Back to top

Cyber Warfare: The Coming Battleground of AI Machines

Read MoreHide Full Article

In late December, I was shopping for cyber-security stocks because the more I studied the emerging big-data world with nearly all info traveling through the "clouds" -- not to mention billions of IoT exposures -- the more opportunity I saw for all the competing companies to find customers with potential breach issues.

I first bought Proofpoint (PFPT - Free Report) near $115 because I liked their deep experience in protecting data for more than half of the Fortune 1000. I also liked that the stock confirmed a higher low against August's $110 nadir.

Big companies rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web.

Sales look to grow 23% this year to hit nearly $900 million and estimates for next year see 20% growth right now, making it trade at just 6X forward revenue. The company is expected to grow profits 17% this year to $1.73, and while the consensus for 2020 came down from $2.12 to $1.94, they have a great track record of beating with an average 40% positive surprise for the past 2 years. PFPT will report its Q4 on Jan 30.

Then on December 30, I chose CrowdStrike for its AI/machine learning (ML) approach to 24/7 malware threats that can no longer be recognized with traditional "signature-based" metrics (past threat patterns). Here's what I told my group that morning...

TAZR Traders

Portfolio is buying CrowdStrike (CRWD - Free Report) with a 7% allocation between $48 and $50.

We bought Proofpoint recently and I'm always ready for the possibility that investors may not favor a given company in an industry. But I still want us to have exposure to companies meeting cyber threats head-on as they provide Security-as-a-Service.

CRWD became a Zacks #2 Rank after beating expectations and providing solid guidance in its Q3 report on Dec 5.

But the stock sold off afterwards, with particularly heavy volume on Dec 9 -- exactly 180 days after its IPO on June 12.

And that means it was IPO investors who were "locked-up" and just wanted out after missing their chance to sell at $100. Shares dropped from that peak during the Ukraine news.

The bad news, just about any selling was justified in the second half based valuation alone as the stock still trades at 20X forward sales with a $10 billion market cap.

The good news is that the insider selling hardly put a dent in the potential turn that is setting up. In fact, shares couldn't even touch the Oct-Nov double bottom at $45 and there has been a good amount of volume this month showing willing buyers taking shares from shaky insider hands.

Now that they are out of the way, let's see what the growth and upside are for CRWD.

Here was the bullet list on the company's Q3 from Stifel Nicolaus...

ARR increased 97.4% y/y to $501.7mn vs. $465.2mn Stifel estimate

Total revenue increased 88.5% y/y to $125.1mn vs. $119.0mn Stifel estimate

Subscription revenue increased 98.1% y/y to $114.2m vs. $108.5mn Stifel estimate

F4Q20 Guidance Exceeds Street Expectations: Total revenue of $135.9-138.6mn vs. $127.2mn Street estimate

Stifel has a Buy rating and $90 PT.

Oppenheimer titled their post-earnings note: Solid F3Q20 Execution Supported by Record Net New Customer & ARR; Positive Cash Flow In Sight for FY21. They have a $100 PT on CRWD shares.

CrowdStrike seems pretty confident that their model of "cloud native" and data-centric solutions is a breakthrough in cyber security on par with Salesforce's CRM Cloud and Workday's HR Cloud.

And just this morning (Dec 30) we got this analyst move...

Needham Adds CRWD to Conviction List

Needham analyst Alex Henderson kept his Buy rating and $92 price target on Crowdstrike, and added the stock to the Needham Conviction List in favor of Zscaler (ZS - Free Report) , calling it his "Single Best Idea in Security" heading into 2020. The analyst said the company's "technology, platform and efficacy" combine to create "one of the core platforms in Security" regardless of its customer strategy. Henderson added that Crowdstrike offers the "right technology" to improve security for either legacy perimeter defense or for "emerging, zero-trust" cloud-direct security.

(end of Dec 30 TAZR Buy Alert on CRWD)

I also told my group about several CrowdStrike customers, including the Mercedes-AMG Petronas Formula 1 team. The car engineers and technicians rely on CrowdStrike to protect the data streaming from thousands of sensors every time they test something.

Obviously, this group was willing to do a commercial for CrowdStrike. Hundreds of other companies probably don't want to talk about these data risks.

But just think about how many corps have similar voluminous proprietary data streaming in thousands of IoT channels that they need protected?

Falcon on GovCloud

Another impressive customer win was at Goldman Sachs, where CISO (chief info security officer) Andy Ozment previously worked in senior-level US government roles for over 6 years. Obviously, the dude knows his stuff.

The most critical vulnerability we all share is a cyber-attack on government and utility services like happened in Atlanta in 2018.

Not surprisingly, Crowdstrike is already working closely with US agencies as Falcon on GovCloud provides the industry’s first cloud-delivered endpoint security and IT hygiene solution. Each component is tailored for securing the U.S. public sector, and is FedRAMP authorized and delivered from AWS GovCloud.

