Mark Fontecchio – Page 6 – Inorganic Growth

Infosec’s valuation inflation

August 23, 2019 Mark Fontecchio

by Brenon Daly

Acquirers looking to go shopping in the information security (infosec) market had better bring a big bankroll. Valuations are stretched well beyond the going rates for deals in virtually any other IT sector. For instance, a solid-but-unexceptional 20% grower that commands a double-digit multiple in infosec (like Carbon Black) would almost certainly drop into the high single digits in any other industry. And even an infosec vendor that’s shrinking and faces the real possibility of being terminally disrupted (hello, Symantec) still manages to trade for an above-market valuation.

To highlight the recent valuation inflation in the infosec M&A market, consider a pair of $2bn-plus deals that are separated by just a half-decade but clearly belong to different eras nonetheless: Cisco Systems‘ mid-2013 acquisition of SourceFire and VMware’s just-announced purchase of Carbon Black. (Subscribers to 451 Research’s Market Insight Service can see a full report on the latter transaction on our website today.)

Although the two security firms sell into different segments of the markets, both SourceFire and Carbon Black had a similar scale (revenue north of $200m) and similar exits (selling to strategic buyers for double-digit valuations in $2bn-plus deals). While all of those metrics line up very closely, a closer look at the companies shows that SourceFire, at least on paper, had a far more valuable business:

Carbon Black, which is losing $15-20m per quarter, is growing at just 20%.

SourceFire was growing at a mid-30% rate, while also turning a profit.

We highlight the valuation gulf between the two transactions because, in many ways, it exemplifies a recurring complaint we hear about the infosec market from both investors and acquirers: A dollar just doesn’t buy nearly as much right now as it once did.

Healthy exits, no matter the path

August 22, 2019 Mark Fontecchio

by Brenon Daly

On the heels of Dynatrace‘s blockbuster $7bn IPO, it looked like the exit of choice for other fast-growing infrastructure monitoring startups had swung to Wall Street. Datadog and Sumo Logic are both thought to be tracking to an offering of their own. But as SignalFx showed, an outright sale can be pretty lucrative, too.

Splunk said it will hand over a cool $1.1bn in cash and stock for SignalFx as it looks to expand its core log management into infrastructure monitoring. (To put the deal into perspective, SignalFx’s exit price is more than Splunk has spent, collectively, on the 10 previous acquisitions it has announced, according to 451 Research‘s M&A KnowledgeBase.) To pay for its largest-ever purchase, Splunk will spend $600m in cash and $400m in equity for SignalFx. (451 Research subscribers can look for a full report on the transaction on our site later today.)

Of course, SignalFx is much smaller than either Datadog or Sumo Logic, and probably had a few years before hitting IPO-able numbers. (Subscribers to the Premium version of our Private Company database can see our specific estimates for Datadog‘s recent annual revenue as well as full revenue estimates for the past half-dozen years at Sumo Logic.) So an IPO for SignalFx probably wasn’t imminently in the cards, despite the six-year-old vendor pulling in a growth-sized round from crossover investor Tiger Global Management in summer.

Instead, SignalFx took a bid that likely valued it in the neighborhood of 20x sales. Assuming that multiple is at least directionally accurate, it does line up rather closely with a deal in the market that had elements of both exits. In early 2017, Cisco Systems paid $3.7bn for AppDynamics, picking up the application performance monitor just days before it was set to price its IPO.

Cofense removes the Red Threat

August 21, 2019August 21, 2019 Mark Fontecchio

by Brenon Daly

After a long and torturous process, email security startup Cofense has landed where it appeared headed pretty much the whole time: deeper in the portfolio of existing investor BlackRock. The private equity firm, which picked up roughly one-quarter of Cofense in a recap of the company in early 2018, added the 43% stake that had been held by a Russian investment firm. But it wasn’t an easy deal.

BlackRock’s transition from minority investor to majority owner of Cofense only came after some highly unusual – and highly disruptive – regulatory scrutiny from a secretive US national security agency. A few months after the deal was announced last year, the Washington DC-based Committee on Foreign Investment in the US (CFIUS) began pushing for the Russian investor, Pamplona Capital, to be removed from the syndicate. The reason? Perceived threats to national security.

Under scrutiny from CFIUS, business at Cofense stalled. Customers didn’t want to be buying from a potentially insecure security vendor. (Is the Kremlin reading your email?) Cofense’s growth rate, which had topped 40%, fell to about half that level, according to our understanding. The company had to do some layoffs due to the slowdown.

