Earnings Results

So it looks like most of the public security companies will make Wall Street expectations this quarter. Except Websense. After the market close, Websense announced a light quarter (link here) from a bookings standpoint, though they did hit revenue and earnings numbers. I had previously covered their Q1 miss (link here) and mentioned how important it was to make the Q2 number.

I'm of the opinion that Websense's business is sick, even if the Street doesn't think so (as evidenced by the slight raise in WBSN after hours). I continue to hear a lot of back chatter from my industry contacts. Competition is getting harder, the lack of a legitimate appliance platform is also hurting, as well as emerging competition from managed services like ScanSafe.

Websense tries to explain away the shortfall because they are changing their distribution model and other sales execution issues. Here is CEO Gene Hodges quote:

"Our second quarter billings performance reflected continued transition to a pure channel distribution model, which resulted in challenges generating new business outside our renewal base, especially in North America," said Gene Hodges, president and CEO of Websense. "We believe our market opportunity remains strong and the actions we have taken will generate continued growth over the long term."

Sorry, I don't buy it. Because you are transitioning to a channel model, your existing sales force doesn't have to sell anything to new customers? That's a load of crap.

I've navigated the treacherous waters to pure channel distribution and it doesn't go down like that. What happens is that you give the new deals to the channel in good faith. But to be clear, there are still new customers and new deals. The transition does usually involve a revenue hiccup because you are taking the VAR margin off the revenue line - which you don't have to pay when you take a deal direct.

But what you don't say is that you are having trouble generating new demand. That means either the market has slowed down or you are losing deals because the product is no longer competitive, either on the functionality or pricing side. I've navigated those waters as well and both options are very painful and take at least a year to fix. On the conference call, Hodges said that prices are holding, but when your customers feel trapped (or are too lazy to switch), they continue to pay for renewals. Again, I know this from personal experience.

And they continue to believe moving to a 2-tier distribution model will help them get to the SMB market. I'm skeptical because big enterprise software is not easy to sell, especially when there are lower cost competitors that target that market.

These folks feel like Check Point more and more. Very interesting and large client base, but little technical differentiation and no real strategy. At least Check Point didn't piss off their channel.

This may be getting a bit ahead of the things, but I think Websense is now an acquisition target. If only for their customer base, they've got to be interesting to a company like CA, Symantec or even Check Point. Though I'd expect any potential suitor to wait for another quarter or two for things to get really stinky since it would still cost over a billion to take these guys out. 

After the bell, McAfee announced a good quarter. Top line of $272 million (that's over a billion run rate folks) and earnings beat expectations by 7 cents. That's good performance, with consumer providing 20% growth. Wall Street likes it because the stock is up almost 8% this morning.

So what is McAfee doing that the Big Yellow is not? One man's opinion is that It's all about the channel. McAfee has been very aggressive in courting and investing in the enterprise security channel and it's paying off. If you pick up a CRN magazine, you see them everywhere. Security is a huge problem for the mid-market, and the mid-market buys through the channel. McAfee is there.

Second, they are looking at alternative distribution on the consumer side. Sure they are in the retail channel, but you are not going to beat Symantec on their own turf. But increasingly consumers and SOHO businesses are buying the security suite from their broadband provider. McAfee has most of the big ones locked up. They don't make a lot of money in year 1, but then they become the incumbent. Most folks are lazy, so unless it doesn't work - people just renew. The recent deal to buy SiteAdvisor will only strengthen their position in the consumer's mind. That is going to be a very visible service for them and a great brand enhancer.

So where are the holes? Come on, there are always holes and guys like me have to pick at them. That's the fun part of this gig. Basically, McAfee has to figure out where they are going to focus their efforts, either on the infrastructure (network, servers, etc.) or content (email, applications, databases). Of course they'll have products in all security categories, but what are they going to lead with? All of the above is not really an option either.

