software of cybersecurity security and the fed: the rising
TRANSCRIPT
INDUSTRY NOTE
USA | Technology
Software March 7, 2013
SoftwareSecurity and the Fed: The Rising Importanceof Cybersecurity
EQU
ITY R
ESEARC
H A
MERIC
AS
Aaron Schwartz, CFA *Equity Analyst
(212) 284-4660 [email protected] Boolani *
Equity Associate(212) 284-2269 [email protected]
* Jefferies LLC
Key TakeawayCybersecurity is far from a static issue within federal agencies despite broaderbudgetary uncertainty. The threat spectrum has always been on the rise butthe motive of attack is changing; moving from financial to political gain. Thishas triggered a greater sense of urgency for security initiatives at the federallevel which will likely lead to a growing area of spend where FIRE, INTC (MFE),PANW and SYMC are better positioned.
Security is rising in importance at the federal level. So far this year, the NationalDefense Authorization Act was signed into law inclusive of several statutory cybersecurityprovisions, two independent cybersecurity bills have been reintroduced to the U.S. Congressand President Obama signed an Executive Order aimed at improving national IT security;specifically related to “critical infrastructure.” The implications from these proposals varybut the clear takeaway is the rising significance of cybersecurity at a federal level.
A greater sense of urgency is due to the shift in motive. The threat spectrumis changing where political objectives, rather than financial gain, are now the motivebehind attacks; and increasingly sponsored by nation states. This year alone, the U.S.Federal Reserve, U.S. Department of Energy and several undisclosed critical infrastructureorganizations have been breached, reportedly from foreign entities, while in 2011, fivemulti-national energy companies suffered attacks that originated from foreign nation states,according to McAfee. A widely sourced February report by IT security firm Mandiantprovided vast evidence, corroborated by U.S. intelligence officials, of attacks that originatedfrom foreign nation states with a sharp increase seen since 2011.
Budget uncertainty will persist but security spend will be resistant. Cybersecuritywill remain a top priority within the Department of Homeland Security (DHS), where theinitial FY13 budget request included a 74% increase in security within a flat overall DHSbudget, according to GCN. Sequestration and other appropriations will be involved and theoutcome could be a more backend-loaded nature to the spend with concentration towardsC3Q13. But federal cybersecurity spend should be immune from broader budget pressureand select funded programs provide visibility to absolute growth.
Continuous monitoring and the next phase of EINSTEIN stand out. Larger andfunded opportunities include the Continuous Diagnostics and Mitigation (CDM) program,which encompasses $6bn over five years for continuous monitoring solutions, and theNational Cybersecurity Protection System (NCPS), which has approved funds to expeditethe deployment of systems related to the EINSTEIN 3 program. Cybersecurity is becomingmore integral to federal priorities and large funded opportunities exist; we believe vendorsincluding Sourcefire (FIRE), McAfee (INTC), Palo Alto Networks (PANW) and Symantec(SYMC) are well positioned to benefit with private vendors including FireEye and Trustwavealso involved.
Follow-up industry expert conference call. We will host a related conference call withan independent consulting firm that focuses on guidance and support services to both theFederal government and those commercial entities that support it. The call will be held onWednesday, March 13 at 12:00PM ET; details as follows: Dial-in: (866) 900- 5944 (U.S.)/(706) 643-3801 (Global) / +44 (0) 20 3107 0289 (U.K.); Conference ID#: 20513165.
Jefferies does and seeks to do business with companies covered in its research reports. As a result, investors should be aware that Jefferies may have a conflictof interest that could affect the objectivity of this report. Investors should consider this report as only a single factor in making their investment decision.Please see analyst certifications, important disclosure information, and information regarding the status of non-US analysts on pages 12 to 15 of this report.
Summary Cybersecurity initiatives continue to expand as a priority for federal agencies but with a
recent greater sense of urgency. Over the last two months alone, the President issued an
Executive Order, and two independent cybersecurity legislative bills have been
reintroduced to U.S. Congress. Underlying these actions is not only an increase in attacks
but also a change in the source, target and intent of the attack—political objective, rather
than financial gain, is increasingly the motive behind the attack and is often sponsored by
nation states. This is the primary reason regulatory authorities are inserting themselves
into the cybersecurity conversation.
Nevertheless, the current implications from the proposed legislation vary. Most current
proposals only involve voluntary programs for cybersecurity standards based on
information sharing. However, it is clear that security is an increasingly important initiative
at the federal level, which will result in new and expanding opportunities for commercial
security vendors. The heightened status of security will lay a foundation for broader
security strategies and related spending initiatives. And in an uncertain budgetary
timeframe, security will be a more immune, and likely growing, area within public sector
spending. Areas including security assessments, continuous monitoring and, over time,
next-generation host-based security solutions will see expansion where vendors including
Sourcefire (FIRE), McAfee (INTC), Palo Alto Networks (PANW) and Symantec (SYMC) are
well positioned to benefit.
Cybersecurity Is Expanding as a Federal Priority On January 2, the National Defense Authorization Act (NDAA) was signed into law and
included several statutory cybersecurity provisions. Since then, the Senate introduced the
Cybersecurity and American Cyber Competitiveness Act of 2013 (January 23); President
Obama signed an Executive Order aimed at improving U.S. cyber defenses (February 12)
and the Cyber Intelligence Sharing and Protection Act (CISPA) was reintroduced to the
House (February 13).
The rapid pace at which cybersecurity initiatives have expanded as a federal priority is
clear. This is due to an increase in the number and severity of threats; McAfee saw a 51%
increase in malware samples in 2012, as well as the changing motive of the attack beyond
notoriety. This year alone, not only have commercial entities such as The New York Times,
The Wall Street Journal, Apple and Facebook reported intrusions, but also the U.S. Federal
Reserve, the International Monetary Fund, defense contractor Lockheed Martin as well as
several undisclosed attacks on critical infrastructure entities. A recent report by Mandiant,
an IT security firm, provides evidence of an increasing cyber-attack focus on U.S. critical
infrastructure from foreign nation states and shows a sharp increase in nation state
sponsored attacks since 2011. For example, the report cites a recent intrusion on Telvent,
a company with access to over 60% of oil and gas pipelines in North America, which was
reportedly initiated by the Chinese PLA. The attack was corroborated by Telvent and U.S.
intelligence agencies.
Attack Motive Is Increasingly Political Driven The threat motive is moving beyond notoriety or financial gain. Over the last
several years, the predominate source and reason for cyber-attacks has been externally
originated attacks for the purpose of financial theft—over 98% of breaches now originate
from external sources, up from 72% in 2009, according to Verizon’s annual data breach
report. The involvement of organized crime, which often supports attacks with greater
funding, has been the primary reason the objective of attacks shifted from notoriety (i.e.,
script kiddies) to financial theft and we are now seeing the next shift which involves
nation states.
