Investment Trends With...
Mr. Edward Y. Ching
Senior Technology Analyst
Rodman & Renshaw, LLC

SecurityStockWatch.com: Ed, please tell us about your background and your role at Rodman and Renshaw?

Mr. Ching: I am the software & services analyst at Rodman & Renshaw covering the enterprise security and wireless data software markets. In my opinion, these two markets should benefit from growing consumer and business demand for portable/mobile IT services such as messaging (email, SMS & MMS) and e-commerce as the wireless carriers and handset manufacturers continue to improve quality of service, data transmission speeds and deploy new handsets with the ability to play movies & music, download office documents and pay for groceries and airline tickets.

My background is quite diverse having spent 10 years in the U.S. army and seven years as a research analyst. I have been analyzing enterprise security stocks for the last four years covering the likes of Symantec Corp. (SYMC), McAfee Corp (MCAF) and Checkpoint (CHKP) initially and moving to smaller firms such as SAFLINK (SFLK), TUMBLEWEED Communications (TMWD), Vasco Data Security International (VDSI) and ZIX Corporation (ZIXI) most recently.

My interest in security dates back to my service in the U.S. Army. As a field artillery officer, one of my most critical responsibilities was the physical and logical security of the soldiers and equipment under my charge and the voice and electronic communication between my unit and support units. This experience has helped me to gain insight into the ever evolving world of enterprise and network security, because in its simplest form security has always revolved around guarding access to assets via a challenge and password no matter how complex the cryptography or means of verifying identity.

SecurityStockWatch.com: Your firm recently hosted a Security Conference. Is it an annual event? Please give us an overview of the companies that presented.

Mr. Ching: At Rodman & Renshaw we focus research coverage on firms with small market capitalizations in the range of $50 million to 500 million. I normally choose to cover firms that I believe are flying under the radar screen; have a strong management team and are addressing future technology needs. The companies that I currently have under coverage are: Go Remote Internet Communications (GRIC), PCTEL (PCTI), SafLink (SFLK), Smith Micro Software (SMSI), TUMBLEWEED Communications (TMWD), TeleCommunication Systems (TSYS), Vasco Data Security International (VDSI) and Zix Corporation (ZIXI).

2004 was the first year that we held the Rodman & Renshaw Techvest Security Conference and we plan to continue this event based upon the strong demand we received from institutional investors. Security firms have been thrust into the investor spotlight due to recent and ongoing geo-political events such as the My Doom virus, terrorist attacks and the U.S. occupation of Iraq. Since security systems are always evolving in order to protect against new methods of attack, we chose to invite security firms that are tackling these new threats protecting electronic and physical assets.

Here's an overview of all the companies that presented at the Rodman & Renshaw Techvest Security Conference in June.
FIRMS NOT UNDER RESEARCH COVERAGE
CENUCO, INC. (AMEX: ICU) - Provides remote video monitoring products for the retail/consumer, small to large enterprise, government, and homeland security market sectors. The company also has an e-learning business.

ECSI INTERNATIONAL, INC. (OTC BB: EKCS) - Manufactures and provides integrated perimeter intrusion detection systems to high threat, high profile private and government facilities.

I.D. SYSTEMS, INC. (NASDAQ: IDSY) - Provides wireless solutions, including those based on RFID, for corporate asset tracking and management.

IMPLANT SCIENCES CORPORATION (AMEX: IMX) - Develops explosion detection devices for national security. The company also manufactures and markets radioactive and non-radioactive products for the medical and semiconductor industries.

INCARD TECHNOLOGIES (Private) - InCard Technologies develops and licenses technology-based enhancements to credit cards and other information-bearing plastic cards.

INNERPRESENCE NETWORKS, INC. (Private) - Provides policy management solutions for secure real-time access and control of sensitive information and processes.

INTELLI-CHECK INC (AMEX: IDN) - Provides solutions that authenticate driver licenses as well as state issued and provincial non-driver and military identification cards commonly used as proof of identity.

NAPCO SECURITY SYSTEMS, INC. (NASDAQ: NSSC) - Diverse manufacturer of security products, encompassing burglar and fire alarms, building access control systems and electronic locking devices.