On the infrastructure side, they have a good position in the DMZ with the IntruVert product, so they can extend from that. But they'll need to move into the core of the network. We are going to see a lot of the capabilities subsumed into the network and data center fabric. Network access control (NAC) is going to be embedded into the switch infrastructure. The endpoints will just feed information to the network and become much less strategic in that scenario. They need some way to bring forward as complete a story as Cisco has in the campus.

Content security is another story. Understanding how applications work and how to secure them without breaking stuff is hard. It's not something you can do half-ass. For most of the last two years, McAfee's content story was weak. Their new content gateways (for email and Web) seem to be better, though not as robust as some other players in the market. So if they want to keep pace in this space, they need to get smarter in the data center and supplement their Entercept stuff (which seems to be going nowhere fast) with some database security mojo.

Or maybe they make a bigger play into the managed services space. That's certainly an area where McAfee has lagged.

But these are good problems to have. Unlike a number of big companies that can't find their way (3Com, Novell), McAfee is building momentum and figuring out how to goose growth - as opposed to figuring out which private equity firm is going to take them private to milk their installed base.

The wonderful thing about the blogosphere is that you can pretty much have anything show up in your feed reader. So it seems that there is a fellow out there that publishes earnings call transcripts among other things on the Software Stock Blog (http://softwarestockblog.com). Lo and behold, Check Point's earnings call transcript showed up in my reader (http://softwarestockblog.com/article/9410) and it was very interesting.

Now I'll admit, I haven't been kind to Check Point of late. I think their strategy is non-existent and having to back out of the Sourcefire deal was a big blow to momentum. They had pre-announced a weak quarter (relative to expectations anyway) and in their earnings call they had an opportunity to talk more about the strategy and why they are going to recover. Needless to say I was underwhelmed.

There was weakness, but they positioned it as a hangover from a big Q4. They are also moving from a perpetual licensing model to annual subscriptions, but that is a very minor part of the business. They believe that customers do want integrated security solutions (which I agree with), but that adoption has been slower than they anticipated. It seems the real issue is customers are not embracing Check Point's integrated security story and not upgrading their point products. Not to Check Point stuff anyway.

Just check out this quote from Jerry Ungermann on the call:

We continue to get very positive feedback regarding our new direction and new products and while interests in activity are high, it appears that it’s taking customers longer than we had originally thought to replace their various point products with our newer integrated technologies. They like the direction and the implications associated with the Unified Security Architecture and what they perceive to be better security at a lower total cost of ownership, but it will take them more time to transition from today’s installed product to a more complete Check Point solution.

While we have talked about a general softness we’re experiencing in the market today, I believe security is still a very important area of investment, and our challenge is on the execution side to ensure we can enable our customers to get to tomorrow sooner. In this regard, we have a number of new initiatives we are working on and we will be making announcements about it in the near future to help make it easier and cost effective for our customers to buy our expanded solutions set sooner rather than later. This will include things like packaging, positioning, pricing, and promotions.

So, let me get this straight. Check Point is going to address the issue of their customers not upgrading their stuff through the use of the 4 P's?!?! I guess Jerry bought one of the Trout/Ries marketing books over the weekend and is all raring to go. Come on now. This is real business, not an MBA program. Even if that's what you are doing, don't tell anyone. It makes them seem amateurish.

I personally believe that two things are a work here, first is Check Point's lack of strategy is hurting them in the channel. There are lots of options out there for resellers to push, so they are going to go with the most exciting option. Sure, lots of the resellers are lazy and will only drop by to pick up their Check Point renewal, but customers will push for integrated solutions and Check Point has not made it clear why it should be theirs, as opposed to a Crossbeam or Fortinet. Websense also announced a weak quarter, and I think a lot of the same issues are at work. If the channel doesn't see a compelling strategy, they move on to the next thing.

So, Check Point's mission is clear. They have to figure out how to get their existing customers to upgrade to the new stuff and buy into Check Point's more integrated suite of products. Candidly, it's going to be an uphill battle. They don't have a compelling NAC story like Cisco to push upgrades of their installed base. They are under siege from both big and little UTM boxes that provide much better price/performance. And the US Government has made it clear Check Point is not going to be able to acquire new stuff to accelerate the strategy (like RSA did).

