网络规划设计师教程落后_网络安全：领导者与落后者

网络规划设计师教程落后

Cybersecurity attacks have surged during the coronavirus pandemic in line with a rapid shift towards remote-working and online transactions. This surge has catalysed a more rapid rise in demand for cybersecurity platforms and services such as Crowdstrike, Palo Alto Networks, Okta, Fireye and national-security focussed firms such as Raytheon.

在冠状病毒大流行期间，随着向远程工作和在线交易的快速转变，网络安全攻击激增。 这种激增促进了对网络安全平台和服务(如Crowdstrike，Palo Alto Networks，Okta，Fireye)和专注于国家安全的公司(如雷神公司)的需求的快速增长。

In the US, the FBI’s Internet Crime Complaint Center (IC3) has seen the same number of complaints from Jan-Mar 2020 as they saw in the entire year of 2019 whilst, across the board, there has been a surge in covid19 related attacks.

在美国，联邦调查局(FBI)的互联网犯罪投诉中心(IC3)从2020年1月至3月的投诉数量与2019年全年的数量相同，与此同时，与covid19相关的攻击也全面增加。

According to Accenture, it is estimated that the 2019–2023 global business/economic value at risk from cybercrime will be US$5.2 trillion.

据埃森哲(Accenture )估计，2019-2023年全球受网络犯罪威胁的商业/经济价值将为5.2万亿美元。

Source: Accenture

资料来源：埃森哲

Furthermore, the same report highlights that the average number of security breaches is rising 11% per annum (to 145 in 2018) and the annual cost of these crimes is increasing at a similar rate (to US$13m per company). Although the data is a few years old, you can see double-digit growth across the board, with Malware (trojans, worms, spyware, ransomware, viruses), web-based attacks (cross-site scripting, SQL injection) and Denial of Service (i.e. attacks to overwhelm and paralyse target websites/networks) being the most costly attacks to an organisation.

此外，同一份报告还强调指出，安全漏洞的平均数量每年以11％的速度增长(2018年为145起)，这些犯罪的年度成本以相似的速度增长(每家公司1300万美元)。 尽管数据已有数年之久，但您可以看到恶意软件(特洛伊木马，蠕虫，间谍软件，勒索软件，病毒)，基于Web的攻击(跨站点脚本，SQL注入)和拒绝访问的数量呈两位数增长。服务(即使目标网站/网络瘫痪和瘫痪的攻击)是对组织最昂贵的攻击。

Ninth Annual Cost of Cybercrime Study) 第九届网络犯罪年度研究费用 )

In its 2020 Global Threat Report, CrowdStrike site the origins of such intrusion activities back to a handful of countries; with Russia, Iran, North Korea, China and the Indian subcontinent (India, Pakistan) responsible for 90% of attacks. In the case of China, a lot is aligned to IP theft (i.e. telco, pharma) as well as attacks on companies/countries interfering in geopolitical matters (i.e. HK, Taiwan, South China Sea).

在其《 2020年全球威胁报告》中，CrowdStrike网站将此类入侵活动的起源追溯到少数几个国家。 俄罗斯，伊朗，朝鲜，中国和印度次大陆(印度，巴基斯坦)的袭击占90％。 在中国，知识产权盗窃(例如，电信，制药)以及对干扰地缘政治事务的公司/国家(例如，香港，台湾，南海)的攻击，在很大程度上是一致的。

Undoubtedly, attacks will only increase in frequency and complexity, and there are a large number of companies — incumbent and emerging — who stand to benefit (substantially) from this.

毫无疑问，攻击只会增加频率和复杂性，并且有许多公司(既有新兴公司)也将从中(实质上)受益。

For simplicity, all are categorised quite broadly into cloud & network, endpoint & advanced threat, email, secure access and national security (nb. a lot of companies do cross into other categories).