The motive of attacks is shifting
towards political objectives, and
increasingly involving nation states
In 2011 five multinational oil and gas
companies were attacked by foreign
nation states, according to McAfee
We believe FIRE, MFE (INTC), PANW
and SYMC are positioned to benefit
Technology
Software
March 7, 2013
page 2 of 15 , Equity Analyst, (212) 284-4660, [email protected] Schwartz, CFA
Please see important disclosure information on pages 12 - 15 of this report.
Going forward, political objectives will play a far greater, and public, role in
cyber-attacks. Just as the threat spectrum was characterized by a shift to organized
crime over the last several years, political objectives and the role of nation states as targets
and perpetrators of attacks will increasingly characterize the threat spectrum going
forward. The aforementioned Mandiant report provided vast evidence of an increase in
attacks that have originated from China and this evidence has been confirmed by U.S.
intelligence officials, according to The New York Times. Separately, at the recent
Information Systems Security Association conference, 79% of IT security professional
attendees believe a “major” cyber terrorism event will occur within the next year. Part of
this concern stems from the awareness of activities originated by nation states inclusive of
U.S. participation; for example, the U.S. reportedly worked with Israel to use cyber tools
(Stuxnet) to disrupt Iran’s nuclear program.
This shift to political involvement is the most important factor behind the
increasing public sector involvement in security. The risk has been seen with the
increase in federal attacks—the number of intrusions reported by U.S. federal agencies
increased by 13% to 49,000 in 2012, according to the U.S. Computer Emergency
Readiness Team (US-CERT)—as well as deficient preparedness, as the same report finds
that most of the 24 major federal agencies had information security weaknesses.
Therefore, with the shift in attack motive and increasing political awareness, security will
be far from a static issue over the next several years, even in the wake of federal budget
cuts. Just recently, Steven VanRoekel, Federal Chief Information Officer of the United
States, spoke on potential budget cuts and sequestration where “cybersecurity is such an
evolving threat that we have to be ever vigilant, we have to be proactive, we have to be
investing dollars and engaging smart contractors to think about how to lean forward.”
Cybersecurity Legislation in Motion Again Security regulation is a complex issue for both the private and public sector. This is due to
the sensitivity of the issue, the natural incentive for organizations to prevent attacks and
also a resistance to any forced mandate on security. But the increase in nation state
involvement behind security breaches has raised more questions about the danger of
attacks and the role of regulation.
Historically, cybersecurity at a national level has been a piecemeal approach with limited
success. A recent report by the U.S. Government Accountability Office (GAO) contends
that current security strategies have seen limited successful implementation. In fiscal
2012, 19 of 24 major federal agencies reported that information security controls were
either a material weakness or significantly deficient in internal controls. Most of the 24
agencies had information security weaknesses in areas including inappropriate access to
computer resources; system configuration; contingency planning for disruption or
disaster; and implementing agency-wide information security—thus another reason why
new security-specific legislation has been drawn.
Below we provide a summary overview of selected national strategies and bills, historical
and current, related to cybersecurity.
Chart 1: Cyberattack Incidents
Reported by Federal Agencies
No. of Incidents in 000s
Source: GAO, US-CERT data
2006-2012: +782%
Technology
Software
March 7, 2013
page 3 of 15 , Equity Analyst, (212) 284-4660, [email protected] Schwartz, CFA
Please see important disclosure information on pages 12 - 15 of this report.
Chart 2: Evolution of Cyber Strategies and Select Cyber Legislation Overview
Source: GAO, GovWin (Deltek Report), Jefferies
Despite what has historically been a stagnant and even reactive cybersecurity legislation
environment, greater evidence of the expanded federal priority on cybersecurity matters
has manifested itself in several legislative proposals that have emerged in the last several
weeks. We look at four more topical law-making endeavors, and which will likely have the
most relevant impact to commercial / private sector security vendors. Specifically of
interest is the NDAA, which is one of few laws that provides some visibility into funding
levels, in the context of current, urgent cybersecurity priorities. Beyond legislation, we
also look at specific funded programs for FY13.
1) National Defense Authorization Act for 2013 (NDAA)
The NDAA outlines several targeted statutory provisions on cybersecurity
issues. Signed into law on January 2, the NDAA—legislation that formally sets policies
and funding levels for DoD operations and national security programs for the DoE—
outlines several cybersecurity-related provisions that the DoD is required by law to
implement, with the most relevant spanning a) investment strategies and priorities; b)
mandatory reporting requirements and protocols in the event of potential data breaches
in the defense industrial base; c) development of network flow data collection and
analysis capabilities; and d) procurement of “next-generation” systems involving host-
based cyber security tools and capabilities longer-term.
a) Formal communication of cybersecurity investment strategies and
priorities expected. The NDAA law requires that within six months of its
enactment, the U.S. Air Force is to submit a proposal detailing investment
strategies and priorities relating to cyberscience and technology needs; with
clear identification of expected resources required (both funding and personnel)
to meet these objectives. Given the budgetary uncertainties, such a mandate
demonstrates the greater significance—and perhaps even relative immunity
from potential budget cuts—ascribed to such initiatives.
2000
National Plan for Information Systems Protection v1.0 (January)
2003
2003 National CybersecurityStrategy (February)
Homeland Security Presidential Directive-7 (December)
2006
National Infrastructure Protection Plan (June)
2008
Comprehensive National Cybersecurity Initiative (January)
2009
National Infrastructure Protection Plan Update (January)
Whitehouse Cyberspace Policy Review (May)
2011
Homeland Security Cyber and Physical Infrastructure Protection Act (January)
Cybersecurity Education Enhancement Act (January)
Cybersecurity and Internet Freedom Act (February)
Executive Cyberspace Coordination Act (March)
National Strategy for Trusted Identities in Cyberspace (April)
Cyber Security Public Awareness Act (April)
International Strategy for Cyberspace (May)
Cyberspace Warriors Act (June)
2012
Cybersecurity Act (February)
3 Priority Areas for Improvement Identified (March)
SECURE IT Act (March)
Cyber Intelligence Sharing and Protection Act (April)
Cybersecurity Enhancement Act (April)
Intelligence Authorization Act (May)
Keep America Secure (August)
Cybersecurity and American Cyber Competitiveness Act of 2013 (Introduced January)
Executive Order-Improving Critical Infrastructure Cybersecurity (February)
Cyber Intelligence Sharing and Protection Act (Re-Introduced February)
2013
Technology
Software
March 7, 2013
page 4 of 15 , Equity Analyst, (212) 284-4660, [email protected] Schwartz, CFA
Please see important disclosure information on pages 12 - 15 of this report.
