volume xx - issue 2

By Definition: Part 1

A friend of mine called me out recently about the stocks I’ve bought in recent months, and that I advertise New Edge Analytics as a niche proxy hunter. More like a buy-side equity analyst, looking for pure plays in certain tech industries. Software and semiconductors mainly. He aptly pointed out that I went with mega-caps, multiple industries, multiple markets, multiple technology solutions. And he had me there. I had to think about it and remind myself what fits my definition of a proxy.

New Edge exercises a disciplined approach to performance recognition among IT companies. A company has a proxy when NEA attributes outstanding growth to a tangible product that, standing alone, makes a positive contribution to earnings and moves the price of the stock. Staying true to the core, stocks with good fundamentals, New Edge adds emphasis to technical indicators; the patterns that show up in the stock charts of publicly traded companies. I have always used technical indicators to pick entry and exit points but have added weight to those methods to pick growth stocks that would otherwise be ruled out based on their fundamentals alone.

Every seven years on average the stock market gives you the opportunity to shuffle the deck and pick new economy leaders. That is how you must look at bear markets and corrections in the long run – opportunities. It was twelve years ago, using 2018 as the middle of a bear market lasting 17 months, that the S&P 500 dropped over 56%. At the time some of the technologies among the companies named in this essay had been in development for at least several decades. But they were not yet mainstream and hence an investment in these stocks came along with high risk. Some fell hard in the Great Recession. Some mentioned here were under $5 per share – penny stocks.

The companies that suffered with bleeding edge innovation in that bear market have in a few sectors become companies that produce strong growth in earnings now. They enjoy double digit earnings growth year-over-year, and (prior year) quarter-over-quarter. Software and semiconductor technologies that once fit the description of a niche are now developed or acquired by companies that participate in multiple markets. These technologies include subscription software, 4G/5G mobile networks, cloud computing, RISC architecture in data centers, machine learning, artificial intelligence, and high-performance computing. Fringe networks accommodate the Internet of Things and are patrolled by cybersecurity systems.

The IT industry, like most industries, consolidates during bear markets and recessions. Some large companies emerge as winners and address more than one automated solution. The tell is if they can continue to integrate smaller companies, the stand-alone proxies, as well. This means there is still a pipeline of leading-edge solutions. These new economy leaders form the new baseline.

In the context of the recent COVID pullback and recovery, the stocks with the fastest improving prices telegraph who qualifies as new leadership positioned for the next leg up. For now, we need to think about sustainable trends and manage the risk over twelve to eighteen months. A longer bear market affecting all industries is not out of the question, with looming COVID fears and the election in November weighing on forecasts for economic growth.

Twenty-First Century Tech Portfolio

Tech companies with double digit sales and earnings growth have figured out how to move into new markets without assuming much debt. If debt is needed, borrowing continues to be financed with historically low interest rates. There are no significant monetary policy changes indicated by the Federal Reserve. Here are the categories of IT companies that now fit New Edge strategies from the perspective of a buy-side equity analyst:

SaaS

Software as a Service (SaaS) simply means the customer leases or subscribes to a software application running in the cloud, pays usually by the month, and can cancel at any time. There is no upfront purchase by the customer nor annual maintenance fees for a truly SaaS company. Client retention depends on how sticky the solution is. If it is a key necessity inside the company, the company is likely to remain subscribed. Teenagers and their mobile phones, social media, and gaming apps – not so much. The rub for the SaaS companies is a high gross margin percentage, and predictable cash flow. The stock market loves predictable cash flow.

There are just a couple of varieties of SaaS. The application may run entirely in the cloud (in data centers). The application may partially run in the cloud and partially on a user device (the fringe network). The application may run in an enterprise setting, meaning a large organization where the application, database, and network run both in the cloud and in the company’s own facilities. We call this “hybrid cloud computing”.

Chips

Semiconductor companies are coming out of a mild bear market. The rub in this sector is the amount of debt a fabless semiconductor company avoids versus a chip manufacturer. The industry over the last decade has moved to integrated circuit designers who outsource the mass production of the chips they create to a handful of manufacturers. We call these “fabless” or “non-fabricating” chip companies. Sometimes they are endeavoring to create a market. In the end, the emergence of fabless semiconductor companies is now mainstream, has shortened the design-to-build cycle, and helps manage inventories without the need for CapEx and a lot of debt.

Mass production facilities are called foundries, aka “fabricating plants”, and can operate from the early stages of making polysilicon ingots to mass production of wafers and chips. There is a lot of industrial equipment required to mass produce integrated circuits. There are three main foundries who are capable of building nearly all semiconductors – from computer memory, to CPUs, to graphics and solid state drives, to chips in a cell phone. They are Taiwan Semiconductor, Samsung Foundry and Global Foundries (privately held). Intel, Texas Instruments and Micron are examples of North American companies who design and in part have their own foundries. These are called “semi-fab” manufacturers. If we continue to be at odds with China, watch what these companies do to bring mass chip manufacturing back onshore to the US and South America.

Networks

Here is where 4G/5G mobile networks, data centers, telecom carriers, entertainment, and social media live. I would also include fringe networks, here in the context of devices that access the network for computing resources. The Internet of Things. The main 5G carrier companies in North America are AT&T, Verizon, and T-Mobile/Sprint. You could add Comcast and Cox to the mix with satellite feeds, and dozens of independent fiber and cable companies serving secondary markets. 5G is the radio enabler for more applications than cell phones.

5G in an industrial/municipal setting creates revenue for carriers to build infrastructure. This subsidizes the commercial end of the user market such as mobile devices. 5G devices will have applications with intelligent endpoints, sensors, and actuators in all kinds of environments. These include urban smart city solutions, durable gear for demanding indoor and outdoor manufacturing settings, automated logistics and shipping, and automated cars. The list grows daily.

