The year 2020 has spurred a monumental shift in the way many organizations think about security. With social distancing and remote work, cloud computing has become an absolute must -- and as a result, cloud-native cybersecurity software vendors like Zscaler and CrowdStrike have been off to the races, benefitting from the trend.
But those cybersecurity companies look priced to perfection after their epic stock runs over the last year. Three other security stocks appear to be more timely buys this month: Fortinet (NASDAQ:FTNT), Dynatrace (NYSE:DT), and Splunk (NASDAQ:SPLK). Let's take a closer look at why these are solid buys in December.
1. Fortinet: An old security firm learning new tricks
I'll start with the most boring pick: Fortinet, a legacy software firm rooted in the days when throwing up a firewall around an office was the gold standard for keeping data on lockdown. These days, devices protecting physical real estate and the IT infrastructure contained therein are in far lower demand than in the past because of the new work dynamic ushered in by COVID-19.
However, lower demand doesn't mean no demand. After all, cloud computing services enabling remote workers to do their job still requires hard assets operating somewhere. That's where data centers come in, and Fortinet's firewall hardware is a best-in-class choice for securing them. Case in point, the company's product-based revenue increased 14% year over year to $628 million through the first three quarters of 2020. So much for the thesis that legacy security is dead.
Of course, device-based security isn't what it was in times past. But Fortinet is also more than holding its own in next-gen security software-as-a-service. In fact, its service revenue made up some two-thirds of the total in 2020 and grew at a 22% pace during the third quarter alone. Unlike some of its legacy security peers, Fortinet has primarily built this next-gen business in-house, with just a little help from some very small acquisitions. Its latest takeover, network monitoring and remediation firm Panopta, was for an undisclosed sum (meaning it was an insignificant amount of cash for Fortinet).
This isn't the most exciting cybersecurity stock around, but it remains my personal favorite. Fortinet is still growing at a more-than-respectable rate, and it is highly profitable, with a free cash flow (revenue minus cash operating and capital expenses) profit margin of 34% over the last trailing 12 months. And at just 26 times trailing 12-month free cash flow, shares are a relative deep value compared to the company's highest-flying cloud-native peers. I remain a buyer.
2. Dynatrace: A new entrant in the market with a novel service
Dynatrace is a cloud observability software firm that was relaunched as a public concern in 2019 by private equity firm Thoma Bravo. Cloud infrastructure observability inherently works hand-in-hand with modern cybersecurity needs, as it gives an organization a view of its operations and the ability to pinpoint problems when they arise. Dynatrace takes this software to the next level with AI, providing much-needed automation for monitoring and remediation.
Its platform has been performing well since its IPO, with revenue increasing 30% during its last reported quarter -- or up 35% as measured by annual recurring revenue (ARR). It's also worth noting that Dynatrace operates profitability, a relative rarity among high-growth cloud computing companies. Free cash flow was $54.3 million during the first half of the company's 2021 fiscal year, good for a nearly-17% free cash flow profit margin. Not bad, Dynatrace.
But what I really like here is that the company is using that positive cash flow to reinvest in itself. It plans on hiring so that it can reach the thousands of large organizations around the globe it has yet to connect with. And it's also developing new modules for its AI-based platform. Its most recent addition is a "runtime application self-protection" module to help software developers build protection directly into applications themselves. In a world where cloud security is all the rage, application-level protection may sound redundant, but that's exactly the point with cybersecurity. If one system fails, another is in place to keep the bad people out.
I like Dynatrace's chances at continued growth. With revenue of just $618 million in the last year and a market cap just shy of $11 billion as of this writing, this is still a relatively small player in a massive cloud industry worth hundreds of billions in global spending every year and going strong. Adding a new capability to its observability platform aimed at cybersecurity will certainly help it maintain its momentum.
3. Splunk: Buy it while it's down
Speaking of cloud observability, data analytics leader Splunk recently announced its own suite of software aimed at helping organizations monitor their cloud infrastructure -- creating further overlap with peer Dynatrace. However, over the years Splunk has used its analytics software to build out a significant presence in the cybersecurity world. Among other things, Splunk's customers often use it to analyze and coordinate responses when their IT infrastructure comes under attack.
It's been a long-term winning investment for me, but Splunk has been dealing with some bumps in the road in 2020. It has been migrating its business model over to one that favors the cloud, but the ensuing change in how it bills its users has created a revenue and profitability snafu. Its latest quarterly revenue of $559 million was down 11% year over year, and well short of management's projections. The company blamed a worse-than-expected existing customer contract renewal period in October. But rapid migration to the cloud (with cloud-specific year-over-year revenue growth of 80%) can also be blamed. Shares gave back most of their 2020 gains after the report.
However, many investors are ignoring Splunk's ARR, which combines both new cloud and older term contract income. ARR was up 44% at the end of Splunk's Q3 to $2.07 billion, and it is expected to increase to at least $2.3 billion during the next quarter. Put simply, the situation isn't as dire as some may think, and this legacy software firm is far from finished with its growth story.
After the post-earnings plunge, I'm inclined to go shopping for more Splunk stock. Shares trade for just over 10 times expected full-year ARR, and though it is operating in free-cash-flow-negative territory at the moment, that is also due to the changes in customer billing. Headed into 2021, this could be a real value stock within the cybersecurity industry as Splunk starts to lap the business performance that gave shareholders so much concern in the last year.