Zscaler, Inc. (ZS) went public on March 2018. According to its website it is the leading and by Gartner considered the most innovative company in cloud security. It is revolutionizing Internet security with the industry’s first Security as a Service Platform in the $35 billion security market. Zscaler is used by more than 5,000 leading organizations, including 50 of the Fortune 500, protecting more than 15 million users worldwide against cyber-attacks and data breaches. Jay Chaudhry, CEO, and ZS also claim that these 5000+ organizations depend on ZS to process 35 billion transactions each day, detecting an average of 125 million threats.
ZS states it “delivers a safe and productive Internet experience for every user, from any device or location – 100% in the cloud. Zscaler delivers unified, carrier-grade internet security, next generation firewall, web security, sandboxing/advanced persistent threat (APT) protection, data loss prevention, SSL inspection, traffic shaping, policy management and threat intelligence – all without the need for on-premises hardware, appliances or software.” Zscaler has been a Gartner Magic Quadrant leader for Secure Web Gateways for seven consecutive years but note that Symantec, who acquired Blue Coat Systems in June of 2016, is also listed in that very same quadrant. Besides Gartner’s praise, ZS has accumulated numerous accolades over the ten years it has been in business. Reviewing what little information is available online and what has been posted so far on this board, it appears that the company’s future looks perfectly rosy.
No wonder the FedRAMP authorization was greeted with quite a bit of enthusiasm on this board. To put it in perspective, CreditSuisse had this to say back in April of this year: “FedRAMP Offers an Incremental Growth Vector: Following respective FedRAMP certifications, federal business was an incremental growth driver for many growth companies, such as ServiceNow and salesforce.com. Specific to Zscaler, we estimate that with some 9.1m employees of the federal government, the total addressable opportunity is in the region of $400-500m annually (assuming a conservative 50% volume discount). We believe federal contracts represent a de minims percentage of ZS’s Billings” – i.e. FedRAMP’s contribution to billings and revenue will be minimal.
Here are several headwinds that face the company, most important of all two Patent Infringement Lawsuits filed by Symantec in US Federal District Court for the District of Delaware and listed in the 10Q for period ending April 30, 2018, p. 47, Legal Proceedings. Symantec by selling Veritas information management and acquiring Blue Coat Systems in June of 2016, has become a pure cybersecurity company in direct competition with ZS. The following lawsuits will definitely bear watching:
1. First Patent Infringement Lawsuit filed by Symantec in US Federal District Court for the District of Delaware on December 12, 2016. The lawsuit asserts that Zscaler products violate seven of Symantec’s patents across a variety of network security technologies including web security, data loss prevention, threat prevention, access control and antivirus techniques. In more detail, Symantec says that the Zscaler Enforcement Node or “ZEN” component infringes one or more of the Patents-in-Suit, as described here:
• U.S. Patent No. 6,279,113, titled “Dynamic Signature Inspection-Based Network Intrusion Detection,” issued by the United States Patent and Trademark Office (“USPTO”) on August 21, 2001.
• U.S. Patent No. 7,203,959, titled “Stream Scanning Through Network Proxy Servers,” was issued by the USPTO on April 10, 2007.
• U.S. Patent No. 7,246,227, titled “Efficient Scanning of Stream Based Data,” was issued by the USPTO on July 17, 2007.
• U.S. Patent No. 7,392,543, titled “Signature Extraction System and Method,” issued by the USPTO on June 24, 2008.
• U.S. Patent No. 7,735,116 (“the ’116 Patent”), titled “System and Method for Unified Threat Management With a Relational Rules Methodology,” issued by the USPTO on June 8, 2010.
• U.S. Patent No. 8,181,036, titled “Extrusion Detection of Obfuscated Content,” issued by the USPTO on May 15, 2012.
• U.S. Patent No. 8,661,498, titled “Secure and Scalable Detection of Preselected Data Embedded In Electronically Transmitted Messages,” issued by the USPTO on February 25, 2014.
2. Second Patent Infringement Lawsuit filed by Symantec on April 18, 2018
According to Symantec, “[t]he lawsuit filed today asserts that Zscaler has been illegally using Symantec’s patented technology relating to a variety of network security technologies, including web security, security scanning, data loss prevention, intrusion prevention and intrusion signature analysis. The seven patents asserted in the lawsuit filed today predate the formation of Zscaler and include six patents that were obtained through Symantec’s
acquisition of web security market leader Blue Coat Systems. This lawsuit is based on U.S. Patent Nos. 6,285,658; 7,360,249; 7,587,488; 8,316,429; 8,316,446; 8,402,540; and 9,525,696: http://investor.symantec.com/About/Investors/press-releases/…
On June 22, 2017, Symantec filed a notice of voluntary dismissal of its complaint in Symantec Case 2 along with a new complaint alleging infringement of the same patents and adding Symantec Limited as a plaintiff and alleging willful infringement of the ’429 and ’446 patents, see complaint https://www.courtlistener.com/recap/gov.uscourts.cand.315216….