This is probably why CrowdStrike was such a natural choice for Ozment and Goldman.

Falcon on GovCloud enables customers to prevent all types of modern attacks and significantly reduces the cost of operating security infrastructure.

These things were on my mind last week after the US strike on Iran's top military general Qasem Soleimani. And it propelled me on Friday January 3 to issue this trade alert...

TAZR Traders

Portfolio is adding to CrowdStrike (CRWD - Free Report) under $51.

Looking for the massive call buying action in CRWD that I noted earlier this morning, I came across two other data points...

1) Nomura predicts that CrowdStrike is poised for "another year of hyper-growth." The comment came in Nomura's note previewing the year and the firm's best ideas. The firm maintains a Buy rating and $71 target on CrowdStrike.

2) As we evaluate what Iran is capable of and likely to do, I was reminded of the 2018 utility "ransomware" cyber-attack on Atlanta that was executed by two Iranian hackers. (story excerpt below from Wikipedia)

These might explain the bullish action in Jan, Feb, and March call options.

(end of Jan 3 TAZR Buy Alert)

Ransomware is Not New

According to CrowdStrike, an exponential growth curve of malware has made it a pervasive and persistent threat to end users. Most virus protection software can't catch half of it now.

What I love about the CrowdStrike approach to using AI and ML to seek and destroy cyber threats is that it's about "going where the ball will be."

In other words, the most sophisticated cyber threats of this decade won't be designed by humans. They will be machine-made.

So why not get ready for full-scale cyber war with the only tools that can win -- better machine programs that are constantly learning.

Besides that, even if CRWD is not the winner of this war, you and I will be because we'll be studying the most urgent application of ML and AI: national security.

Malware Meets Machine Learning

On Monday January 6, I gave my TAZR members this report...

Short Game in CRWD Getting Crowded

The investing crowd came for CRWD today and 4 more events made them chase the shares +9% on massive volume of over 21 million shares!

1. CrowdStrike CEO on Cramer's show Friday evening

2. Actual pro-Iranian hack of a US government website on Saturday (as I suggested was likely)

3. VMWare's head of cyber-security interviewed Friday evening on his knowledge of the "footprints" and "lateral" threats now possible from Iran

4. Bloomberg published a story about the Iranian hack of Sheldon Adelson's Las Vegas Sands casino in 2014

All of this combined for a massive bonfire of short positions as new longs deployed fresh capital.

CRWD shorts had already been covering in December, leaving the shares short at just 6.5 million. So that's how we know there was even more fresh money pouring in to the stock.

Let's go over each bullet...

1. CEO Interview: George Kurtz, in his MadMoney appearance, said "These sort of determined adversaries, nation-state adversaries, are constantly attacking our corporations and critical infrastructure 24/7 and most people really don’t understand the extent of these attacks and the damage that they can actually inflict."

In the interview, Kurtz also explains how Crowdstrike uses artificial intelligence to defend enterprise cloud computing against cyberthreats.

2. Gov Hack: the homepage for the U.S. Federal Depository Library Program was briefly altered Saturday evening to show a pro-Iranian message and an image of bloodied Donald Trump being punched in the face.

A line at the bottom read: "Hacked by Iran Cyber Security Group Hackers. This is only small part of Iran's cyber ability! We're always ready."

The Federal Depository Library Program was created to provide the public with "no-fee ready and permanent public access to Federal Government information," which includes bills and statutes, court opinions and a wide range of material produced by the government.

The site was taken down and it's possible that it had weaker security than other gov portals. But why wouldn't a gov docs portal have better security just because it's public?

In any case, it's still unknown if this hack was actually done by Iranian forces. The cyber investigation may take some time as we'll see they often do from the Adelson story coming up.

3. VMWare: Iran Will Wage Insurgency in U.S. Cyberspace

This is a really good interview with a Bloomberg staffer and VMW's head of cyber, Tom Kellermann. At first I thought this was just a corporate voice speaking of their vulnerabilities. Then I was reminded that VMW bought Carbon Black last year and launched a new Security Business Unit.

So this guy is doing something of a commercial for VMW capabilities, but he seems to really know his stuff and understands the battlefields. I've watched it twice and highly recommend it, also for the excellent analysis by Bloomberg's Kartikay Mehrotra.

4. Iran’s Cyber Attack on Billionaire Adelson Provides Lesson on Strategy

That hack to the casino systems cost the Las Vegas Sands $40 million to recover data and secure the breach. Sunday's Bloomberg article also has other examples of cyber attacks including major banks, oil companies and a dam in New York.

James Lewis, from the Center for Strategic and International Studies, said if the Iranians decide to retaliate with a cyber-attack, they will likely “want something dramatic” in choosing a target...

“The big question is: will they do something symbolic, like the bank attacks? Or try for both symbolic and disruptive, as they did with the Sands?”

