Black Eye for FireEye - Hitting Researchers with Injunctions

Sometimes security companies can be a little too heavy handed. Or their lawyers have too much time on their hands. FireEye cleared this hurdle, recently.

Felix Wilhelm, a security researcher working for  Germany based ERNW, was going to present his findings on some vulnerabilities he had found with FireEye’s software.  He was going to present at the 44CON Cyber Security Conference (www.44con.com ) during the week of September 9.  The flaws had been fixed, by the way.

The two parties had a series of discussions regarding what could go into the report (FireEye was concerned about not exposing information on their product’s IP).  To be brief, the parties supposedly agreed on a final report around August 5.  FireEye then sent Wilhelm a cease and desist letter on August 6, obtained a court injunction on August 13 and delivered it to Wilhelm on September 2, a week before the 44Con conference.  Ultimately, Wilhelm did present his findings with some material redacted.

FireEye has a procedure for researchers   to “disclose and inform us of potential security issues”. In this case, FireEye was extremely heavy handed . Their action does little to encourage researchers to share (stifle?) at security conferences.  This comes across as “attacking the messenger”. They also attacked the messenger with  NSS Labs a couple of years ago when FireEye e came in last in a multi-company Breach Detection Systems Test. 

FireEye came in last again in a NSS Break Detection Systems Test (BDS) earlier this year. Eight companies were in the test:   Blue Coat, Check Point, Cisco, Fidelis, FireEye, Fortinet, Lastline, and Trend Micro. The test measured security effectiveness, performance, and total cost of ownership.

To obtain a copy of the Value Map:  NSS Security Value Map Graphic

To read the complete Forbes article “FireEye Scolded For Injunction Stopping Security Researcher Revealing Source Code”: Forbes - FireEye Scolded 

Is FireEye Fireproof?

Addendum - December 7 :  On 12/7 - FireEye reached a fifty two week  low of  $19.76  This is lower than their IPO opening bell price.

To date, FireEye seems impervious to poor test results.  The market has been more interested in revenue growth. In the NSS Labs Breach Detection Systems Comparative Report issued in Augst, five of the eight vendors tested received a Recommended rating. FireEye was not one of them. 

   

FireEye did not test well in the   NSS Labs report, finishing last, with the lowest security effectiveness (in the 50’s, with the next lowest vendor in the 80’s) and the highest TCO per protected Mbps.

September 28 Addendum - FEYE closed at $31.51. Its opening day closing price was around $36.

Cisco had the highest effectiveness of the eight products tested and Blue coast the lowest TCO per protect Mbps.  FireEye protested the testing methodology when NSS first performed this test a couple of years ago.   

A Frost and Sullivan report “Network Security Sandbox Market Analysis, APTs Create a “Must Have” Security Technology”, gives FireEye 62% of the market.

 From a financial perspective, FireEye sales and marketing expenses as a percent of revenue have finally dropped below 100%. Operating cash flow is finally positive. The company is still losing ”tons” of money. The market finally seems to be paying more attention cash flow, margins, and future profitability.  

The company as of mid August is trading in the low $40’s, well off its peak of $97 in March 2014 (giving executives a chance to cash in for a nice gain) and   above the bottom of $25 in October 2014.  The $40’s is in the area of the pop FireEye had when it first went public. The company CFO, Michael Sheridan, resigned shortly after the last earnings announcement to join DocuSign.

 A free copy the Breach Detection Systems Security Value Map can be obtained at https://www.nsslabs.com/bds-security-value-map-graphic  The full report is available for purchase. A number of the vendors in the report are making their individual vendor reports available.  

Cyphort, one of the vendors tested, is aggressive on their website explaining why they would make a great addition to companies already using FireEye and why they feel they’re the “clear alternative” for companies considering FireEye. People can learn about this at http://www.cyphort.com/products/firewhy/  as well as view a (small) capabilities comparison grid.

AhnLab Faces Uphill Battle in US – An Addendum

  

This is an addendum the February blog - “AhnLab Faces Uphill Battle in US against FireEye with AhnLab Malware Defense System (MDS)” http://kensek.blogspot.com/2014/02/ahnlab-faces-uphill-battle-in-us.html

If AhnLab is going to make a go of it with their Advanced Persistent Threat product, Malware Defense System (MDS), they must be doing it in incredible stealth mode.  And they must be trying to do it from Korea, where AhnLab is headquartered. 

