Researchers earlier this month revealed the discovery of computer malware so sophisticated that it managed to hide undetected within enterprise and government computers for five years.
Named after an omnipotent Lord of the Rings character, Project Sauron is an unusually well crafted piece of software. Once installed, it lives entirely in computer memory, leaving no predictable trail of server domain names or IP addresses. It can even infect "air gapped" computers not granted access to the network. Then it simply lies dormant, a sleeper cell of sorts, awaiting further instruction.
Sauron has been siphoning information from some of the world’s most fortified networks in Russia, China, Belgium, Iran and Sweden since 2011. And that makes researchers very nervous they can’t keep any digital data safe from determined actors.
The malware was first discovered by researchers at Kaspersky Labs and Symantec when a client asked about a superfluous program that seemed to run with each new log-in. Sauron was masquerading as a simple Windows password filter yet it recoded passwords, cryptographic keys, configuration files and IP addresses in plain text.
In a detailed report the analysts noted 50 modules of the same strain had infected at least 37 organizations in government, telecommunications, financial services and elite research facilities. Many authorities fear that is just the tip of the iceberg.
Given the targets, level of sophistication and nature of the data taken, the expert opinion is that Sauron is an espionage service of a state-sponsored actor.
According to research firm Gartner (IT), the market for cyber security software and services is now about $75 billion. While it expects the market will reach $170 billion by 2020, the major players have been rocked by growing expenses and a series of high profile hacks. Cyber security seems to be one of the few sectors where bad actors are winning. Given this, corporate clients have been reluctant to grow capital expenditure.
Palo Alto Networks (PANW) is the fastest growing company in the sector. It provides security and software services for enterprises, service providers and government agencies. Revenue growth has been impressive, jumping from $86 million in 2011 to $476 million in 2015. The one weak spot has been growing expenses as research and development grows to combat bad guys. Shares were born expensive in their 2012 initial public offering, and have fallen 35% in the past year. They appear to be stabilizing.
Qualys (QLYS) is a $1 billion software maker focused on security in cloud services. The Silicon Valley-based company helps protect cloud-based network information technology suites. Revenue has grown from $76 million in 2011 to $154 million in 2015. Growth should accelerate as the cloud becomes a bigger part of the corporate lexicon. Shares are down 45% since their 2015 high but have stabilized in the past three months.
When a new piece of malware like Sauron is discovered, the natural inclination is to look to researchers for a solution. We’re trained to have faith the good guys will fix everything. That isn’t always the case in cyber security. The bad guys often have more resources. This is especially true when they are state sponsored. Protecting digital data in that brave new world is difficult.
It’s too early to tell who is behind Sauron. It’s not too early to understand they are playing on a different level. I'm not yet ready to recommend shares of a cyber-security software firm, as margins are under pressure still, but it could come soon.
About Jon Markman: A pioneer in the development of stock-rating systems and screening software, Jon Markman is co-inventor on two Microsoft patents and author of the bestselling books The New Day Trader Advantage, Swing Trading and Online Investing, as well as the annotated edition of Reminiscences of a Stock Operator. He was portfolio manager and senior investment strategist at a multi-strategy hedge fund from 2002 to 2005; managing editor and columnist at CNBC on MSN Money from 1997 to 2002; and an editor, investments columnist and investigative reporter at the Los Angeles Times from 1984 to 1997.
To get our regular email updates, simply fill in the form below: