|Shares Out. (in M):||211||P/E||15.0x||13.5x|
|Market Cap (in $M):||9,798||P/FCF||12.3x||11.5x|
|Net Debt (in $M):||-3,201||EBIT||814||898|
Business Description: Tel Aviv-based Check Point Software Technologies Ltd. is a leading provider of network security solutions. The founder and CEO of Check Point, Gil Shwed, basically invented the modern firewall in 1992. Check Point remains the dominant firewall provider today, though it has grown its product line and also offers a host of other security solutions including: intrusion prevention, data loss prevention, web filtering, anti-virus & anti-malware, anti-spam & email security, virtualized security, endpoint management, and security management. All of these solutions have two things in common (in addition to a bunch of fancy names): 1) They are aimed at enterprise customers (Check Point solutions typically cost $10,000+) and 2) Their primary goal is to keep the bad guys from getting a business’s data and/or harming that business.
Why does this opportunity exist?
We think Check Point shares are trading cheap for three primary reasons: 1) Palo Alto Networks recently came public and pitched themselves as a Check Point killer on the roadshow, which we think is very optimistic 2) Worries over European customer spend. 3) General worries over owning Israeli companies ahead of potential military engagement with Iran.
1) Palo Alto Networks
We think that primary reason for Check Point’s recent decline (the stock has fallen 28% from recent highs of around $65 in April) is the vocal bashing the company received from Nir Zuk, a former employee, and founder of Palo Alto Networks which recently IPO’d to much acclaim. Zuk’s license plate has been CHKPKLR for many years now, so we think what he says needs to be taken with a grain of salt. Basically, Zuk claims that old firewalls that use ports are dead because many apps today can mask what they are up to with SSL or port hopping. His solution eschews the use of ports to block traffic and instead uses a database of safe and unsafe applications (they call it App-ID) to decide what comes through. A simple version of the Palo Alto pitch is here: http://www.bdtcorp.com/pdfs/palo_alto_whitepapers/Firewall_Feature_Overview.pdf
To make a long story short, we believe that many customers of Palo Alto use that solution in addition to a traditional firewall. This article suggests as much: http://www.enterprisenetworkingplanet.com/netsecur/next-generation-firewall-buyers-guide.html Aside from marketing fluff, we have been able to find very little in the way of real users saying Palo Alto is good enough to rip and replace Check Point.
Furthermore, we have consistently seen a trend towards unified threat management which Check Point has successfully been able to address with blades that add the functionality as competitors come out with products. We think Palo Alto’s next generation firewall is basically just an application identification engine which is very hyped and that Check Point should ultimately be able to respond to that. To be sure with $250 million in revenue expected this year, Palo Alto is a threat, but there have always been competitive threats and Check Point has consistently responded to them. This time should be no different.
For a little more on next gen firewalls see here:
Furthermore, Palo Alto faces a significant IP suit from Juniper (Nir Zuk’s former employer)-- see their S-1. One bad court ruling may end up making Palo Alto a paper tiger. Even if it all goes epically badly for Checkpoint on the new product front, 60% of their revenue is recurring/maintenance which would be quite persistent for many more years under almost any competitive scenario you can imagine. This helps provide a margin of safety to an investment.
2) European Customer Worries
There is no getting around the macro, but this too shall pass. 39% of Check Point’s revenue comes from Europe. On their most recent conference call Check Point Gil Shwed summed up the Europe situation as follows:
“In Europe, we have been able to win large projects and deliver significantly more units overall, while the economy puts some pressure on pricing with local currency weakness against the dollar contributing as well. We have seen a different factor in different countries in Europe, some are demonstrating healthy growth like Germany, France and Italy this quarter, along with several other northern countries, while some other countries are not performing as well.”
The reality is that Europe has been a difficult place to do business for a while now and Check Point has managed through it, just like they did when the world fell apart for macro reasons in 2008/2009 (revenue grew through the downturn back then). This too shall pass. Demand for network security will remain, even if spending gets delayed.
3) War in the Middle East
This is always a risk. If it happens, Check Point will survive as it is a global business and their products aren’t even really manufactured in Israel (though they have many engineers there). I’d be buying more Check Point on the day war breaks out and so would Ben Graham.
Dil Shs Out: 211.3
Mkt. Cap: $9,798
Net Debt: -$3,201 (Yup that is $15.15 per share)
2011 2012E 2013E
Revs 1,247 1,358 1,483
EBITDA 734 806 868
Net Income* 588 651 718
FCF 721 795 853
EPS* $2.72 $3.10 $3.44
(GAAP except excludes amortization of intangibles but includes SBC expense)
EV/EBITDA 9.0x 8.2x 7.6x
P/E 17.0x 15.0x 13.5x
P/E ex cash 11.5x 10.1x 9.1x
P/FCF 13.5x 12.3x 11.5x
EV/FCF 9.1x 8.3x 7.7x
The numbers sort of speak for themselves here. The company is trading cheap for what has historically be a very high quality business. This could be an excellent use of overseas cash for some of the slower growing tech behemoths with a smaller security footprint than they would like (e.g. CSCO). The stock does not screen well on a pure P/E due to a significant portion of the cash being invested in safe debt with maturities of greater than 1 yr.
Disclaimer: We and our affiliates own Check Point shares. We may buy or sell these shares at any time. Please do your own due diligence. The information provided above is not investment advice, may be inaccurate, and should be used at your own risk.
|Entry||09/05/2012 03:20 PM|
Just looking at the Blooomberg share count nums, it appears that they basically went offline on the buyback by late 2008/early 2009. Can you provide any color as to the history here, and why you are confident that they will resume it? You allude to a change in tax law; I'm assuming it has something to do with this.
|Subject||CHKP vs PANW|
|Entry||09/06/2012 12:37 PM|
Could you please provide more information on why you don’t see PANW as a serious threat?
Here are some quotes from the Gartner report that seem to suggest otherwise:
“Palo Alto Networks started in the market with behind the firewall placements to add application control; however, almost all deployments Gartner sees are firewall replacements.”
“Palo Alto Networks generated the most firewall inquiries among Gartner customers in 2010 and 2011 — almost more than all other firewall vendors combined — essentially dominating the enterprise conversation in NGFW. High customer loyalty and satisfaction are observed from early adopters.”
“Check Point has continued to expand its software "blade" strategy (that is, preloaded software modules enabled through subscription keys)… Gartner views this as a response to the significant threat posed by Palo Alto Networks.”
Thanks in advance,