为简单起见，所有这些都大致分为云和网络，端点和高级威胁，电子邮件，安全访问和国家安全(nb。许多公司的确分为其他类别)。

总览 (Overview)

Below is a reasonably broad list of the public cyber-security companies (predominantly enterprise) split horizontally by core focus (i.e. secure access) and vertically based on whether the company is more of a challenger or more of an incumbent. This line is quite discretionary so, as a rule of thumb, I’ve put any company which was founded pre-2000 in the incumbent category. This doesn’t imply that incumbents are laggards but, as a rule of thumb, that they would have more legacy architecture/products making it more cumbersome to scale and adapt as much as the challengers.

以下是合理范围广泛的公共网络安全公司(主要是企业)的列表，该列表按核心重点(即安全访问)水平划分，然后根据公司是挑战者还是现有企业来垂直划分。 这条线是完全自由裁量权的，因此，根据经验，我将任何在2000年之前成立的公司都归为现有公司。 这并不意味着在位者是落后者，但是根据经验，他们将拥有更多的传统架构/产品，因此与挑战者一样规模更大的适应和适应。

Source: Granite Bay Capital

资料来源：花岗湾资本

So, now you can see roughly where these companies all fall within the landscape it’s then good to see where the markets are pricing these companies? How is the market valuing challenger platforms vs incumbent platforms?

因此，现在您可以大致了解到这些公司都属于什么领域，那么看看市场对这些公司的定价又好了吗？ 市场如何评价挑战者平台与现有平台？

To answer this in the absolute simplest/high-level way, we can assess the price relative to expected sales.

为了以绝对最简单/高级的方式回答此问题，我们可以评估相对于预期销售额的价格。

What you will generally find is that the challengers, with greater scalability and growth (in revenues and customers), trade at significant (and often eye-watering) price/sales multiples vs incumbents. The market is pricing in that probability that this growth trajectory can continue well into the future and ultimately generate a high level of free cash flows (which is one of the core determinants of value).

您通常会发现，挑战者具有更大的可扩展性和增长能力(在收入和客户方面)，其交易价格(通常是惊人的)是现有企业的价格/销售额的倍数。 市场以这种可能性定价，即这种增长轨迹可以持续到未来，并最终产生大量的自由现金流(这是价值的核心决定因素之一)。

As can be seen below (you’ll have to zoom!) all of the companies trading above 20x forward sales are the high growth challengers (Okta, Crowdstrike, ZScaler, Cloudflare and Splunk). Conversely, all of the companies trading below 2x P/S are the incumbents (Cyren, F-Secure, Zix, SecureWorks and all of the defence/national security operators).

如下所示(您必须放大！)，所有交易远期销售高于20倍的公司都是高增长挑战者(Okta，Crowdstrike，ZScaler，Cloudflare和Splunk)。 相反，所有交易价格低于2倍市盈率的公司(Cyren，F-Secure，Zix，SecureWorks和所有国防/国家安全运营商)都是现有公司。

Source: Granite Bay Capital

资料来源：花岗湾资本

Again, just because a company is trading at a high multiple like Okta, doesn’t mean it’s expensive — it just means you have to determine how much of that valuation is justified and how much is hype. The only real way of doing this is via sense checking via some discounted cash flow scenarios (which I won’t go into here!).

再有，仅仅因为一家公司像Okta这样的高倍交易，并不意味着它就很昂贵-只是意味着您必须确定该估值的多少是合理的，而炒作是多少。 做到这一点的唯一真实方法是通过一些折现现金流方案进行感官检查(我不会在这里介绍！)。

Now let’s dive in and take a look at some (not all!) of these companies starting with cloud & network security providers.

现在，让我们深入了解一下其中一些(不是全部！)公司，这些公司从云和网络安全提供商开始。

云与网络安全 (Cloud & Network Security)

Despite being leaders in endpoint security, having developed the next-generation firewall (NGFW), Palo Alto Networks are rapidly building capabilities which will put them at the forefront of solutions relating to network, 5G, cloud and edge applications (with IoT on the near-term product roadmap). Their offer is split across three core areas, including enterprise security (Strata), cloud security (Prisma) and their more comprehensive product suite Cortex. On the financial side, they’ve seen a 20% YoY rise in revenues and are sitting on a very healthy net cash and free cash flow position. The company are led by former Google Chief Business Officer and Softbank President and COO Nikesh Arora (Chairman and CEO).

