Wednesday, 27 September 2017

Quick Heal Technologies Ltd: Don't loose the Faith So Quick-2nd Part




In my recent post on quick Heal technologies (click here), I opined that Indian Government would prefer India made cyber security products as the same would ensure that source code and servers remain in our control. Most importantly, Govt can control and direct Indian companies but our Govt will have minimum operating leverage over foreign companies. This is one area where the scope for negligence is minimum as the results of any breach will be catastrophic. So I have always felt that for critical infrastructure and defense, Indian Govt should prefer local products if they meet the required standards.



And our Govt has just done this. The Ministry of Electronics and Information Technology (MeitY) has issued a draft notification that preference shall be provided by all procuring entities to domestically manufactured/ produced Cyber Security Products. Although the notification has referred the June-17 notification of Department of Industrial Policy and Promotion (DIPP) to encourage ‘Make in India’ to enhance income and employment but I am sure the main consideration is the risk of putting India’s cyber security in the hands of foreign entities who may have least regard for integrity and safety of India and so any backdoor breach of trust by these will be devastating.

The mainstay of the notification is the emphasis on the Indian-ness of the cyber security product. Notification has mentioned that in order to be treated as “Local Supplier” the revenue from “Intellectual Property (IP)” licensing should accrue to the company incorporated and registered in India. So the focus is on IP creation which is the essence of make in India. It has further provided that the companies should satisfy the following conditions of IP ownership:

(a) Use and commercialize without third party consents; and
(b) Distribute; and 
(c) Modify  

Following are the links to the news and Draft Notification:



So I think this is a big news for Quick Heal Technologies as it satisfies all the above conditions. Quick Heal has already partnered with Cert-In for India’s unique first of its kind Botnet removal initiative.

Quick Heal bot removal tool-A good branding and marketing exercise

In order to tackle the critical situation of Botnet malware in India, IT Ministry has launched the Cyber Swachhta Kendra. The Botnet Cleaning and Malware Analysis Centre has been launched along the lines of the National Cyber Security Policy of India, and is a step to create a safe and secure cyber eco system in India. The centre is operated by the Indian Computer Emergency Response Team (CERT-In) which operates under the Ministry of Electronics and Information Technology, Government of India. Users affected by Botnet malware can find the information and tools necessary to secure their devices.

The bot removal tool has been developed by Quick Heal in collaboration with the Cyber Swacchta Kendra and the affected user is advised to cure his device by using free Quick Heal bot removal tool. I think this is a master step by Quick Heal to extend its reach and Brand Strength along with establishing a strong reputation and relationships with Indian Government.

Bots are malware that form networks known as botnet which are used by cyber criminals in the dark web for all type of darkness like executing dedicated denial of service (DDoS) attacks and sending out spam emails. India ranks ninth in the world when it comes to the origin of spam emails by volume. The entity controlling the botnet known as botherder can use the networks of botnet to send malicious instruction to the main server which in turn issues instructions to all the botnet in the networks.

One of the botnets active in India, Mirai, was responsible for the partial takedown of multiple services, affecting users from Britain to Germany. The Mirai-botnet attack on Dyn used 150,000 devices to generate 500GB/s of data. Estimates are that ten times that number of devices are infected. Two weeks after the Dyn attack, another one that reportedly had twice the amount data traffic knocked Liberia’s Internet offline for brief periods. Security researchers speculate that whoever was responsible was testing out their capabilities. The worrying part is that anyone can carry out this type of attack. According to a post on Slashdot, renting around 50,000 bots costs between $3,000-$4,000 for 2 weeks.  This has significant implications for Indians. The average amount of Internet traffic in India at any time is near 55GB/s and peaks well below 100GB/s.

Cyber threats are getting bigger and harsh

Thieves no longer require reaching and breaking your home security as they can use our online security weakness anytime for theft. And they have become very smart. You know what was the weapon of hackers of Wannacry ransomware? It was Microsoft's Windows XP operating system…you may be surprised but this is the fact. Hackers used a security flaw in Microsoft's Windows XP operating system, an older version that was no longer given mainstream tech support by the US giant. And since Microsoft was not providing any technical support the holes were open for hackers.

Wannacry affected at least 200,000 computers in 150 countries, including India, described as the largest ever of its kind. The WanaCrypt encrypts data on a computer within seconds and displays a message asking the user to pay a ransom of $ 300 in Bitcoins to restore access to the device and the data inside.

Alarmingly, the attack also hit the National Health Service of the United Kingdom, stalling surgeries and other critical patient care activity across the British Isles, and making confidential patient information and documents inaccessible.