As growth tailed off, valuation followed suit. Although the exact price couldn’t be learned that BlackRock paid Pamplona for its stake, the transaction is understood to value Cofense at less than the $400m the two buyout shops paid for the company a year and a half ago. For comparison, rival email security provider KnowBe4 raised money this summer at a valuation of more than $1bn.

Still, with the removal of the Red Threat, Cofense at least has the opportunity to get back to business. And a fair amount of business is available. Our surveys of information security buyers and users continually show, broadly, that phishing and the related concern of user behavior is the top-ranked security ‘pain point’ facing organizations. That’s the good news for the company. The bad news: Cofense didn’t even make it into the top-five most-popular vendors for security awareness training, according to the 451 Research‘s Voice of the Enterprise: Information Security, Workloads & Key Projects 2019.

Figure 1: Security awareness vendors

Cloudflare looks to stoke a flickering IPO market

August 16, 2019 Mark Fontecchio

by Scott Denne

Cloudflare, a network control specialist that unveiled its IPO prospectus this week, will need an enthusiastic reception to get over an already-rich private valuation and an uncomfortable comp. Through 2019, Wall Street has greeted new offerings from enterprise technology vendors with enthusiasm, extending double-digit valuations on the opening days of all new issues. And while there still seems to be plenty of appetite, the enthusiasm has tapered a bit with recent declines in the equity markets.

As Cloudflare looks to debut, it boasts 48% year-over-year topline growth through the first half of the year. And like all startups, that growth comes at a cost. In cranking out $234m in trailing revenue, the company chalked up a $91m loss, with few signs that it will be approaching profitability anytime soon. Unusually, it’s a surge in Cloudflare’s G&A expenses, not only sales and marketing costs, that’s eating away at profitability. In the first half, its G&A expenses were roughly equal to its R&D costs, each of which is about half of the $67m it spent on sales and marketing.

As we noted in a recent report on B2B tech IPOs, all recent issues have come to market with valuations north of 10x trailing revenue. And although most still trade well into double digits, the market has cooled a bit. Of the eight such offerings this year, five are down 10% or more from their opening prices. Even so, the valuations are still generous. Take Slack, for example. It’s down about 20% from its first day and trades at 38x trailing revenue.

For Cloudflare, though, the least generous valuation from this year’s crop belongs to a fellow networking services firm. Fastly, Cloudflare’s competitor in the CDN sector, is one of the few that trades with a multiple that’s in single digits after a 35% decline since its opening day in May. While Fastly trades at 7.5x, Cloudflare will need to get above 12x to top the valuation from its series D round. Despite a 5% dip in the S&P 500 this month, it should still get there. Cloudflare is about 40% larger than its rival, growing 10 percentage points faster and targeting a larger slice of the networking market.

B2B tech IPO activity

Filling up on restaurant tech

August 15, 2019 Mark Fontecchio

by Michael Hill

Point-of-sale (POS) vendors have built up an appetite for restaurant technology as the number of tech acquisitions they’ve made in that vertical has jumped since the start of the year. The uptick in these segment-specific deals arises from the food and hospitality industry’s penchant for embracing digital commerce innovation combined with weak overall demand for POS systems and software.

According to 451 Research‘s M&A KnowledgeBase, POS companies have inked seven restaurant tech purchases since the start of the year, almost as many as the eight they printed in 2018. Many of the acquisitions so far have been done to consolidate in the restaurant sector, while others were made to extend the buyers’ POS software suites into adjacent categories.

For example, restaurant POS startup Toast, which has amassed nearly $250m in funding since 2016, recently reached for StratEx, a provider of automated HR management software to restaurants that covers onboarding, payroll, benefits administration, scheduling, attendance and applicant tracking. As we noted in earlier coverage of Toast, the past few years have shown the food service segment to be among the earliest to embrace digital commerce innovations.

Restaurants have more advanced POS needs than the average retail business, demanding capabilities such as table management and online ordering, in addition to payment processing and customer management. And restaurants often spend more on POS systems than any other tech purchase, so nesting multiple applications inside these mission-critical systems offers a path to market for other restaurant-focused software products. HR management software such as StratEx’s aligns with restaurant POS, as that system doubles as a punch clock at most restaurants.

Other recent transactions appear to follow a similar recipe: start with POS and mix in other back-office applications. Take Lavu’s pickup of accounts payable specialist Sourcery Technologies earlier this month. With that move, the buyer is aiming to upsell restaurants with POS software that unifies restaurant sales with vendor management.