Network Security

Cybersecurity and National Defense are included together at the author’s discretion since beyond traditional thinking about the ability to protect a computer network and data in the private sector, it’s unsaid that cybersecurity is a big area of spending for the military and intelligence communities. Unfortunately, the government doesn’t publish what it spends for network technology and cybersecurity.

You must work hard to understand the spending by the government and revenue opportunities for the cyber companies. Find companies whose primary customers are the military and research the contract awards that they win. Useful information can be found in earnings conference calls, a close look at financial statements, trade journals for defense contractors, and their websites.

Choose companies that make or implement firewalls, who have highly predictable sales and earnings growth. If they make a few strategic acquisitions a year among privately financed cybersecurity companies – the better. The industry is consolidating and the younger, privately held companies are clustering around the firewall manufacturers pre-IPO, or an M&A transaction.

Leading Stocks

Here are the New Edge picks for the second half of 2020. Stay tuned for follow up articles with justification for the companies mentioned here. Hover and click over any stock symbol.

• SaaS: Adobe (NASDAQ:ADBE) and Microsoft (NASDAQ:MSFT). Based on broadening product lines, auto-updates, their embedded base of installations, and relevance with both consumer and business markets. They nearly own your user experience with desktop and Web applications. And you pay by the year/month.

• Chips: Advanced Micro Devices (NYSE:AMD) and Nvidia (NASDAQ:NVDA). Given a confirmed uptrend in the use of RISC microprocessors in data centers, this new industrial opportunity complements their popularity with graphics and gaming. Add machine learning and artificial intelligence to the mix.

• Networks: American Tower (NYSE:AMT). Cell towers figure prominently delivering both 4G LTE radio bandwidth, and in the hosting of new 5G antennas that reach both mobile and stationary devices. AMT is a real estate investment trust that passes lease revenue through to investors.

• Network Security: Mercury Systems (NASDAQ:MRCY) and Palo Alto Networks (NASDAQ:PANW). Both participate with government civilian agencies, the military, and the intelligence community. Both make a few strategic acquisitions a year, some in government space. PANW is my favorite firewall pick.

Copyright © 2020 New Edge Analytics. All rights reserved.

volume xix - issue 3

How Long the Bull?

All index prices are day-end with decimals omitted unless otherwise noted.

The S&P 500 Index passed a milestone at 3000 in July, truly an achievement of the longest bull market in history. And it bears plenty of notice. But this article is about perspective. Over a twenty-year span, 3000 is not such a big number.

I would like to ask the reader to humor me and consider it significant when the Index has crossed an upward bound, non-arbitrary threshold of 1500. This has happened three times. Twice the market retreated to roughly half that number. The Index first crossed 1500, then reached 1527, a rarefied milestone, on March 24, 2000. Y2K – The Dot Com Boom. By October 2002, the Boom had gone Bust. Soon following Nine-Eleven, the index cratered to 776. Almost half the peak value.

The most brutal stock market routs stem from broadly mispriced assets in large markets experiencing hoards of new cash invested. In the Dot Com era, frothy stock IPOs for new tech companies poorly reflected the truth that most had never earned a dime before going public and had no tangible prospects of ever breaking even. Promoting the bonds and collateralized debt of independent telecom companies as safe havens was another sham. WorldCom was not Ma Bell (AT&T), a regulated utility with a guaranteed income stream.

Finding the Bottom

This is what happens with every big stock market crash. Some structural element of the financial system becomes impossible to price and the assets must be marked down once realizing that those holding the assets – pros and moms and pops alike – won’t be getting their money back. Sounds like musical chairs doesn’t it?

The bust following Y2K was the first of two striking retreats from 1500 for the S&P 500. The years 2000 – 2010 were labeled “The Lost Decade” for shares of Information Technology companies, particularly telecommunications. It took eight years for the Market to return to the 1500’s, breaking the barrier again in 2007 and peaking October 9th that year at 1565.

This time, mortgage backed securities were the unpriceable assets. I recall at the time listening to a morning report on CNBC, that the size of the secondary market for mortgage backed securities had grown to three times the value of the US Treasury market. I gasped a little, and within the following weeks went to cash in portfolios except for the large, stodgy mega-cap and old money stocks that historically survive economic crises. Fortunately I side-stepped the slaughter coming up. The Big Short.

And so, the Mortgage Crisis ensued in 2008. Lehman Brothers went bankrupt, the largest in history. AIG and Bear Stearns nearly did; the latter bought by JP Morgan for $2 per share. Bank of America acquired Countrywide Mortgage and Merrill Lynch. The government quickly passed the Troubled Assets Relief Program (TARP), allowing the distribution of over $700B in liquidity to the largest US banks.

At the bottom, March 6, 2009, the Index had collapsed intraday to 666.79 but rallied. The lowest daily close came through a few days later, March 9, at 676 – lower than the bottom following the Dot Com Bust and the Nine-Eleven attacks. All the major brokerage firms were now owned by large banks under the jurisdiction of the Federal Reserve.

These banks, were given greater access to short term credit through the Fed Funds Discount Window, under the guise “Too Big To Fail”. Morgan Stanley and Goldman Sachs were the only two large investment banks still standing. They formed bank holding companies and grudgingly acquiesced to direction from Congress and control by the Fed.

It’s Just a Double

The Great Recession followed. But the S&P 500 Index climbed again and that value on March 6, 2009 of 666 stands as the most recent low point marking the start of a bull market that is now over ten years old. The media is celebrating the performance of the market as measured from the bottom, clearly through 1500 in 2013, and continuing uninhibited to 3000 last month. The statistics are accurate. The path from 666 to 3000 is four-and-a-half times your money from-trough-to-recent-peak. Astounding. Even accounting for a possible correction underway.