On the same lines although the support for Windows 7 was discontinued in 2015 itself, more than 60 percent of Windows users in India, are still using the ancient Windows 7 operating system. 7 percent of the population still continues to use Windows Xp, including many banking ATM machines!!! India has an alarming situation when it comes to cyber security. We tend to use ridiculously old devices, well beyond the software support life cycles of the product.

Adobe Flash has a huge number of vulnerabilities, so cyber criminals target it in the majority of their attacks. By using these security holes in Flash, attackers can infect your computer with ransomware. Oracle Java, Adobe Reader or Adobe Flash is present on 99% of computers. That means that 99% of computer users are vulnerable to exploit kits (software vulnerabilities).

MyDoom is considered to be the most expensive virus in the world and in cyber security history, having caused an estimated financial damage of $38.5 billion!

One of these essential facts is the estimated annual cost for cyber crime committed globally which has added up to 100 billion dollars! And don’t think that all that money comes from hackers targeting corporations, banks or wealthy celebrities. Individual users like you and me are also targets. But many firms opt to pay the ransom in silence and nothing comes in public as they see the outbreak of the news as big blow to their reputation. But to some extent they are not wrong in their thinking because if we come to know that the website of IRCTC is not secure then we may hesitate or fear from using it.

Apart from such malware, organizations worldwide face the risk of loss of customer data. Target, one of the largest retailers in the US, had 80 million customer data records stolen from them in December 2013. This breach has cost Target $291 million. Target breach started when the password of one of their heating-cooling vendor was compromised.

Cyber security market estimated at $120 billion this year, more than 30 times its size just over a decade ago!!

So as shared in the earlier post also, the cyber security risks are huge and nobody (leave alone big companies or Government bodies) can afford to ignore this.

Cyber Insurance can be the next big thing

As I have shared from time to time about high growth prospectus of general insurance sector in India. I think Cyber Insurance can be the next big thing in India. Because although cyber risk is acknowledged as a critical threat to business today, the investments on cyber insurance remains small. The global cyber insurance market is estimated at $4 billion and should grow to $20 billion by 2025. The Indian cyber insurance market stands around 50 cr currently and should see huge growth in the future. At present after the recent attacks on debit/credit cards banks are running for this. 

Cyber insurance players include New India, National, ICICI Lombard, Tata AIG, HDFC Ergo and Bajaj Allianz.

Quick Heal: Capable to win the race

Quick heal has developed its very own behavior based anti-virus technology named Dna Scan. Behavior based anti-virus technology is a great example of Artificial intelligence where the anti-virus software work by observing how files and programs actually run, rather than by emulating them. The anti-virus tools seek to identify malware by watching for abnormal or suspicious behavior, such as the sending out of multiple emails, modifying or observing keystrokes, attempting to alter hosts files, generating autorun.inf files on network drives or removable media, or unpacking malicious code.

So with Behavior based anti-virus it’s possible to identify malware that was previously sitting undetected on a protected system.

Signature-based detection mechanisms were central to the operation of the earliest anti-virus systems and are still an integral part of many. But this method can’t detect malicious files for which no signatures have been recorded, or whose signatures are continually changing like in the case of polymorphic viruses (which constantly mutate to throw off signature-based detection). Anti-virus suites based on signature detection are only as powerful as their current database, which is why they need to be updated so often. On the client machine where the anti-virus software is installed, this typically requires a lot of disk space, and a fair amount of processing power.

So I think there is no doubt about the capabilities of Quick Heal. Recently, QH scores 100% detection for Android (click here for news). It was also among the top 6 in AV-Test's sep-2016 review for Windows home user (Click here for news). Also Quick Heal’s recent focus on branding will surely bear the fruits as I always feel that small Indian business houses may prefer Quick Heal due to its reach and its capability to offer solutions and technical/crisis support in local language. Quick Heal has unleashed strong media campaign to create brand and product awareness and it is visible across genre like Cricket (IPL) and recently on KBC (Kaun Banega Crorepati).

These days are tough for IT sector professionals due to changing business scenarios amid high competition and the fear of automation taking over many IT sector related jobs. But I always feel that Cyber security will always remain human and scope of automation is negligible. That’s why I am advising so many of my IT sector friends to focus on Cyber-security as next big thing…and I think we can think of the same in the stock market too.

May turnout to be a great pick at CMP of 180.