b) Mandatory data breach reporting requirements for private entities
granted DoD clearance. The legislation also stipulates that “cleared”
members of the defense contractor community—or those private entities
granted DoD-authorized access to classified information—are required to report
intrusions of their DoD-sanctioned networks and IT systems. This is somewhat
unique in that other current proposals on information exchange with the private
sector, regarding infrastructure-based compromises, are typically one-sided,
where participation by the private sector is largely voluntary.
c) Improved capabilities around network flow data collection and
analysis. The law permits use of existing funding and research capabilities to
develop collection, processing and storage technologies, that monitor, identify
and counteract vulnerabilities and infrastructure compromises within the DoD’s
network—as well as DoD network data flow on ISPs’ networks—specifically
through the analysis of its voluminous data flow records. There has been a
convergence between data inspection, collection, analytics and security with
vendors including NetScout, Splunk, TIBCO, IBM, McAfee and Palo Alto
Networks involved; with each providing a differing security analytics approach.
d) Procurement authorization for “next-generation” cybersecurity
system. The law authorizes the acquisition of “next-generation” cybersecurity
systems for the DoD. The provision calls for an open framework to enable
integration of various commercial tools and applications in the realm of
continuous cyber-intrusion monitoring, detection, and remediation. This section
of the NDAA involves a longer-term outlook with budget submissions into
Congress requested for the FY15 period.
These NDAA provisions emphasize the current focus of strengthening federal
cybersecurity initiatives, and are directional indicators of how commercial vendors and
service providers can benefit. Yet admittedly—as we discuss further below—related
initiatives and other pending programs are largely voluntary and lack specific funding
appropriations.
2) Cybersecurity and American Cyber Competitiveness Act of 2013
The Cybersecurity and American Cyber Competitiveness Act was introduced to the Senate
on January 23 and is a modified version of the predecessor Cybersecurity Act of 2012. The
bill recommends public-private consensus to encourage and enhance communication
between government agencies and commercial organizations, but does not outline
specific strategies, requirements or incentives for private sector security compliance, as
did the prior proposal. If passed, however, the bill would add a legal and enforceability
backbone to the information sharing objectives.
A background on the bill involves standard political and regulatory lines, and is an
example of the complexity and criticism behind security mandates. The Cybersecurity Act
of 2012 failed (twice) in Congress largely due to complaints it would be a burden to
commercial entities. The bill included select requirements for defined critical infrastructure
companies to meet minimum security standards defined by government figures, and
enforced by the private sector. The re-introduced 2013 bill intentionally lacks specific
compliance requirements in order to improve the chance the bill passes.
3) Executive Order: Improving Critical Infrastructure Cybersecurity
Signed Executive Order seeks to increase cyberthreat information sharing but
lacks legal protection. On February 12, President Obama signed an Executive Order
and a related presidential policy directive to facilitate greater sharing of classified and
unclassified cyberthreat information between the public sector and eligible private sector
companies managing the nation’s critical infrastructure—which includes water, power,
NDAA reporting requirements are
unique relative to other proposed
legislation with two-way information
exchange
In February, Splunk App for Palo Alto
Networks was released to enable
machine-generated big data to be
used for security-based risk analysis
The Industrial Control Systems-
Cyber Emergency Response Team
(ICS-CERT)—DHS’s critical
infrastructure threat monitoring and
remediation taskforce—responded
to and investigated 198 cyber-
incidents against critical
infrastructure in FY12, compared to
130 in FY11.
However, our conversations suggest
these numbers remain relatively
modest compared to the much
larger total number of addressable
ICS entities.
Technology
Software
March 7, 2013
page 5 of 15 , Equity Analyst, (212) 284-4660, [email protected] Schwartz, CFA
Please see important disclosure information on pages 12 - 15 of this report.
communications and transportation services. The Order is a one-sided effort; while federal
agencies will be expected to notify private companies of any detected cyberintrusion
activities, private companies will not be legally obliged to reciprocate with similar
information. The directive also calls for the development and enforcement of certain
minimum security standards by federal agencies on critical infrastructure operators, but
where adoption and adherence to these guidelines, as well as any disclosure of threat
information from the private company side, still remains entirely voluntary.
The Order is seen as a short-term solution but not a suitable longer-term approach. The
Order is narrow and more importantly, cannot grant companies protection from legal
action on information shared with government entities. This provides a basis for the
private sector to support alternative security-related bills as only legislation can provide
legal protection. Other drawbacks to the Order remain with an unclear role of the
government to physically protect critical infrastructure, and a lack of legal jurisdiction to
enforce any of the intentions outlined in the Order.
DHS will spearhead several initiatives to move forward the strategy outlined
in the Order. The DHS has been assigned one of the lead roles in moving the
requirements of the Order forward. Over the course of the next six to eight months, the
department will face several deadlines and is charged with: 1) identifying the
government’s relationship with critical infrastructure; 2) formalizing a public
agency/private company partnership framework; 3) finalizing a national infrastructure
protection plan based on the various capabilities of the critical infrastructure in question;
and also 4) introducing incentives for private sector adoption.
4) Cyber Intelligence Sharing and Protection Act of 2013 (CISPA)
CISPA proposes objectives similar to the Cybersecurity and American Cyber
Competitiveness Act and Executive Order around increased communication between the
public and private sector. But the key differentiator is that CISPA envisions a voluntary
bilateral information exchange with the private sector, largely at the expense of individual
privacy, i.e., any personal private information on any network could be shared with
federal agencies, with legal immunity in the event improper information is shared.
This is in contrast to the Executive Order which mandates only the government needs to
share cyberthreat information and makes a distinction between “critical infrastructure”
and private “leisure” or social networks. The Order also ensures, to a degree, that
individual privacy of citizens remains intact.
The CISPA bill passed the House in April 2012 but was threatened to be vetoed if it passed
the Senate due to privacy concerns. The 2013 CISPA bill is the exact same bill and was
reintroduced on February 13. Previously, CISPA had limited support due to the privacy
concerns. Opponents cited reservations around the potential legal immunity private
companies would have whilst being incentivized or even obliged to divulge private citizen
information, and thus infringing on civil liberties. Opposition, including from the ACLU
and the Electronic Frontier Foundation (a digital rights advocacy group), has already
formed against the bill.
Timing Could Shift but Programs Are Funded Related to the legislative activities, the NDAA is one of few recent laws that has established
baseline funding levels, and that specifically outlines 16 IT-related requirements, inclusive
of cybersecurity, that require the DoD’s attention and implementation. The law contains
congressionally authorized spending increases in the DoD’s Procurement budget
(+$966mn) which should influence purchase of cybersecurity tools and technologies,
though the law does not go as far as to appropriate funding to specific initiatives, and
where broader procurement-related spending discretion remains in the hands of the DoD.
