Cybersecurity firm FireEye (MNDT) lost nearly 40% of its market value this year due to sluggish sales growth, cash burn concerns, and major executive departures. But now that FireEye trades at a 35% discount to its IPO price of $20, is the stock still too risky to touch? Let's examine its headwinds, tailwinds, cash flows, and valuations to find out.
FireEye's revenue rose 13% annually to $186.4 million last quarter, representing its slowest year-over-year growth rate since its 2013 IPO. The company expects to finish fiscal 2016 with 15%-16% sales growth and 4%-6% billings growth -- which is a big drop from its 46% sales growth and 35% billings growth in 2015.
FireEye blamed that slowdown on its ongoing shift from on-site security appliances to subscription-based services like FireEye as a Service (Faas). Competition also remains fierce -- Cisco (CSCO -1.41%) bundles threat prevention solutions with its networking hardware and software, and Palo Alto Networks (PANW -1.08%) and Fortinet (FTNT -1.01%) have integrated threat prevention features into their next-gen firewalls.
FireEye also lost several key executives over the past two years. CFO Michael Sheridan resigned last year, CEO David DeWalt stepped down this June, and founder Ashar Aziz resigned from the board of directors in September.
FireEye's current CEO is Kevin Mandia, who joined the company after FireEye acquired his company Mandiant in 2014. Mandia is trying to boost FireEye's margins with hundreds of layoffs and widening its moat with Helix, an all-in-one platform that bundles together many of FireEye's services with a single user interface. If it can successfully pivot away from appliances and toward FaaS, Helix, and its other subscription-based services, FireEye's revenue growth might accelerate again.
Mandia is not actively trying to sell FireEye, but the company is still frequently cited as a takeover target for companies like Cisco. Its Mandiant and iSight threat detection technologies are still considered "best in breed" solutions, and it serves over 5,000 customers across 67 countries -- including nearly half the Forbes Global 2000.
The cash flows
Under DeWalt, FireEye repeatedly struggled to generate positive cash flows. FireEye relied on secondary stock and convertible debt offerings to generate more cash, but those moves diluted existing shares and undermined investor confidence.
FireEye's big stock-based compensation expenses, which gobbled up 32% of its revenues during the first nine months of 2016, also prevented it from becoming profitable on a GAAP-adjusted basis. Mandia's decision to reduce its workforce and implement other cost-cutting measures is clearly aimed at getting those costs under control.
Between the third quarters of 2015 and 2016, FireEye's gross margin rose from 73% to 74%, its operating margin improved from -32% to -14%, and its operating cash flow rose from negative $8.3 million to $14.1 million. Thanks to those bottom line improvements, FireEye expects to generate positive free cash flows for all of 2017. That would mark the first time that FireEye has ever reported positive free cash flow since its IPO.
FireEye's enterprise value-to-sales ratio of 2.7 is lower than Palo Alto and Fortinet's respective EV/Sales ratios of 7.3 and 3.4, and its enterprise value of $2 billion is a fairly affordable target for bigger tech players. However, FireEye's EV/FCF ratio (an oft-used metric to measure high-growth companies) compares very poorly to Palo Alto, Fortinet, and many other cybersecurity players due to its negative free cash flow.
If FireEye's FCF rises to positive territory next year, its valuation would look much safer for investors and potential acquirers, and its stock could rebound. However, Mandia's plan to downsize FireEye in the face of rising competition could also backfire if its sales and marketing teams get outgunned by teams from larger rivals like Cisco, Palo Alto, and Fortinet.
So how risky is FireEye?
FireEye has certainly taken steps in the right direction, but it's still a very risky stock. Its plan to pivot from appliances to services while downsizing sounds reasonable on paper, but it could be tough to pull off amid unpredictable enterprise spending and tough competition.
Therefore, my overall impression of FireEye has improved, but I think conservative investors would be better off sticking with Cisco or Symantec, while investors who can stomach more volatility should take a closer look at the profitable niche player CyberArk instead.