"On the heels of another strong year for cybersecurity players, our recent field checks heading into 2016 suggest 'robust' deal momentum as enterprises and governments across the board upgrade to next-generation security platforms/software," says FBR's Dan Ives, reiterating his bullish stance on security tech upstarts.

Ives: "Based on our conversations with channel partners/customers over the last few weeks, closure rates look to be trending higher year over year, with seven-figure deals markedly up in the pipeline. This speaks to the massive firewall refresh that is underway, with hot areas of security (next-generation firewall, e-mail security, mobile/cloud) as the main beneficiaries."

He expects next-gen firewall leader Palo Alto Networks (NYSE: PANW) to be a major beneficiary. Others expected to benefit include firewall/security software vendor Check Point (NASDAQ: CHKP), privileged account security software leader CyberArk (NASDAQ: CYBR), unified threat appliance leader Fortinet (NASDAQ: FTNT), e-mail/compliance security software firm Proofpoint (NASDAQ: PFPT), and Web app firewall and data security software firm Imperva (NYSE: IMPV).

Ives is less bullish on malware and endpoint-protection hardware and software provider FireEye (NASDAQ: FEYE), citing execution and product-related headwinds. His note comes three weeks after Citi reported a CIO survey pointed to strong enterprise security spend. FireEye (upgraded), Palo Alto, Splunk, and Imperva were favorably mentioned.

ETF: HACK