The National Institute of Standards
and Technology (NIST), in
collaboration with federal agencies
and private companies, will lead the
efforts for developing a
Cybersecurity Framework—a risk
assessment and best practices
document— over the next eight
months
80%-plus of the nation’s critical
infrastructure is owned and operated
by the private sector
Technology
Software
March 7, 2013
page 6 of 15 , Equity Analyst, (212) 284-4660, [email protected] Schwartz, CFA
Please see important disclosure information on pages 12 - 15 of this report.
In addition to the NDAA, other larger federal opportunities include 1) a government-wide
Continuous Diagnostics and Monitoring program (CDM or CM); 2) the ongoing National
Cybersecurity Protection System (NCPS), or EINSTEIN program roll-out; and 3) potential
expansion of the Cyber Command forces and U.S. Air Force’s cyber forces. Both the CDM
and NCPS programs are likely to see the greatest participation from the commercial sector
with the later initiatives initially focused more on personnel-expansion, rather than
technological or product expansion
1) Continuous Diagnostics and Mitigation Program (CDM)
Ahead of budget cuts, The Department of Homeland Security (DHS) secured roughly
$200mn in dedicated funding for continuous monitoring programs; a larger $6bn
Continuing-Monitoring-as-a-Service (CMaaS) initiative is also expected to see bids
awarded in FY13. Industry sources indicate the blanket purchase agreement (BPA) was
issued in late January with evaluations expected to occur over the next several weeks. The
programs will initially include civilian agencies but will additionally extend to all areas of
the government. The DHS will centrally manage the allocation of funding with
consistency in continuous monitoring as the goal—as such, security vendors that have
initial wins will be well positioned for additional deployments as the initiative is
expanded.
CM encompasses tools and protocols to instill a more collaborative and
dynamic approach to cybersecurity threat management. The CM program aims
for real-time and iterative threat detection at the agency level to drive greater visibility of
the government-wide risk and vulnerability landscape at the federal level; primarily
through infrastructure standardization and network surveillance process uniformity. The
broader objective is to enable the DHS to diagnose, summarize and disseminate threat
information, subsequent to which the remediation and mitigation would be undertaken
by the agencies.
Currently, major IT systems across the government are manually tested for vulnerabilities
once every three years to meet Federal Information Security management Act (FISMA)
standards. The annual cost to comply with FISMA security requirements is an estimated
$1.5bn, according to a DHS budget analysis, and this funding is expected to be re-
directed to a continuously updated approach. Mr. John Streufert, Director of the DHS’s
National Cyber Security Division, implemented a similar program on a much smaller scale
as the CIO of the State Department, and is championing the redirection of the $1.5bn in
FISMA compliance audit costs towards automated security sensors and monitoring tools.
CMaaS element of the CM program is a $6bn opportunity with bids awarded
in FY13. A notable element of the CM program is the large commercial opportunity tied
to the CMaaS initiative. Final request for bids on the agreement occurred in January 2013
and the DHS expects the purchase agreement to be worth $6bn over the five-year
contract; the agreement will be awarded as a one-year base deal with four one-year
renewals.
The $6bn proposal includes two categories of requirements—one that focuses primarily
on tools, and the other on services. Large system integrators will likely be prime
contractors Northrop Grumman, ManTech, SAIC, with confirmed bids on the
arrangement, according to Washington Business Journal; others including Booz Allen
Hamilton and CSC are reportedly also involved. Regarding the product component, the
proposal requires all prime contractors to involve smaller businesses as sub-contractors
with, according to one report, “pretty aggressive goals they should target.” This is clearly
intended to incorporate smaller and innovative security companies into the proposal, in
our view.
The DHS has approved funding for
continuous scanning and monitoring
tools that will eventually be
deployed government-wide.
In January, DHS representatives said
they anticipate awarding the $6bn in
contracts before October 2013 and
industry sources indicate initial
contracts were issued in late January.
Technology
Software
March 7, 2013
page 7 of 15 , Equity Analyst, (212) 284-4660, [email protected] Schwartz, CFA
Please see important disclosure information on pages 12 - 15 of this report.
The DHS will cover the $6bn CMaaS spending bill over the course of the five years and
will expand the program to all civilian networks under the DHS purview. The initial
deployment will involve civilian “dot-gov” networks with expansion of the program to
other federal entities including the Department of Defense (DoD), “dot-mil” networks, as
well as state, local, tribal, and territorial governments, thereby further extending the reach
of the CM program.
2) National Cybersecurity Protection System (NCPS), or EINSTEIN Program
Funding for expansion of NCPS, “EINSTEIN 3,” have been approved by
Congress; a large part of the overall increase in DHS cybersecurity spend this year will
reportedly go towards expediting the deployment of EINSTEIN 3. The FY13 DHS budget
specifically includes $345mn for Network Security Deployment, which manages the NCPS
program. The DHS and National Security Agency (NSA) operate EINSTEIN 3 and the
Obama administration, with bi-partisan support from the Department of Justice (DoJ) for
privacy concerns, has made expansion of EINSTEIN 3 a fiscal priority.
Funding is intended to focus on intrusion prevention with the use of “active” sensors
from passive sensors that were utilized in phase 1 and 2 of the EINSTEIN program (which
we recap below). The deployment of EINSTEIN 3 will include intrusion prevention
technologies that involve situational awareness and real/near-real time analytics.
Essentially, technologies involved in this phase will have additional proactive capabilities,
beyond just the passive network data inspection, and intrusion detection capabilities
utilized in the earlier stages of the program.
EINSTEIN 3 will see deployment starting in FY13, which is supported by conversations we
have had with industry contacts, and will involve a multi-year period of implementation.
The timing of deployment within CY13 is less certain but the allocated funds are to be
utilized in FY13 (at a product level, this could be more concentrated towards the
September quarter). Sourcefire was involved in phase 1 and 2 of EINSTEIN and we are
confident the company will participate in phase 3; we also believe McAfee has a presence.
On this note, given the timing delays in the federal budget process, we view expansion /
upgrades for incumbent vendors far more likely than the inclusion of new vendors.
Brief recap of the EINSTEIN program; given it is near its ten-year anniversary.
Originally launched by the DHS, under the direction of its National Cybersecurity Division
in 2004, the NCPS—operationally known as the EINSTEIN program—is the three-phase
deployment of network intrusion detection systems across participating agencies of the
federal government, supported by funds from US-CERT. Designed to enhance the federal
government’s overall cybersecurity posture, and improve the “situational awareness” of
dot-gov domains, each phase of the EINSTEIN program’s roll-out is further decomposed
into “blocks” intended to add incrementally new cyber defense functionalities to agency
networks; with the overarching objective of automating, and increasing the frequency
and consistency with which federal agencies proactively share threat information with US-
CERT.