• Their top US technology person left for a start-up early this year
• There have been no press releases added to the US web site since November 2013
• The company did appear at the Gartner Risk Security & Management Summit in June following up their appearance at RSA SF.  At RSA, they re_announced AhnLab MDS
• AhnLab had posted that they were going to appear at Black Hat Las Vegasin August.  This was removed from their web site.
• Both AhnLab and FireEye complained about an update NSS Labs issued to their 2013 Breach Detection study.  In the original, AhnLab and FireEye finished second and third respectively.  http://kensek.blogspot.com/2014/04/ahnlab-raises-issues-with-recent-nss.html   In the original update, they finished fifth and sixth respectively.  In the post complaints update, AhnLab MDS ranked sixth and FireEye fifth.  Both were far below the other four companies, SourceFire, Trend Micro, Fortinet, and Fidelis.  The updated value map is available at http://www.fortinet.com/sites/default/files/whitepapers/NSS-Labs-2014-BDS-SVM_0.pdf
• If you try to reach AhnLab at their 800 number, 800.511.Ahnlab (2465), you will receive a “you’ve reached a number that has been disconnected or is no longer in service” message.

Perhaps AhnLab is still trying to break into the US licensing Malware Defense System.  If so, they are being incredibly quiet   about it.

AhnLab Raises Issues with Recent NSS Labs Breach Detection Study

FireEye isn’t the only vendor displeased with their results and NSS Labs' methodology for their  latest Security Value Map.  AhnLab, whose Malware Defense System (MDS) product finished near the bottom of the Breach Detection Systems Security Value Map adjacent to FireEye, has posted their displeasure with the testing on their home page. 

AhnLab declined to participate in the 2014 public test. AhnLab, Fidelis, and FireEye had participated in the 2013 private test. Ultimately, Fidelis made their results publicly available on their website. Neither FireEye nor AhnLab chose to do so, though AhnLab did release some of the Malware Defense System results.

NSS Labs’  test evaluated 6 products from leading BDS vendors.  Four of the six products received the   "Recommended" rating from NSS, Sourcefire, Trend Micro, Fortinet, and Fidelis.  Neither FireEye nor AhnLab didn’t.   

AhnLab’s  Main Points

1. Two separate public tests, were consolidated into one report without notice -   AhnLab wrote that NSS never informed them the results would be published regardless of participation. This may or may not be true as many of the participants on the AhnLab side are no longer with the organization.
2. Two separate tests from two different years require two separate reports -  If the same malware sample set was used from 2013 for the 2014 test, AhnLab felt that it  would be inaccurate to publish all of the participants, from 2013 and 2014 together,  because newcomers to the study may have (had) a time advantage.

For complete details, go to http://us.ahnlab.com/html/notice/20140408.jsp

For a copy of the NSS Labs April Breach Detection Systems Security Value Map (SVM) and Comparative Analysis Reports (CARs), go to https://www.nsslabs.com/breach-detection-systems-bds-security-value-map-download

Some of the above sounds like a failure to communicate on both NSS Labs and AhnLab’s part. Neither side appears to have done due diligence here.

Only three companies completed participation in the 2013 test, not ten or more, as AhnLab writes in their response.  They may have a valid response about products with several more months “experience” having their results compared to products without that experience.   That notwithstanding, 3^rd party test results is one aspect of comparing products that companies need to utilize. The test results demonstrate that there is more than just FireEye, Fidelis, and AhnLab that need to be considered.

Fire in FireEye Valuation Gets Doused (slightly) With Release of NSS Breach Study Report – He Said, She Said Begins

 NSS Labs issued their Breach Detection Security Value Map on April 2  Neither FireEye nor AhnLab can be pleased.  In brief, the Value Map  measures security effectiveness on the Y-axis and Total Cost of Ownership (TCO) per protected MbPS on the X-axis.  AhnLab and FireEye finished in the dreaded lower left hand corner with FireEye coming in last in security effectiveness (AhnLab was close).  AhnLab had the highest TCO per Protected MBPS. The other four company’s products were in the upper right hand quadrant (Quadrant 1), Fidelis, Fortinet, Trend Micro, and SourceFire. They were all around 98% to 99% effective in NSS testing.  SourceFire was the winner, overall. 