尽管在端点安全性方面处于领先地位，但开发了下一代防火墙(NGFW)的Palo Alto Networks仍在快速构建功能，这将使它们处于与网络，5G，云和边缘应用程序相关的解决方案的最前沿(近距离使用IoT)长期产品路线图)。 他们的产品分为三个核心领域，包括企业安全性(Strata)，云安全性(Prisma)及其更全面的产品套件Cortex。 在财务方面，他们的收入同比增长了20％，并且拥有非常健康的净现金和自由现金流头寸。 该公司由前Google首席商务官兼软银总裁兼首席运营官Nikesh Arora(董事长兼首席执行官)领导。

Palo Alto’s cloud security platform Prisma (Source: Palo Alto Networks)

帕洛阿尔托的云安全平台Prisma(来源：帕洛阿尔托网络)

VMWare was part of EMC Corp prior to the latter’s acquisition by Dell in 2015 for a whopping US$67 billion (making Dell an 81% shareholder in VMWare). The company primarily help customers manage their IT resources across private clouds and complex multi-cloud, multi-device environments. Their solutions encompass Software-Defined Data Centres (SDDC), Hybrid and Multi-Cloud Computing and Digital Workspace End-User Computing (EUC). However, they have intentions of further expanding their existing cybersecurity services, with the recent acquisition of carbon black (at a US$2.1 billion price tag) which now encompasses cloud (of course), endpoint protection and app control. Despite modest revenue growth of 6% YoY, 2020 could also see a major catalyst event with reports that Dell (who are sitting on US$52 billion of debt vs it’s US$40 billion market cap) could look to sell all or part of its stake in VMWare, which at current levels is worth ~US$50 billion (1.25x it’s own market cap)!

VMWare是EMC Corp的一部分，而后者在2015年被Dell以670亿美元的高价收购(使Dell成为VMWare的81％股东)。 该公司主要帮助客户跨私有云和复杂的多云，多设备环境管理其IT资源。 他们的解决方案包括软件定义的数据中心(SDDC)，混合和多云计算以及数字工作区最终用户计算(EUC)。 然而，他们打算进一步扩展其现有的网络安全服务，最近以21亿美元的价格收购了炭黑(现在当然包括云)，端点保护和应用程序控制。 尽管收入同比温和增长6％，但2020年也可能是一个重大的催化剂事件，有报道称戴尔(坐拥520亿美元债务，而其市值为400亿美元)可能会出售其全部或部分股份VMWare，目前的价值约为500亿美元(是其自身市值的1.25倍)！

Cloudflare was founded in 2009 and hit the NASDAQ in September 2019 at US$15. Today (nine-months later) they’ve surged to US$40 following almost 50% growth in their year-on-year revenues. In summary, Cloudflare, have developed a cloud platform to provide business with various solutions encompassing Security (firewall, bot management, DDoS, infrastructure and IoT protection), Performance (content delivery and optimisation, routing) and Reliability (load balancing, DNS management). Of these, it is most notable for its work in preventing Denial of Service Attacks (DDoS) which is a significantly growing (and costly) threat to businesses (see below). However, being one of the ‘pin-ups’ of cyber (along with Okta and Crowdstrike) it’s trading at very hefty valuation. If we assume US$500m for 2021 revenues; it’s currently trading at 22x forward sales.

Cloudflare成立于2009年，并于2019年9月以15美元的价格在纳斯达克上市。 今天(九个月后)，他们的收入同比增长近50％，已飙升至40美元。 总而言之，Cloudflare开发了一个云平台，可为企业提供各种解决方案，包括安全性(防火墙，机器人管理，DDoS，基础设施和物联网保护)，性能(内容交付和优化，路由)和可靠性(负载平衡，DNS管理) 。 其中，最著名的是它在防止拒绝服务攻击(DDoS)方面所做的工作，该服务对企业的威胁正在显着增长(且代价很高)(请参阅下文)。 但是，作为网络的“Struts”之一(以及Okta和Crowdstrike)，它的估值非常高。 如果我们假设2021年的收入为5亿美元， 目前的预期市盈率为22倍。