As the Office of Management and Budget (OMB) requires that federal civilian agencies
report cyber incidents to the US-CERT, the implementation of the EINSTEIN program
effectively serves to create a government-wide network monitoring program, helping to
increase the DHS’s threat and vulnerability awareness at the federal level. EINSTEIN is an
important DHS-governed mandate as it enables the US-CERT to more rapidly identify,
prevent, and disseminate cyberattack information on the dot-gov networks, and
accelerate response and recovery times in the event cyberattacks on agency IT systems do
occur.
US-CERT is the operational arm of the
DHS’s National Cybersecurity
Division and helps oversee the
EINSTEIN program.
As the central incident center for
federal “dot-gov” agencies, the unit
manages the identification, technical
assistance, and warning/ reporting of
cyberthreats through the collection
and analysis of these agencies’
network traffic data.
A large part of DHS cybersecurity
spend will reportedly be steered
towards EINSTEIN 3
Technology
Software
March 7, 2013
page 8 of 15 , Equity Analyst, (212) 284-4660, [email protected] Schwartz, CFA
Please see important disclosure information on pages 12 - 15 of this report.
Chart 3: Breaking Down EINSTEIN’s “Block” Components
Source: DHS, Jefferies
EINSTEIN 1: The first phase of the implementation, EINSTEIN 1 was initiated in 2004 and
offered an automated process for collecting, correlating, and analyzing network flow
records—or network connections made to an agency’s IT system— from voluntarily
participating federal agencies, to enable the US-CERT to passively analyze anomalies and
detect potentially malicious activity. These records, collected through appliances, were
limited to a small subset of data fields, and focused more on the technical details of
machine-to-machine type information (i.e., IP address details, time of data transmission,
source/destination computer of data transmission, ports and protocols used) and did not
provide granularity down to the user and content level.
EINSTEIN 2: Launched in 2008, this phase of the EINSTEIN program mandated all federal
agencies (excluding the DoD and Intelligence agencies) deploy commercially available
intrusion detection products across their internet access points—in addition to their
existing information security products and practices—so to trigger alerts to the US-CERT
in the event of harmful traffic traversing agency networks. The first government‐wide
intrusion detection system, this system employs highly specialized signatures developed
by the US-CERT, and scans data passively at the content level, where such detail was
previously not being provided to or analyzed by US-CERT under EINSTEIN 1.
EINSTEIN 3: Industry sources confirm that this phase will be a FY13 project for product
deployment and is expected to add a near real-time intrusion prevention capability layer
on to agency networks. The DHS has been engaged in the test phase of EINSTEIN 3 since
2009, but widespread deployment will begin in FY13 with a multi-year schedule.
2) Cyber Command and U.S. Air Force Cyber Forces Expansion
Other meaningful cybersecurity-related initiatives under way at the DoD, involve plans to
expand the military cyber personnel. This expansion would indirectly lead to product
purchases but the timing, size and scope are far from certain. In operation since at least
2010, the DoD’s Cyber Command squad is expected to reorganize in to three forces
catering to 1) military commanders involved in offensive cyberattack operations; 2) units
defending military IT networks; and 3) groups extending protection to a larger extent of
domestic civilian networks across vital commercial sectors. The DoD is widely perceived as
a well-resourced federal entity, and where the expansion of such scale would likely
involve greater investment in tools, capabilities, and infrastructure. Select reports suggest
that under this type of three-pronged structure, the size of the Cyber Command could
increase more than five-fold to upwards of 5,000 military and civilian cyber professionals,
and supports the idea that such initiatives around computer network warfare will remain
immune if not actually grow as part of the broader military budget.
EINSTEIN 1: Launched 2004
Block 1• Flow sensor• Operating environment• Data storage• Flow analytics
EINSTEIN 2: Launched 2008
Block 2.0• Intrusion detection system
(passive defense)• Improved data storage• Incident Handling• Malware lab• Advanced analytics
Block 2.1• Security Information & event
management (SIEM)• Aggregation and increased storage• Correlation of multiple data sources• Visualization
Block 2.2• Collaboration tools• Information sharing• Network investigative capabilities• Data sharing
EINSTEIN 3: 2013+
Block 3.0• Intrusion prevention & active
defense (sensor, storage and analytics)*
• Information sharing (for active defense)*
• NEST/ ISP interface*• Enhanced flow (classified)• SIEM• Network management• Performance management• Enhanced operating environment
* Marks components of the “EINSTEIN 3 Accelerated” Strategy
Although the reach of the Cyber
Command forces is expected to
include civilian networks, the DoD
would not thwart any cyber-attacks
on ordinary businesses or citizens as
this responsibility largely falls under
the DHS and F.B.I.
The DHS is incorporating an Einstein
3 Accelerated (E3A) strategy, which
would allow for expedited
deployment of intrusion prevention
services through an MSSP
Technology
Software
March 7, 2013
page 9 of 15 , Equity Analyst, (212) 284-4660, [email protected] Schwartz, CFA
Please see important disclosure information on pages 12 - 15 of this report.
Air Force has also disclosed intentions of expanding its cyber forces in the
medium to long-term. The U.S. Air Force is readying an expansion of its cyber forces
by upwards of 15% (or 1,000 additional personnel), a secondary unit to the DoD’s
broader Cyber Command forces, through 2015. Although this plan will remain
contingent on the availability of funding and budget dollars, cybersecurity continues to
be cited as a perennial priority, especially as it relates to national defense, and continues
to be viewed as an area officials have expressed difficulty in enacting spending reductions
on what is the department’s roughly $3.5 to $4bn annual spend on cyber capabilities.
Vendors Best Positioned to Benefit Depending on the course of sequestration, contract awards and spending could be
delayed towards the back part of FY13. But given the funded initiatives, clear fiscal priority
of security and contracts / evaluations that are under way, federal-based security
spending, at a minimum, will be immune to budgetary pressures and will be more likely
to grow this year. The process for many of these initiatives begins with awards to prime
system integrators, with purchases at the product vendor level occurring through BPAs.
Product vendors with long-established and entrenched relationships at the federal level,
such as Symantec and McAfee, will likely benefit in addition to vendors directly involved
with specific product criteria—here Sourcefire and Palo Alto Networks qualify. In our
industry conversations, we have also heard private vendors FireEye and Trustwave are
well positioned.
Below we highlight a select group of vendors with relevancy and exposure to the public
sector vertical worldwide, amongst whom Sourcefire, Palo Alto Networks, and Symantec
have greater revenue exposure to the U.S. federal and state government entities.
