FireEye Needs to Keep the Heat On

The attack used a flaw in the network-management software sold by SolarWinds, a Texas-based IT company that counts many federal agencies as customers. But ironically, it was brought to light by FireEye, which specializes in hack investigations and was itself a victim of the attack.

It has been a wild ride. FireEye’s shares sank 13% after it reported the breach of its own system on Dec. 8. That seemed like very bad news for a company that is often the first call for other companies who suffer an attack. Citigroup analyst Walter Pritchard warned at the time that FireEye faced a clear risk of “reputational damage,” even as the company described the attack as the work of “a highly sophisticated state-sponsored attacker utilizing novel techniques.”

But since more news has dribbled out about the scale of the attack and SolarWinds’ centrality to it, sentiment shifted hard. FireEye’s shares have soared 66% from their initial selloff and are now up 49% this month—beating out even other red-hot cybersecurity names such as CrowdStrike and Zscaler that analysts believe will be the primary beneficiaries of increased corporate IT security spending. Those two are up 44% and 32% for the month, respectively, and more than 300% for the year. SolarWinds, by contrast, has lost one-third of its market value since the attack became public.

Investors generally treat high-profile breaches as promotional events for cybersecurity companies. But the impact on actual business isn’t always clear-cut. FireEye played a major role in investigating the Sony hack in late 2014, but that didn’t stop the company’s revenue growth from decelerating sharply from the triple-digit rates it had been enjoying in previous quarters. And security already was the top spending priority for companies this year, according to a December survey of chief information officers by Goldman Sachs. Fatima Boolani of UBS notes that checks with companies since the SolarWinds attack became public “indicate a ‘spending smart’ not ‘spending hard’ mentality.”

So cybersecurity stocks could be setting up for a big correction later as reality sets in. FireEye’s advantage here is that it is still one of the cheapest pure-play cybersecurity vendors, trading at just 5.3 times forward sales. And it isn’t alone in a sector long driven by a hot-or-not approach by investors. CrowdStrike and Zscaler carry multiples ranging from 47 to 50 times forward sales. By contrast, Palo Alto Networks, Check Point Software and Fortinet —three of the largest cybersecurity pure plays by annual revenue—trade around eight to nine times forward sales.

But as Mr. Pritchard of Citi noted in a Dec 21 report, the most relevant countermeasures to the SolarWinds hack don’t involve the cloud, where the most highly valued companies specialize. He expects the hack to remind investors “that some ‘legacy’ players are less irrelevant than what is priced into shares.” FireEye just needs to translate that relevance into new business.

Write to Dan Gallagher at [email protected]