IT Security Firms Stumble

Most large firms have seen their stocks fall in the past 12 months.
By Priya Ganapati ,

SAN FRANCISCO -- Hackers never go out of style, and data breaches have not really slowed down in the last few months, even as IT security remains a high priority.

Even the Bush administration has expressed serious concerns about the war on terror in cyberspace. Amid fears that hackers could potentially disrupt U.S. financial systems or attack essential utility services, Michael Chertoff, secretary of homeland security, drummed up interest last week for better cyber-security at the RSA conference.

This year's conference, the largest gathering of IT security professionals, drew about 17,000 attendees and 350 exhibitors.

While protecting against threats may be a big business, investors looking for gains in the sector have found little to cheer about.

The IT security sector has been clobbered by a frantic pace of acquisitions, increasing commoditization, a fragmented market and competition from a large number of startups even as it adjusts to new threats and challenges such as the recent push toward a war on terror in cyberspace.

Most publicly listed IT security companies have stumbled over the past 12 months, resulting in poor returns for investors from the big names in the space.

Symantec

(SYMC) - Get Report

, the sector's biggest name, has fallen about 1.1%.

Others have fared worse.

Websense

(WBSN)

, a company that specializes in Web filtering and data leak prevention, has dropped off 16%.

Israeli IT security company

Check Point Software

(CHKP) - Get Report

, which offers both hardware- and software-based IT security products, is down 4%, while authentication specialist

Vasco Data Security

(VDSI)

has tumbled the worst, losing about 24%.

Smaller companies such as

Sourcefire

( FIRE), an open-source security company that went public a year ago, have fared worse. The stock has fallen 42%.

The bright spot in the sector has been Symantec rival

McAfee

( MFE), which rose 13%.

"Investors are wary of the sector, because at any given quarter there is a lot of volatility, and companies can often miss earnings," says Daniel Ives, an analyst with Friedman Billings, Ramsey. "So for many of these stocks, the glass is always half empty."

An earnings miss may have to do more with company-specific execution issues than the health of the sector, says another Wall Street analyst who did not want to be identified.

But bigger IT security firms are finding themselves squeezed by a thriving private industry. There are at least 400 startup IT security companies worldwide, estimates Thomas Ptacek, principal at

Matasano Security

, a three-year-old security startup.

"It is fragmented space," says Ives. "There are a lot of small private companies, which when combined together take market share and exert pricing pressure on the big guys. You have a lot of kids in this sandbox."

Many IT security stars are also struggling with integration problems after a string of aggressive acquisitions. In 2005, Symantec bought storage company

Veritas

for $10.25 billion. Since then, it has acquired four or five startups a year to bolster its technology.

The financial constraints and consolidation problems from the acquisitions have strained Symantec's resources considerably, resulting in a number of layoffs and management changes.

Its smaller rival Websense is also dealing with integration problems following its $400 million purchase last year of UK-based competitor SurfControl.

"Acquisitions on paper seem good but they throw a potential wrench in execution," says Ives. "Bigger is not necessarily better and shareholders want to see good execution more than anything."

McAfee has been an exception. The company has moved slowly in terms of acquisitions and refrained from making multimillion-dollar purchases. "They have a clean strategy, and they are the only ones that have returned good shareholder value over the last year," says Ives.

Still, IT security stocks could be a good defensive play, analysts say.

Security spending remains strong in a maturing IT security sector, says Sarah Friar, an analyst with Goldman Sachs in a recent report. A recent Goldman survey forecast 7.2% growth in security spending in 2008, although growth is expected to slow to 6.5% in 2009.

"Neutral-rated security names could trade higher into earnings as the business is less subject to macro-economy induced swings," agrees Walter Pritchard, an analyst with Cowen, in a recent research note.

Check Point will report its earnings on Thursday, followed by McAfee on Apr. 24 and Symantec on Apr. 30.

Loading ...