From NSS, “Quadrant 1 contains those products that are recommended for both security effectiveness/management and value.  These devices provide a very high level of protection, manageability, and value for money.”  This document is publicly available from Fortinet as is a detailed report for their FortiSandbox 200D appliance.

http://www.fortinet.com/resource_center/whitepapers/breach-detection-systems-beyond-hype.html

Key findings mentioned in the press release - “Four of Six Leading Vendors Receive Coveted NSS ‘Recommended Rating’”

• Four of six products tested achieved over 95% in overall security effectiveness:   five of the six also received a 0% false positive rate.  AhnLab was the sixth with a 7% false positive rate.  FireEye had the lowest security effectiveness, around 94.5%. 
• Money Doesn’t Always Buy the Best Security: Total Cost of Ownership per Protected-Mbps ranged from $231 to $468 with the highest priced solution,   Conversely, Sourcefire (Cisco) had the lowest TCO and also received one of the highest security effectiveness ratings.
• All BDS Solutions Performed At or Above Vendor Throughput Claims

https://www.nsslabs.com/news/press-releases/nss-labs-reveals-first-security-value-map%E2%84%A2-breach-detection-systems

NSS Labs did not receive any compensation in return for vendor participation; All testing and research was conducted free of charge.

FireEye Stock Price (FEYE)

FireEye stock has dropped 49% percent from its March high of $97.35 to closing at $47.33 on April 11.  52-week range - $33.30 - $97.35.  It will be interesting now to see how the stock performs.  Q1 results won’t be announced until May 6.  Note -  The stock was at   $61.49 on April 2 when the report was released.  FireEye's  Q1 results won’t be comparable to    last year’s Q1 since revenue from their Mandiant acquisition after January 1 will be included.  The stock is up about 15% since the beginning of the year.  NASDAQ is down about 3% ovr the same period of time.

When you’re the market share leader, finishing low in an impartial test, one defense is to attack the attacker.

  

He Said - FireEye

"We are a vendor that specializes in advanced attack detection, not in detecting known, stale samples,” Gupta, FireEye Vice President of Products said.  "We ran their malware samples in our lab and detected every single one of them." A valid test would have used a zero-day exploit to evaluate the detection capabilities of the appliances or, at a minimum, the testing could have been done in a live, customer environment, Gupta added.

FireEye was quick to reply in a blog “Real World vs. Lab Testing: The FireEye Response to NSS Labs Breach Detection Systems Report” At a high level: 

• Issue #1:  Poor sample selection
• Issue #2:  Differing definitions of advanced malware
• Issue #3:  Poor test methodology.   

FireEye offered several paragraphs of detail for each of the above.  It is worth reading the blog.

http://www.fireeye.com/blog/corporate/2014/04/real-world-vs-lab-testing-the-fireeye-response-to-nss-labs-breach-detection-systems-report.html

“The best way to evaluate FireEye is for an organization to deploy our technology in their own environment and they will understand why we are the market leader in stopping advanced attacks, “said Dave Merkel, CTO in an April 2 Network World article.

She Said – NSS Labs

NSS Labs was also quick to replay in a blog “Don't Shoot the Messenger”

Their response is also good reading as most of the response consists of   a 20-bullet point “FireEye Claim” and “NSS Response” table.