Symantec: We estimate the company has roughly 10% public sector exposure
(SYMC does not specifically disclose vertical revenue exposure) and has had
deeply entrenched engagements with the DoD, broadly including large multi-
year ELAs with the Army and Navy (NMCI) as well as civilian agencies. In
addition to select product areas such as endpoint protection and DLP, the
company is positioned with its vulnerability assessment and managed security
services as part of the latest EINSTEIN provisions.
Sourcefire: Long associated with the U.S. public sector, FIRE has seen
significant revenue diversification with commercial growth. But with 20%
exposure, the company still provides the greatest pure exposure to public sector
security spend. FIRE has been involved in EINSTEIN 1 and 2 deployments and
with the criteria outlined for phase 3—including a further focus on intrusion
prevention—FIRE will continue benefitting from the program. Further, the more
lucrative CM initiative has dedicated FY13 funding with broader CMaaS awards
expected by September, where FIRE could see a greater presence.
Palo Alto Networks: We believe the company has slightly over 10% exposure
to the public sector and is positioned to see broader deployments; although
specific larger programs could be further out. As part of the NDAA, Congress has
mandated a broader strategy for next-generation host-based security tools,
where we expect Palo Alto to compete, with specific allocation of funding in
FY15.
McAfee (part of Intel): Disclosure of specific public sector exposure is limited
but we believe stand-alone McAfee has about 10% revenue exposure to U.S.
public sector entities. The company has had a presence in many programs; we
believe, but have not confirmed, that the company has been involved in earlier
phases of EINSTEIN with its IPS solution and could be involved in EINSTEIN 3.
Technology
Software
March 7, 2013
page 10 of 15 , Equity Analyst, (212) 284-4660, [email protected] Schwartz, CFA
Please see important disclosure information on pages 12 - 15 of this report.
The company is also well-positioned to participate in the broader CM initiatives.
Further, McAfee gained additional exposure to federal deployments with the
2008 acquisition of Secure Computing, which started out as a small defense
contractor and expanded more broadly into security; the company’s Sidewinder
firewall still does well at the public sector level.
Chart 4: Public Sector Exposure of Select Security Vendors
Source: Jefferies, company data Note: Data for FIRE, FFIV, JNPR and QLYS reflects U.S. federal/state specific revenue
20%
19%
10-15% 10-15%
13%
11%10%
7%
4%
1%
0%
5%
10%
15%
20%
25%
Sourcefire Cisco McAfee Symantec Palo Alto
Networks
Fortinet Check
Point
Software
F5
Networks
Juniper Qualys
Companies Mentioned:
Sourcefire (FIRE, $55.84, HOLD) NetScout (NTCT, $26.11, HOLD) CSC (CSC, $49.35, HOLD)
Intel (INTC, $21.77, HOLD) TIBCO (TIBX, $23.4, BUY) Cisco (CSCO, $21.71, HOLD)
Palo Alto Networks (PANW, $56.33, HOLD) IBM (IBM, $208.46, HOLD) Fortinet (FTNT, $24.27, HOLD)
Symantec (SYMC, $24.53, BUY) Northrop Grumman (NOC, $65.02, BUY) Check Point Software (CHKP, $51.72, BUY)
Splunk (SPLK, $37.8, NC) ManTech (MANT, $24.65, NC) F5 Networks (FFIV, $93.12, HOLD)
Apple (AAPL, $425.43, HOLD) SAIC (SAI, $12.06, BUY) Juniper Networks (JNPR, $20.12, BUY)
Facebook (FB, $27.46, HOLD) Booz Allen Hamilton (BAH, $12.59, NC) Qualys (QLYS, $12.1, NC)
Technology
Software
March 7, 2013
page 11 of 15 , Equity Analyst, (212) 284-4660, [email protected] Schwartz, CFA
Please see important disclosure information on pages 12 - 15 of this report.
Analyst CertificationI, Aaron Schwartz, CFA, certify that all of the views expressed in this research report accurately reflect my personal views about the subjectsecurity(ies) and subject company(ies). I also certify that no part of my compensation was, is, or will be, directly or indirectly, related to the specificrecommendations or views expressed in this research report.I, Fatima Boolani, certify that all of the views expressed in this research report accurately reflect my personal views about the subject security(ies) andsubject company(ies). I also certify that no part of my compensation was, is, or will be, directly or indirectly, related to the specific recommendationsor views expressed in this research report.As is the case with all Jefferies employees, the analyst(s) responsible for the coverage of the financial instruments discussed in this report receivescompensation based in part on the overall performance of the firm, including investment banking income. We seek to update our research asappropriate, but various regulations may prevent us from doing so. Aside from certain industry reports published on a periodic basis, the large majorityof reports are published at irregular intervals as appropriate in the analyst's judgement.
Company Specific DisclosuresFor Important Disclosure information on companies recommended in this report, please visit our website at https://javatar.bluematrix.com/sellside/Disclosures.action or call 212.284.2300.
Meanings of Jefferies RatingsBuy - Describes stocks that we expect to provide a total return (price appreciation plus yield) of 15% or more within a 12-month period.Hold - Describes stocks that we expect to provide a total return (price appreciation plus yield) of plus 15% or minus 10% within a 12-month period.Underperform - Describes stocks that we expect to provide a total negative return (price appreciation plus yield) of 10% or more within a 12-monthperiod.The expected total return (price appreciation plus yield) for Buy rated stocks with an average stock price consistently below $10 is 20% or more withina 12-month period as these companies are typically more volatile than the overall stock market. For Hold rated stocks with an average stock priceconsistently below $10, the expected total return (price appreciation plus yield) is plus or minus 20% within a 12-month period. For Underperformrated stocks with an average stock price consistently below $10, the expected total return (price appreciation plus yield) is minus 20% within a 12-month period.NR - The investment rating and price target have been temporarily suspended. Such suspensions are in compliance with applicable regulations and/or Jefferies policies.CS - Coverage Suspended. Jefferies has suspended coverage of this company.NC - Not covered. Jefferies does not cover this company.Restricted - Describes issuers where, in conjunction with Jefferies engagement in certain transactions, company policy or applicable securitiesregulations prohibit certain types of communications, including investment recommendations.Monitor - Describes stocks whose company fundamentals and financials are being monitored, and for which no financial projections or opinions onthe investment merits of the company are provided.
Valuation MethodologyJefferies' methodology for assigning ratings may include the following: market capitalization, maturity, growth/value, volatility and expected totalreturn over the next 12 months. The price targets are based on several methodologies, which may include, but are not restricted to, analyses of marketrisk, growth rate, revenue stream, discounted cash flow (DCF), EBITDA, EPS, cash flow (CF), free cash flow (FCF), EV/EBITDA, P/E, PE/growth, P/CF,P/FCF, premium (discount)/average group EV/EBITDA, premium (discount)/average group P/E, sum of the parts, net asset value, dividend returns,and return on equity (ROE) over the next 12 months.
Conviction List Methodology
1. The aim of the conviction list is to publicise the best individual stock ideas from Jefferies Global Research2. Only stocks with a Buy rating are allowed to be included in the recommended list.3. Stocks are screened for minimum market capitalisation and adequate daily turnover. Furthermore, a valuation, correlation and style screen
is used to ensure a well-diversified portfolio.4. Stocks are sorted to a maximum of 30 stocks with the maximum country exposure at around 50%. Limits are also imposed on a sector basis.5. Once a month, analysts are invited to recommend their best ideas. Analysts’ stock selection can be based on one or more of the following:
non-Consensus investment view, difference in earnings relative to Consensus, valuation methodology, target upside/downside % relativeto the current stock price. These are then assessed against existing holdings to ensure consistency. Stocks that have either reached theirtarget price, been downgraded over the course of the month or where a more suitable candidate has been found are removed.
6. All stocks are inserted at the last closing price and removed at the last closing price. There are no changes to the conviction list duringthe month.
7. Performance is calculated in US dollars on an equally weighted basis and is compared to MSCI World AC US$.8. The conviction list is published once a month whilst global equity markets are closed.9. Transaction fees are not included.
10. All corporate actions are taken into account.
Technology
Software
March 7, 2013
page 12 of 15 , Equity Analyst, (212) 284-4660, [email protected] Schwartz, CFA
Please see important disclosure information on pages 12 - 15 of this report.
Risk which may impede the achievement of our Price TargetThis report was prepared for general circulation and does not provide investment recommendations specific to individual investors. As such, thefinancial instruments discussed in this report may not be suitable for all investors and investors must make their own investment decisions basedupon their specific investment objectives and financial situation utilizing their own financial advisors as they deem necessary. Past performance ofthe financial instruments recommended in this report should not be taken as an indication or guarantee of future results. The price, value of, andincome from, any of the financial instruments mentioned in this report can rise as well as fall and may be affected by changes in economic, financialand political factors. If a financial instrument is denominated in a currency other than the investor's home currency, a change in exchange rates mayadversely affect the price of, value of, or income derived from the financial instrument described in this report. In addition, investors in securities suchas ADRs, whose values are affected by the currency of the underlying security, effectively assume currency risk.
Other Companies Mentioned in This Report• Apple Inc. (AAPL: $425.66, HOLD)• Check Point Software Technologies Ltd. (CHKP: $51.74, BUY)• Cisco Systems, Inc. (CSCO: $21.72, HOLD)• Computer Sciences Corporation (CSC: $49.35, HOLD)• F5 Networks, Inc. (FFIV: $93.11, HOLD)• Facebook, Inc. (FB: $27.45, HOLD)• Fortinet (FTNT: $24.28, HOLD)• Intel Corporation (INTC: $21.75, HOLD)• International Business Machines (IBM: $208.38, HOLD)• Juniper, Inc. (JNPR: $20.12, BUY)• NetScout Systems (NTCT: $26.10, HOLD)• Northrop Grumman Corp. (NOC: $64.96, BUY)• Palo Alto Networks (PANW: $56.38, HOLD)• SAIC, Inc. (SAI: $12.05, BUY)• Sourcefire, Inc. (FIRE: $55.80, HOLD)• Symantec Corp. (SYMC: $24.52, BUY)• TIBCO Software Inc. (TIBX: $23.37, BUY)
Distribution of RatingsIB Serv./Past 12 Mos.
Rating Count Percent Count Percent
BUY 736 46.41% 126 17.12%HOLD 717 45.21% 85 11.85%UNDERPERFORM 133 8.39% 2 1.50%
Other Important Disclosures
Jefferies Equity Research refers to research reports produced by analysts employed by one of the following Jefferies Group LLC (“Jefferies”) groupcompanies:
United States: Jefferies LLC which is an SEC registered firm and a member of FINRA.
United Kingdom: Jefferies International Limited, which is authorized and regulated by the Financial Services Authority; registered in England andWales No. 1978621; registered office: Vintners Place, 68 Upper Thames Street, London EC4V 3BJ; telephone +44 (0)20 7029 8000; facsimile +44 (0)207029 8010.
Hong Kong: Jefferies Hong Kong Limited, which is licensed by the Securities and Futures Commission of Hong Kong with CE number ATS546; locatedat Suite 2201, 22nd Floor, Cheung Kong Center, 2 Queen’s Road Central, Hong Kong.
Singapore: Jefferies Singapore Limited, which is licensed by the Monetary Authority of Singapore; located at 80 Raffles Place #15-20, UOB Plaza 2,Singapore 048624, telephone: +65 6551 3950.
Japan: Jefferies (Japan) Limited, Tokyo Branch, which is a securities company registered by the Financial Services Agency of Japan and is a memberof the Japan Securities Dealers Association; located at Hibiya Marine Bldg, 3F, 1-5-1 Yuraku-cho, Chiyoda-ku, Tokyo 100-0006; telephone +813 52516100; facsimile +813 5251 6101.
India: Jefferies India Private Limited, which is licensed by the Securities and Exchange Board of India as a Merchant Banker (INM000011443) and a StockBroker with Bombay Stock Exchange Limited (INB011438539) and National Stock Exchange of India Limited (INB231438533) in the Capital MarketSegment; located at 42/43, 2 North Avenue, Maker Maxity, Bandra-Kurla Complex, Bandra (East) Mumbai 400 051, India; Tel +91 22 4356 6000.
