Image Source: Cyberark Software Ltd.
You may not be familiar with terms such as "privileged account security" or even the company Cyberark Software Ltd. (CYBR +0.00%), but their products and services are addressing an increasingly growing threat inside computer networks, one with huge growth potential.
What is privileged account security?
Privileged accounts are roughly what they sound like -- computer and network accounts with higher level privileges or security clearances. Your company IT guy has access to the Windows administrator account, an account built into Windows to help manage the system. Other employees also have privileged accounts when they have access to sensitive information, or are able to control different systems.
Privileged accounts, like other high-powered tools, are a necessary and good thing that help people get stuff done, but in the wrong hands, that power can be used for malicious purposes and can cause a lot of damage. These accounts are like keys to the IT kingdom, and once they're obtained, the attacker can roam around the network opening all kinds of doors, stealing valuable information or wreaking havoc.
Interestingly, it's not just outside hackers who try to obtain these accounts. Internal employees are just as much of a threat, especially those who have access to these accounts to begin with. Angry or disgruntled employees can exploit company information for financial gain or to get revenge on a boss. A recent report found 72% of security incidences at financial institutions involved a current or former employee.
The field is ripe for harvest
These types of attacks are relatively new, emerging after the year 2000, as they are more sophisticated and require external hackers to get privileged account credentials by phishing and social engineering, or tricking employees into giving up information. Further, the risk of these attacks increases as more sensitive information is moved to the cloud and as companies allow employees to use additional devices to log on to networks from all over the world.
The current size of this market opportunity has been estimated by Cyberark at approximately $10 billion to $11 billion, while other analysts have estimated it closer to $9 billion. Additionally, the datacenter security market is expected to grow much faster than the overall datacenter market according to IDC. Because cybersecurity will continue to be a necessity for companies going forward, we are not likely to see these figures shrink.
Here is the exciting part: Cyberark's revenue is estimated to reach close to $150 million this year, indicating their market penetration is in the low single-digits at best. This leaves the company a very long runway for growth.
Even more exciting is Cyberark appears to have a first mover advantage as not many companies are focusing exclusively on this type of threat. Looking at the numerous case studies where Cyberark has been implemented, we find most companies are manually organizing administration passwords and accounts, keeping track of them on Excel sheets or literally putting backups in envelopes in physical safes. Cyberark has a number of software products that make administration of these accounts easy, such as their Enterprise Password Vault that automatically stores, backs up, and changes passwords for better security. Other products include monitoring and analyzing privileged accounts for suspicious activity, in case a malicious user is already inside the system.
This means the company is going after a problem that most companies don't have a solution to yet, so Cyberark does not have to replace an incumbent vendor. Other cybersecurity companies such as Palo Alto Networks (PANW 5.97%), and FireEye (FEYE +0.00%), focus on firewall and perimeter security, which is necessary as well, but not the same as internal, privileged account security.
This focus seems to be working very well, as the company has grown revenue at 30%, 40% and 56% over the past three years, respectively. Unlike many high-growth tech companies, Cyberark has been profitable for those three years as well and continues to blow away earnings estimates as well as exceed analyst revenue expectations. Cyberark currently has over 1,900 customers, including 40% of the Fortune 100 and 17 of the world's top 20 banks.
The right ingredients for explosive growth
Cyberark is a company operating in a $10 billion market, with single-digit penetration, revenue growing around 50% per year, with a differentiated and much-needed product, and very few competitors. It's hard not to get excited with a stock like this, but one thing that may keep people away is valuation and volatility.
Granted, Cyberark is not "cheap," given a current P/E ratio of over 100. But P/E ratios for small-cap, high-growth stocks are not the best measurements of value, especially as most companies like this are not even profitable yet. The stock has also had a volatile run and is currently about 30% off its high, also not uncommon for these tech stocks out of the gate. Some of the recent sell-off could be due to taking gains after a dizzying spike at the beginning of the year, as well as the expiration of the IPO "lock-up" period, which allows insiders to sell some of their shares.
But if you want a growth stock with lots of potential ahead of it, in an industry that doesn't seem to be going out of style anytime soon, Cyberark is worth a look.