RF MONOLITHICS, INC. (NASDAQ: RFMI) - Develops radio frequency components and modules for the automotive, consumer, distribution, industrial, and telecommunications markets worldwide.

SECURED SERVICES, INC. (OTC BB: SSVC) - Provides identity management and access control through its software products and security services.

SPACEDEV, INC. (OTC BB: SPDV) - SpaceDev, Inc. is engaged in the design, development and manufacture of space technology systems, products and services.

WATCHGUARD TECHNOLOGIES, INC. (NASDAQ: WGRD) - Provider of integrated internet security solutions for small- to mid-sized enterprises worldwide.

FIRMS UNDER RESEARCH COVERAGE (All have Market Outperform Rating)

SAFLINK Corp (NASDAQ: SFLK) - Provides authentication software solutions that use biometric technologies.

TELECOMMUNICATION SYSTEMS, INC. (NASDAQ: TSYS) - Provides data network software solutions for wireless carriers and government. Also, provides high-end communication equipment for government and resells wireless device solutions to enterprises.

TUMBLEWEED COMMUNICATIONS CORP (NASDAQ: TMWD) -Provider of secure Internet messaging software and hardware for enterprises and government agencies.

VASCO DATA SECURITY INTERNATIONAL (NASDAQ: VDSI) - Provider of 'one-time' password tokens used in identity authentication.

ZIX CORPORATION (NASDAQ: ZIXI) - Provides solutions that protect organizations from viruses, spam, and electronic attack, as well as enabling secure electronic communications such as email encryption, e-prescribing, and Internet-based healthcare services.

SecurityStockWatch.com:> GE recently acquired Invision (INVN) an explosives detection company, at a 20% premium, and March & McLennan (MMC) announced it will buy Kroll Inc. (KROL) for $1.9 Billion in cash - or about $37 a share. What do these deals mean for security companies in general? Do you see more consolidation coming?

Mr. Ching: I would expect consolidation to continue in the security sector especially within the enterprise security software market. In my opinion, the primary driver for consolidation is the ongoing cycle of penetrating new markets such as secure messaging (i.e., anti-spam/anti-phishing) to offset the decline in maturing markets such as anti-virus.

To date, Symantec Corp. (NASDAQ: SYMC), a dominant anti-virus provider seems to be leading the consolidation trend within the secure messaging space with two recent acquisitions in the anti-spam market: Brightmail for roughly $370 million and TurnTide for approximately $28 million. SYMC has been a leader in the consumer anti-virus market but this market is reaching maturity. SYMC has made significant progress in penetrating the enterprise security market with a one-stop shop approach, which I believe is the reason they made a series of acquisition in the intrusion detection market two years ago. The recent acquisitions in secure messaging are within the firm's strategy to provide enterprises with an end-to-end security solution. I would expect SYMC's competitors to quickly enter the secure messaging market via acquisitions in order to keep the playing field level. There are roughly 30 independent software vendors within the anti-spam market today. I would expect that by the end of 2005 there would only be a handful left.

Secure messaging is a submarket of the overall Secure Content Management Market (SCM). SCM incorporates the anti-virus, messaging security and web filtering markets. The messaging security market provides enterprises with the ability to filter Internet messaging services such as email, instant messaging, and short message service (SMS). Secure messaging has come into the spotlight recently due to the numerous amounts of spam and phishing attacks.

SPAM refers to junk e-mail or any unsolicited e-mail. SPAM is usually in the form of e-mail advertising for some product or company. SPAM poses a great threat by wasting time and using up a lot of network bandwidth.

Phishing - Phishing is a new type of cyber attack that has evolved from electronic junk email (AKA SPAM). Phishing is basically an attempt at stealing an end-user's electronic identity. Phishers send an e-mail to an unsuspecting end-user claiming to be an established legitimate enterprise in an attempt to scam the end-user into surrendering private information that will be used for identity theft. Typically, the false e-mail directs the end-user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user's information.

SecurityStockWatch.com: Terrorism fears are high once again. What is your opinion of the resulting investment climate for security stocks in the near-term and long-term? Are there "sectors" within the security industry you find more attractive than others?