This material has been prepared by Jefferies employing appropriate expertise, and in the belief that it is fair and not misleading. The information setforth herein was obtained from sources believed to be reliable, but has not been independently verified by Jefferies. Therefore, except for any obligationunder applicable rules we do not guarantee its accuracy. Additional and supporting information is available upon request. Unless prohibited by the
Technology
Software
March 7, 2013
page 13 of 15 , Equity Analyst, (212) 284-4660, [email protected] Schwartz, CFA
Please see important disclosure information on pages 12 - 15 of this report.
provisions of Regulation S of the U.S. Securities Act of 1933, this material is distributed in the United States ("US"), by Jefferies LLC, a US-registeredbroker-dealer, which accepts responsibility for its contents in accordance with the provisions of Rule 15a-6, under the US Securities Exchange Act of1934. Transactions by or on behalf of any US person may only be effected through Jefferies LLC. In the United Kingdom and European EconomicArea this report is issued and/or approved for distribution by Jefferies International Limited and is intended for use only by persons who have, or havebeen assessed as having, suitable professional experience and expertise, or by persons to whom it can be otherwise lawfully distributed. JefferiesInternational Limited has adopted a conflicts management policy in connection with the preparation and publication of research, the details of whichare available upon request in writing to the Compliance Officer. Jefferies International Limited may allow its analysts to undertake private consultancywork. Jefferies International Limited’s conflicts management policy sets out the arrangements Jefferies International Limited employs to manage anypotential conflicts of interest that may arise as a result of such consultancy work. For Canadian investors, this material is intended for use only byprofessional or institutional investors. None of the investments or investment services mentioned or described herein is available to other personsor to anyone in Canada who is not a "Designated Institution" as defined by the Securities Act (Ontario). In Singapore, Jefferies Singapore Limited isregulated by the Monetary Authority of Singapore. For investors in the Republic of Singapore, this material is provided by Jefferies Singapore Limitedpursuant to Regulation 32C of the Financial Advisers Regulations. The material contained in this document is intended solely for accredited, expert orinstitutional investors, as defined under the Securities and Futures Act (Cap. 289 of Singapore). If there are any matters arising from, or in connectionwith this material, please contact Jefferies Singapore Limited, located at 80 Raffles Place #15-20, UOB Plaza 2, Singapore 048624, telephone: +656551 3950. In Japan this material is issued and distributed by Jefferies (Japan) Limited to institutional investors only. In Hong Kong, this report isissued and approved by Jefferies Hong Kong Limited and is intended for use only by professional investors as defined in the Hong Kong Securities andFutures Ordinance and its subsidiary legislation. In the Republic of China (Taiwan), this report should not be distributed. The research in relation tothis report is conducted outside the PRC. This report does not constitute an offer to sell or the solicitation of an offer to buy any securities in the PRC.PRC investors shall have the relevant qualifications to invest in such securities and shall be responsible for obtaining all relevant approvals, licenses,verifications and/or registrations from the relevant governmental authorities themselves. In India this report is made available by Jefferies India PrivateLimited. In Australia this information is issued solely by Jefferies International Limited and is directed solely at wholesale clients within the meaning ofthe Corporations Act 2001 of Australia (the "Act") in connection with their consideration of any investment or investment service that is the subject ofthis document. Any offer or issue that is the subject of this document does not require, and this document is not, a disclosure document or productdisclosure statement within the meaning of the Act. Jefferies International Limited is authorised and regulated by the Financial Services Authorityunder the laws of the United Kingdom, which differ from Australian laws. Jefferies International Limited has obtained relief under Australian Securitiesand Investments Commission Class Order 03/1099, which conditionally exempts it from holding an Australian financial services licence under theAct in respect of the provision of certain financial services to wholesale clients. Recipients of this document in any other jurisdictions should informthemselves about and observe any applicable legal requirements in relation to the receipt of this document.
This report is not an offer or solicitation of an offer to buy or sell any security or derivative instrument, or to make any investment. Any opinion orestimate constitutes the preparer's best judgment as of the date of preparation, and is subject to change without notice. Jefferies assumes no obligationto maintain or update this report based on subsequent information and events. Jefferies, its associates or affiliates, and its respective officers, directors,and employees may have long or short positions in, or may buy or sell any of the securities, derivative instruments or other investments mentioned ordescribed herein, either as agent or as principal for their own account. Upon request Jefferies may provide specialized research products or servicesto certain customers focusing on the prospects for individual covered stocks as compared to other covered stocks over varying time horizons orunder differing market conditions. While the views expressed in these situations may not always be directionally consistent with the long-term viewsexpressed in the analyst's published research, the analyst has a reasonable basis and any inconsistencies can be reasonably explained. This materialdoes not constitute a personal recommendation or take into account the particular investment objectives, financial situations, or needs of individualclients. Clients should consider whether any advice or recommendation in this report is suitable for their particular circumstances and, if appropriate,seek professional advice, including tax advice. The price and value of the investments referred to herein and the income from them may fluctuate. Pastperformance is not a guide to future performance, future returns are not guaranteed, and a loss of original capital may occur. Fluctuations in exchangerates could have adverse effects on the value or price of, or income derived from, certain investments. This report has been prepared independently ofany issuer of securities mentioned herein and not in connection with any proposed offering of securities or as agent of any issuer of securities. Noneof Jefferies, any of its affiliates or its research analysts has any authority whatsoever to make any representations or warranty on behalf of the issuer(s).Jefferies policy prohibits research personnel from disclosing a recommendation, investment rating, or investment thesis for review by an issuer priorto the publication of a research report containing such rating, recommendation or investment thesis. Any comments or statements made herein arethose of the author(s) and may differ from the views of Jefferies.
This report may contain information obtained from third parties, including ratings from credit ratings agencies such as Standard & Poor’s. Reproductionand distribution of third party content in any form is prohibited except with the prior written permission of the related third party. Third party contentproviders do not guarantee the accuracy, completeness, timeliness or availability of any information, including ratings, and are not responsible forany errors or omissions (negligent or otherwise), regardless of the cause, or for the results obtained from the use of such content. Third party contentproviders give no express or implied warranties, including, but not limited to, any warranties of merchantability or fitness for a particular purpose oruse. Third party content providers shall not be liable for any direct, indirect, incidental, exemplary, compensatory, punitive, special or consequentialdamages, costs, expenses, legal fees, or losses (including lost income or profits and opportunity costs) in connection with any use of their content,including ratings. Credit ratings are statements of opinions and are not statements of fact or recommendations to purchase, hold or sell securities. Theydo not address the suitability of securities or the suitability of securities for investment purposes, and should not be relied on as investment advice.
Jefferies research reports are disseminated and available primarily electronically, and, in some cases, in printed form. Electronic research issimultaneously available to all clients. This report or any portion hereof may not be reprinted, sold or redistributed without the written consent ofJefferies. Neither Jefferies nor any officer nor employee of Jefferies accepts any liability whatsoever for any direct, indirect or consequential damagesor losses arising from any use of this report or its contents.
For Important Disclosure information, please visit our website at https://javatar.bluematrix.com/sellside/Disclosures.action or call 1.888.JEFFERIES
Technology
Software
March 7, 2013
page 14 of 15 , Equity Analyst, (212) 284-4660, [email protected] Schwartz, CFA
Please see important disclosure information on pages 12 - 15 of this report.
© 2013 Jefferies Group LLC
Technology
Software
March 7, 2013
page 15 of 15 , Equity Analyst, (212) 284-4660, [email protected] Schwartz, CFA
Please see important disclosure information on pages 12 - 15 of this report.