly released Israel Defense Forces veterans who specialized in information security. It was among the very first companies in the world to develop software to protect computer networking – including some of the earliest firewalls – and was a great success from almost the get-go. Many other Israeli companies were established in its wake, some by people who had previously worked for Check Point itself.
The information security market is estimated to be worth some $60 billion a year. Israel’s National Cyber Bureau in the Prime Minister’s Office estimates that Israeli companies hold a 10% share of the global information security market. Many firms whose operations were never historically in the security field are now expanding their presence into the industry. For example, Verint – whose main business was in intelligence systems for military and government institutions – decided to expand its operations in the cyber industry into civilian markets. Elbit Systems, which develops military systems, also established a subsidiary named Cyberbit, which has bought the cyber division of NICE Systems.
The growth of the cyber industry has attracted a huge number of investors. This demand led to the creation, last November, of the first Cyber Security exchange-traded fund (ETF), which tracks an index of 31 stocks. “The fund seeks to provide investment results that, before fees and expenses, correspond generally to the price and yield performance of the ISE Cyber Security Index,” states PureFunds, the company behind the ETF.
The ETF is traded in New York under the symbol “HACK.” Since its launch seven months ago, it has risen some 30% in value. The ETF includes a number of Israeli cyber firms, or some that are identified with Israeli entrepreneurs: Check Point Software Technologies, Imperva, CyberArk and Palo Alto Networks. These firms make up about 22% of the value of the ETF, even though they represent only some 10% of the total market cap of the companies included in it.
A few of the firms in the ETF are not pure cyber companies, and only some of their products and operations are in the sector (for example, Juniper Networks, Cisco and Radware). The Israeli companies included in HACK are traded on the New York Stock Exchange or the Nasdaq - but none of them trade on the Tel Aviv Stock Exchange.
Check Point: Firewall still burns bright
Check Point was founded in 1992, and its first development was the firewall to protect organizations from outside attacks. It became a standard for large companies and organizations, and 98% of all Fortune 500 companies use it today.
Over the years, the company has moved into other security products, especially modular ones that allow it to sell more to existing customers – such as its Software Blades. It recently bought Hyperwise, an Israeli startup, and has also moved into mobile security over the past year, which should be another growth engine. It also bought another Israeli startup, Lacoon Mobile Security, which had developed technology for identifying infections on smartphones and the leak of sensitive information from organizational networks.
The firewall is still Check Point’s core business. Over the past five years, its shares have shown an average annual return of 22%, with a present market cap of $15.2 billion. Revenues grew 9% in the first quarter of the year to $373 million, and net profits hit $171 million. The company has $1.3 billion in cash-on-hand, after buying back some $4 billion of its own shares.
Palo Alto: Founded by ex-Check Point exec
Palo Alto was founded in 2005 by Nir Zuk, who was one of Check Point’s first employees – and later became obsessed with competing against his former employer.
The firm is considered one of Check Point’s main competitors and has its own firewall product. At an early stage, though, the company realized it needed other products too.
In March 2014, Palo Alto bought Israeli startup Cyvera for some $200 million. Cyvera has a unique mobile security product, which tries to locate viruses before they can attack the organizational systems.
Palo Alto is a U.S. company, even though its founders are originally Israeli. It had its IPO in July 2012 at a value of $4.4 billion, and now trades at a market cap of some $15 billion, similar in value to Check Point. Palo Alto had a 55% increase in revenues in the first quarter of 2015 to $234 million, with a net profit of $20.5 million – an increase of 135%.
CyberArk: Protecting the ‘safe’
CyberArk, an Israeli firm, was founded in 1999. It has different security solutions than the other companies. If Check Point and Palo Alto provide “locks and alarms” for the building, then CyberArk sells “protection for the safe,” where the truly important goods are kept – or, in this case, the authorizations to access these important items. That’s why CyberArk doesn’t compete with the firewalls: it complements them.
The assumption is that every firewall can be penetrated sooner or later, and what’s then important is to keep the invaders from the important items. CyberArk’s system identifies unauthorized access to part of the network, as well as suspicious activities, and blocks them.
CyberArk held its IPO in September 2014 at a company value of $470 million. Investors welcomed it with open arms, and since then it has climbed to a market cap of $2.2 billion. This rise is supported by a growth in revenues, along with the cyber-attack headlines of the past year. Centrify, another firm in the same security field of authorization management, is expected to hold an IPO next year.
CyberArk had revenues of $33 million in the first quarter, an 89% increase compared to the same quarter of 2014. The quarterly net profit rose to $5.7 million, compared to only $300,000 a year earlier.
Imperva: Defending the database
Imperva was founded in 2000 by Shlomo Kramer, formerly of Check Point. The company’s specialty is securing databases. It tries to build a new “safe” around these databases, where the important information is kept. The first half of 2014 was disappointing for the firm, and stock dropped 35% after the company lowered its revenue forecasts by 14% compared to analyst forecasts. The reason was longer sales processes due to fiercer competition, as well as problems in completing projects.
Since then, the company has returned to growth and now has a market cap of $2 billion. First quarter sales rose by 42% to $45 million. Imperva made a profit in 2013, but recent quarters have not, with the firm investing heavily in R&D. The net loss in the first quarter was $7 million, down from a $9 million loss a year earlier. But the company has $243 million in cash in its coffers, which could be used for purchases as well as organic growth.