(Views are personal and should not be taken as a recommendation for buying or selling a stock. Stock markets are inherently risky so kindly do your Due Diligence before investing. I am not a certified Sebi Analyst and holding the shares discussed in this Post)


Friday, 8 September 2017

Quick Heal Technologies Ltd: Don't loose the Faith So Quick



Quick heal is facing tough times ever since it has made its debut in the stock market. There are doubts over its capability to withstand the competition from MNC brands. But I am still positive on the company and its inherent strength to offer high tech security solutions catering to the demands and needs of Indian market.

 I know so many people who think that Woodland shoe is an MNC brand and it certainly impacts their buying decision. So many people take Van Heusen as a foreign brand when in fact it belongs to our Aditya Birla group. People doubt Quick heal as they know that it is an indian player otherwise what it has achieved as a brand among the giant IT commodity players like TCS/Infosys is certainly  a great achievement. We have never heard about an Indian Brand in technology...we see Microsoft, Java, Oracle, Adobe, Norton, Kaspersky everywhere and we hardly know what our IT giants (Infosys/TCS/Wipro) do. Indianness is invisible in IT for us in branded products although the fact is that most of the Global IT giants are headed by Indians.

So there shouldn't be any doubt on the capability...it is only about the intent to choose the difficult path of brand and product building which is chosen by Quick Heal backed by strong technical capabilities. Quick heal has already covered some genuine distance, it is not some fairy-tale startup. Quick heal is a serious profit making organization, NP of around 50-60 cr on revenues of around 300 cr with strong in house R&D capabilities.

Our world is changing fast and in a sense we are moving towards non-material sort of world. Physical wars among big nations are not happening and chances are even lesser. Modern wars comprise currency wars and Cyber wars. We are moving more and more towards automation...most of the civil services will be fully automated in few years...cloud and IOT will bring radical changes to how Govt provides services. So any security breach will be serious...catastrophic. General public is doing everything online...our bank accounts/passwords are online. My enemy doesn't need to rob me personally/physically...he can do the same thousands KM away without even touching anything. So risks here are very serious and can't be left uncovered. We'll see huge demand for security products when people will realize the vulnerability of our online life. So i have no doubt about the future scale of operation.

Here i remember the hacking attack on dating site Ashley Madison which threatened to kill the life of its members and the business. Hackers threatened to public the names of its members claimed to be some 38 million. People panicked and small number of suicides were reported, a priest in Louisiana among them. So i feel threat is very potent and deadly for people to ignore it or taking it lightly. In fact people will only become more aware in the future. Current stage is just the tip of possible iceberg.

Stock markets are never perfect and it is good that they are like that as otherwise there will e nothing for us to find hidden deep value proposition. Like here, on one hand our market is finding it difficult to assign high valuation to Quick heal but still it is finding great value on other security company which is more like a Labour supplier involving relatively much lower technical expertise. I am talking about Security and Intelligence services India Ltd (SIS Ltd) which is trading at a PE of around 60 but Quick heal which is having much higher technical expertise with much stronger brand recall is trading at a PE of around 20 ( If we keep out the impact of GST on June-17 results). QH is also having around 375 cr in investments and cash!!

Its June-17 Qtr results were impacted by de-stocking by dealers ahead of GST implementation but still its enterprise business grew by almost 20% even in this tough environment which shows that Quick heal is on the right path as far as picking Enterprise business. For past 2-3 quarters, its performance is impacted by industry level macro issues like Demonetization and GST but i think the growth will be back very soon.

 India has big number of SME’s who earlier never bothered about the cyber security. But off late, SME sector was also getting aware of Security threats and spending was growing. SME got involved as earlier the threat was only to information (For SME) and their information was never valuable for hackers but as more and more SME was turning towards online banking etc....their threats were rising...so there will be high growth in SME and large enterprises sector in India.

Paid Security products vs Free products

Some people opine that general public will be reluctant to pay for the security software products as many are available free. Although i can't claim to understand cyber security better than an IT professional but there are certain things which i feel will pave the growth of paid cyber security products. First thing i always feel there are no free lunches. The free games we play, free videos we play...all have either embedded with the device maker/operating system maker or they need intermediate ads or else the free product is mediocre. 

When you think that you have found a free antivirus product then the real fact is that “You” have become a product for these companies. They will bomber your system with all type of nonsensical stuff like free toolbar, search engine etc. and in doing so they make money of you…so here you are the product. Free antivirus companies are just like other companies…they need profits to sustain themselves. So free antivirus products bundle all type of junk like adware, spyware, toolbars, tracking and other cheap stuff to make money from you. They will alter your search engine to make you click ads, some install terrible Ask toolbar which is nothing short of a nightmare, harvesting and selling your browsing data and other information. Even the reputed free antivirus companies like Avanst, Avira, AVG, Comodo are doing this. These free products market their other premium programs, upgraded paid versions of their free antivirus program to make people to pay for this and in the process they make big money.

