For at least five years, a sophisticated and high-level hacking campaign infiltrated IT systems belonging to the U.S. and other governments, defense contractors, other global corporations and organizations such as the United Nations.
Security experts call the campaign "Operation Shady RAT," according to Vanity Fair magazine, which first reported on the attack last week. The intruder or intruders — China is suspected — lifted government secrets, email archives, design schematics and other high-value data from more than 70 victims in 14 countries. RAT is industry jargon for remote access tool, the type of malware believed used.
"This is the biggest transfer of wealth in terms of intellectual property in history," McAfee Vice President of Threat Research Dmitri Alperovitch told Reuters. "The scale at which this is occurring is really, really frightening."
McAfee, the security software firm acquired by Intel (NASDAQ:INTC - News) earlier this year, discovered the campaign .
Hackers often target a core asset: a software maker's proprietary source code, a vendor's client list or millions of customers' credit card numbers. In the process, the intruders destroy a company's reputation or erase a competitive advantage.
"They put your enterprise at risk because they're going after the crown jewels of your business," William Blair analyst Jonathan Ho told IBD.
The threat has evolved in recent years. Corporations don't just have to worry about the high school computer nerd out to make a name for himself with a denial-of-service attack. Now there are organized crime rings involved.
Rogue nations are believed to be launching attacks, too. They attempt to read the emails of dissidents, steal other nations' defense secrets or even destabilize rival economies.
As "Shady RAT" demonstrates, the attacks are increasingly numerous, targeted and sophisticated.
"The threat landscape, I mean it's more toxic than ever," Enrique Salem, Symantec's (NASDAQ:SYMC - News) CEO, told analysts in a July conference call.
Symantec is the largest of the 18 security-focused companies in IBD's Computer Software-Security industry group. That sector ranked No. 30 among IBD's 197 industry groups as of Friday, a big improvement from its No. 105 spot three months ago. But it's fallen from its No. 15 spot a month ago.
Besides Symantec, the group includes several small- or midcap companies with solid Earnings Per Share Ratings: Israel-based Check Point Software (NASDAQ:CHKP - News), Fortinet (NASDAQ:FTNT - News) and Websense (NASDAQ:WBSN - News). IBD's EPS Rating measures a firm's profit growth relative to all other public companies' EPS gains.
1. Business
Security software firms design and sell products such as anti-virus software, firewalls and virtual private networks. In addition to protecting home computers from random attacks, they're guarding corporate networks from external threats, as well keeping employees out of places they shouldn't be.
Governments, corporations and individuals spent $16.5 billion last year on security software, according to an analysis by consulting firm Gartner, up 12% from the recession-constrained year before. Gartner projects 14% growth in 2011, and 10% growth next year.
Symantec captured the largest share of the market in 2010, according to Gartner, with almost 19% of the total security software sales. McAfee — part of Intel, which is in IBD's Electronics-Semiconductor Manufacturing group — was No. 2, with 10.4%. Japanese security giant Trend Micro had 6% of sales, followed by software giants IBM (NYSE:IBM - News) (Computer-Technology Services) and EMC (NYSE:EMC - News) (Computer-Data Storage).
Though simple firewalls and virus software have become somewhat commoditized, the packaging of various layers and types of security help differentiate firms in the space.
The effort to broaden expertise also is pushing mergers and acquisitions. Hewlett-Packard (NYSE:HPQ - News) last year completed its $1.5 billion acquisition of security specialist ArcSight. Also last year, Symantec paid $1.3 billion for the authentication business of the Web domain registry firm VeriSign (NASDAQ:VRSN - News).
M&A should continue, William Blair's Ho notes, as large, comprehensive IT providers use better security offerings as a differentiator for their hardware, software and service packages.
• Name of the Game: Security software firms are in an arms race as they try to detect stealthy assaults, plug leaky networks and thwart the most sophisticated attacks. They need to develop or acquire complementary technologies in order to offer more effective shields to clients.
