Investment Trends With...
Mr. Edward Y. Ching
Senior Technology Analyst
Rodman & Renshaw, LLC
Ed, please tell us about your background and your role at Rodman and Renshaw?
Mr. Ching: I am the software & services analyst at Rodman &
Renshaw covering the enterprise security and wireless data software markets.
In my opinion, these two markets should benefit from growing consumer
and business demand for portable/mobile IT services such as messaging
(email, SMS & MMS) and e-commerce as the wireless carriers and handset
manufacturers continue to improve quality of service, data transmission
speeds and deploy new handsets with the ability to play movies & music,
download office documents and pay for groceries and airline tickets.
My background is quite diverse having spent 10 years in the U.S. army
and seven years as a research analyst. I have been analyzing enterprise
security stocks for the last four years covering the likes of Symantec
Corp. (SYMC), McAfee Corp (MCAF) and Checkpoint (CHKP) initially and moving
to smaller firms such as SAFLINK (SFLK), TUMBLEWEED Communications (TMWD),
Vasco Data Security International (VDSI) and ZIX Corporation (ZIXI) most
My interest in security dates back to my service in the U.S. Army. As
a field artillery officer, one of my most critical responsibilities was
the physical and logical security of the soldiers and equipment under
my charge and the voice and electronic communication between my unit and
support units. This experience has helped me to gain insight into the
ever evolving world of enterprise and network security, because in its
simplest form security has always revolved around guarding access to assets
via a challenge and password no matter how complex the cryptography or
means of verifying identity.
SecurityStockWatch.com: Your firm recently hosted a Security Conference.
Is it an annual event? Please give us an overview of the companies that
Mr. Ching: At Rodman & Renshaw we focus research coverage on
firms with small market capitalizations in the range of $50 million to
500 million. I normally choose to cover firms that I believe are flying
under the radar screen; have a strong management team and are addressing
future technology needs. The companies that I currently have under coverage
are: Go Remote Internet Communications (GRIC), PCTEL (PCTI), SafLink (SFLK),
Smith Micro Software (SMSI), TUMBLEWEED Communications (TMWD), TeleCommunication
Systems (TSYS), Vasco Data Security International (VDSI) and Zix Corporation
2004 was the first year that we held the Rodman & Renshaw Techvest
Security Conference and we plan to continue this event based upon the
strong demand we received from institutional investors. Security firms
have been thrust into the investor spotlight due to recent and ongoing
geo-political events such as the My Doom virus, terrorist attacks and
the U.S. occupation of Iraq. Since security systems are always evolving
in order to protect against new methods of attack, we chose to invite
security firms that are tackling these new threats protecting electronic
and physical assets.
Here's an overview of all the companies that presented at the Rodman &
Renshaw Techvest Security Conference in June.
FIRMS NOT UNDER RESEARCH COVERAGE
CENUCO, INC. (AMEX: ICU) - Provides remote video monitoring products for
the retail/consumer, small to large enterprise, government, and homeland
security market sectors. The company also has an e-learning business.
ECSI INTERNATIONAL, INC. (OTC BB: EKCS) - Manufactures and provides integrated
perimeter intrusion detection systems to high threat, high profile private
and government facilities.
I.D. SYSTEMS, INC. (NASDAQ: IDSY) - Provides wireless solutions, including
those based on RFID, for corporate asset tracking and management.
IMPLANT SCIENCES CORPORATION (AMEX: IMX) - Develops explosion detection
devices for national security. The company also manufactures and markets
radioactive and non-radioactive products for the medical and semiconductor
INCARD TECHNOLOGIES (Private) - InCard Technologies develops and licenses
technology-based enhancements to credit cards and other information-bearing
INNERPRESENCE NETWORKS, INC. (Private) - Provides policy management solutions
for secure real-time access and control of sensitive information and processes.
INTELLI-CHECK INC (AMEX: IDN) - Provides solutions that authenticate driver
licenses as well as state issued and provincial non-driver and military
identification cards commonly used as proof of identity.
NAPCO SECURITY SYSTEMS, INC. (NASDAQ: NSSC) - Diverse manufacturer of
security products, encompassing burglar and fire alarms, building access
control systems and electronic locking devices.
RF MONOLITHICS, INC. (NASDAQ: RFMI) - Develops radio frequency components
and modules for the automotive, consumer, distribution, industrial, and
telecommunications markets worldwide.