“Not everyone can end up in the top right quadrant of the NSS Labs Security Value Map™ (SVM), so it is not unusual for someone to be unhappy.  It is, however, unusual for someone to behave the way FireEye did in this instance.  Normally we would not respond to such attacks, but there are a number of untruths and misdirection’s in their blog post that we feel we must address”, stated Bob Walder, President, and Chief Research Officer at NSS.  “FireEye’s results were not that bad.  The real issue here is that FireEye now has credible competition in the BDS market place and the data from this NSS test shows it.”

https://www.nsslabs.com/blog/dont-shoot-messenger

How Did This Begin

Three companies were tested last summer by NSS Labs in their initial breach study, AhnLab, FireEye, and Fidelis.  Fidelis made their report publicly available and challenged FireEye to do the same.  AhnLab issued a press release about their results, and in a blog went, “FireEye, hello?”  No press release by FireEye on their results.  Demerits to publications not asking about this!  With respect to the three companies, NSS has a multi-page document letting the firms tested know what they can do with the test results.  One thing they can’t do is start-doing comparisons with other companies, combining charts, et cetera from the reports.  The reports were available for purchase.

And What about NSS Labs’ Reputation?

In “IT Security Survey 2014” by  test group AV-Comparatives (www.av-comparatves.org),   issued in February, NSS Labs came in ninth out of 15 vendors.  Over 5800 users responded to the survey.  

 http://www.av-comparatives.org/security-usage-surveys/   

Timing Means Everything When Stock is Sold

On March 12, insider transactions of FireEye stock at $79.54 included: 

1. Norwest Venture Partners IX, LP sold 2 million shares, grossing $160 million.
2. FireEye CTO Aziz Ashar sold 1.04 million shares, grossing $83 million
3. FireEye CEO Dave DeWalt sold 486 thousand shares grossing $38 million

Insiders can’t sell shares whenever they want.  There are windows near the release of financial results that they can’t do anything.  A more comprehensive list of insider transactions can be viewed at

 http://finance.yahoo.com/q/it?s=FEYE+Insider+Transactions

  

It’s difficult to test security products.  Every environment is unique.  The best way for companies to evaluate products is to bring them in and to look at tests by reliable test groups.  The report by NSS Labs probably means   that FireEye will face more testing in house by potential vendors  rather than just be evaluated separately. 

Twitter - ckensek

AhnLab Faces Uphill Battle in US against FireEye with AhnLab Malware Defense System (MDS)

Silver sponsorship at RSA Conference USA 2014 in San Francisco  notwithstanding,  South Korea based AhnLab may face an uphill battle achieving success in the US with AhnLab Malware Defense System (MDS).  MDS is designed to combat Advanced Persistent Threats (APTs) and Advanced Malware.  No press release has been issued, but AhnLab will also be showing AhnLab Malware Defense System   Enterprise (MDSE). This version of Malware Defense System isn’t described on AhnLab website yet. The below isn't a technical evaluation of Malware Defense System, MDS or MDSE. It's more of a business analysis. 

http://conference.ahnlab.com/conference/rsa2014/product_mdse.jsp .

For information on MDSE -  http://conference.ahnlab.com/conference/rsa2014/AhnLab_MDSE_Brochure.pdf

Why It May Be Difficult for AhnLab and AhnLab Malware Defense System (MDS) in the US

FireEye (www.fireeye.com) is the 800-pound gorilla in the industry.  They offer more form factors for their APT solutions over AhnLab Malware Defense System.  For example -   their NX series to combat web-based attacks has six flavors, supporting 50 to 40k users.  Their FX series for file protection comes in 2 sizes; up to 80k and up to 160k files per day, respectively.  The acquisition of Mandiant gives them an endpoint solution.  On Valentine’s Day, FireEye announced an Intrusion Prevention product FireEye® MVX-IPS.  Well, they pre-announced the product.  They are shooting for availability during the first half of 2014.  They promote that they have customers in over 40 countries.   

Crowded marketplace   - AhnLab is among the double handful of competitors Gartner mentions in their August paper “Five Styles of Advanced Threat Defense”.  Competitors besides FireEye include   dedicated APT vendors Lastline, Bromium, and Damballa.  Other competitors (Googling Advanced Persistent Threats) include Palo Alto Networks, Cisco, McAfee, Fidelis Security Systems, Trend Micro,  Bit9, and Tenable.  Everyone has their eye on FireEye 

Limited US Presence -   AhnLab decreased their staffing in the US at the start of the year to a handful despite having just opened their US/EMEA headquarters in the Santa Clara, CA less than two years ago.    

