How to Buy Security Technology Stocks
From parking lot security cameras to a coffee pot in the breakroom or a printer that was recently upgraded with Wi-Fi capabilities, there are plenty of ways for hackers to infiltrate a digital network or remotely monitor activities within a business.
High-profiled security breaches of Yahoo (ticker: YHOO), Delta Air Lines ( DAL) and Target Corp. ( TGT), among others, is attracting interest from potential investors who want to invest in cybersecurity.
"The trend is no secret on Wall Street as valuations on a lot of cybersecurity stocks aren't necessarily cheap," says Ryan Payne, president of Payne Capital Management in New York. "Investors should approach this space with caution."
In this era of big data with smart devices constantly connecting to the virtual cloud, the possibilities -- and potential problems -- are endless.
[See: 7 of the Most Loathed Stocks in the Market.]
"Potentially, any Internet of Things device could be a threat to security for businesses," says Nathan Wenzler, principal security architect at AsTech Consulting, a San Francisco-based independent security consulting company.
Many devices that are connected via the cloud are running on lightweight operating systems designed to provide connectivity and perform their designated purposes, and little more, he says. If compromised, such avenues can also allow hackers to gain backdoor access to sensitive data, reside on specific devices or listen into conversations.
That could potentially come from telecommuting employees who have consumer-grade connected devices, such as a refrigerator or smartwatch, that aren't connected via a secure platform, Wenzler says. A home Wi-Fi network could potentially be hacked into, creating a direct pathway to the internal corporate network over the VPN.
"While many developers are trying to build more secure platforms, it's still a bit of a hit-or-miss thing," Wenzler says. "Businesses need to be very careful about what devices they're connecting to their network as not to give attackers an additional point of entry to beachhead their attacks to the rest of the network."
There's a shift from passive to active, more intelligent security. Instead of creating fortress-like walls, many companies are turning to deceptive fakes to lure in hackers, says Dimitri Sirota, CEO of BigID, an early stage Israel-U.S. security company headquartered in New York.
Unlike old static security networks, newer versions use bots and agents to act like decoys that actively try to deceive or confuse an intruder, Sirota says. Many seek out unusual behaviors to modify the security system accordingly.
"Now you can look for unusual patterns and behaviors and have options in how you want to react, from stopping or closing a port to putting up a decoy," he says. "It's a lot more sophisticated."
Although chief information security officers have historically selected and implemented security procedures annually, many companies are now having developers build security features into applications to avoid massive issues where an application goes down and customers can't shop, Sirota says.
"There's not enough time to stay ahead of security breaches," he says. "So people are building cybersecurity into the application so they can lock it down."
[See: 20 Awesome Dividend Stocks for Guaranteed Income.]
The endpoint security market is growing. Many companies are working on innovative ways to detect and protect corporate networks security software from being attacked by malicious files. "The amount of venture capital flowing into the advanced endpoint market over the last few years has been impressive, or terrifying, depending on your point of view," says Andrew Braunberg, managing director for research of NSS Labs in Austin, Texas.
Braunberg says NSS Labs expects a new wave of advanced endpoint vendors to initiate initial public offerings in 2017, including Carbon Black, a Waltham, Massachusetts-based cybersecurity company that has filed for an IPO with the Securities and Exchange Commission. "And Tanium is rumored to be moving in the same direction," Braunberg says.
He says investors should look at security vendors that can administer protection, detection and remediation as security platforms within a larger business organization, while providing traffic visibility from the endpoint to the cloud.
Consider sector-based options. Investors can start by looking at broad based exchange-traded funds that encompass the tech sector such as Technology Select Sector SPDR ETF (ticker: XLK) and iShares S&P Global Technology Sector ( IXN), which both hold companies such as Microsoft Corp. ( MSFT), Apple ( AAPL), Alphabet ( GOOGL, GOOG), Intel Corp. ( INTC) and Cisco Systems ( CSCO).
Other options include First Trust NASDAQ-100 Technology Sector Index Fund ( QTEC), which includes NXP Semiconductors ( NXPI) to Nvidia Corp. ( NVDA).
Some experts also point to the PowerShares QQQ ( QQQ), an ETF based on the Nasdaq 100 index that devotes 57 percent of its sector allocation to information technology, but also includes many non-tech sector companies.
Two ETFs offer investors targeted exposure to the cybersecurity industry, says Steven Schoenfeld, founder and CIO of BlueStar Indexes, a financial research firm in New York. The PureFunds ISE Cyber Security ETF ( HACK), which launched in 2014, has 32 holdings. The First Trust Nasdaq CEA Cybersecurity ETF ( CIBR), which launched in 2015, has 34 holdings.
Look at high-tech defense technology. When it comes to cybersecurity, many defense funds also include companies that focus on data analytics and have some overlap in cybersecurity technology, Schoenfeld says.
BlueStar TA-BIGITech Israel Technology ETF ( ITEQ), tracks 65 Israeli tech stocks ranging from biotechnology to cybersecurity and includes Israeli companies that are based globally. Launched in November 2015, the fund includes Mobileye ( MBLY), which makes up 10 percent of the fund, as well as Amdocs Limited ( DOX) and Check Point Software Technology ( CHKP). The trio make up nearly 29 percent of the fund. ITEQ also holds Elbit Systems ( ESLT), which helps build the smart helmets worn by U.S. fighter pilots and Nice Systems ( NICE) an Israeli voice recording, data security and surveillance company.
Schoenfeld, who helped launch BlackRock's iShares ETFs while at Barclays Global Investors, says investors should also consider SPDR S&P Aerospace & Defense ETF ( XAR), PowerShares Aerospace & Defense ETF ( PPA), and iShares U.S. Aerospace & Defense ETF ( ITA), which includes major hardware manufacturers like Boeing Co. ( BA) and Lockheed Martin Corp. ( LMT).
[See: 10 of the Kardashians' Favorite Kompanies.]
"There is a growing sense of urgency to develop and implement actionable surveillance technologies which spans everything from geolocation to biometrics to intelligent machine-to-machine communications," Schoenfeld says.
Dawn Reiss is an award-winning journalist in Chicago who has written for TIME, Reuters, Chicago Tribune, The Atlantic and Travel + Leisure and many other publications. Follow her on Twitter, Google+ and Instagram @dawnreiss.
