Zscaler - a second look

Zscaler, Inc. (ZS) went public on March 2018. According to its website it is the leading and by Gartner considered the most innovative company in cloud security. It is revolutionizing Internet security with the industry’s first Security as a Service Platform in the $35 billion security market. Zscaler is used by more than 5,000 leading organizations, including 50 of the Fortune 500, protecting more than 15 million users worldwide against cyber-attacks and data breaches. Jay Chaudhry, CEO, and ZS also claim that these 5000+ organizations depend on ZS to process 35 billion transactions each day, detecting an average of 125 million threats.

ZS states it “delivers a safe and productive Internet experience for every user, from any device or location – 100% in the cloud. Zscaler delivers unified, carrier-grade internet security, next generation firewall, web security, sandboxing/advanced persistent threat (APT) protection, data loss prevention, SSL inspection, traffic shaping, policy management and threat intelligence – all without the need for on-premises hardware, appliances or software.” Zscaler has been a Gartner Magic Quadrant leader for Secure Web Gateways for seven consecutive years but note that Symantec, who acquired Blue Coat Systems in June of 2016, is also listed in that very same quadrant. Besides Gartner’s praise, ZS has accumulated numerous accolades over the ten years it has been in business. Reviewing what little information is available online and what has been posted so far on this board, it appears that the company’s future looks perfectly rosy.

No wonder the FedRAMP authorization was greeted with quite a bit of enthusiasm on this board. To put it in perspective, CreditSuisse had this to say back in April of this year: “FedRAMP Offers an Incremental Growth Vector: Following respective FedRAMP certifications, federal business was an incremental growth driver for many growth companies, such as ServiceNow and salesforce.com. Specific to Zscaler, we estimate that with some 9.1m employees of the federal government, the total addressable opportunity is in the region of $400-500m annually (assuming a conservative 50% volume discount). We believe federal contracts represent a de minims percentage of ZS’s Billings” – i.e. FedRAMP’s contribution to billings and revenue will be minimal.

Here are several headwinds that face the company, most important of all two Patent Infringement Lawsuits filed by Symantec in US Federal District Court for the District of Delaware and listed in the 10Q for period ending April 30, 2018, p. 47, Legal Proceedings. Symantec by selling Veritas information management and acquiring Blue Coat Systems in June of 2016, has become a pure cybersecurity company in direct competition with ZS. The following lawsuits will definitely bear watching:

1. First Patent Infringement Lawsuit filed by Symantec in US Federal District Court for the District of Delaware on December 12, 2016. The lawsuit asserts that Zscaler products violate seven of Symantec’s patents across a variety of network security technologies including web security, data loss prevention, threat prevention, access control and antivirus techniques. In more detail, Symantec says that the Zscaler Enforcement Node or “ZEN” component infringes one or more of the Patents-in-Suit, as described here:

• U.S. Patent No. 6,279,113, titled “Dynamic Signature Inspection-Based Network Intrusion Detection,” issued by the United States Patent and Trademark Office (“USPTO”) on August 21, 2001.
• U.S. Patent No. 7,203,959, titled “Stream Scanning Through Network Proxy Servers,” was issued by the USPTO on April 10, 2007.
• U.S. Patent No. 7,246,227, titled “Efficient Scanning of Stream Based Data,” was issued by the USPTO on July 17, 2007.
• U.S. Patent No. 7,392,543, titled “Signature Extraction System and Method,” issued by the USPTO on June 24, 2008.
• U.S. Patent No. 7,735,116 (“the ’116 Patent”), titled “System and Method for Unified Threat Management With a Relational Rules Methodology,” issued by the USPTO on June 8, 2010.
• U.S. Patent No. 8,181,036, titled “Extrusion Detection of Obfuscated Content,” issued by the USPTO on May 15, 2012.
• U.S. Patent No. 8,661,498, titled “Secure and Scalable Detection of Preselected Data Embedded In Electronically Transmitted Messages,” issued by the USPTO on February 25, 2014.

