Recently I wrote about the risk of cyber crime on the investment scene in Caveat Emptor. The article emphasizes the need to mitigate the risk of cyber security in your portfolio. To do this, I suggest reviewing company's published statistics on the cost of online crime. I also suggest gaining an understanding of the broad risk that the cyber crime iceberg has placed in the path of our markets, and to begin to adjust your investment targets accordingly.

Cyber security service offerings have grown over the last several years, so I will focus this article on two interesting plays in this market that help you take advantage of the continuing growth in this sector. By investing in security companies, you are taking part in a bull market that I believe has a long life cycle ahead. 

Security Company Long Play

The young company I recommend watching is Imperva (IMPV). Imperva focuses on delivering data center focused security solutions including distributed denial of service (DDoS), web application hacking, and cloud based security. Described by the company as the new 'third pillar' of security, Imperva is focusing their product portfolio on distributed data risk. That is all of the data that the end users download, massage, transmit, and store online and in the cloud. This data can be crucial company intellectual property and may also include protected classes of consumer information that are required by varying regulatory bodies to be secured.

Back in the days of mainframes, all data usage was centrally controlled. Now; however, data is moved around corporate networks by the terabyte to accommodate the new speed of business. Protecting a static database solution is easy, but protecting information moving outside of core servers is much more difficult. As a result, most information security departments have struggled with solutions to secure data across company technology assets. Imperva's solutions, Incapsula and Skyfence, were designed with this specific objective in mind. I believe this represents a sea change in the approach of securing critical corporate and consumer data. 

Skyfence focuses on finding those cloud applications users are using without the IT team's knowledge. The application tracks usage by existing system logs and even provides statistics on amount of usage. Not only does this provide management data on what services are being used, it can begin to map for companies how much of their private information is leaving the company campus for other datacenters.

Data that is not secured by contract with third parties represents risk not previously captured in existing corporate estimates. Products like Skyfence will shine a light on just how much private information has been disclosed, and to whom, while allowing information security personnel to prevent data loss using new automated systems. 

Incapsula provides DDoS protection and web application security. By mitigating the effects of DDoS, companies can ensure systems, products, and sales availability. DDoS protection has become a business continuity requirement for most companies due to the damaging affects lost sales and system downtime has affected online transactions.

Web application security covers the risk of direct attacks on datacenters through web-facing applications such as customer web portals and user applications. Existing web application security includes expensive internal penetration testing and software patch procedures that take time to implement, leaving vulnerabilities I have seen that can expose critical data open often as long as 180 days or more. Proactive web application protection such as what Incapsula provides allow administrators to shield these vulnerabilities now while they are being fixed. 

The reason I am excited about Imperva is because they are operating on the new security model based on the latest cyber crime trends. Traditional security employed at most companies does not typically address trends well, and is woefully inadequate to deal with the current cyber threat landscape. For that reason, the innovative solutions provided by companies like Imperva will drive the new security product market. Look for strong long term growth as the company eventually grows into profits. The balance sheet is fine and investors should line up to fund this company's operations as long as they continue positive sales. 

Security ETF Pure Play

Many investors, such as myself, have been waiting for a pure play security ETF to hit the market. This November, the PureFunds ISE Cyber Security ETF (HACK) was introduced. Early market volume shows a lot of interest in the fund, and I expect that the continued deluge of cyber crime news stories will continue to drive trading on this ETF higher over time. HACK is based upon the  ISE Cyber SecurityTM Index , which has had tremendous growth since 2011. The immediate and medium term interest in the index and fund look very bullish. 

The fund invests in companies whose primary role is cyber security. The funds are adjusted so that no fund is over 20% of holdings and no group of heavyweights is over 50%. Therefore, the fund broadly addresses the security solutions market. 

The top ten funds include well-known security players such as Symantec (SYMC), Barracuda (CUDA), Splunk (SPLK), Palo Alto (PANW), and Qualys (QLYS). The fund also includes many smaller funds such as Imperva and Intralinks. Security sector coverage is shown in the next figure. 

My belief is that the IT Consulting and Services sector will experience sharp growth due to the need for security awareness, education, and customized services most companies are seeking. Increasing regulatory requirements alone are driving growth in custom implemented security services.

Communications equipment will also experience strong growth as more complex security logging and monitoring solutions are pushed down to the lower layers of the network stack. End to end network encryption solutions, such as those that are currently being discussed for point of sale terminals and online credit card transactions, will require updated devices capable of handling additional processing power needed to encrypt and decrypt network packet data as it moves across the Internet.

I will continue in future articles to discuss security investment options and trends that the keen investor should be aware of. The cyber security industry offers potential out-sized returns as a growth investment. In addition, I believe many security companies are just scratching the surface of their potential profits, making the security sector a big value play at the same time. Such is the nature of long-term bull market opportunities.