But here’s the thing: If you bought the S&P 500 Index, meaning “The Market” near the top of the Dot Com Boom, peaking near 1500, it would have taken nine years to reach that level again before the mortgage crisis. Then again dropping to half its value. Ten years later, here we are toying with 3000. This is only – not to discredit – a 100% gain, or double your money, over a few months more than nineteen years.

If you invested $5 in The Market in 1999, you would have about $10 now. I’ll do the math here. That’s about 5% annually without compounding, without inflation adjustment. The compounded annual rate of return for the S&P 500 over those twenty years is closer to 3.5%. When accounting for inflation, the ROR is actually worse. The long-term statistical mean of the S&P 500 is 8% annually with an 18% swing in one standard deviation.  The actual twenty-year average return from 1999 to 2019 is nowhere near the mean.

Healthy Sector Rotation and Market Cycles

I recently completed a fifteen-year look back into the prices of the stocks of deliberately non-tech companies and have decided they are fairly priced. This opinion based on dividend yields, relative price to earnings ratios and a few other fundamentals. It’s boring but stocks of energy, natural resource and utility companies, and consumer brands that pay dividends are safe bets now.

This economy is quietly going through about as normal a sector rotation as I can remember since joining the investment finance business in 1985. Prolonged periods of low interest rates impact the banks, but that industry has been steadily on the mend. Growth in fee-based services is replacing money earned on the spread; the difference between the bank’s borrowing cost and the rates they charge as interest on loans to consumers and businesses.

The energy sector rolled over in 2015 when the fracking boom peaked. It became apparent that we have enough of our own energy resources to last without foreign imports. Most analysts believe that oil and gas prices have already reached the bottom of their cycle. I do, too.

Industrials and the manufacturing sectors are further along in the economic cycle, so I wouldn’t be surprised with a pullback here, but not like the breakdown in 1999 – 2002. Semiconductors peaked in 2017 and some have dropped by half their value. They had also in part fueled the ride up to 3000. But sector woes haven’t taken the broader industrial economy along with it.

Late Stagers Still Need to Peak and There is Cautious Upside

The S&P 500 and the Dow Jones Industrial Average are now heavily Information Technology weighted and that won’t change. This isn’t your grandfather’s portfolio. Of the 30 Dow Industrials, Apple, Cisco, IBM, Intel, and Microsoft are included. In the S&P 500, these stocks and the FANG Gang – Facebook, Amazon, Netflix and Google – are prominently represented due to their size. Their extraordinary new highs make the news. These stocks and companies like them are the most exposed to a correction and most heavily weigh on the price of the S&P 500 Index.

Consumer spending, jobs, the service economy, software, and military spending are usually the last to peak and we haven’t seen it.  We have yet to show any real evidence that the economy is slowing down in a dramatic way.  So, take a breath here.  Consider raising some cash and increasing positions in safe-haven assets but don’t go overboard.

Sector rotation describes a healthy economy. Daily ups and downs that follow the news – China Trade, Brexit, the behavior of Iran and North Korea, an upcoming election and ongoing Congressional angst – are offset by cuts in corporate tax rates, share buybacks, more than a decade of low interest rates and a sensible Fed. Taking the long view, the Market knows what it’s doing and a double-the-money in twenty years means statistically there is more room for the bull to run.

Copyright © 2019 New Edge Analytics, All rights reserved

volume xviii - issue 5

Palo Alto Networks and Their Acquisition String

I penned an article in September, “Cyber Growth, Building an Ecosystem”, featuring Palo Alto Networks (NASDAQ:PANW) as a proxy in cybersecurity.  Pointed out there, that an astute investor would want to know about Palo Alto’s business with the government.  Cyber Defense is a strategic mission within developed countries that lives in both the military and the intelligence communities.  The most sophisticated cyber attacks come from sovereign domains.

Some due diligence about relationships with Uncle Sam is warranted here.  There is a  tremendous advantage when a company is given an opportunity to build cutting edge technologies for the military and intelligence community.  We spend a lot of tax dollars in these branches of government.  There is a long history of game changing applications in IT that comes to us by way of government research.  Mega disruptors appear every ten years or so and often the base technologies come from the government.

Alliance with Israeli Intelligence

Palo Alto does not segment government sales in financial statements.  Nor do they divulge much about their R&D efforts.  And they certainly don’t publish information about our government’s alliances with foreign countries.  So, it’s worth a deeper dive into the history of Palo Alto, its founders, financing, and evidence of government relationships that can be parsed from evaluating their acquisitions.

Palo Alto has been acquisitive from the start, founded by Nir Zuk in 2005.  He retains the role of CTO and is a board member. Mr. Zuk served in the Israeli Defense Forces intelligence corps, Unit 8200, their SIGINT (signal intelligence) division.  Unit 8200 in the Israeli military is comparable to our National Security Agency (the NSA).

It’s not much of a stretch, given an acquisition string that includes many Unit 8200 alumni, to believe that our own national defense agencies team with Israel as a military ally and cooperate with international cybersecurity defense programs.

Israel is probably the best choice.  We engage in competing and hostile cyber activity with other parts of the developed world.  Just read the daily news to speculate about the countries we compete with and who are likely to be our cyber foes.

Financing

Cash is needed for acquisitions.  So far, Palo Alto has gone the route of public debt financing only twice.  $575m of convertible notes were issued in April 2014 that mature next year.  The notes convert at $110 per share so given current prices ($178 at this writing), it’s likely the notes will be retired in exchange for stock.  In August, another $1.5B in convertible notes was raised in a private placement.

Borrowing money for acquisitions is usually a signal that the management team believes their growth opportunities will create more shareholder wealth with debt finance than issuing common stock.  Key officers have a significant stake in their performance compensation plans with awards paid in common stock and stock options.

These new notes convert at an equivalent price of roughly $418 per share, more than a double premium over current share prices.  The notes mature in 2023.  In five years and given CEO Nikesh Arora’s growth plans, it is within reach.  Continuing the share repurchase program should also serve to concentrate equity and improve the price of the stock.

