NextGen Firewalls and the Cyber Business Cycle
volume xviii - issue 3
Firewall companies are midway through a technology refresh cycle that began in early 2017. This is common in the IT sector. All businesses go through growth cycles when sales are robust, and then fade a little. Those who make it through a full cycle emerge with stronger product platforms and services. The new technology achievements in cyber worthy of attention live in what is called a Next Generation Firewall (NGFW). New Edge Analytics believes these new and updated features are a good proxy for the direction of the cybersecurity industry as a whole.
Cyber is a fragmented and consolidating industry and a big spend for IT departments. Sales and order growth are likely to slow down in the next twelve months after the bulk of the new firewall hardware and related apps are installed. Now is a good time to benchmark the new features. Despite a plethora of cyber solutions and the thousands of companies working in the space, those companies that make the firewalls and have an application framework to peer with third-party software developers have the upper hand.
Palo Alto Networks (NASDAQ: PANW) is a New Edge Gold Performance company. A gold performer is a company whose metrics are cream of the crop, with better financial performance than 90% of its peers over the past 26-weeks (half a year). Gold Performance is a ranking that NEA awards based on data from financial reports and computer models, aggressive growth in sales and earnings, price and volume trading patterns of the stock, news releases and comments from the management team.
PANW has the financial depth to do it all – an application firewall, central and distributed controls for security equipment, encryption with a VPN (virtual private network) interface, traditional packet and port analysis, and endpoint management. Cloud security at PANW is only a five-year-old effort. They must adapt quickly to build market share to address increasing competition from Amazon Web Services, Microsoft Azure and Google Cloud.
The basics of how firewalls manage computer viruses and malware have been the same for over thirty years. There have been lots of new risks and improvements. A Next Generation Firewall goes beyond port and protocol inspection that denies or allows traffic through the firewall based on permissions. The developing model takes the same idea and looks for misbehavior in the operating system and application layers.
A computer application has its own unique fingerprint so to speak. Applications have predictable behavior; how they use the CPU, how they manage resources like DRAM and storage, how they make program calls to the operating system. Threat analysis also considers how the algorithms work, how the application communicates with other servers, network management and other cyber applications.
Threats also have their own signatures and are becoming a lot more complex. Some of the most dangerous can live undetected inside a network for an extended period before exploiting a vulnerability and creating havoc. Operating directly on databases and applications, these threats as a group are called ‘malicious code’.
Malicious code searches for a path to hack and disable an application or steal database records. Of the most formidable challenges ahead, is the ability to detect and manage threats enabled with Artificial Intelligence. AI-enabled malware has the disturbing ability to repeatedly morph into another difficult if not impossible to track piece of harmful code that remains hidden inside the network.
In the business of cyber, the ability to find, analyze and shut down malicious code can be grouped according to techniques. Vulnerability assessment, dynamic firewall, threat mitigation, threat detection, and incident response are the most common classifications. Leading edge solutions in these categories are the industry fundamentals that management and investors must understand as the business of cyber continues to mature.
The Palo Alto Networks Application Framework, beyond the ability to manage all of Palo Alto’s own hardware and cyber applications, allows integration with software made by third parties. PANW will be rolling out Application Framework over the next twelve months, it was discussed extensively in their last earnings conference call in June.
Rapidly becoming a threat, and maybe the most vexing problem to challenge cyber defense programmers, are thugs (a personification) that penetrate the network through endpoints; mobile devices, sensors and IoT actuators for automated factories and connected cars. The list in a world of IoT is possibly endless. Microsoft, Amazon and Google are keen to build endpoint defense and working on it now. Palo Alto is addressing the endpoint race with their Traps Advanced Endpoint Protection.
Rather than a piecemeal approach to traditional antivirus protection, Traps AEP provides its own application framework to manage viruses and malicious code, particularly those threats introduced by endpoint devices. NSS Labs published its 2018 Advanced Endpoint Protection (AEP) Group Test in April, an independent evaluation of twenty endpoint cyber solution vendors and announced the results at RSA 2018. The findings placed Traps AEP 4.1 at the top of the list. Traps AEP 5.0 was released in March.
A final bit about the economic cycle and a consolidating industry: M&A in this space will be vibrant over the next 24 months. Stick to looking for companies who make network routers, switches and firewalls as the buyers. Stick to evaluating the main categories of cyber solutions. A good solution by a small company with paying customers still will need a parent or a peer to grow.
Avoid giving much attention to companies who claim to have a – unique and independent solution – to a cyber threat, other than in one or more of the categories mentioned here. The classifications for threat management are clear by now and they are going to live in hyper-programmable firewalls with portable cyber application development platforms.
Copyright © 2018 New Edge Analytics, All rights reserved.