It takes a channel and partners - Two ways to try to   grow sales quickly are to  OEM your product and agressively develop a channel.  AhnLab devotes one  page to recruiting partners.  No Partner Portal.  No Education Portal.  FireEye has a well-developed partner program, including VARs, Value Added Distributors, System Integrators, MSSPs, and Technology Alliance Partners (over a dozen listed in their site).  FireEye’s reseller program seems “standard” with three tiers.

It takes customer support - FireEye has a multiple levels of support for their customers.  For Malware Defense System, AhnLab will have to build off a single email address they currently have for US/EMEA customers.  This suggests that support will be coming from South Korea.  Nothing about multiple levels of support.  Barracuda Networks has an amusing radio commercial asking if you want phone trees  and long distance support for your products.

It takes customers who will talk about your Advanced Persistent Threat product - It is difficult to get customers to publically talk about what security products they have on their network.  FireEye has Sallie Mae, Equifax, and the Department of Defense listed as well as a dozen anonymous case studies across a number of industries. FireEye claims that over 100 of the Fortune 500 are among their customers.

 

It takes marketing and noise - FireEye is “everywhere”.  They appear on multiple security web sites. Multiple CIO and CISO events.  Going public created a lot of visibility.  Their reports and Mandiant’s whom FireEye acquired shortly after the first of the year, get a lot of visibility.  FireEye is aggressive in issuing press releases about threats they have discovered and investigated.  They’re promoting fourteen security events (four in the US),   they’ll be at during the first half of the year.  AhnLab will be at two.  Most PR firms would consider just putting up a product description on your web site a sub-optimal way to announce a product.  That’s not the usual marketing strategy in the North America marketplace.

What AhnLab Malware Defense System May Have Going For it

NSS Breach Detection Study -   AhnLab, Fidelis Security Systems, and FireEye were the only three companies to complete a breach detection study by NSS Labs, (www.nssslabs.com ) last summer.  Fidelis put out a press release about their results, made their report available at no charge, and wrote a blog challenging FireEye to make their summary report available.  AhnLab put out a press release but hasn’t made the report available on their website.  FireEye wrote nothing.

Three types of protection in a single appliance - AhnLab promotes that they provide Web, email, and Content Security in a single appliance.  With FireEye, you would have to purchase three products.

Profits - AhnLab is one of the largest security companies in South Korea.  And profitable.  FireEye has yet to show a profit.  For 2013, Sales and Marketing expenses, by themselves, exceeded Revenue.  Profits and positive cash flow are good things for the long term.

Ultimately, prospects will have to bring the products in house and test them.  Gartner has looked at a number of companies offering a solution.  NSS Labs issued their reach study last summer and undoubtedly has another APT study going on.  www.nsslabs.com

For people visiting RSA 2014 in San Francisco http://www.rsaconference.com/events/us14  a number of the vendors offering solutions will be present.  Coffee and cookies in the AhnLab booth, at 11:30 each morning during the exhibition!  “Learn about the ultimate threat defense.  AhnLab’s announcing APTs Dead!”  (Sic) will be the topic of a talk by AhnLab executive Leo Versola on Wed. February 26 at 1:00PM in the North Expo Hall Briefing Center. Too late for a free RSA pass.

The window is closing for AhnLab and other Advance Persistent Threats vendors.  Obviously, FireEye has made it through.  AhnLab and other vendors are going to have a battle to be one of the other survivors and get share.  The press over some major attacks from cyber criminals Target Stores and over 110 million, among others during 2013  ensures  athat companies will be looking for a solution. craig kensek

twitter - ckensek

NSS Labs - Can Consumer AV Products Protect Against Critical Microsoft Vulnerabilities?

NSS Labs released an interesting analysis brief on  August 15 – “Can Consumer AV Products Protect Against Critical Microsoft Vulnerabilities?”  NSS Labs conducted testing on thirteen consumer antivirus (AV) products.  The goal was to see how well the products  repelled attacks on systems not yet patched for a pair of current vulnerabilities.  Those used  in the test were the CVE-2012-1875 and CVE-2012-1889 vulnerabilities.  According to NSS, exploitation of either of these   can result in  remote code execution by the attacker.  Very bad for the user!  Look for an upcoming “Consumer Endpoint Group Test”  by NSS Labs in the near future. 