Summary of Early Acquisitions

Cash on the balance sheet as of July 31, 2018, including proceeds from the new debt is about $2.5B.  It’s clear that Palo Alto prefers acquisitions rather than organic growth, and the successful deals are vertical integrations adding certain niche cyber solutions.  Here are the early-on additions:

• Morta Security – the first acquisition made in 2014, an automated threat protection platform with a variety of utilities beyond firewalls.  The founders and seed capital originated inside the NSA,

• Cyvera – acquired in 2014 for $200m, a small Israeli security firm with 55 employees.  The technology blocks “zero-day” attacks introduced through endpoints.  It integrates well with Traps, the award-winning flagship offering at Palo Alto that secures fringe networks and,

• CirroSecure – acquired in 2015, a Silicon Valley company.  The technology secures SaaS applications, like Dropbox and Google Drive, cloud versions of SalesForce and Office 365.

The total spent on acquisitions since 2015 is $675m, not including Morta and CirroSecure.  The terms with these two early acquisitions were undisclosed.

Recent Acquisitions

Here are terms of more recent deals:

LightCyber – was acquired in February 2017 for $105m cash.  The company was founded in 2011, and over the course of their four private funding rounds, raised $36.5m.  Shlomo Kramer, who has been called the “Godfather of Israeli Cybersecurity”, is an investor.  He is also a graduate of the Israeli intelligence community, and co-founded Checkpoint.

LightCyber tracks adaptable malware, a threat that morphs from its original fingerprint and can hide inside a computer network for months.  The company points out that “dwell time” from introduction to the network until attack, usually through phishing, can last on average five months.  The undetected software, that probably changed several times since infection, eventually will launch the attack suited to its original purpose, to create havoc or worse – denial of service, destruction, ransom and theft of key data.  In January LightCyber was rebranded.  Its new name at Palo Alto is “Magnifier”.

Evident.IO – of Santa Clara, CA was acquired this March for $300m cash.  Rebranded simply as “Evident”, this application focuses on securing physical infrastructure in the cloud.  This means the servers, switches, routers and firewalls that manage the cloud application.  Cloud computing today requires distributed networks.  The associated hardware and switching equipment need not be co-located in the same data center, nor on the same continent for that matter.

Evident brought along a stable list of US government customers.  They successfully raised $49.1 million in venture capital prior to acquisition, including an undisclosed amount from the CIA’s financing arm In-Q-Tel.  Evident chief executive Tim Prendergast points out that government investment allowed the company to work more closely with our military and intelligence agencies and helped align Evident’s product road map with their customers’ missions.

Secdo – incorporated in Israel with headquarters in Ra’anana (near Tel Aviv) is a new addition, following on the heels of Evident.  Terms were not disclosed.  Sources believe the Secdo deal was about $100m cash with some equity.  Secdo was founded in 2015 by Gil Barak and Shai Morag.  Both served in Unit 8200.  Secdo is an endpoint detection and response (EDR) company – the fastest growing niche of cybersecurity applications.

Endpoint detection has traditionally meant anti-virus software installed on a workstation and at the firewall.  Even though the threats still originate out in the fringes, EDR now has more to do with detection deep inside networks.  The application creates threads – strings of related events – and populates an incident report log integrated with Palo Alto’s Traps EDS.  Once an event is flagged as a potential breach, false positives are sorted out and an automatic defensive response is made within seconds.  This preempts the need for an immediate human reaction and gives the security team more time to evaluate and completely shut down the uncovered threat.

RedLock, Inc. – is the most recent transaction, closed last month for $173m in cash.  RedLock was launched in 2015 and raised $12 million while private.  RedLock addresses new international rules, the General Data Protection Regulation (GDPR), enacted by the European Union (EU) and effective last May.  GDPR requires cloud network vendors to prove they can secure their own infrastructure and protect their customers’ Personally Identifiable Information (PII).

The three largest cloud service providers, Amazon Web Services, Google Cloud and Microsoft Azure have done a decent job shoring up their networks.  GDPR as written has teeth.  The EU can impose penalties up to four percent of gross annual revenue for each instance of non-compliance leading to a breach and theft of PII.  Says RedLock founder Varun Badhwar, “We built a technology platform that’s entirely cloud-based [with a] very quick time to [create tangible] value since customers can just turn it on through API’s”.  This means that RedLock can easily link a company and its cloud application to its cloud service provider and can assure customers they are immediately GDPR compliant.

Conclusions

• Palo Alto Networks is in the space of supporting US cyber defense initiatives in alliance with other countries, namely Israel.

• It is assumed that the US and Israel devote significant budget for custom cyber defense software development.  Cybersecurity is such a large international threat that cannot be ignored.

• A technique is used with this evaluation that probes the depth of a financial relationship between the United States and Israel in the growth of Palo Alto Networks, by means of exploring its acquisitions.

• Of the complete list of acquisitions here, over $800m has been spent on companies with origins, operations and financing inside the US and Israeli military and intelligence agencies.  Well over half of what Palo Alto has spent on acquisitions since its inception.

Copyright © 2018 New Edge Analytics, All rights reserved

volume xviii - issue 4

Please see the companion article, NextGen Firewalls and the Cyber Business Cycle, on the New Edge Analytics website. New Edge considers Palo Alto Networks as a proxy for the cybersecurity industry and gives the company a Gold Performance rating.

Palo Alto Networks (NASDAQ:PANW) needs a strategy to maintain double-digit growth in a consolidating cybersecurity industry. New CEO Nikesh Arora has thrown down the gauntlet and challenged the company to grow the business 2 to 3 times current revenue. Doing the CAGR math, this means 15% to 25% annual growth over the next five years.