To be clear, Check Point is still a cash machine. Their margins remain tremendous and they've got a ton of customers. But as I've said before, they need a strategy to remain relevant moving forward. Smaller companies can bring niche products to market and do well. They don't need a big story because they solve a specific problem. That is not Check Point anymore, but that is how they continue to act. Their window of relevance is closing, so they better move fast.

Check Point customers have some decisions to make. A lot of Firewall-1 and VPN-1 will renew this year, or not. Do you buy into the next wave of Check Point's product or do you swap it out? I believe that without a compelling strategy from Check Point many customers are going to be looking at alternatives.

When I was a marketing guy, RSA was the company everyone loved to hate. Not because they necessarily did anything wrong, but me and many of my security marketing brethren hated paying the RSA Conference ransom. This was especially an issue during the tech meltdown because you couldn't hit a customer with a 12 gauge shotgun at the show. There were none to be found.

And the quiet but steady erosion of their installed base of tokens made the company seem tired and on the long slippery slope to oblivion. Folks like Vasco and Secure Computing were making the token business about pricing, instead of functionality. It certainly didn't help that they bungled the Securant acquisition, basically getting into the space of web access management right as it peaked, paying a pretty significant premium.

A few earnings misses, the departure of a well respected CFO and VP Sales and Marketing and the wheels seemed to be falling off the bus. Clearly it was just a matter of time before one of big security aggregators bought RSA to milk their installed base.

But now a very strange thing has happened, RSA is turning it around. You can count on your fingers the number of companies that have turned the ship. They announced a Q1 (with record revenues and beating earnings by a penny) and a good outlook for Q2. Of course, one strong quarter does not make a turn-around, but things look good. There is buzz around RSA again.

The reason is pretty simple. They bought a company called Cyota back in September. Cyota provides what I've dubbed "contextual authentication" services to most of the big banks around the world. Using their software, the banks can decide how strongly they need to authenticate a user for each specific transaction. So now, the banks can just require a password to check your balance, but can require a series of stronger methods if attempting a high value transaction.

Contextual authentication is the next big thing in the authentication space. No one really has a competitive offering, so RSA taking Cyota out of play was a strong move.

But more importantly, it gave the RSA field something strategic to talk to their customers and prospects about. Something the reps understand, which is authentication. That web access management stuff is different. So is provisioning, which they initially OEM'd from Thor (who was subsequently acquired by Oracle). RSA had a hard time selling those other applications because they weren't tokens.

At the same time, identity management became front and center on the project plans of many of the large enterprises and RSA has a decent story. They stick to their authentication knitting and add value to the big stack players. The Sign-On Manager is well regarded. Since customers are looking to add to their RSA offerings the renewal premium for all of those tokens goes down a bit easier. In many cases they are buying more and/or new stuff from RSA. This has a powerful effect on RSA results and momentum.

As I mentioned, one quarter does make a turn around, but the trend lines for RSA are moving in the right direction.

SafeNet just pre-announced an earnings miss after the market closed today. Worst case (as they pre-announce anyway) they'll be off by 10% on the top line. This will still be about 5% year over year growth.

But, that's not the interesting aspect of the announcement. SafeNet has thrown the CFO under the bus. He's out immediately. They also mention additional costs of $800k for Sarbanes-Oxley and $600k for the nCipher deal will cause an undetermined earnings miss as well.

So, this guy couldn't get Sarbanes under control and couldn't close the nCipher deal, so he's gone. And as he leaves, it seems the CEO is making a thinly veiled personal attack. Get a load of this, pulled directly from the release:

"SafeNet's Chairman and CEO commented, "SafeNet has, for many years, been a company that has been marked by consistent execution of its business plans highlighted by strong growth in revenue and profit, good cash flow and careful accounting and reporting. We are making these changes in our leadership structure so that we can better focus appropriate skills on critical business areas. We will run the business with passion, focus and discipline and concentrate on improving accounting and financial reporting, accelerating sales growth and streamlined business operations."