2. Market
The federal government is the world's largest buyer of information technology, spending nearly $80 billion a year on various hardware, software and other services. Security is a major part of that.
But the government is also rethinking its IT budget. It will shut more than 800 of its roughly 2,000 data centers as it turns to cloud computing to store, sort and deliver government data and services.
The budget gridlock in Washington also tends to slow contract decisions there, analysts say.
The shrinking number of data centers and slow decisions on contracts can send near-term ripples through vendors dealing with the government. Still, long-term demand for security is only growing.
According to Symantec, one in every roughly 319 emails in July contained some sort of phishing scam — an attempt to trick a recipient into turning over personal data. One in every 281 emails contained a virus. Both types of attacks are on the rise, Symantec says.
And Symantec found an average of 6,797 websites in July harboring spyware, adware and other malware, up 25.5% from June.
At the same time, the amount of data being stored, sifted through and sorted are exploding.
To defend themselves, companies plan to spend 4.5% more in 2011 on computer security. That's according to a Morgan Stanley survey of 100 chief information officers published in July.
It represents a hike from the 2.9% growth that CIOs forecast in an April survey.
3. Climate
A slew of high-profile security breaches don't translate directly into new sales, Check Point's CEO Gil Shwed told analysts in a July conference call. But frequent news stories mean security issues increasingly capture C-level attention, Shwed said.
"A few years ago, we were talking to the firewall administrator. It moved up to the chief information security officer. Now more and more, CIOs and in some cases even CEOs want to hear about security solutions," he said.
Morgan Stanley noted in its July survey report that Check Point is one of the firms positioned to benefit from increased demand for security at the network and end-user levels.
And despite several quarters of weak consumer PC sales, Symantec also reported strength on its consumer side, in part through upsells of its popular Norton suite of anti-virus and other software.
4. Technology
Increasingly mobile users are accessing their company's critical systems remotely through smartphones and tablet computers.
Companies keep less and less of their critical data in-house, relying on remote servers and cloud computing to manage costs.
That erosion of the old data perimeter requires complex, multitiered approaches to security.
Cloud computing also puts IT vendors under "relentless Darwinian pressure" to innovate, the U.S. government's outgoing chief information officer, Vivek Kundra often notes. That's because it eliminates the need to maintain many in-house legacy systems, eliminating much of the costs involved with changing providers.
And security is no longer a software patch installed by a network administrator or end user.
Intel is working with its new software subsidiary McAfee on hybrid technology that will incorporate software and hardware defenses at the chip level.
Analysts see great potential for that enhanced chip-level security in the growing array of smartphones, tablets and other devices.
5. Outlook
Technology consulting firm IDC thinks security spending should grow at a compounded annual rate of 9.1% per year through 2013.
But the still-weak economic recovery could dampen IT spending. What's more, the market has high expectations for these firms. It has not been kind to perceived misses.
Fortinet, for instance, which developed unified threat-management systems, beat second-quarter expectations. But it guided for more modest growth in Q3, in part due to challenges in Europe and other markets. Shares dived 19% July 20 on that news.
But long term, the evolving threat necessitates new and innovative security solutions. Plus the growing number of high-profile attacks likely mean that corporate IT departments should be able to get security upgrades approved, even if the economic malaise pinches broader IT budgets.
"When they're cutting budgets, I think security will be more resilient," William Blair's Ho said.
"With enterprise threats and risk-management platforms, you really don't want to skimp on spending there."
• Upside: Organized crime rings and even threats from nasty governments continue to keep CIOs up at night. That means security spending should grow, even if a weak recovery hits broader IT spending.
• Risks: Software and hardware makers are locked in a battle with a shifting and difficult-to-find enemy. Merely plugging holes after a breach isn't good enough. They have to seal out intruders.
But defending a cyberperimeter is tough when cloud computing and the proliferation of mobile access points eliminate physical boundaries. And there's increasing deep-pocketed competition from hardware developers such as Intel or tech services providers such as IBM, which see robust built-in security as a competitive advantage.
There are no comments yet