When the SolarWinds supply chain attack happened in 2020, I didn’t really get deep into what SolarWinds does because I had to focus on day-to-day business. But now, in 2022, I found out what SolarWinds does because I was searching for monitoring solutions myself.
In this article I want to cover the current valuation, a description of what SolarWinds does and my thoughts about the future.
As of March 12, the company trades at 11.21 USD per share. That’s below book value. The company has an equity ratio of nearly 48% and the revenue for 2021 fell nearly 30% from 2020 and is now at 2017 levels.
The companies stock fell nearly 70% in the last few years. So seeing that the book value is higher and the revenue didn’t fall as much as the stock price, this seems like an overreaction connected with the hack. But to understand the hack better, let’s see what SolarWinds does on a day-to-day basis.
At it’s core, SolarWinds offers IT monitoring solutions. IT professionals may know competitors like PRTG from Paessler AG or Nagios.
These solutions make it easier to control IT infrastructure like Servers, Routers, Switches and more. The goal is to detect a possible problem before an outage happens. So an engineer may get a push notification if e.g. the storage level on a server gets low.
One very big difference to its competitors is that SolarWinds offers a wide range of monitoring solutions. While most competitors focus on special areas - like collecting and analyzing log files or monitoring servers and routers, SolarWinds offers solutions for nearly every area. SolarWinds archived that by buying smaller companies like e.g. Loggly.
A typical customer company has many sensors which collect data and send it to the monitoring dashboard. Because a lot of information can be monitored, these Sensors are in very high numbers (often a company has more sensors than employees) Think about an international corporation - sensors may be grouped into the different sites around the world and may monitor every single IT device.
If a company wants to switch to another solution from SolarWinds, not only the dashboards, but also every single sensor will most likely need work to be replaced by the new solution. Also, because most competitors only cover some of SolarWinds areas, the switching company will need to make new contracts with multiple new companies. All-in-all, switching from SolarWinds is hard and expensive.
Free, Open Source Solutions exist (I for myself want to use only free software for monitoring my upcoming SaaS company) but again - you have to setup and connect multiple Software Solutions - there is no single one which can easily replace all of SolarWinds features. For this setup of the Open Source solutions, a lot of time and manpower is required - so it wouldn’t surprise me if running SolarWinds is cheaper for big companies than paying all the employees who work on integrating the Open Source Systems.
Because SolarWinds monitors so many systems of its customers, this hack has gained so much media attention. To prevent outages, you really have to know a lot of details of your infrastructure, and the attackers could get deep inside this information about SolarWinds customers.
But the hack was a supply chain attack originated from the build system which SolarWinds uses. This is very interesting to me because I am aware, that many of the world’s biggest tech companies have had similar vulnerabilities in the past.
A recent example could be this case, where a hacker could push malicious code into the Angular framework from Google.
So it’s not like this couldn’t happen to some of the most well known companies. SolarWinds was probably chosen for the attack because it’s monitoring solutions are deeply integrated into the US Government and the biggest American Companies.
Unfortunately for SolarWinds, the hack was a PR disaster. The CEO blamed an intern about an easy password, and that’s a no-go from a marketing perspective. (Because first of all, an intern shouldn’t get so much responsibility and second of all, there should be processes to prevent easy to guess passwords) But to be honest, I don’t think that most companies are better than that. This could have happened at nearly every company.
SolarWinds customers are deeply integrated into a system which is not easy to replace. So it’s hard to know how many of these companies spend the money for switching to a different solution because of this hack.
Also, such a hack could happen again at a competitor. SolarWinds has a forward P/E of 12.79, the competitor Datadog has a forward P/E of 322.58. That’s ridiculous in my eyes, because the same could happen to Datadog and then the revenue could also fall instead of growing high numbers every year.
Maybe customers will forget the hack in a few years, but maybe the Image to too damaged and SolarWinds has to rename it’s business, spin off all the assets or find another solution.
This is not investment advice or a buy/sell recommendation. This is my personal opinion and is for information and entertainment purposes only.
Everyone acts independently with their financial decision and bears responsibility for it themselves. Trading in securities is always subject to risks and can lead to total loss or debt (e.g. in the case of warrants). Liability is excluded.
You can use your Fediverse (i.e. Mastodon, among many others) account to reply to this post.