Source: Cloudflare

资料来源：Cloudflare

ZScaler is another recently listed company, currently trading at US$127 following a 2018 IPO at US$16 (and tripling in price since March 2020). They are a security platform (or as they put it ‘security as a service’) which acts as a security layer between users and cloud applications/platforms such as AWS, Salesforce, Microsoft and Google etc (see below for an overview of how it works). Financially, they have seen revenues increase 40% year-on-year (and a very steady 8–9% increase to revenues quarter-to-quarter) with free cash flow margins (FCF/Revenue) trending around the 10% mark per quarter which, for a relatively new company, is quite healthy.

ZScaler是另一家最近上市的公司，在2018年以16美元的价格进行首次公开​​募股(自2020年3月以来价格翻了三倍)之后，目前的股价为127美元。 它们是一个安全平台(或称其为“安全即服务”)，可充当用户与云应用程序/平台(例如AWS，Salesforce，Microsoft和Google等)之间的安全层(请参见下文以了解其运行方式的概述)作品)。 从财务上看，他们的收入同比增长40％(季度收入非常稳定地增长了8-9％)，自由现金流利润率(FCF /收入)约为每季度10％对于一家相对较新的公司而言，这是相当健康的。

ZScaler Platform Overview (Source: ZScaler)

ZScaler平台概述(来源：ZScaler)

电子邮件 (E-Mail)

E-mail security is encompassed in a lot of endpoint offerings, particularly from the likes of Symantec (owned by Broadcom) and Trend Micro, however, there are a couple of companies out there who have a more core focus in the area of e-mail security.

电子邮件的安全性包含在许多端点产品中，尤其是来自Symantec (博通旗下的Symantec )和趋势科技等公司的端点产品，但是，有两家公司在电子邮件领域更加关注核心领域。邮件安全。

Let’s start with one of the more entrenched organisations - Zix Corporation. Zix was founded in 1988 and provides SaaS cloud email security services (SaaS) to thousands of businesses (particularly healthcare, finance, insurance, government) across the world. These services particularly focus on email encryption and data loss prevention but have grown recently due to a rapid M&A spree which has seen them acquire Greenview Data (acq. 2017), Erado (acq. 2018), AppRiver (acq. 2019) and DeliverySlip (acq. 2019) covering cloud security, archiving, e-signatures, advanced threat protection and antivirus. What these acquisitions also did was boost the organisation's net debt to equity to near 50%! The question for me is whether an incumbent like Zix can keep up with a rapidly developing competitive landscape (likely not if they are reliant on M&A to grow the top line and expand their offering).

让我们从根深蒂固的组织之一-Zix Corporation开始。 Zix成立于1988年，为全球数以千计的企业(尤其是医疗保健，金融，保险，政府)提供SaaS云电子邮件安全服务(SaaS)。 这些服务特别专注于电子邮件加密和数据丢失防护，但由于并购热潮而Swift发展，最近它们获得了Greenview Data(2017年收购)，Erado(2018年收购)，AppRiver(2019年收购)和DeliverySlip(于2019年9月发布)涵盖云安全性，归档，电子签名，高级威胁防护和防病毒。 这些收购还使该组织的净负债权益增加了近50％！ 对我来说，问题是，像Zix这样的老牌企业是否能跟上快速发展的竞争格局(如果他们依靠并购来增加收入并扩大产品范围，可能就不会这样)。

Proofpoint didn’t list until 2012, from which point it’s increased in value by ~10x. They are firmly focussed on ‘people-centric’ cybersecurity solutions — largely within e-mail protection but broadening to advanced threat protection, cloud defence, data loss prevention and encryption. For ongoing growth, the company are active on the M&A front (i.e. Cloudmark, Socialware and Meta Networks) and proactively leveraging existing channel/ecosystem partners such as Palo Alto Networks, Splunk, CyberArk, Okta and telcos such as BT, AT&T and NTT. Their partnership strategy also encompasses a collaboration with Okta, CrowdStrike and Netskope (private) to develop an “integrated, zero-trust security strategy”. On the financial side they're hard to fault. Their most recent quarter highlighted a 22% year-on-year increase in revenues as well as a 63% increase in free cash flows (to US$79m) for the March quarter.