Investors need to look for success in developing an ecosystem. One that attracts the best talent in the industry, fills out the key industry segments by acquisition, and all at a time when it will become more important to avoid paying too much for the assets. I count human capital, particularly cyber programmers, informally as assets to the corporation. You simply need to hire the best hackers. Such developments won’t show up in quarterly earnings reports.

While 20% to 30% revenue growth has been the norm for PANW since they went public, firewall sales have slowed. The business of firewalls is midway through a technology refresh cycle that began in early 2017. When firewall replacements among Palo Alto’s customers and competitive wins are complete, it could be another three to five years before the next buying cycle returns for hardware.

The size of the market for all cybersecurity solutions in 2017 was about $138 billion in sales. There is a lot of very bullish sentiment out there, particularly among industry consultants. But Wall Street and CEO’s in the cybersecurity industry agree that a likely annual growth rate going forward is 8% to 10%. Taking the high side of the range, this makes a planning number for size of the market about $200 billion by 2021.

Palo Alto’s refresh product line falls in their Next Generation Firewall group among a bevy of cyber solutions. There are two offerings: VM-Series and GlobalProtect. PANW cites a competitive advantage with their NextGen firewalls. They have 54,000 and counting customers, and recent competitive wins versus Cisco, Checkpoint and Symantec.

When PANW went public in 2012, annual revenue was $225.1 million. For the fiscal year ending July 31, 2018, revenue was $2.3 billion. PANW stock trades at 10x fiscal 2018 revenue and is in the low end of a valuation range between 6- and 20-times trailing revenue using the price-to-sales ratio for guidance about valuation. Maintaining these growth rates requires scaling.

Mr. Arora was hired in part for his tenure at Google as Chief Business Officer, where he served in key strategic roles with the company from 2004 to 2014. Sales grew from $3.2 billion to $65.7 billion in that timeframe. He served as President and Chief Operating Officer at SoftBank between 2014 and 2016 and was widely thought to succeed CEO Masayoshi Son, until Son decided to stay on for at least five more years.

Palo Alto went live with Application Framework in August. This is the third iteration of attempts to create an open source software development platform for cyber coders that integrates with their firewalls. They absolutely must make it work this time. Growth in the industry is shifting to software subscriptions – cloud revenue – and Application Framework needs to be the catalyst at Palo Alto Networks.

Develop an ecosystem. Therein, lies the opportunity, and the risk.

Smooth Integration and Economics Required

By recent estimates, over 80% of security breaches happen in the application layer, so application security testing is the current buzz. If PANW can incorporate solutions to address the application threats and integrate the software with their Next Generation Firewalls, they should be successful in developing an industry leadership reputation.

Application Framework creates sticky relationships. Developers and their customers become dependent on PANW because they have already bought the firewalls. New Application Framework customers include Microsoft, ServiceNow, ProofPoint, Phantom, and Splunk. So there appears to be a market and Palo Alto is assumed to have pedigree. PANW promotes that AF will make it easier and less expensive to integrate software solutions with their firewalls.

The economics for developers in private cybersecurity companies include cheap access to next generation firewall technology, bloom on the rose from association with Palo Alto, and access to private equity and partnerships with the best cyber companies in the industry. It is difficult to hang a value on Application Framework because sales due to the platform are not broken out with revenue and expenses in financial reports. Contribution to sales, net income and a higher valuation are strategic initiatives and depend on the performance of the ecosystem.

Investors should look for an ecosystem and consider these variables:

• Can new software go straight to a SaaS model,

• Can the opportunities and financial incentives attract the best cyber programmers,

• Can engineers’ compensation with acquisitions be applied to COGS,

• Can new customers be acquired without adding salespeople,

• Can key acquisitions be made at fair prices,

• Can any premium paid be absorbed without increasing operating expenses,

• Is there enough cash on hand and plentiful VC funding to incubate startups?

Employee compensation is the largest chunk of operating expenses. Silicon Valley reports non-GAAP net operating income/loss where the stock compensation expense is stripped out. Because of this, PANW has shown a non-GAAP net operating profit the last four years. In 2018 operating margin was 14% of sales. But financial statements must be adjusted for GAAP requirements and include share compensation as an expense, which creates a net loss and negative 6% operating margin for 2018. It’s notable that the negative operating margin is narrowing and half the amount in 2015.

The obvious attractions for software engineers are stock signing bonuses and compensation plans that include a large percentage of pay in the form of incentive stock options. This has been the Silicon Valley model for decades. Palo Alto has one of the largest percentage share compensation plans for employees in Silicon Valley. The only way to measure whether PANW is attracting the best talent is to ask around. Talk with the millennial engineers at the company, among PANW competitors and the FANG crowd. Who are the cyber rock stars and where do they work? This is a soft metric but may be the most important. Trade journals and local papers might have some good insight.

Qualification of Risks

PANW is publicly concerned with attracting large enterprise customers where they compete with Cisco and Juniper Networks, others that have a strong switch/routing platform with firewalls in the product mix. Probably the biggest risk, is the acquisition of a major competitor by a behemoth network equipment manufacturer who has an installed base among the largest enterprise customers and the government. Cisco buying Fortinet comes to mind as a possibility.

Virtually all PANW revenue is generated through resellers and channel partners – which would be a valuation risk if Arora and the board decide that PANW is for sale. With recent private cyber deals, the channel partner sales are stripped out of revenue when figuring the multiple. PANW as currently structured gives up a measure of control by relying on channel partners to build the business.

Next. ASC Rule 606, Revenue from Contracts with Customers, is an accounting standard published in 2014 and required for revenue measurement this year. PANW has chosen the full retrospective method, which will be in place for the fiscal year beginning August 1, 2018. Adjustments will be included in the 2018 annual report when published, for prior accounting periods. This has an effect of boosting revenue in the year adopted, but less predictable figures in forward years.

