CyberArk, known for its privileged access management (PAM) capabilities, has been expanding into other aspects of identity security to extend its reach in the broader identity and access management (IAM) market.

Speaking to Computer Weekly during a accurate trip to Singapore, Matt Cohen, CEO of CyberArk, said the company’s business has been growing exponentially outside of PAM, in areas such as access and secrets management, endpoint privilege management (EPM) and, more lately, cloud security.

CyberArk takes a unique view around IAM – that is, to bring privileged controls to IAM capabilities such as single sign-on (SSO) and multifactor authentication (MFA). For example, it has capabilities to enable session management, isolation and step-up authentication to make single sign-on more secure, Cohen said.

“Our message across the board is if you bring a security-first mindset to the entire identity security landscape, then ultimately, we can differentiate our platform versus other providers in the market,” he added.

The IAM market is dotted with multiple suppliers, including Okta, Ping Identity, ForgeRock, SailPoint and Microsoft, each with strongholds in certain industries, use cases, market segments and deployment models.

Elaborating on CyberArk’s competitive edge in PAM, Cohen said privileged access was built on the idea that identities need to be secured, not managed.

“If you look at what Okta does, they manage identities from the perspective of making access more seamless. They were never a security company to begin with. They’re coming from a place of streamlining productivity and operations. And now, they’re trying to move into IGA [identity governance and administration] and PAM, but in PAM, they’re coming from operational efficiency into security,” he added.

Amid the identity sprawl, with users having to use multiple accounts and identities managed by different systems, Cohen noted that organisations would want to work with a provider that understands privilege controls and helps them to apply the controls to their workforce. “That has allowed our growth to accelerate.”

IGA specialist SailPoint has been tackling the identity sprawl problem too, but Cohen does not view them as a competitor. “They’re big on IGA and they’re still our largest go-to-market partner in the space. We do more of what we call modern IGA, around light workflows, identity compliance and lifecycle management, and if somebody wants to go big on governance, we’ll point them to SailPoint.”

On Microsoft, Cohen claimed that while the software giant is a formidable player in cyber security, its PAM solutions don’t “go deep enough into core security controls”.

“They recently came out with a very light version of EPM, which is one of our core growth areas. I was happy when that happened because, for us, the biggest problem we have with EPM is awareness, and now Microsoft comes in and makes everybody aware that you should be implementing least privileges on the endpoint.

“But in a bake-off against Microsoft, we can still win in the POC [proof-of-concept] and the technology side for core enterprise security controls,” he said.

CyberArk currently has 8,000 customers worldwide – some 2,000 of them are using its Privilege Cloud while 5,000 customers, particularly those in regulated industries like financial services and government, are using its on-premise PAM offering.

Cohen said on-premise customers could also be using CyberArk’s cloud offerings, “because they understand that even if they want their [PAM] vault on-premise, they’re okay with consuming a service for other solutions”.

These include capabilities to secure cloud-native services through zero-standing privileges, a term coined by Gartner in 2019. “The idea is that the account should be set up with no privileges, but when I need to use the services, I will apply privileges just for that instance,” said Cohen.

“The minute I’m done using that, it goes back to a zero-standing privileged account. So, if someone steals that credential, there are no privileges associated with it when it’s not in use. That’s a much more secure way to manage controls in cloud environments,” he explained.

Even as CyberArk is broadening its IAM capabilities, Cohen said there are no plans to go into the business-to-consumer (B2C) market. “Our solutions are best equipped for the enterprise, and even on the CIAM [customer IAM] side of the of the business, our access technology is very strong in the B2B [business-to-business] space.”

Cohen said the company had seen over 40% growth in annual recurring revenue over the past several years and has been able to drive “expansive revenue growth over the last several quarters as we came out of the subscription transition”.

Shares of CyberArk Software Ltd. jumped more than 12% today after the company posted quarterly results that topped both its guidance and the consensus analyst estimate.

CyberArk makes software that helps enterprises manage employee access to their applications. Using the company’s tools, an organization can provide single sign-on and multifactor authentication features for its workers. CyberArk’s software can also be used to process login requests from other users such as a supplier’s employees. 

The software maker’s other major focus is application secrets management. In software development, secrets are sensitive pieces of data such as encryption keys that help power an application’s security features. CyberArk offers a platform that companies can use to store encryption keys and related files. 

CyberArk’s revenue increased 24% year-over-year, to $175.8 million, in the second quarter ended June 30. The consensus analyst estimate forecasted $173.44 million. CyberArk also managed to top the high end of its own guidance by about $1 million.