Proofpoint直到2012年才上市， 从那时起它的价值增长了约10倍。 他们坚定地专注于“以人为本”的网络安全解决方案-主要在电子邮件保护范围内，但扩展到高级威胁防护，云防御，数据丢失防护和加密。 为了实现持续增长，该公司积极参与并购领域(即Cloudmark，Socialware和Meta Networks)，并积极利用现有的渠道/生态系统合作伙伴(例如Palo Alto Networks，Splunk，Cyber​​Ark，Okta和电信公司，例如BT，AT＆T和NTT)。 他们的合作伙伴战略还包括与Okta，CrowdStrike和Netskope(私有)合作制定“集成的，零信任的安全战略”。 在财务方面，它们很难过错。 他们的最新季度显示，3月份季度收入同比增长22％，自由现金流(增长至7900万美元)增长63％。

Source: Proofpoint

资料来源：Proofpoint

端点和高级威胁检测 (Endpoint & Advanced Threat Detection)

The endpoint security market is vast and encompasses incumbents like McAfee (Intel, TPG Capital), Norton and Symantec (Broadcom) as well as a growing list of ‘startups’ with highly scalable (and collaborative) SaaS products.

端点安全市场广阔，涵盖了诸如McAfee(Intel，TPG Capital)，Norton和Symantec(Broadcom)之类的老牌企业，以及越来越多具有高度可扩展(和协作)SaaS产品的“初创公司”。

One such company is Crowdstrike which was founded by former McAfee executive George Kurtz in 2011. The company is currently worth US$23 billion and has the goal of being the “Salesforce” of cybersecurity. They are doing this through their core SaaS product, Falcon (pro, enterprise and premium) — each offering more thorough services (which they call modules). All solutions are cloud-based and leverage what they call Cloudscale AI to continually learn about threats from each recognised attack across their entire client network. They are also building an open ecosystem, enabling customers to integrate, via the CrowdStrike Store, with an array of partner products from the likes of Splunk, AWS, Google, ZScaler etc. From a financial perspective, they’ve seen a 105% year-on-year jump in subscriber numbers, an 88% increase in revenues (US$162m for the quarter) and a jump in free-cash-flow from -US$16m to US$87m year-on-year for the March quarter. That most recent quarter catalysed an almost 3x rise in the share price from March-July.

这样的公司之一就是Crowdstrike ，该公司由迈克菲前高管乔治·库尔茨(George Kurtz)于2011年创立。该公司目前市值230亿美元，其目标是成为网络安全的“销售力量”。 他们通过其核心SaaS产品Falcon(专业版，企业版和高级版)来实现此目的-每个产品都提供更全面的服务(称为模块)。 所有解决方案均基于云，并利用其所谓的Cloudscale AI不断了解整个客户端网络中每次识别的攻击所带来的威胁。 他们还建立了一个开放的生态系统，使客户能够通过CrowdStrike商店与来自Splunk，AWS，Google，ZScaler等的一系列合作伙伴产品进行集成。从财务角度来看，他们的年增长率为105％订户数量同比增长，收入增长88％(本季度为1.62亿美元)，自由现金流从1600万美元跃升至3月季度的8700万美元。 最近的一个季度促使股价较3月至7月上涨了近3倍。

Source: CrowdStrike

资料来源：CrowdStrike

Canada’s Absolute provides visibility and near real-time remediation of security breaches at the source. Their core product, Absolute Persistence, returns devices to their desired state of safety following malicious attacks and comes built into the firmware of most major PC manufacturers including Dell, HP, Lenovo, Panasonic and Asus. They also integrate with most major cybersecurity products and services including Crowdstrike, VMWare (Carbon Black), F5, FireEye, Forescout, Tenable, McAfee, Symantec, Trend Micro and ZScaler. Financially it is considerably more stable than many companies on this list and due to their existing scale, they are now seeing annual revenue growth in the ~5–7% range with steadying EBITDA margins at ~25%.