SECURED SERVICES, INC. (OTC BB: SSVC) - Provides identity management and
access control through its software products and security services.
SPACEDEV, INC. (OTC BB: SPDV) - SpaceDev, Inc. is engaged in the design,
development and manufacture of space technology systems, products and
WATCHGUARD TECHNOLOGIES, INC. (NASDAQ: WGRD) - Provider of integrated
internet security solutions for small- to mid-sized enterprises worldwide.
FIRMS UNDER RESEARCH COVERAGE (All have Market Outperform Rating)
SAFLINK Corp (NASDAQ: SFLK) - Provides authentication software solutions
that use biometric technologies.
TELECOMMUNICATION SYSTEMS, INC. (NASDAQ: TSYS) - Provides data network
software solutions for wireless carriers and government. Also, provides
high-end communication equipment for government and resells wireless device
solutions to enterprises.
TUMBLEWEED COMMUNICATIONS CORP (NASDAQ: TMWD) -Provider of secure Internet
messaging software and hardware for enterprises and government agencies.
VASCO DATA SECURITY INTERNATIONAL (NASDAQ: VDSI) - Provider of 'one-time'
password tokens used in identity authentication.
ZIX CORPORATION (NASDAQ: ZIXI) - Provides solutions that protect organizations
from viruses, spam, and electronic attack, as well as enabling secure
electronic communications such as email encryption, e-prescribing, and
Internet-based healthcare services.
SecurityStockWatch.com:> GE recently acquired Invision (INVN)
an explosives detection company, at a 20% premium, and March & McLennan
(MMC) announced it will buy Kroll Inc. (KROL) for $1.9 Billion in cash
- or about $37 a share. What do these deals mean for security companies
in general? Do you see more consolidation coming?
Mr. Ching: I would expect consolidation to continue in the security
sector especially within the enterprise security software market. In my
opinion, the primary driver for consolidation is the ongoing cycle of
penetrating new markets such as secure messaging (i.e., anti-spam/anti-phishing)
to offset the decline in maturing markets such as anti-virus.
To date, Symantec Corp. (NASDAQ: SYMC), a dominant anti-virus provider
seems to be leading the consolidation trend within the secure messaging
space with two recent acquisitions in the anti-spam market: Brightmail
for roughly $370 million and TurnTide for approximately $28 million. SYMC
has been a leader in the consumer anti-virus market but this market is
reaching maturity. SYMC has made significant progress in penetrating the
enterprise security market with a one-stop shop approach, which I believe
is the reason they made a series of acquisition in the intrusion detection
market two years ago. The recent acquisitions in secure messaging are
within the firm's strategy to provide enterprises with an end-to-end security
solution. I would expect SYMC's competitors to quickly enter the secure
messaging market via acquisitions in order to keep the playing field level.
There are roughly 30 independent software vendors within the anti-spam
market today. I would expect that by the end of 2005 there would only
be a handful left.
Secure messaging is a submarket of the overall Secure Content Management
Market (SCM). SCM incorporates the anti-virus, messaging security and
web filtering markets. The messaging security market provides enterprises
with the ability to filter Internet messaging services such as email,
instant messaging, and short message service (SMS). Secure messaging has
come into the spotlight recently due to the numerous amounts of spam and
SPAM refers to junk e-mail or any unsolicited e-mail. SPAM is usually
in the form of e-mail advertising for some product or company. SPAM poses
a great threat by wasting time and using up a lot of network bandwidth.
Phishing - Phishing is a new type of cyber attack that has evolved from
electronic junk email (AKA SPAM). Phishing is basically an attempt at
stealing an end-user's electronic identity. Phishers send an e-mail to
an unsuspecting end-user claiming to be an established legitimate enterprise
in an attempt to scam the end-user into surrendering private information
that will be used for identity theft. Typically, the false e-mail directs
the end-user to visit a Web site where they are asked to update personal
information, such as passwords and credit card, social security, and bank
account numbers, that the legitimate organization already has. The Web
site, however, is bogus and set up only to steal the user's information.
SecurityStockWatch.com: Terrorism fears are high once again. What
is your opinion of the resulting investment climate for security stocks
in the near-term and long-term? Are there "sectors" within the
security industry you find more attractive than others?
