It's been a tough year for FireEye (NASDAQ:FEYE) shareholders: Year-to-date, shares of the cybersecurity firm have lost nearly 35% of their value. Much of that loss has been fueled by the company's modest growth. FireEye's revenue hasn't been rising as quickly as many analysts had anticipated.
Yet FireEye's business is still growing. Last quarter, the company's revenue rose 34% on an annual basis, while its billings climbed 23%. For all of 2016, FireEye expects its revenue and its billings to rise about 27%. What's helping FireEye's business continue to grow? Back in February, speaking during the company's fourth-quarter earnings call, CEO Dave DeWalt identified four megatrends that could propel FireEye's business for years to come.
Cyber crime is a growing problem
... we are now tracking more than 16,000 unique attacker groups located in nearly every part of the world. The number of attackers has grown exponentially over the past few years, and with anonymity on the Internet, coupled by the lack of government cooperation, the safe havens for these attackers will remain and grow indefinitely. In addition, the number of attacks surfaces that the bad guys can use is becoming infinite as well. What once was primarily a Windows-based attack service has now morphed to hundreds of device types, from end-points to servers to IOT devices And now nearly everything is connected, both through fiber-link Internet gateways, and now satellite linked Internet gateways, the latter of which exacerbates the overall problem with limited security and no governance models. When combining this vast attack surface with the number of attackers, you have a massive problem that is just growing every day.
The cyber security market is complex -- not all threats and solutions are the same. Vendors offer a wide variety of products, including anti-virus software and firewalls. FireEye specializes in advanced persistent threat detection (APT), a class of attacks that involve highly sophisticated attackers working in a well-orchestrated manner over a long period of time. In the past, FireEye argued that its total addressable market could exceed $30 billion, but analysts have been considerably more skeptical, projecting longer-term demand at about one-tenth of that.
Still, investors can take solace in the fact that FireEye is selling into a growing market, one that's unlikely to vanish anytime soon. Others agree: Research specialist MarketsandMarkets expects sales of cyber security solutions to swell to more than $170 billion in 2020, up from about $106 billion in 2015.
Companies are inundated with cyber security solutions
... solving the security management problem [is complex]. And this problem is growing more untenable everyday ... The number [of] security vendors used by most corporations exceeds well over 100 ... This is compounded by the number of alerts that are generated by these vendors, which is now measured in the millions per day per enterprise. How does a security professional wade through millions of alerts from hundreds of vendors to pick out the one alert that could be malicious? The answer is they can't, and new solutions are needed.
More vendors and more cyber security solutions may make companies safer, but it introduces complexity, which can be difficult to handle. Solutions vary, but products often work by sending alerts to the security departments of customers, which are then tasked with wading through the noise and determining which threats need to be tackled.
In 2014, retail giant Target was the victim of an APT attack, in which it lost the credit card data of tens of millions of its customers. Ironically, FireEye was one of Target's vendors, and FireEye successfully alerted Target to the attack ahead of time. But Target's security team ignored the warning. Disappointing, but understandable, given that Target's security team likely processes hundreds of alerts in any given day.
In an effort to solve this problem, FireEye now sells itself as a service. FireEye-as-a-Service (FaaS) taps FireEye's own group of security experts, who analyze FireEye security alerts so customers don't have to do as much work. Demand for FaaS has grown at a rapid rate since the company introduced it late in 2014 -- it topped $100 million in sales within 18 months of its introduction. For FireEye, it offers better margins than its other products, and allows it to onboard customers more rapidly.
The Internet-of-Things raises the stakes
... the world of cyber security is now converging with the world of physical security, as information technology enables critical infrastructure operational technology. This fusion is creating a new set of dangers for the world. Dangers to our everyday work or life, such as energy, water, transportation, connectivity and more ... Recent examples such as the Parisian terrorist attack, the attacks on San Bernardino, and the Ukrainian electrical grid outages all suggest that this problem is here to stay.
Increasingly, devices are becoming both smart and connected. Items as mundane as light bulbs, refrigerators, and water filters are coming online, creating a network of objects known as the Internet-of-Things (IoT). The market for these products is expected to surge over the next few years, with sales hitting $1.7 trillion in 2020.
FireEye isn't an active participant in the IoT, so far as it doesn't sell connected devices or the components necessary to bring objects online. But the growth of the IoT does make its service more attractive, as it dramatically raises the possible damage a cyber criminal could inflict. Last year, hackers remotely disabled an SUV driven by a Wired reporter. The attack was an experiment rather than an instance of active malevolence, but it does highlight the possible destruction cyber criminals could cause in the future.
Human experts are needed
... technology alone cannot solve this problem. While machine learning, big data and analytics, and behavioral analysis are important, the combination of human intelligence and machine-based technology intelligence is required to address these highly sophisticated and complex problems. Recent security spending forecast make it clear that services and as-a-service will become a bigger and bigger part of the spend. Gartner forecast the enterprise security market will grow from about a $67 billion market in 2014 to about $100 billion market in 2019, with security services accounting for more than 70% of that growth. Security outsourcing, or as-a-service, is the fastest growing sub category in that market.
FireEye doesn't just write software -- it employs hundreds of human analysts that actively investigate attacks and work directly with companies to resolve intrusions. FireEye's acquisitions, notably Mandiant and iSight Partners, have helped grow its team of security experts, and positioned it to offer prospective customers more comprehensive solutions. If Gartner's projections prove accurate, FireEye's recent emphasis on services and commitment to build a team of in-house analysts could help propel the company in the years to come.