There is much greater forgiveness charging employee compensation expenses to Cost of Goods Sold (COGS) in a software subscription model, where gross margin is many times a whopping 80%. And here is where accounting meets strategy. R&D software development is charged as an operating expense and can easily create a loss, particularly with the GAAP numbers. Via thoughtful acquisitions, if a new software-only cyber solution company is brought into the fold, it would be hoped that the bulk of the R&D effort was completed while the company was still private.

A Good Strategy for Scaling

Arora has spent his first three months as CEO with key customers, the management team, outside experts and integrators. When asked about generalizing Application Framework, he points out that customers want better integration in a market that has become fragmented. IT managers want to manage the cost and level of effort needed to incorporate solutions that work.

About $500 million was spent on acquisitions between 2015 and 2018. Goodwill and intangibles increased from $216 million to $664 million – so about $450 million in that period. It doesn’t seem that they are overpaying for new technology and new customers in the last three acquisitions. All three solutions are applied to segments in the industry that don’t overlap, and they are all software-based.

Total debt in April 2018 was $540 million and reflects the remaining obligation on convertible senior notes due for repayment or conversion by 2019. $1.5 billion of new capital was raised with convertible notes offered through a private placement and completed in August. Cash on the balance sheet for the fiscal year ending July 31, 2018, including proceeds from the convertible underwriting, is $2.5 billion. It’s likely this money in part is raised to finance more acquisitions tied into Application Framework.

Palo Alto already has in place a $20 million venture fund in association with Greylock Partners and Sequoia Ventures. One could reasonably assume that Arora can pick up the phone and call a partner at SoftBank given a deal that makes sense – would love to see his Rolodex! One could also make a case that all this access to capital and the Silicon Valley elite makes Palo Alto look like a private equity fund. An interesting point of view.

Guidance for Investors

Foremost, understand that the thesis by CEO decree is 15% to 25% per annum revenue growth in a business that is now widely forecasted to improve at a more modest 8% to 10%, which is about the compound annual growth rate for the S&P 500. Look for evidence in quarterly reports that the company is on that “fifteen to twenty-five” trajectory in their year-over-year statistics.

Look at the quarterly SEC filings, the 10-Q, for the income statement, under “Total Revenue”, and calculate the percentage of total revenue that is reported as “Subscriptions and Support”. This metric should be increasing annually. Reviewing this data quarterly might be too granular but it’s worth checking out. Per the most recent 10-K (page 41) the ratio is 61.7% so about two-thirds of total. “Product” listed under Total Revenue makes up the other third.

PANW doesn’t itemize their sales or discuss software development efforts with the US Government in reports. An astute investor would like to know more about this. Remember the soft data example about success with hiring the best hackers. Information about US Government installed firewalls, agencies participating with Application Framework, and cyber software R&D efforts, would be useful but hard to find.

The notion of ecosystem is about creating a community so that the best and brightest talent in the industry will seek to join the Application Framework platform. PANW will hopefully establish themselves as the go-to employer/partner due to pedigree of the new CEO, an installed base of firewalls, and access to billions of dollars in capital. The best acquisitions are going to win large swaths of enterprise customers, delivering to them SaaS solutions that integrate with firewalls.

Don’t be alarmed by a mega-deal that includes a competitor acquired by someone like Cisco. There is plenty of room in the market among the larger players, and PANW may in fact have the best solutions for cyber software and firewalls, for now and going forward if AF succeeds. Cisco makes switches and routers.

Decide as an investor how much you personally are willing to pay based on a multiple of sales. The price-to-sales ratio is currently 10x. The range has been 6x to 20x. With negative earnings, a price-earnings ratio has no meaning. It would be great if Palo Alto soon reports a quarterly profit on a GAAP-adjusted basis. Eventually everyone must grow up.

A broad NASDAQ selloff, or a selloff more specific to IT, isn’t farfetched in the next twelve months. This bull market has had a relatively normal cyclical rotation and IT is due to slow down. It’s ok to buy the dips if you are on board with the opportunities discussed here. Finally, growth and momentum investors will tell you that the fundamentals are bunk but, in the end, it pays to be able to make a buy or sell decision understanding both technical and fundamental characteristics of a stock. This is one of those truths that cannot easily be taught. Palo Alto is a great story. Tech stocks are volatile.

Copyright © 2018 New Edge Analytics, All rights reserved

volume xviii - issue 3

Firewall companies are midway through a technology refresh cycle that began in early 2017.  This is common in the IT sector.  All businesses go through growth cycles when sales are robust, and then fade a little.  Those who make it through a full cycle emerge with stronger product platforms and services.  The new technology achievements in cyber worthy of attention live in what is called a Next Generation Firewall (NGFW).  New Edge Analytics believes these new and updated features are a good proxy for the direction of the cybersecurity industry as a whole.

Cyber is a fragmented and consolidating industry and a big spend for IT departments.  Sales and order growth are likely to slow down in the next twelve months after the bulk of the new firewall hardware and related apps are installed.  Now is a good time to benchmark the new features.  Despite a plethora of cyber solutions and the thousands of companies working in the space, those companies that make the firewalls and have an application framework to peer with third-party software developers have the upper hand.

Palo Alto Networks (NASDAQ: PANW) is a New Edge Gold Performance company.  A gold performer is a company whose metrics are cream of the crop, with better financial performance than 90% of its peers over the past 26-weeks (half a year).  Gold Performance is a ranking that NEA awards based on data from financial reports and computer models, aggressive growth in sales and earnings, price and volume trading patterns of the stock, news releases and comments from the management team.

PANW has the financial depth to do it all – an application firewall, central and distributed controls for security equipment, encryption with a VPN (virtual private network) interface, traditional packet and port analysis, and endpoint management.  Cloud security at PANW is only a five-year-old effort.  They must adapt quickly to build market share to address increasing competition from Amazon Web Services, Microsoft Azure and Google Cloud.