Mr. Ching: I believe that the current need for heightened security
measures should continue as geo-political events such as the U.S. war
on terror escalates, no matter which political party is in office. I think
that it is safe to say that the events of September 11, 2001 have changed
the public's attitude towards homeland and corporate (IT & physical)
security forever. Security is no longer treated as a nuisance but as a
welcomed preventive measure. I believe that the growth in the security
markets should be driven by factors such as:
1) A Rebound In Network Expansion: I believe that government and corporate
enterprises are planning a return to network expansion projects that were
put on hold due to the downturn in IT spending from 2001 to 2003. I think
that wireless networks, enterprise security and data storage solutions
should be high on enterprise IT budget lists.
2) An Increase in Remote End-Users: Wireless local area networks (WLANs)
are steadily becoming popular among government and corporate enterprises
as Wireless Fidelity (WiFi) technology gains traction in the consumer
market. The deployments of WLANs within an enterprise should increase
the need for virtual private network (VPN) solutions to secure the connection
between the end-user and enterprise and identity management solutions
to ensure that end-user identities are secure and managed.
3) SPAM: SPAM, also known as junk e-mail, has become much more than a
nuisance in the last year. In 2003, roughly 45% of all email messages
received were mass marketing ploys. Jupiter Research estimates that end-users
will receive an average of 3,600 SPAM messages per year by 2007, for a
grand total of 14.5 B. To date, SPAM has been utilized as a means for
mass marketing, however, hackers have started to use SPAM techniques to
initiate cyber attacks such as denial of service against government and
corporate networks. Nucleus Research estimates SPAM would cost large enterprises
to lose nearly $10,800 per employee annually because workers must sift
through SPAM throughout the workday. I expect to see increased demand
in anti-SPAM solutions since roughly less than one out of 10 businesses
have SPAM filtering technologies.
4) Federal Legislation Protecting Against Identity Theft: Governments
have established new laws and regulations to protect citizens from the
increase in cyber crimes aimed at identity theft such as: · The Health
and Insurance Portability and Accountability Act (HIPAA) defines the standards
for safeguarding the privacy and security of medical records and other
individual health information. · The Gramm-Leach-Bliley Act defines requirements
for financial institutions to protect the privacy and security of customers'
personal financial information. · The Digital Signature law gives electronic
signatures and records the same legal validity as handwritten documents.
These laws make it critical for enterprises to safeguard emails and digital
documents from tampering by cyber criminals.
5) Homeland Defense/National Security: The events of September 11, 2001
and the war in Iraq have heightened national security around the world.
On January 5, 2004 the U.S. initiated the United States Visitor and Immigrant
Status Indicator Technology (US VISIT) program. US VISIT mandates that
foreign citizens traveling to the U.S. who require a visa must be identified
by fingerprint scanning. To date US VISIT is up and running in 115 airports
and 14 major seaports. Fingerprint scanning is a biometric authentication
technique that uses a human characteristic to create a unique authentication
tool. The biometric authentication market is relatively new but we expect
this market to increase steadily in the long-term as authentication solutions
increase in complexity and moves away from simple password techniques.
6) E-Business: The popularity of the Internet has led to an increase in
E-Business sites, services and payment options. E-Business at the business-to-consumer
(B2C) and business-to-business (B2B) level is constantly at risk to cyber
attacks by criminals, terrorists, corporate espionage and disgruntled
employees seeking to gain critical information (i.e., credit card account
information). The federal trade commission (FTC) recently reported that
Internet related fraud accounted for 55% of the consumer fraud complaints
filed in 2003 compared to 45% 2002. An FTC report released in September
2003 claims that roughly 10 million Americans were victims of identity
theft in 2002, costing consumers $53 billion. Phishing, a SPAM based identity
theft scam, masquerades as a legitimate email from a consumer's bank or
Internet shopping site. The false email usually informs an unsuspecting
consumer that his account information is incorrect (or deleted) and solicits
a reply email with the consumer's valid identity information such as social
security and credit card information. I believe that E-Business security
solutions are moving towards security solutions that utilize security
tokens. These tokens constantly generate unique digital passwords (such
as a credit card enabled with a subscriber identity module (SIM) card
that generates a digital password to authenticate the user and validate
SecurityStockWatch.com: Ed, many thanks for your insights and analysis.