The Analysis Brief Top Scorers  Were

To cut to the chase, only four companies scored 100% on the test.  In alphabetical order, these were Avast, Kaspersky, McAfee, and Trend Micro. 

  

Two companies had products scoring 75%, ESET and Norton (I’m not listing all the  results to encourage people to register and download the free report).  No vendor scored 0% on the test with their tested product.  However, five of the products scored 25%.  One of them is based in Redmond, WA, however.  The cone of shame for all at the bottom. 

A Pair of the Recommendations

Two of the five recommendations of the study:   (1) Do not rely purely on AV software to protect your system.  Install HIPS (Host Intrusion Protection) or an Internet Security Suite as well.  (2) People utilizing Facebook, Gmail or other services that utilize HTTPS  need to have AV (at minimum) on their system.  Note that the first recommendation was install an Internet Security suite.   

In general, the products tested were  the vendor’s home Internet Security product.  It’s somewhat disappointing that BitDefender wasn’t included.  BitDefender tends to be near the top in any testing done by Av-comparatives and AV-test (www.av-comparatives.org and www.av-test.org ).

The tested  products - Avast Internet Security 7, AVG Internet Security 2012, Avira Internet Security 2012, CA Total Defense Internet Security Suite, ESET Smart Security 5, F-Secure Internet Security 2012, Kaspersky Internet Security, McAfee Internet Security 2012, Microsoft Security Essentials, Norman Security Suite Pro, Norton Internet Security 2012, Panda Internet Security 2012,  and Trend Micro Titanium + Internet Security.

At seven pages, the test is a good read.  The report is additive to the testing reports by the organizations listed above, as well as those performed by Virus Bulletin www.virusbtn.com . Go to these other sites to view additional test reports.  These are much superior to counting Facebook fan "likes"!  The wisdom of crowds doesn't always rule. 

NSS Labs www.nsslabs.com

NSS Labs, founded in 1991,  provides independent security research and testing.  They also provide subscription based information services and consulting.  

Dell to Acquire SonicWALL

Dell announced today their intention to acquire SonicWALL from equity investor firm Thoma Bravo. Thoma Bravo had take SonicWALL private in 2010. They have also recently had purchased secure web gateway company Blue Coat Systems and taken it private. This acquisition, according to Dell, will enable them to offer customers a broader range of enterprise offerings. SonicWALL revenues for the last 12 months were about $260 million. www.sonicwall.com

“Dell’s distribution, reach, and brand are well-recognized across the industry. This transaction aligns well with Dell’s mid-market design focus and allows us to accelerate growth of our flagship SuperMassive Next-Generation Firewall solutions with Large Enterprise customers,” said Matt Medeiros, president and CEO, SonicWALL. “Additionally, SonicWALL is recognized as a leading security solutions provider for small and medium businesses through our UTM solutions. Dell’s phenomenal breadth and reach into small and midsize companies provides a significant opportunity to expand our customer base.”

Before being taken private by Thoma Bravo, SonicWall’s strengths were in serving the SMB marketplace with advanced network security and data protection solutions. They have expanded their portfolio to include Next-Generation Firewalls (NGFW), providing these in a form factors scalable to the enterprise.

SonicWALL and Palo Alto Networks were the top performers in a recent NSS Labs analysis, the “2012 Next Generation Firewall Security Value Map™” (NGFW). The value map illustrates Block Rate versus Price per Protected Mbps. The SonicWall SuperMassive E10800 and the Palo Alto Networks PA-5020 NGFWs were the “winners”.

http://kensek.blogspot.com/2012/03/sonicwall-palo-alto-networks-top.html

Effect on Product Development for SonicWALL - To the extent Dell leaves the development team intact to do their own thing, disruptions should be minimal.

Effect on the SonicWALL brand - No one has said whether the company name SonicWALL will be going away, yet. . Nothing has been said as to whether Dell will use the McAfee/Intel model of having the company be a wholly owned subsidiary of Dell.

Other products SonicWALL brings to Dell - Besides firewalls, NGFWs, and Unified Threat Management (UTM) solutions, secure remote access, email security, backup and recovery, and policy, and management and reporting. Dell is acquiring a nice set of security solutions.