2. Second Patent Infringement Lawsuit filed by Symantec on April 18, 2018
According to Symantec, “[t]he lawsuit filed today asserts that Zscaler has been illegally using Symantec’s patented technology relating to a variety of network security technologies, including web security, security scanning, data loss prevention, intrusion prevention and intrusion signature analysis. The seven patents asserted in the lawsuit filed today predate the formation of Zscaler and include six patents that were obtained through Symantec’s
acquisition of web security market leader Blue Coat Systems. This lawsuit is based on U.S. Patent Nos. 6,285,658; 7,360,249; 7,587,488; 8,316,429; 8,316,446; 8,402,540; and 9,525,696: http://investor.symantec.com/About/Investors/press-releases/…

On June 22, 2017, Symantec filed a notice of voluntary dismissal of its complaint in Symantec Case 2 along with a new complaint alleging infringement of the same patents and adding Symantec Limited as a plaintiff and alleging willful infringement of the ’429 and ’446 patents, see complaint https://www.courtlistener.com/recap/gov.uscourts.cand.315216….

On May 21, 2018, Symantec filed an amended complaint adding allegations of willful infringement of all of the asserted patents in Symantec Case 2. We believe our technology does not infringe Symantec’s asserted patents and that Symantec’s patents are invalid. We have filed a motion to dismiss the ’658, ’429, ’446 and ’488 patents as invalid based on unpatentable subject matter. The Markman claim construction hearing for Symantec Case 2 is scheduled for March 19, 2019.

Note that the court granted ZS’ motion to transfer Symantec Case 2 from the District of Delaware to the Northern District of California on July 31, 2017. Common sense prevailed as this opening sentence of Judge J. Kearny shows: “A technology company travelled approximately 2,900 miles to sue another technology company headquartered seven miles away from it in Northern California over disputed patent rights.” For the full memoradum, see https://www.courtlistener.com/recap/gov.uscourts.cand.315216…. Symantec (SYMC) must have time and money to waste and the relative financial burden is much higher Zscaler less than half its size.

After the first Symantec lawsuit the UK Register in an article entitled “Symantec sets legal wolves upon Zscaler,” dryly noted that already in December 2016, “[a]according to the US Public Access to Court Electronic Records website, Symantec is and has been involved in a total of 443 lawsuits” not counting the one against ZS! And that the announcement was accompanied by the usual canned quote, typical of such cases, given by Symantec’s general counsel about obligation to their customers and shareholders and their need to valiantly defend their intellectual property, etc. It seems I am not the only one befuddled by our litigious society of this yet another David vs. Goliath story. Remember Cisco vs. Arista Networks (ANET)? For a list of Delaware filed complaints and motions, see https://www.courtlistener.com/recap/gov.uscourts.cand.315216….

3. On December 5, 2017, Finjan (FNJN), who holds several patents in behavior-based content security analysis, filed a complaint in the U.S. District Court for the Northern District of California alleging that Zscaler’s “Internet Access Bundles,” “Private Access Bundle,” “Zscaler Enforcement Node,” “Secure Web Gateway,” “Cloud Firewall," “Cloud Sandbox” and “Cloud Architecture products and services” infringe U.S. Patent Nos. 6,804,780, 7,647,633, 8,677,494 and 7,975,305. For information on the company, see https://www.finjan.com, https://en.wikipedia.org/wiki/Finjan. I am clueless as to the merit of any of these legal wranglings.

Besides checking on possible legal woes, I have been checking customer ratings available on Gartner and have some concerns about Zscaler’s service and customer support. Gartner lists 15 vendors under Secure Web Gateways and their customer ratings, https://www.gartner.com/reviews/market/secure-web-gateways. You can check individual companies or compare one against another. Gartner also lists the range of size of the rating companies.

From my experience with Amazon and other customer rating services, the fewer the ratings the less I trust a 4* or 5* rating. ZS gets 4.2* out of 5* based on 55 reviews. The rating consists of Evaluation & Contracting; Integration & Deployment; Product Capabilities; and Service & Support.

