Cybersecurity companies are generally not the kind of world-changing companies like Amazon or Google that seem to populate Silicon Valley and Seattle.
Yet such companies — which are more common in the Boston and Tel Aviv areas — do generate good returns for their venture investors — but the ones that go public do not always do as well.
This comes to mind in considering shares of Waltham-Mass.-based cybersecurity company Carbon Black – which went public in May 2019 and have since fallen 37%. I see four reasons to consider investing in the company. (I have no financial interest in the securities mentioned in this post).
Carbon Black — which supplies a cloud platform to capture, record, and analyze unfiltered endpoint data so customers can predict, prevent, detect, respond to and remediate cyber attacks before they cause a damaging incident or data breach — was founded in 2002.
In the last three years, Carbon Black has grown quickly but burned through cash. Between 2015 and 2018, its revenue grew at a 44% annual rate to about $210 million – and that year it lost a whopping $282 million and burned through $45 million in free cash flow, according to Morningstar.
The good news is that its financial results for the first quarter of 2019 — announced May 2 — excited investors. Despite a loss, Carbon Black topped revenue estimates. According to Zacks, its loss of 22 cents a share was in line with the consensus while revenues of $58.56 million were 2.55% above the Zacks consensus.
In the weeks following the report, Carbon Black stock soared about 40% to $19.50 on May 15 before falling back to $15.12 on June 7 — $1.46 more than its pre-report price.
Zacks expects Carbon Black to post revenues of $242.68 million for 2019 — up 15% from 2018.
Carbon Black was founded by NSA alumni who were ethical hackers and they collected data that a hacker would use to try to breach a company’s cyber defenses. The company “offers a cloud-based platform with unfiltered data that provides visibility into what’s happening,” according to my May 24 interview with CEO Patrick Morley.
Here are the reasons to consider investing in Carbon Black.
1. It’s targeting a large market
Carbon Black is bullish about its future because it sees a huge market opportunity. “Gartner sees a $100 billion market for cybersecurity — half of which goes to implementation services and the other half to products. There is a $17 billion to $18 billion market for network security and a $7 billion market for endpoint security where we compete with Symantec and McAfee,” he said.
The company has thousands of clients — specifically, 5,300 companies including 35 of the Fortune 100 in industries including financial services, manufacturing, oil and gas, and retail. Two and a half years ago, Carbon Black began offering a cloud platform and now has 3,000 cloud customers said Morley.
2. It’s gaining market share
The company says it’s taking market share from Symantec and McAfee. According to Morley, “We run our platform on AWS while they’re operating on the customers’ premises. Our next generation competitors include Crowdstrike and Cylance. We also compete with network security providers like Cisco and Palo Alto Networks,” he said.
Gartner found that 81% of Carbon Black customers are willing to recommend the company — below Cylance’s 89% and Symantec’s 83% and matching McAfee’s 81%.
Morley sees great growth potential for the company. “The $7 billion endpoint security market we compete is only 15% on the cloud now — but by 2025 75% will be there. We are enjoying mid-teens revenue growth. While our on prem revenues are flat, we are enjoying 70% annual recurring revenue growth on the cloud and gross customer retention of 87%,” he said.
3. Its culture and people are well-aligned
A key to Carbon Black’s success is its culture. According to Morley, “I give a talk at new employee orientation to tell them about our philosophy, our vision, and why it’s important. We have a great culture of transparency and inclusion. We have low turnover and have a very high, 48%, rate of new hires who are recommended by current employees.”
4. Its product development process is agile
Carbon Black’s new product development process aims to adapt quickly to changing customer needs. “We have a scaled agile development process — every 90 days small development teams complete their projects and plan the for the next 90 days. We judge them on feature velocity [how quickly they introduce new features], they say/do ratio [how many of their promises that they keep], and the quality of their work.”
Not all of Carbon Black’s rivals believe its R&D is effective. For example, in a June 5 interview, Tomar Weingarten, CEO of Sentinel One, said, “Carbon Black has become less relevant because the moment you cease innovating, you fall behind. Unlike Carbon Black, we identify and resolve attack vectors autonomously in real-time with no human intervention.”
Carbon Black does not agree with Weingarten. According to the company, its “cloud endpoint protection platform (EPP) extends well beyond automated remediation. We’ve added four brand new solutions to our cloud EPP that not only empower automated remediation, but detection and prevention as well. Any vendor that’s promising a set-it-and-forget-it, silver-bullet approach to cybersecurity is grossly underestimating the security knowledge their customers have.”
Endpoint security is an intensely competitive market and if Carbon Black succeeds in moving more of its revenues to the cloud, it make be able to continue to beat investor expectations and its stock price will rise.