Mr. Ching: I believe that the current need for heightened security measures should continue as geo-political events such as the U.S. war on terror escalates, no matter which political party is in office. I think that it is safe to say that the events of September 11, 2001 have changed the public's attitude towards homeland and corporate (IT & physical) security forever. Security is no longer treated as a nuisance but as a welcomed preventive measure. I believe that the growth in the security markets should be driven by factors such as:

1) A Rebound In Network Expansion: I believe that government and corporate enterprises are planning a return to network expansion projects that were put on hold due to the downturn in IT spending from 2001 to 2003. I think that wireless networks, enterprise security and data storage solutions should be high on enterprise IT budget lists.

2) An Increase in Remote End-Users: Wireless local area networks (WLANs) are steadily becoming popular among government and corporate enterprises as Wireless Fidelity (WiFi) technology gains traction in the consumer market. The deployments of WLANs within an enterprise should increase the need for virtual private network (VPN) solutions to secure the connection between the end-user and enterprise and identity management solutions to ensure that end-user identities are secure and managed.

3) SPAM: SPAM, also known as junk e-mail, has become much more than a nuisance in the last year. In 2003, roughly 45% of all email messages received were mass marketing ploys. Jupiter Research estimates that end-users will receive an average of 3,600 SPAM messages per year by 2007, for a grand total of 14.5 B. To date, SPAM has been utilized as a means for mass marketing, however, hackers have started to use SPAM techniques to initiate cyber attacks such as denial of service against government and corporate networks. Nucleus Research estimates SPAM would cost large enterprises to lose nearly $10,800 per employee annually because workers must sift through SPAM throughout the workday. I expect to see increased demand in anti-SPAM solutions since roughly less than one out of 10 businesses have SPAM filtering technologies.

4) Federal Legislation Protecting Against Identity Theft: Governments have established new laws and regulations to protect citizens from the increase in cyber crimes aimed at identity theft such as: · The Health and Insurance Portability and Accountability Act (HIPAA) defines the standards for safeguarding the privacy and security of medical records and other individual health information. · The Gramm-Leach-Bliley Act defines requirements for financial institutions to protect the privacy and security of customers' personal financial information. · The Digital Signature law gives electronic signatures and records the same legal validity as handwritten documents.

These laws make it critical for enterprises to safeguard emails and digital documents from tampering by cyber criminals.

5) Homeland Defense/National Security: The events of September 11, 2001 and the war in Iraq have heightened national security around the world. On January 5, 2004 the U.S. initiated the United States Visitor and Immigrant Status Indicator Technology (US VISIT) program. US VISIT mandates that foreign citizens traveling to the U.S. who require a visa must be identified by fingerprint scanning. To date US VISIT is up and running in 115 airports and 14 major seaports. Fingerprint scanning is a biometric authentication technique that uses a human characteristic to create a unique authentication tool. The biometric authentication market is relatively new but we expect this market to increase steadily in the long-term as authentication solutions increase in complexity and moves away from simple password techniques.

6) E-Business: The popularity of the Internet has led to an increase in E-Business sites, services and payment options. E-Business at the business-to-consumer (B2C) and business-to-business (B2B) level is constantly at risk to cyber attacks by criminals, terrorists, corporate espionage and disgruntled employees seeking to gain critical information (i.e., credit card account information). The federal trade commission (FTC) recently reported that Internet related fraud accounted for 55% of the consumer fraud complaints filed in 2003 compared to 45% 2002. An FTC report released in September 2003 claims that roughly 10 million Americans were victims of identity theft in 2002, costing consumers $53 billion. Phishing, a SPAM based identity theft scam, masquerades as a legitimate email from a consumer's bank or Internet shopping site. The false email usually informs an unsuspecting consumer that his account information is incorrect (or deleted) and solicits a reply email with the consumer's valid identity information such as social security and credit card information. I believe that E-Business security solutions are moving towards security solutions that utilize security tokens. These tokens constantly generate unique digital passwords (such as a credit card enabled with a subscriber identity module (SIM) card that generates a digital password to authenticate the user and validate a purchase).

SecurityStockWatch.com: Ed, many thanks for your insights and analysis.