Here is the rating distribution:
5 Stars      40%  (I consider this rather low)
4 Stars      45%
3 Stars       5%
2 Stars       9%
1 Stars       0%

I’ve read a number of evaluations. For Zscaler, most common low grade was given for service & support. One smaller company gave 4* for all except service but rated the total experience 2* and would not recommend the service. It seems low quality phone support via India and misunderstandings really upset that customer. I’ve had the same problem with my bank (one of the TBTF) and closed my account after a number of unnecessary delays and fiascos. Another hitch in the service it seems is the speed and service customers get from their internet service provider. If a customer gets dial-up speeds or dropped connections, ZS performance will be negatively affected as one of the customers points out. Poor or meager documentation was a complaint by some of the bigger companies but overall 77% would recommend Zscaler.

Here is how ZS compares to some of the other listed companies:

**Company           Stars out of 5   No. of Reviews       Would recomend **
**Zscaler 	     4.2	      55	            77%**
**Symantec 	     4.3	     115       	            74%**
**Cisco  	             4.5	      83	            86%** 
**Forcepoint 	     4.0	      91	            70%**
**McAfee 	             4.3	      49   	            83%**
**Barracuda Networks   4.3	      32	            86%**

Of the companies I checked, Cisco apparently has the highest customer satisfaction. Most of their customers rate Service & support 4* or 5*. I haven’t checked the breakdown of Barracuda Networks, a company that partners with ZS to deliver cloud security. 86%, the highest number attained by any company, would recommend Barracuda.

In summary, there are several developments to watch:
1. Three lawsuits pending against ZS
2. Competition of well-capitalized big companies like Cisco and Symantec

3. IaaS companies like Amazon, Microsoft, and Google that now partnering with ZS developing their own in house security, thereby becoming direct competition and impairing ZS’ long term growth. On the other hand, with increasing cloud use and need for security, VS, still relatively small, could become an acquisition target.

4. Customer Service and Support. In my view, Zscaler will need to improve their customer service and support, especially important for small companies who do not have the technical staff to trouble shoot and they do not get the discount a large company or government entity undoubtedly gets. I haven’t seen a breakdown of their billing but have a feeling ZS will aim for the big corporations. However, there are a bunch of small security companies on the horizon, some of them with high ratings.

I believe that ZS will do well in the near future and probably beat earnings expectations. Cloud Services (Software, Infrastructure, Platforms and Mobility as a Service) will expand and be adopted in the forseeable future, increasing the need for cloud security.




That’s a lot of useful information.

I’m not currently invested in ZS. I have look at the company a little bit but haven’t done a deep dive. My main reason for not investing is the high valuation.

The last available results are from 4/30/2018. Here’s what I considered in my calculations for the valuation:

The company is not profitable so I am using an EV/Sales ratio as a starting point. To get the market cap, I made a big adjustment to the share count that was reported in the last earnings release. The release reports the weighted average share count, but since ZS went public in March 2018 the weight average in this last quarter makes the share count look artificially low. Why would you count the cash that they received from the IPO and back it out without factoring in all the shares that they issued? So I used 115 million shares instead of the reported number of 73.8 million. This makes a huge difference. This adjustment makes the market cap 55% higher! After backing out the net cash, I get an EV of $5109 - 287M = $4822M

TTM revenue was $171M so the EV/Sales ratio is a nose bleeding 28.3!!! With a TTM full year revenue growth rate of 51%, the future EV/Sales ratio (assuming the same growth rate) will be 18.7. The gross margins are 81% which is great. I’ll mention some intangibles below, but unless someone can convince me that the growth rate will be more like 80-90% a simply can’t hold my nose and pull the trigger. Is this government business going to juice their growth rate? By how much?

From what I’ve read on this board, ZS seems to have a great competitive position and a security solutions that’s being rapidly adopted. I like that they already have 5000+ customers (good traction in the market) and I like that they have only penetrated 10% of the S&P500 companies (room to grow).

However, I look at a company like AYX which has higher margins (90% vs 81%), a slightly higher growth rate (53% vs 51%), a very strong competitive position (essentially no competition according to management), and a MUCH lower EV/Sales (19.8 vs 28.3), how can I not STRONGLY prefer a company like AYX to ZS. ZS’s EV/Sales ratio in a year will be where AYX’s is today.

Is there any strong evidence that ZS’s revenue growth will go up dramatically?