What Happens Next in Cyber Terror?

In the Bloomberg video with VMW's Kellermann, Kartikay Mehrotra makes a great point about cyber threats potentially being very sophisticated and destructive in ways that we've never seen -- in critical areas like finance, energy, transportation and even healthcare.

He highlights the unknown unknowns by describing "machines talking to machines" in the daily work of cyber security, while humans are left out of the conversation much of the time, or at least in real-time.

This is exactly what I highlighted Friday when describing CRWD's machine learning (ML) imperative in a world where it will take constantly adapting algos to beat better cyber bots.

This weekend, Iran recovered a needed sense of public unity and patriotism after the hit on Soleimani. Brutal dictatorial forces didn't have the best reputation among the populace and the shared assault forged a temporary slice of the "common enemy" feeling.

So Iranian leadership may not feel the urgent need to retaliate any further and risk the bigger weight of US cyber forces counter-attacking.

And in the case of the US gov documents site, Iran (if it was them) chose a soft target without inflicting any real damage (other than to the president's ego).

It just sent a strong message of their swift capabilities.

So will Iran be eyeing a big cyber strike on US infrastructure that could disable a city or harm large numbers of people?

My sense right now is that they won't pull the trigger on any extreme terrorism out of fear of the US response.

But they will still be building their arsenal of potential malware and methods.

And the global arms race to prepare and deliver cyber/drone/robot/AI warfare is only just getting started.

That means the investing opportunities will still be deep and wide this year.

SunTrust Likes FireEye and CrowdStrike

On Tuesday Jan 7, SunTrust put out their 2020 Outlook for Cybersecurity, upgrading FireEye (FEYE - Free Report) to Buy from Hold with analyst Joel Fishbein saying recent events in Iran and Iraq have put the spotlight on cybersecurity and will lead to increased government and private sector spending in both fiscal 2020 and 2021.

Fishbein and his team also rate CRWD a top pick in the space. Here are some excerpts from their research report...

Cybersecurity remains a top priority for the C-Suite and corporate boards. Worldwide spending on security-related hardware, software, and services is forecast to reach $133.7 billion in 2022 at a compound annual growth rate (CAGR) of 9.9%.

Conversations with Chief Information Security Officers (CISOs) indicate spending continues to increase and the overall demand environment is strong, but vendor consolidation is a key theme amongst buyers. Emerging vendors with innovative new technology are growing much faster than our estimation of market growth. We see a shift in spending from legacy security providers to next generation technology providers and multi-product platforms.

The top three spending priorities: include next-generation endpoint, identity, and cloud security and data protection as increasing workforce mobility means that the network perimeter is no longer static; effective identity solutions are the de facto first line of defense when it comes to accessing sensitive applications and data in this environment.

CyberWar is a likely scenario. In light of recent events in Iran and Iraq, government spending on cybersecurity is likely to grow in both fiscal 2020 and fiscal 2021. Priorities include securing IT systems, networks, and information; securing critical infrastructure; and improving incident reporting. The threat of cyberwarfare has put a renewed focus on security software infrastructure spend of not just government agencies, but also the private sector.

Technology Investing Requires More Homework

If you are not content just buying Microsoft, Apple, Google and Amazon -- the no-brainer buys of tech -- then you have to do a lot more homework theses days. With dozens of specialty software companies across data platforms, payments, mobile apps, security, infrastructure and automation, you must study the business, their competitive advantage and their financials and growth rates.

Often, I will learn enough about several companies to try and pick one current winner based on my mix of fundamental metrics and technical set-up criteria.

Then I will keep busy studying the rest of the group to learn the specialized niches of each competitor and see if I want to get ready for another trade in a strong industry.

While I have chosen CRWD as the best trade right now, I am also looking at CyberArk (CYBR - Free Report) and Okta (OKTA - Free Report) to see when the time is right to be long each of them again.

CYBR has already made a nice run this week, on par with CRWD and FEYE, and looks to be setting up for a challenge of all-time highs above $148.

And OKTA is a really exciting play on user "identity" security with single sign-on solutions that verify the person -- employee or customer -- entering a network. Okta's software helps companies manage and secure user authentication into the proliferation of applications, and for developers to build identity controls into applications, website web services and devices.

So, to participate in this new decade of continuous cyber threats, buy CRWD and learn more about FEYE, CYBR, PFPT, ZS and OKTA.

Today's Best Stocks from Zacks

Would you like to see the updated picks from our best market-beating strategies? From 2017 through Q3 2019, while the S&P 500 gained +39.6%, five of our strategies returned +51.8%, +57.5%, +96.9%, +119.0%, and even +158.9%.

This outperformance has not just been a recent phenomenon. From 2000 – Q3 2019, while the S&P averaged +5.6% per year, our top strategies averaged up to +54.1% per year.

See their latest picks free >>