Bob Ackerman, a VC at Allegis Capital wrote what could be considered a self-serving piece on the security tech bubble published on VentureBeat. Of course an investor in security companies is going to stoke the flames of exuberance, especially in light of the ridiculous valuation of FireEye at IPO of $6 billion ($FEYE has a market cap of over $8 billion today.) I posted my thoughts on FireEye’s prospects here.
There is no question that we are in the middle of a tech bubble once again. While nothing will ever match the heady days of the dot com boom, with VCs throwing money at anyone with an idea for a website, there are signs of an overheated economy in tech. Dropbox taking $250 million from Blackstone at a $10 Billion valuation is only the latest indication.
Wall Street is the biggest culprit here, placing outsize valuations on companies that have yet to demonstrate a working business model. Twitter is trading at a market cap of $34 billion while bleeding money – a $139 million loss in the nine months leading up to its October 2013 IPO. A sure sign of blind optimism was the 1,800% spike in shares of a bankrupt company called Tweeter because somehow investors thought it was Twitter.
After Google announce the acquisition of a home appliance startup, Nest, for $3.2 billion the value of penny stock Nestor shot up 1,900%.
But I agree with Ackerman that there is not a bubble in security tech. Not yet. FireEye is an outlier. While it sees outsized valuations, traditional security vendors like Check Point Software, and Symantec are relatively flat. The ranks of pure play security stocks have grown thin with Blue Coat, Sourcefire (owned by Cisco), McAfee and Websense being taken off the table through acquisition or leveraged buyout. The remaining players, Fortinet, Palo Alto Networks, Barracuda Networks are all fairly, if not under, valued.
Unlike most tech sectors, security is not driven by fads or exuberance of traders that don’t know the difference between a firewall and a web proxy. The security industry is driven by threat actors and their actions. As the bad guys exploit new methodologies and target new ways to steal money or information, spending on IT security increases.
Hackers, by launching rapidly spreading viruses and worms created the boom in anti-virus spending. Cyber criminals fueled the tremendous growth of the IT security industry from $3.2 billion in 2003 to $60 billion in 2012. State sponsored attacks, so called APTs (advanced persistent threats), are responsible for the current boom in startups that address these highly targeted attacks, either through the type of advanced malware detection that FireEye, Lastline, Trend Micro, Norse, and many others do, or network security analytics from companies like RSA (Netwitness), Blue Coat (Solera Networks), and Arbor Networks (PacketLoop).
The next wave of security spending is going to be on counter-surveillance as the world reacts to an apparently unstoppable surveillance state. Encryption, key management, and cyber defense spending will drive 24% annual growth in an already large industry. By 2023 I predict IT security spending, globally, will exceed $600 billion. That is not a bubble, it is a boom.