“We had a great quarter, beating our guidance across all metrics, which demonstrates the momentum in our business and the durability of demand for our identity security platform,” said Chief Executive Officer Matt Cohen. “We had a strong new business quarter and existing customers expanded across our identity security platform.”

The company’s sales growth was driven by its core subscription software business. Like other enterprise software makers, CyberArk has spent the past few years shifting from selling licenses to a business model that emphasizes recurring revenue. That shift is now largely complete. 

The company’s subscription revenue surged 61% year-over-year in the second quarter, to $106.2 million. Revenue from perpetual licenses, meanwhile, declined by more than 50%. License deals generated $5.1 million in revenue for CyberArk during the second quarter. 

The company’s third major revenue source is its maintenance and professional services group. The group helps customers maintain their CyberArk software deployments and also provides cybersecurity advisory services. The unit’s revenues declined slightly, to $64.6 million, in the second quarter.

Thanks to the fast growth of its core subscription business, CyberArk generated an unexpected profit. The company ended the quarter with an adjusted net income of $1.3 million. That amounts to adjusted earnings of three cents per share, well ahead of the-12 cent loss analysts had anticipated.

For the full fiscal year, it’s forecasting revenue of $726 million to $736 million. Adjusted earnings per share, in turn, are projected to range between 16 and 38 cents per share. Both forecasts are in line with analyst expectations.

CyberArk also provides an ARR, or annualized recurring revenue, projection as part of its full-year guidance. The company raised its projection by $5 million in conjunction with the release of today’s earnings report. It’s now expecting ARR of $735 million to $745 million. 

Photo: Train825/Wikimedia Commons

CyberArk’s (NASDAQ:CYBR) second quarter results were robust, with the subscription business performing particularly well and the company’s business model transition beginning to mature. While the stock appears to be priced broadly in line with the market, the company’s consistent growth and improving margins could continue to support the stock going forward. There are signs that demand is softening, though, which is unlikely to be priced into the stock at this point.

Market

Market conditions for software companies and cybersecurity vendors remain highly uncertain. Amazon's (AMZN) accurate results suggest that the worst of cloud spending optimization efforts has now passed, but individual software company results are highly idiosyncratic. Fortinet’s (FTNT) poor second quarter earnings has created uncertainty about the strength of cybersecurity spending, but increasingly this appears to be a hardware related issue. Software vendors have generally reported solid results so far in the second quarter, and most management teams have suggested that the demand environment has stabilized.

Despite this, CyberArk still appears to be selling into a tough environment, with increased deal scrutiny and longer approval cycles. CyberArk has suggested that its go-to-market teams have adapted to this environment, which has enabled the company to continue landing new customers and expanding within existing customers. CyberArk has also suggested that identity security is critical for customers and that its importance is only increasing. For example, in CyberArk’s accurate Identity Security Threat Landscape Report, every organization surveyed expected an identity related compromise in the year ahead.

CyberArk

Identity is an integral part of the modern approach to security, which gives CyberArk a large opportunity going forward. CyberArk is a leader within Privileged Access Management, and its main threat at this point may be the expansion of platforms in adjacent verticals. CyberArk believes it is differentiated by its ability to secure all identities across all environments using intelligent privileged controls. While companies like HashiCorp (HCP) and Okta (OKTA) have introduced or are planning on introducing competing solutions, CyberArk believes that the competitive landscape hasn’t changed across its portfolio.

CyberArk is supporting its competitive position through the introduction of new solutions, which broaden and further differentiate its platform. accurate product introductions include Secure Cloud Access, Secure Browser and a range of AI solutions. Secure Cloud Access provides secure native access with zero standing privileges across multi-cloud environments. CyberArk Secure Browser is a Chromium-based web browser that supports enterprise Zero Trust initiatives. It offers integrated security and centralized policy management, with features including cookieless browsing, data exfiltration protection and a password replacement solution.

CyberArk's investments in AI are aimed at making it easier to apply intelligent privilege controls to all identities. CyberArk’s Identity Security platform contextually authenticates identities and dynamically authorizes the least amount of privilege required. For example, AI-enabled policy creation automation processes endpoint data to automatically adjust policies and reduce risk. While I generally do not believe AI will create a sustainable competitive advantage for most companies, cybersecurity could be different. Data relevant to cybersecurity has velocity, variety and volume, and large vendors can directly leverage this data to Boost solutions which are critical to customers. As companies like CyberArk continue to grow and broaden their product portfolios, scale and access to data is likely to be an important differentiator.