Effect on the SonicWALL channels - SonicWALL has 15,000 resellers providing global coverage. Dell plans to “take the very best of the SonicWALL channel programs” (sounds like a reduction…..) and combine it with Dell’s PartnerDirect program. Dell’s existing PartnerDirect members will be able to sell SonicWALL solutions.

SonicWALL was a public company until 2010, when Thoma Bravo acquired it for $717 million. Investors and analysts are estimating the purchase price to be between $1 billion and $1.5 billion. Healthy return by Thoma Bravo for a 2-year investment! Dell will be funding the deal with cash.

It would be interesting to hear what they’re saying about this at Palo Alto Networks, Check Point Software Technology, Barracuda Networks, and Juniper Networks. IMHO, the Palo Alto Networks IPO (Initial Public Offering) valuation may drop by a bit.

http://content.dell.com/us/en/corp/d/secure/2012-03-13-dell-sonicwall-acquisition.aspx

March 20 - Palo Alto Networks IPO Preparations Start to Heat Up

March 20 Addendum

Palo Alto Networks will seek to raise about $250 million in an initial public offering this year that would value the Internet security company at about $1.5 billion, said a person with direct knowledge of the situation.

The company chose Goldman Sachs Group Inc., Morgan Stanley, Credit Suisse Group AG and Citigroup Inc. as its underwriters and will submit an S-1 filing in a couple of weeks.

http://www.bloomberg.com/news/2012-03-19/palo-alto-networks-said-to-file-250-million-ipo-in-weeks-1-.html

Nothing in the press yet as to what quarter the IPO will take place. Some more conversations will take place at Check Point and Juniper, most likely. Palo Alto Networks coined the phrase Next Generation Firewall (NGFW), though other companies rightfully can say that they offer the same functionality. SonicWall and Fortinet, for example. S-1's make interesting reading as companies have to start letting the investment community look more deeply into the company's financial workings, and view (the copious) risks that the company has identified.

Original Post

Palo Alto Networks has supposedly hired Morgan Stanley, Goldman Sachs, and Citigroup to lead its (IPO) initial public offering, which is expected this year. The IPO market is definitely heating up. Palo Alto Networks received a recommended rating in NSS Labs’ latest firewall report. Palo Alto Networks was also recognized as a leader along with Check Point Software Technologies in the Gartner 2011 Magic Quadrant for Enterprise Network Firewalls. You can go to the Palo Alto Networks site to register for and download both the Gartner and the NSS Labs reports. Pundits will probably be coming up with a valuation in the coming weeks.

Strengths Gartner Mentioned Include

· Highly effectively application identification, application categorization, and ease of confguration

· Performed is as advertised in specification sheets (now that’s a novel idea ;))

A Few of The Cautions

· Lacks Common Criteria EAL-4+ for Information Technology Security Evaluation for the firewall

· Limited number of models when compared with competitors

· Some confusion with respect to selling into the secure web gateway (SWG) marketplace

http://www.paloaltonetworks.com/cam/gartner/index.php

NSS Labs 2 page analysis, the “2012 Next Generation Firewall Security Value Map™” was released during RSA San Francisco 2012. The value map illustrates Block Rate versus Price per Protected Mbps. The SonicWall SuperMassive E10800 and the Palo Alto Networks PA-5020 NGFWs were the “winners”, far up in the right hand corner. http://www.paloaltonetworks.com/cam/nss-labs/2012-svm.php

and http://kensek.blogspot.com/2012/03/sonicwall-palo-alto-networks-top.html

What would Palo Alto Networks valuation be in an IPO? You may want to look at the “ratios” from companies like Check Point Software Technologies, Juniper Networks, and Cisco and back calculate for some estimates as to its value during an IPO. Estimated revenues for PAN - $700 million.

Fun times for Founder and CTO Nir Zuk, principal engineer at Check Point Software Technologies and one of the developers of stateful inspection technology, and the rest of the Palo Alto Networks management team as this IPO moves forward.

http://www.reuters.com/article/2012/03/08/paloaltonetworks-ipo-idUSL2E8E88P820120308