The basics of how firewalls manage computer viruses and malware have been the same for over thirty years.  There have been lots of new risks and improvements.  A Next Generation Firewall goes beyond port and protocol inspection that denies or allows traffic through the firewall based on permissions.  The developing model takes the same idea and looks for misbehavior in the operating system and application layers.

A computer application has its own unique fingerprint so to speak. Applications have predictable behavior; how they use the CPU, how they manage resources like DRAM and storage, how they make program calls to the operating system.  Threat analysis also considers how the algorithms work, how the application communicates with other servers, network management and other cyber applications.

Threats also have their own signatures and are becoming a lot more complex.  Some of the most dangerous can live undetected inside a network for an extended period before exploiting a vulnerability and creating havoc.  Operating directly on databases and applications, these threats as a group are called ‘malicious code’.

Malicious code searches for a path to hack and disable an application or steal database records.  Of the most formidable challenges ahead, is the ability to detect and manage threats enabled with Artificial Intelligence.  AI-enabled malware has the disturbing ability to repeatedly morph into another difficult if not impossible to track piece of harmful code that remains hidden inside the network.

In the business of cyber, the ability to find, analyze and shut down malicious code can be grouped according to techniques.  Vulnerability assessment, dynamic firewall, threat mitigation, threat detection, and incident response are the most common classifications.  Leading edge solutions in these categories are the industry fundamentals that management and investors must understand as the business of cyber continues to mature.

The Palo Alto Networks Application Framework, beyond the ability to manage all of Palo Alto’s own hardware and cyber applications, allows integration with software made by third parties.  PANW will be rolling out Application Framework over the next twelve months, it was discussed extensively in their last earnings conference call in June.

Rapidly becoming a threat, and maybe the most vexing problem to challenge cyber defense programmers, are thugs (a personification) that penetrate the network through endpoints; mobile devices, sensors and IoT actuators for automated factories and connected cars.  The list in a world of IoT is possibly endless.  Microsoft, Amazon and Google are keen to build endpoint defense and working on it now.  Palo Alto is addressing the endpoint race with their Traps Advanced Endpoint Protection.

Rather than a piecemeal approach to traditional antivirus protection, Traps AEP provides its own application framework to manage viruses and malicious code, particularly those threats introduced by endpoint devices.  NSS Labs published its 2018 Advanced Endpoint Protection (AEP) Group Test  in April, an independent evaluation of twenty endpoint cyber solution vendors and announced the results at RSA 2018.  The findings placed Traps AEP 4.1 at the top of the list. Traps AEP 5.0 was released in March.

A final bit about the economic cycle and a consolidating industry:  M&A in this space will be vibrant over the next 24 months.  Stick to looking for companies who make network routers, switches and firewalls as the buyers.  Stick to evaluating the main categories of cyber solutions.  A good solution by a small company with paying customers still will need a parent or a peer to grow.

Avoid giving much attention to companies who claim to have a – unique and independent solution – to a cyber threat, other than in one or more of the categories mentioned here.  The classifications for threat management are clear by now and they are going to live in hyper-programmable firewalls with portable cyber application development platforms.

Copyright © 2018 New Edge Analytics, All rights reserved.

volume xviii issue 2

Written by Tom Finkenbinder, New Edge Analytics

In May, the Technology Coalition of Loudoun County hosted an event on blockchain.  Coalition co-chair Paul McNeal worked with the panelists who represented business process engineering, enterprise IT and data center integration of blockchain, and purposeful blockchain applications built by developers.  Generally, the question was asked, “How would a company use blockchain to meet profit-achieving and risk management goals”.

Blockchain is a hot and newsworthy topic.  At first look, several key questions were asked.  Will blockchain technology be considered the next disruptor?  Should you jump on The Blockchain Train or watch for a while?  Will blockchain upend industries in the same way Amazon is reshaping brick and mortar retailers and ecommerce?

Economists already agree that blockchain is a general-purpose technology, with a great variety of potential applications across all industries and vertical markets.  But the main notion is that blockchain will make trading (economic transactions) more efficient.  The most impacted industries in the near term will be in the banking and financial services industry, to cut out the cost of the middle man.

Paul asked how blockchain technology should be evaluated and implemented in an organization and can blockchain applications be economical for companies of any size.  Generally, the advice of the panel was to start small, and the advice applies to companies of all sizes.  Pick one business process.  Analyze that process and either develop or find and acquire code to implement a blockchain application for your company or internal line of business.

Large companies can afford to buy, lease or build a blockchain transaction system.  It is a database application.  Look for solutions that can be integrated with a network service provider.  If the preference of the IT staff is to outsource the work, treat blockchain as an infrastructure application, such as Storage as a Service, or a private VPN. An organization who has an IT department with programmers, would build an encrypted database on a secured server.

Programmers and managers should treat the project with the same life cycle engineering techniques as any internally generated database application.  Use version control.  For now, this is a simpler and less expensive strategy to acquire the technology, and to avoid missing or falling behind on potentially ‘the next big thing’.  If built correctly the database can be migrated to a vendor or network service provider as application usage grows and upscaling becomes an issue.

Per one of the programmers on the panel, it is not terribly difficult to code scripts and build applications that handle the creation and management of blocks.  What is difficult, is managing the Quality Assurance (QA) loop with the code development process.  A high degree of confidence needs to be accepted, that the code is bug-free when it goes live.  This is most important with applications using tokens.  Real money is at stake with cryptocurrencies.  There are instances where coding errors are responsible for tokens being sent to bogus accounts or that they simply disappear from the network.