Cyber security is a very complex segment which requires huge resources (most of which are used immediately i.e salary) which needs commercial success of the product. Updating of data base for viruses is very costly and it is a continuous exercise.

Besides free software lacks so many things which are must for a complete security software like:

1) Don’t provide for online backup in case of any emergency
2) Encryption of files in case of theft.
3) Internet security
4) Spam filtering
5) Quick updation of virus definitions and library
6) Ads area big distraction and consume resources
7) Most importantly, support system like onsite installation and telephonic support is never there which for a small business is a make or break decision. Quick support in case of a crisis will play the deciding factor in saving the business; even for a common layman. There are so many cases where cyber-crime resulted in the failure of a thriving business like recent attack on Sony which almost killed the giant.



Cyber wars: Indigenous “Make in India” products are key for India

Cyber warfare is the future of wars between nations. For long, China has attacked India’s cyber space and networks. The numbers of such attacks are rising continuously around 50000 a year. In 2010, Ministry of Defence computers were hacked pointing serious weakness of our systems. This year in May-June, hackers attacked the systems of Indian Banks and stole the data of around 3 million debit cards and the worst part was that Indian authorities couldn’t even establish the origin of the attack, the identity of the hackers, or how the securely self-destructing malware was created.

Israel is the global giant in cyber security space and US companies are the biggest investors in the Israeli cyber security start-ups. In Israel citizens are supposed to give their services in Army in young age. Israeli Citizens are one of the most patriotic nations of the world and their citizens are ready to serve and die for the country at any time. Time spent by young ones in the army makes them capable to understand the nitty-gritty of security systems and this is the reason for their success in Cyber security. USA and Israel are close ally in cyber war fare but both have maintained silence on their actual capabilities to originate a serious cyber attack and their expertise in defending such attacks.


Such ambiguity about the strength of cyber system puts your attackers in doubt as they can only guess your cyber technical expertise which puts them in back foot. Both USA and Israel created one of the most sophisticated Stuxnet Worm to attack on Iran’s nuclear systems in 2010 although they both never acknowledged the same. Stuxnet is regarded as one of the most sophisticated malware ever discovered. So I do not know whether India should adopt such policy to keep silence about their expertise but if we go by the recent attacks on our Defence systems it is clear that we are still have some distance to cover. Israel is also a close ally of India and I see both India and Israel strengthening their cyber systems with mutual assistance. India really have great IT skilled professionals who if given the chance can prove their true worth in developing the cyber security systems for India.


Here, I want to stress that Indian Govt is going to prefer Indian made cyber security products as it ensures that the source code that runs the programme and the machinery do not grant access to foreign firms or governments. So I think local firms like Quick heal can tap this huge opportunity along with the fact that they have already demonstrated their expertise and acumen in designing and developing security systems.

Regarding Quick Heal vs MNC players, i think Quick heal has everything to challenge them because this is what it has been doing so for a fairly lengthy period of time. It is having more than 30% share of retail market. MNC IT players are overhyped...they are good but Indians are not less. The only thing is the risk taking capability as focus on being a branded product player is a big risk which requires huge resources for branding and distribution. In fact the main aim for  Quick heal going for IPO was to get money for brand promotion and we can see that Quick Heal is now visible across Media which i feel is a great attempt.

Actually R&D and Branding is a different business games which i feel Indian investors don't understand at all. We always fail to value a R&D heavy company; we try to figure out the earnings when R&D is a long term game although with unimaginable growth prospectus. Same is for a Branded product company. Here Quick heal is trying both which is new first for Indian business. Giants like Infosys, TCS have never had the courage for going for product based future...timid...although they have the huge resources. But they failed terribly in understanding the future of IT...which was migrating from quick service product to value added products like Artificial intelligence. 

As i have explained in many blog posts R&D and Branding is not for chicken hearted; it is for brave warriors...it is journey to the unknown. Quick Heal has chosen this difficult path although it is very strong in R&D and developed some ground breaking solution in security.

Also i think Mobile security will see huge growth from here on. Recent attack on Android phones will make people realize the threat. 

I have great faith in Quick Heal...and i feel there are high chances of it to survive its quest for the unknown. Good buy at current levels of 190.

(Views are personal and should not be taken as a recommendation for buying or selling a stock. Stock markets are inherently risky so kindly do your Due Diligence before investing. I am not a certified Sebi Analyst and holding the shares discussed in this Post)