加拿大的Absolute在源头提供安全漏洞的可见性和近乎实时的补救。 他们的核心产品Absolute Persistence在遭受恶意攻击后将设备恢复到所需的安全状态，并内置于大多数主要PC制造商的固件中，包括Dell，HP，Lenovo，Panasonic和Asus。 它们还与大多数主要的网络安全产品和服务集成，包括Crowdstrike，VMWare(碳黑)，F5，FireEye，Forescout，Tenable，McAfee，Sy​​mantec，趋势科技和ZScaler。 从财务上讲，它比上榜的许多公司都稳定得多，由于其现有规模，他们现在看到的年收入增长率在5-7％左右，EBITDA利润率稳定在25％左右。

Despite being founded in 2004, FireEye didn’t launch its first commercial product until 2010; listing a few years later in late-2013 at US$20 (it’s now trading at ~$12). This lacklustre performance is perhaps down to poor execution by their previous CEO David DeWalt who was replaced in 2016 by the founder/CEO of Mandiant (who FireEye acquired for US$1bn shortly after listing). FireEye’s core product is the Helix Security Platform — an enterprise dashboard to notify and solve cybersecurity threats within an organisation (much like any other enterprise endpoint platform). The company’s recent Q1 results showed meagre results. New customer acquisitions volatile (flat to slightly up), number of high value (i.e. $1m+ transactions) trending down and Q2 guidance revenue looking to be flat. Plus, they’ve never looked close to reporting a profit (hence why they’re underperforming vs peers).

尽管FireEye成立于2004年，但直到2010年才推出其首个商业产品。 几年后在2013年末以20美元的价格上市(现在的交易价格为12美元左右)。 这种低迷的表现可能归因于其前任首席执行官戴维·德瓦尔特(David DeWalt)的糟糕执行，他在2016年被曼迪安特(ManEant)的创始人/首席执行官取代(后者被FireEye上市后不久以10亿美元收购)。 FireEye的核心产品是Helix Security Platform，这是一个企业仪表板，用于通知和解决组织内的网络安全威胁(与任何其他企业端点平台一样)。 该公司最近的第一季度业绩显示业绩不佳。 新客户的获取波动(从平稳到略有上升)，高价值(即，超过100万美元的交易)数量呈下降趋势，第二季度的指导收入似乎持平。 另外，他们从来没有想过要报告利润(因此为什么他们与同行相比表现不佳)。

SecureWorks focusses on penetration testing, threat detection and response across endpoints, networks and cloud. The company was acquired by Dell back in 2011 and, in 2015, they took the company public at $14 (whilst retaining an 86% stake in the company via Class B shares). The stock is currently trading ~$12 and, as with VMWare, there are various rumours around what Dell’s intentions are, ranging from a full or partial sale to a buyout of minority (Class A) shareholders. However, unlike VMWare, the company’s results have been lacklustre with marginal (for the sector) revenue growth of ~5% per annum and ongoing net losses.

SecureWorks专注于跨端点，网络和云的渗透测试，威胁检测和响应。 该公司于2011年被戴尔收购，并于2015年以14美元的价格将其公司上市(同时通过B类股份保留了该公司86％的股份)。 该股目前的交易价格约为12美元，与VMWare一样，关于戴尔意图的谣言也很多，从全部出售或部分出售到买断少数股东(A类)。 但是，与VMWare不同的是，该公司的业绩一直不佳，每年(对于该行业)的边际收入增长率约为5％，并且持续出现净亏损。