Sales also appears to be a focus area for CyberArk at the moment, with the company extending its reach through the channel and building out its customer success organization. According to a accurate Gartner report, something like 30-40% of cybersecurity spend will move to MSPs in the next three years. As a result, MSPs are a key part of CyberArk’s growth strategy. CyberArk is gaining traction with companies like GuidePoint, which has contributed to key wins and is helping CyberArk reach new customer segments.

Financial Analysis

CyberArk’s revenue increased by 24% YoY in the second quarter, which is only a modest deceleration from growth in the first quarter and is fairly consistent with growth over the past year. Given the uncertain macro environment, consistent performance is being given a premium at the moment, and CyberArk is performing well in this regard. Subscription revenue grew 61% YoY in the second quarter and subscriptions accounted for 95% of bookings. CyberArk’s ARR increased 40% YoY in the second quarter, and the subscription portion of ARR grew 77%.

Strength is reportedly fairly broad based across CyberArk’s portfolio, with Privilege Cloud, EPM, Secrets, Secure Web Sessions and Workforce Password Manager specifically highlighted. CyberArk also appears to be having success with its platform strategy. The expansion business performed well in the second quarter, and customer adoption of multiple solutions is increasing. Amongst new logos, more than 50% of customers are purchasing multiple solutions.

Performance in the second quarter was also fairly consistent across geographies. EMEA had a meaningful revenue headwind from the fact that the subscription bookings mix increased by nearly 13% in the second quarter.

CyberArk appears to be fairly optimistic in the face of macro uncertainty. The company’s pipeline is reportedly building at a record pace and the company’s win rates are strong. As a result, CyberArk is projecting fairly consistent growth through the rest of the year. Revenue growth in the third quarter is expected to be roughly 21% YoY, and 24% for the full year. ARR is now expected to increase 31% YoY in 2023.

The number of job openings mentioning CyberArk in the job requirements remains at a depressed level. While this is probably a negative, there has been no associated slowdown in growth so far.

CyberArk's gross profit margins have been fairly consistent over the past 18 months, suggesting the negative impact of subscriptions is complete.

Operating profit margins have also been depressed by the business model transition. CyberArk's pace of hiring has fallen off significantly though, suggesting that with continued growth, margins should begin to Boost going forward. This isn't particularly concerning as CyberArk has been profitable in the past and this type of temporary drop in margins is expected when switching to a subscription model.

While the drop in job openings should be supportive of margins going forward, the extent to which they have dropped is somewhat concerning. Coupled with the uncertain macro environment and a drop in job openings mentioning CyberArk in the job requirements, there appears to be an elevated risk of a growth slowdown going forward.

Valuation

Based on its current growth and profitability profile, CyberArk appears to be priced broadly in line with comparable companies. While the stock price could continue to appreciate it if investor sentiment towards the company improves, there could also be significant downside risk if growth decelerates. CyberArk is still a long way from returning to profitability, and investors have shown little tolerance for unprofitable companies with low growth over the past 1–2 years.

For investors that believe in the long-term importance of identity security and in particular PAM, CyberArk's current share price probably still represents a reasonable entry point. Shareholders should be prepared for ongoing volatility in the near term, though.

NEWTON, Mass. & PETACH TIKVA, Israel--CyberArk (NASDAQ: CYBR), the identity security company, today announced that CyberArk Endpoint Privilege Manager will be featured in the Lenovo ThinkShield security portfolio. Lenovo customers will be able to benefit from CyberArk’s SaaS-based solution, which enables organizations to implement foundational endpoint security controls.

These controls aim to block and contain potential cyber-attacks on the endpoint and enforce least privilege to help reduce the risk of information being stolen or encrypted and held for ransom.

"Security by Design" is the foundation on which Lenovo builds its customizable security platform. The addition of CyberArk Endpoint Privilege Manager within the portfolio provides customers with out-of-the-box policies and integrations with other endpoint and network security solutions, identity products, SIEMs and help desk platforms.

“With the escalation of identity-based attacks we are seeing in the enterprise today, enforcing privilege security on the endpoint is mission-critical for security programs,” said Nima Baiati, executive director and general manager, Cybersecurity Solutions, Intelligent Devices Group, Lenovo. “As an identity security innovator, CyberArk’s approach to endpoint privilege security plays a key role in meeting this demand, offering an additional layer of protection for our ThinkShield customers.”