On May 21, 2018, Symantec filed an amended complaint adding allegations of willful infringement of all of the asserted patents in Symantec Case 2. We believe our technology does not infringe Symantec’s asserted patents and that Symantec’s patents are invalid. We have filed a motion to dismiss the ’658, ’429, ’446 and ’488 patents as invalid based on unpatentable subject matter. The Markman claim construction hearing for Symantec Case 2 is scheduled for March 19, 2019.
Note that the court granted ZS’ motion to transfer Symantec Case 2 from the District of Delaware to the Northern District of California on July 31, 2017. Common sense prevailed as this opening sentence of Judge J. Kearny shows: “A technology company travelled approximately 2,900 miles to sue another technology company headquartered seven miles away from it in Northern California over disputed patent rights.” For the full memoradum, see https://www.courtlistener.com/recap/gov.uscourts.cand.315216…. Symantec (SYMC) must have time and money to waste and the relative financial burden is much higher Zscaler less than half its size.
After the first Symantec lawsuit the UK Register in an article entitled “Symantec sets legal wolves upon Zscaler,” dryly noted that already in December 2016, “[a]according to the US Public Access to Court Electronic Records website, Symantec is and has been involved in a total of 443 lawsuits” not counting the one against ZS! And that the announcement was accompanied by the usual canned quote, typical of such cases, given by Symantec’s general counsel about obligation to their customers and shareholders and their need to valiantly defend their intellectual property, etc. It seems I am not the only one befuddled by our litigious society of this yet another David vs. Goliath story. Remember Cisco vs. Arista Networks (ANET)? For a list of Delaware filed complaints and motions, see https://www.courtlistener.com/recap/gov.uscourts.cand.315216….
3. On December 5, 2017, Finjan (FNJN), who holds several patents in behavior-based content security analysis, filed a complaint in the U.S. District Court for the Northern District of California alleging that Zscaler’s “Internet Access Bundles,” “Private Access Bundle,” “Zscaler Enforcement Node,” “Secure Web Gateway,” “Cloud Firewall," “Cloud Sandbox” and “Cloud Architecture products and services” infringe U.S. Patent Nos. 6,804,780, 7,647,633, 8,677,494 and 7,975,305. For information on the company, see https://www.finjan.com, https://en.wikipedia.org/wiki/Finjan. I am clueless as to the merit of any of these legal wranglings.
Besides checking on possible legal woes, I have been checking customer ratings available on Gartner and have some concerns about Zscaler’s service and customer support. Gartner lists 15 vendors under Secure Web Gateways and their customer ratings, https://www.gartner.com/reviews/market/secure-web-gateways. You can check individual companies or compare one against another. Gartner also lists the range of size of the rating companies.
From my experience with Amazon and other customer rating services, the fewer the ratings the less I trust a 4* or 5* rating. ZS gets 4.2* out of 5* based on 55 reviews. The rating consists of Evaluation & Contracting; Integration & Deployment; Product Capabilities; and Service & Support.
Here is the rating distribution: 5 Stars 40% (I consider this rather low) 4 Stars 45% 3 Stars 5% 2 Stars 9% 1 Stars 0%
I’ve read a number of evaluations. For Zscaler, most common low grade was given for service & support. One smaller company gave 4* for all except service but rated the total experience 2* and would not recommend the service. It seems low quality phone support via India and misunderstandings really upset that customer. I’ve had the same problem with my bank (one of the TBTF) and closed my account after a number of unnecessary delays and fiascos. Another hitch in the service it seems is the speed and service customers get from their internet service provider. If a customer gets dial-up speeds or dropped connections, ZS performance will be negatively affected as one of the customers points out. Poor or meager documentation was a complaint by some of the bigger companies but overall 77% would recommend Zscaler.
Here is how ZS compares to some of the other listed companies:
**Company Stars out of 5 No. of Reviews Would recomend ** **Zscaler 4.2 55 77%** **Symantec 4.3 115 74%** **Cisco 4.5 83 86%** **Forcepoint 4.0 91 70%** **McAfee 4.3 49 83%** **Barracuda Networks 4.3 32 86%**
Of the companies I checked, Cisco apparently has the highest customer satisfaction. Most of their customers rate Service & support 4* or 5*. I haven’t checked the breakdown of Barracuda Networks, a company that partners with ZS to deliver cloud security. 86%, the highest number attained by any company, would recommend Barracuda.
In summary, there are several developments to watch:
1. Three lawsuits pending against ZS
2. Competition of well-capitalized big companies like Cisco and Symantec
3. IaaS companies like Amazon, Microsoft, and Google that now partnering with ZS developing their own in house security, thereby becoming direct competition and impairing ZS’ long term growth. On the other hand, with increasing cloud use and need for security, VS, still relatively small, could become an acquisition target.
4. Customer Service and Support. In my view, Zscaler will need to improve their customer service and support, especially important for small companies who do not have the technical staff to trouble shoot and they do not get the discount a large company or government entity undoubtedly gets. I haven’t seen a breakdown of their billing but have a feeling ZS will aim for the big corporations. However, there are a bunch of small security companies on the horizon, some of them with high ratings.
I believe that ZS will do well in the near future and probably beat earnings expectations. Cloud Services (Software, Infrastructure, Platforms and Mobility as a Service) will expand and be adopted in the forseeable future, increasing the need for cloud security.