Next to Crowdstrike, Splunk appears to be the most hyped stock in this ‘endpoint security’ sector (although it’s more of a data visualisation/insight platform!). The company provides software solutions around big data - gathering information from systems and devices to create actionable insights across an organisation. They call this a “data-to-everything” platform, and its core focus is on business transactions, customer and user behaviour and security threats. On the security side, Splunk see themselves as the security “nerve centre” — central to understanding risks, responding to attacks and providing automated compliance reporting. Like all progressive organisations, they have also built an open ecosystem (~2k app integrations) with other leading platforms such as Crowdstrike, Palo Alto Networks, Okta, AWS, Fortinet, Cisco, Google Cloud and Microsoft Azure (to name but a few). As alluded to earlier, despite a highly rated and attractive business model, the company has also (along with Crowdstrike, Okta etc) attracted a lot of investor attention of late; stretching valuations to (and in some cases) beyond their upper bounds. To justify their current trading levels you require ~40%+ growth in free-cash-flows (year-on-year). Certainly possible; but it is a bit of a stretch given high R&D and sales burn (as well as ~10% annual growth rate in customer acquisition).

除了Crowdstrike之外， Splunk似乎是该“端点安全”领域中最被炒作的股票(尽管它更多地是数据可视化/洞察平台！)。 公司 提供围绕大数据的软件解决方案-从系统和设备收集信息，以在整个组织中创建可行的见解。 他们将其称为“数据到一切”平台，其核心重点是业务交易，客户和用户行为以及安全威胁。 在安全方面，Splunk将自己视为安全的“神经中心”，这是了解风险，响应攻击并提供自动合规性报告的中心。 像所有先进组织一样，他们还与其他领先平台(例如Crowdstrike，Palo Alto Networks，Okta，AWS，Fortinet，Cisco，Google Cloud和Microsoft Azure)建立了一个开放的生态系统(约2k个应用程序集成)。 。 正如前面提到的那样，尽管公司拥有高度评价和有吸引力的商业模式，但该公司(以及Crowdstrike，Okta等)最近也吸引了很多投资者的注意力。 将估值延伸到(在某些情况下)超出上限。 为了证明其当前的交易水平，您需要自由现金流(同比)增长约40％以上。 当然可以； 但是由于研发和销售火爆(以及客户获取量的年增长率约为10％)，因此需要花费一些时间。

Source: Splunk

资料来源：Splunk

安全访问管理 (Secure Access Management)

With a significant shift towards work-from-home during covid19, the importance of secure access has escalated. Being outside of the physical infrastructure of the office (and it’s IT/cyber architecture) opens up greater risks of a cyber attack on employees. Okta (below) reported an 80% month-on-month surge in multi-factor authentication (MFA) from February to March and this is consistent across other platforms such as Google, Symantec etc.

在covid19期间，随着在家办公的重大转变，安全访问的重要性日益提高。 不在办公室的物理基础架构(及其IT /网络体系结构)之外，这会给员工带来更大的网络攻击风险。 Okta(下)报告称，从2月到3月，多因素身份验证(MFA)环比增长了80％，这在其他平台(如Google，Symantec等)上是一致的。

If you invested in Okta back in 2017 (at the $17 IPO price), you would have made over 10x your initial investment. Not many companies come close to the short term success this company has had. They are by all measures the access management leader who have developed best-in-class products and services for single sign-on, multi-factor authentication, universal directory and authentication. Revenues are up 46% year-on-year off a 28% jump in customer acquisition (~20% of whom contribute >$100k p/a). Like many of the other leaders in the space, they are also highly collaborative with over 6.5k technology integrations and apps (including Zoom, Slack, Workday, DocuSign, Atlassian, AWS, Box, Google, Salesforce, Crowdstrike, Cloudflare and Proofpoint). You might see a bit of a theme here — collaboration is king!