Not unlike databases in use today, an organization must consider the risk of a malicious threat; someone with intent to disrupt a process or steal private information or steal cryptocurrency.  This is always a risk with programmers inside the company.  So internal authentication, tracking methods and rules of use need to be established.  On the outside, the blockchain application needs to be robust so that the transmission channel is fully encrypted, and access to the information is controlled.  The default consideration is to treat the database like a vault, the entire resource and appliance should be encrypted and the API’s protected as they are developed.

Finally, and going forward, there is regulatory risk and most people eventually find themselves thinking about the possibility of a cryptocurrency shutdown by the Fed for example. So, if a company decides to use a cryptocurrency for trade, and so as not to be surprised at a minimum, or deprived of a large sum of money, be sure to find a blockchain company who is properly advancing/establishing their cryptocurrency through application to financial regulators. And remember, start small.

Paul wrapped up the event with a challenge to the Chamber and the greater Loudoun community; to implement a blockchain application.  He asked to explore use of a blockchain database to manage the voting for awards the Chamber makes to members as an example.  Another and slightly more ambitious project would be to establish a unique cryptocurrency for the Chamber – to allow members to conduct transactions with each other and avoid their credit card transaction fees at the point-of-sale. Stay tuned!

Copyright © 2018 New Edge Analytics, All rights reserved.

volume xvii issue 4

The Financial Accounting Standards Board (FASB) and the IASB (FASB’s international peer) jointly released Accounting Standards and Codification Rule 606 as a requirement for companies to report revenue, with a few exceptions, in the accounting period earned.  In other words, when the vendor is paid.  Heretofore, revenue smoothing techniques were allowed in certain industries, so that companies could record average income over several years.

ASC 606, aka “Revenue from Contacts with Customers” is widely considered the most significant change to accounting standards since Sarbanes Oxley.  606 has been in development for a decade.  It goes live January 1, 2018.

In January, when full-year earnings reports for 2017 come out, US stock prices will react poorly due to greater uncertainty in corporate earnings, than due to Republican/Democrat competition for new legislation, unease about President Trump’s domestic and foreign policy decisions, combined.

The Rule affects publicly traded companies reporting adjusted sales for the fiscal year ending in December 2017.  For privately held companies, the deadline for compliance is December 2018.  Companies must also be prepared to disclose more information about their contracts and order backlogs in notes to financial statements.

In a recent publication from Citigroup, "We expect that (the new rules) will cause significant investor confusion over the next 12 months to the financial analysis of companies ranging from small companies up to the largest, including Microsoft”.

And here’s why.

ASC 606 requires all industries to use the same reporting guidelines.  Companies like Yum Brands (owners of Kentucky Fried Chicken and Pizza Hut) and Proctor & Gamble (laundry detergent, toothpaste and paper towels) aren’t much affected by the Rule since consumer products manufacturing and retailers have no economic need to defer revenue.  Income at every stage in the supply chain is recorded at the point-of-sale.

But a lot of other multi-billion-dollar industries are affected.  Revenue smoothing is enjoyed by companies who have large, multi-year contracts with government and private industry.  Companies that build roads and bridges, data centers, manufacture aircraft, submarines, and rail engines are particularly impacted.  With defense industry contract labor, a dominant source of employment where I live in Washington DC, the current practice of recognizing order backlog can no longer be used to adjust reported revenue.

Here is an example:  Let’s say Company A sells contract labor for software development to the Defense Department.  Company A is awarded a contract with total revenue of $10M, earned over the five-year life, aka “period of performance”.  $2M is claimed (booked as revenue) per year with current smoothing methods, allowed by law.  Without smoothing, Company A must book revenue when it’s received, so maybe $3M in year one is recorded.  Then $1M in each of the following two years.

Let’s say further that up to $5M is forecasted to be received in years four and five, depending on performance incentives.  Standing alone, this contract would now show a revenue drop by two-thirds after the first year.  And maybe the government included provisions in the contract to cancel at any time after year two – not an uncommon caveat.

Contract cancellation can occur if the vendor doesn’t perform well, or if the government decides to change the scope of work, or wants new pricing.  Now the out-year revenue forecasts have become entirely a wildcard.  Those estimates cannot be included on the income statement.  Instead, the revenue risks are highlighted in notes to the financial statements with no material impact to the bottom line.

The math for calculating cash flow in the future is pretty simple.  To evaluate projects, Company A must apply a higher discount rate, maybe derived from higher borrowing costs, that reduces the likelihood or guarantee of sources of future income.  The result, and Wall Street analysts can run the numbers pretty quickly, is a lower valuation for the company, and in turn a lower share price.

Stock price targets in the most impacted industries need to be adjusted downward and the market will react to the change.  The effect is equally painful if the company wants to be acquired.  It won’t fetch as much in the M&A marketplace than it would have a year ago. M&A deals are valued on sales (more so than earnings), cash flow and working capital.

With software, entirely SaaS companies are expected to be the least affected among the industry group.  Once the application or an update is released, the vendor is paid monthly.  Thirty years of historical pricing with multi-year site license and user agreements – enterprise installations – will be a memory soon.  Have these accounting changes been anticipated by the software industry?  Do the changes support pricing via recurring revenue in the cloud? Look at Adobe.  Look at Salesforce.com with Oracle nipping at their heels for the lion’s share of cloud revenue.  You bet it’s strategic!

So where are the profit opportunities?  ASC 606 is an accounting change to reporting requirements on financial statements.  ASC 606 is not a change of the underlying fundamentals and business opportunities of the company or the industry it's in.  So view this as a temporary uncertainty that could lower stock prices and present buying opportunities.

Earnings are a real concern in Q1 2018 for these affected companies, given the backdrop of a complacent US stock market immune to bad news.  Investors on the buy side benefit, provided they keep cash available and are willing to stomach the risk. Forget about the 24-hour news cycle.  We are way overdue for a market correction anyway.  Stay tuned for more volatility, and a little more drama in 2018.

Copyright © 2017 New Edge Analytics, All rights reserved.