What is that about? This seems to be pretty strange behavior. I'm not a big fan of this kind of hand waving. If you are the CEO, first of all - at least have the decency to put your name in the release. It's nowhere to be found. Secondly, accept responsibility. Ultimately, whatever happened from a sales standpoint and an accounting standpoint has been under your watch, no? If the company has had a lack of "passion, focus and discipline," whose fault is that?

From the perspective of a guy who's been shown to the door more than once (what can I say? My former bosses either loved me or ... not so much), show the guy some respect on the way out. Unless there is some type of malfeasance, keep your dirty laundry inside. No one wants to see it. Maybe I'm overreacting to this, but something about the way the release was worded rubs me the wrong way. It reads like a mob execution - vindictive and with no class.

If you are a SafeNet customer, do you worry? Probably not, though as with Websense and Entrust - if they miss again next quarter, it's a problem. But more importantly, if you are nCipher, is this the kind of partner you want? Guess that's something their Board of Directors will need to figure out.

UPDATE: Per this release, SafeNet has killed the nCipher deal. Claiming the additional UK regulatory review will take too much time and cost too much money. So, I guess nCipher is single again and the regulators can hang the head of another dead deal in their great room.

 

 

In the first of the preliminary earnings misses, both Websense and Entrust announced the fact that they'll be light from a revenue standpoint this quarter. Websense is down about 10% this morning, indicating that it wasn't a huge surprise. Huge surprises take 30% haircuts.

Welcome to the party Gene Hodges, Websense's new CEO. His timing seems to be perfect. NOT! They are blaming sales execution issues, so expect some public executions in the sales force quickly. There always needs to be a fall guy/gal. Should Websense customers be worried? Not yet. They are still the clear leader in the web filtering business, the question is just whether this is the law of large numbers kicking in, or whether they are losing to more aggressive competitors. They do mention that price points are holding, so that's a good sign.

There is also a chance that Hodges is using this quarter as his opportunity to clear the decks. That's pretty common when there is a new sheriff in town. You blame the former regime while you're still in the honeymoon phase and you sweep lots of stuff under the rug. Of course, you only get to do this once, so everyone will be watching to see if this is systemic or a one-time thing in Q2.

Entrust is a bit more problematic. It's not like these guys have been a market leader in anything since PKI fell from grace as the bubble burst. But they couldn't close deals and their "new" products didn't yield the deal sizes they need. Starting to sound like a candidate for the "Hall of the Walking Dead." I'll be watching for that.

We'll also see if there are more pre-announcements over the next few weeks. Early indications are that many of the start-ups had relatively strong quarters.

Of course, we'll get a lot more information about these misses when the company formally announces results in a few weeks.

 

Ah earnings season. Got to love those times in April, July, October, and January when the day of reckoning arrives for those public companies in the security space. Did they hit their numbers? Did they show the right type of growth? Most importantly from a stock price perspective, did they manage expectations correctly on Wall Street?

As public security companies announce their earnings, this will be something that I track on the blog and in The Daily Incite. Why? Because it's important and not just from an investment perspective. Since I believe that big is the new small and that the inevitable macro trend is towards consolidation of security capabilities and functions, the big companies are very important and the big companies are publicly traded.

That means that every 3 months we get a great view into their businesses. What is hot? What is not? How are things doing geographically? Did a missed product transition hurt business? You can get all sorts of tidbits just from listening. Obviously I have a different perspective than a financial analyst and I also look at things in terms of years, as opposed to months.

There are either virtuous or destructive cycles in this business. Companies that are doing well most likely continue to do well. They can invest, acquire and leverage existing customer relationships. Those on the wrong side of a cycle, lose momentum, customers, employees and eventually the ability to keep investing to stay out front. So, from an end user perspective, you want to associate with winners and tracking them every 3 months is one way to keep score.

Also to reiterate my financial disclosure policy, I do not hold the securities of any publicly traded security company that I cover. Mutual funds I own may, but I have no control over that or any influence on the investment or management of the company.