如果您在2017年投资Okta (以IPO发行价17美元的价格)，您的初始投资将是原来的10倍以上。 没有多少公司能接近该公司取得的短期成功。 他们绝对是访问管理的领导者，他们为单点登录，多因素身份验证，通用目录和身份验证开发了一流的产品和服务。 收入比去年同期增长了46％，而客户获取量增长了28％(其中约20％的用户年收入超过$ 100kp)。 像该领域的许多其他领导者一样，他们还与6.5k以上的技术集成和应用程序(包括Zoom，Slack，Workday，DocuSign，Atlassian，AWS，Box，Google，Salesforce，Crowdstrike，Cloudflare和Proofpoint)进行了高度协作。 您可能会在这里看到一个主题-协作为王！

Israel’s CyberArk were (more or less) first movers in the secure access market. In fact, they have onboarded 80% of the top 25 companies across insurance, banking, energy, manufacturing and telco and continue to innovate and collaborate, most recently via a partnership with peers Okta and SailPoint to secure enterprise access end-to-end. Hedging their bets, they also recently acquired Okta competitor idaptive this year who provide ‘identify as a service’ to ~500 customers. On the financials, they’ve seen ~16% increase in revenues year-on-year and an impressive 47% increase in net profit year-on-year (to Dec 2019). Healthy cash flow management rounds out what is an overall impressive organisation.

以色列的Cyber​​Ark (或多或少)是安全访问市场的先行者。 实际上，他们已经加入了保险，银行，能源，制造和电信公司的前25名公司中的80％，并继续创新和合作，最近一次是通过与同行Okta和SailPoint建立合作伙伴关系来确保端到端的企业访问。 对冲他们的赌注，他们最近还收购了今年Okta的竞争对手，他们向约500个客户提供“身份识别即服务”。 在财务方面，他们的收入同比增长了约16％，净利润同比增长了惊人的47％(至2019年12月)。 健全的现金流量管理使整个组织印象深刻。

Source: CyberArk

资料来源：Cyber​​Ark

结论 (Conclusion)

This year has created a significant opportunity for public and private cybersecurity companies across the entire ecosystem (consultants, software vendors, hardware manufacturers).

今年为整个生态系统中的公共和私有网络安全公司(顾问，软件供应商，硬件制造商)创造了重大机遇。

Without doubt, the next decade will only continue to see considerable growth in the sector as threats (particularly from Russia, Iran, China, North Korea and the Indian Subcontinent) escalate in sophistication and frequency.

毫无疑问，随着威胁(尤其是来自俄罗斯，伊朗，中国，朝鲜和印度次大陆的威胁)的复杂性和频度不断上升，未来十年该行业将继续保持可观的增长。

Coupled with increasing geopolitical risk and organisational disruption (i.e. a surge in work-from-home) an environment is created which will undoubtedly create a significant opportunity for investors.

加上不断增加的地缘政治风险和组织混乱(例如，在家工作的增加)，将创造一个环境，这无疑将为投资者创造大量机会。

However, as with any investment that offers potentially high rewards, you have to be mindful of the significant risk. Many of these companies, as alluded to earlier, are trading at extremely high multiples (some justified, some not).

但是，与任何可能提供高回报的投资一样，您必须谨记重大风险。 正如前面提到的，这些公司中有许多都以极高的倍数交易(有些是合理的，有些则没有)。

As with most other industries, we are also seeing a bit of a battle play out between the incumbents and challengers. Incumbents, often inwards looking, struggle to innovate and grow revenue organically. These guys also often ‘bolt-on’ revenue through M&A where they often (not always!) struggle with integration and synergy.

与大多数其他行业一样，我们也看到了在位者和挑战者之间的战斗。 经常向内看的老牌企业努力创新并有机地增加收入。 这些人还经常通过并购“增加”收入，他们常常(并非总是如此)在整合和协同作用中挣扎。

On the other side, there are the challengers. The new kids on the block who are focussed on cloud, collaboration and scalability from day one. Despite many of them running at a net loss (for now), they are laying a foundation for high customer acquisition, retention and lifetime value which will soon see them turn a corner; becoming highly profitable and valuable businesses over the long run.

另一方面，还有挑战者。 从一开始，新成员就专注于云，协作和可扩展性。 尽管其中许多公司(目前)处于净亏损状态，但它们为获得高客户，保留和终身价值奠定了基础，这很快就会使他们转危为安。 从长远来看成为高利润和有价值的业务。

翻译自: https://medium.com/swlh/cyber-security-the-leaders-and-the-laggards-9951fe5bd99c

网络规划设计师教程落后