CyberArk Endpoint Privilege Manager implements flexible and intuitive policy-based endpoint privilege management on Windows, macOS and Linux. The solution provides advanced capabilities for enforcing least privilege, removing local admin rights, defending against ransomware, boosting visibility with policy audits, helping stop credential theft and the ability to detect and block attempted theft of OS credentials, browsers and more.

“As a global technology leader, Lenovo has a finger on the pulse of today’s digital enterprise, including the threats targeting their most valuable assets and information,” said Chris Moore, senior vice president of global channels at CyberArk. “Together, Lenovo and CyberArk are closing a gap in endpoint security that traditional endpoint protection tools are not designed to solve. As part of the ThinkShield portfolio, Lenovo customers gain a security-first approach to reducing risk and enforcing least privilege on the endpoint.”

CyberArk Endpoint Privilege Manager is part of the CyberArk Identity Security Platform. CyberArk applies intelligent privilege controls to all identities – human and machine – with continuous threat detection and prevention across the entire identity lifecycle. With the CyberArk Identity Security Platform, organizations can enable Zero Trust and least privilege with complete visibility, enabling every identity to more securely access any resource, located anywhere, from everywhere.

CyberArk Endpoint Privilege Manager will be available through Lenovo’s network of global sales and partners. For more information, click here.

© 2023 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.

Lenovo to Feature CyberArk Endpoint Privilege Manager as the First Identity Security Offering Within Its ThinkShield Security Portfolio

CyberArk (NASDAQ: CYBR), the identity security company, today announced that CyberArk Endpoint Privilege Manager will be featured in the Lenovo™ (HKSE: 992) (ADR: LNVGY) ThinkShield security portfolio. Lenovo customers will be able to benefit from CyberArk’s SaaS-based solution, which enables organizations to implement foundational endpoint security controls. These controls aim to block and contain potential cyber attacks on the endpoint and enforce least privilege to help reduce the risk of information being stolen or encrypted and held for ransom.

"Security by Design" is the foundation on which Lenovo builds its customizable security platform. The addition of CyberArk Endpoint Privilege Manager within the portfolio provides customers with out-of-the-box policies and integrations with other endpoint and network security solutions, identity products, SIEMs and help desk platforms.

“With the escalation of identity-based attacks we are seeing in the enterprise today, enforcing privilege security on the endpoint is mission-critical for security programs,” said Nima Baiati, executive director and general manager, Cybersecurity Solutions, Intelligent Devices Group, Lenovo. “As an identity security innovator, CyberArk’s approach to endpoint privilege security plays a key role in meeting this demand, offering an additional layer of protection for our ThinkShield customers.”

CyberArk Endpoint Privilege Manager implements flexible and intuitive policy-based endpoint privilege management on Windows, macOS and Linux. The solution provides advanced capabilities for enforcing least privilege, removing local admin rights, defending against ransomware, boosting visibility with policy audits, helping stop credential theft and the ability to detect and block attempted theft of OS credentials, browsers and more.

“As a global technology leader, Lenovo has a finger on the pulse of today’s digital enterprise, including the threats targeting their most valuable assets and information,” said Chris Moore, senior vice president of global channels at CyberArk. “Together, Lenovo and CyberArk are closing a gap in endpoint security that traditional endpoint protection tools are not designed to solve. As part of the ThinkShield portfolio, Lenovo customers gain a security-first approach to reducing risk and enforcing least privilege on the endpoint.”

CyberArk Endpoint Privilege Manager is part of the CyberArk Identity Security Platform. CyberArk applies intelligent privilege controls to all identities – human and machine – with continuous threat detection and prevention across the entire identity lifecycle. With the CyberArk Identity Security Platform, organizations can enable Zero Trust and least privilege with complete visibility, enabling every identity to more securely access any resource, located anywhere, from everywhere.

CyberArk Endpoint Privilege Manager will be available through Lenovo’s network of global sales and partners. For more information, click here.

About CyberArk

CyberArk (NASDAQ: CYBR) is the global leader in identity security. Centered on intelligent privilege controls, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud environments and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets. To learn more about CyberArk, visit https://www.cyberark.com, read the CyberArk blogs or follow on LinkedIn, Twitter, Facebook or YouTube.

Copyright © 2023 CyberArk Software. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders. LENOVO and THINKSHIELD are trademarks of Lenovo.

View source version on businesswire.com: https://www.businesswire.com/news/home/20230725518520/en/