Part of the motivation for the string of deals in this space could be the modest growth for the overall POS market, which our surveys show is expected to be relatively flat in the coming months. According to 451 Research’s most recent Voice of the Enterprise: Customer Experience & Commerce, Organizational Dynamics & Budgets survey, only 42% of respondents said they expect their organization to maintain or increase its budget for POS software in the next quarter, the lowest reading for any of the nine software categories covered in the survey.

Annual acquisitions of restaurant technology vendors by POS providers

A dip in divests

August 14, 2019 Mark Fontecchio

by Scott Denne

A string of notable divestitures in recent weeks gives the impression that shedding business units has become more popular among large tech vendors. Instead, the opposite is true. Public companies are finding new homes for old assets at a historically low pace amid a rising stock market and rosy sales outlook.

Since the start of the month, there have been three high-profile divestitures:

Square shed its food delivery business, Caviar, in a sale to DoorDash that returned nearly 10x what the mobile point-of-sale provider paid for the business five years earlier.

Symantec sold its enterprise security business, nearly half of its revenue, for $10.7bn to Broadcom in the largest information security deal in history. (Subscribers to 451 Research’s Market Insight service can access a full report on that deal here.)

Most recently, Verizon unwound Yahoo’s $1bn acquisition of Tumblr, selling the business to Automattic, reportedly for a token amount of cash.

While such exits make headlines, they’re not part of a surge in divestitures. According to 451 Research‘s M&A KnowledgeBase, companies that trade on the two major US exchanges have sold just 51 business units since the start of the year, meaning that 2019 could be the first year since the dot-com bubble with fewer than 100 such deals.

The number of transactions is low, but more of the targets are commanding premium valuations. Our data shows that the median multiple in the sale of a business unit from a Nasdaq- or NYSE-traded firm stands at 2.5x trailing revenue through 2019, which is more than a turn higher than the median multiple on such deals through the rest of this decade. And in only one year did the annual median top 2x – it was 2.1x in 2016.

Many companies might not be considering reorganizational moves with the stock market running high through most of this year – despite some recent turbulence, the S&P 500 is up 16% since the start of the year. There’s also optimism about future sales. According to 451 Research’s most recent Voice of the Enterprise: Macroeconomic Outlook, 72% of businesses expect their Q3 sales pipeline to be at or above plan. Yet our data suggests that vendors should be exploring sales of underperforming assets while the terms are generous.

Sales of tech assets from NYSE– and Nasdaq-traded companies

Going it alone

August 14, 2019August 14, 2019 Mark Fontecchio

by Brenon Daly, Liam Eagle

After bulking up in recent years in part to fend off the ever-expanding influence of the cloud suppliers, web hosting and managed service providers are now going it alone. For the most part, they’ve closed the M&A playbook, or at the very least, dramatically scaled back their acquisition ambitions. Deal spending this year is likely to slump to its lowest annual level since the recession a decade ago.

Based on the M&A pace through the first seven months of 2019, full-year spending on acquisitions in the hosting/managed services market is tracking to about $3bn, according to 451 Research’s M&A KnowledgeBase. Assuming the back half of 2019 plays out the way the year has gone so far, the value of announced transactions in the sector would be less than one-third the annual spending in any of the previous four years.

There are several reasons for the decline, including a few drivers that may be gone and not coming back. For starters, some of the biggest deals done by hosting and managed service providers in recent years were straightforward consolidations. Hosting companies were looking at their peers as a way to grab as much infrastructure (and as many customers) as possible and then wring out operational efficiencies.

However, with the rise of the cloud hyperscalers – providers that, collectively, spend billions of dollars a year on building and maintaining their clouds, and still have tens of billions of dollars in their treasuries – infrastructure became something of a commodity. For hosting firms, that has meant it’s no longer economical to acquire rivals to pile up infrastructure. Instead of buying, they are renting. Virtually all managed hosting vendors offer front-end management of cloud infrastructure from hyperscalers.

This shift in strategy isn’t only being driven from the supply side, however. A recent 451 Research survey of more than 700 IT buyers and users found that pricing was the key determinant of whether organizations used managed services. Slightly more than six out of 10 respondents (62%) told our Voiceof the Enterprise: Cloud, Hosting and Managed Services survey that lower costs were the main business case for managed services. That handily topped the half-dozen or so other benefits, which were all in the 40% range and below.

Figure 1: Hosted/managed services acquisition activity

A rare trip into rarified air

August 12, 2019 Mark Fontecchio

by Brenon Daly

Symantec’s blockbuster $10.7bn divestiture of its enterprise security business to Broadcom marks a rare trip into rarified air for the information security (infosec) M&A market. Through the first seven-plus months of 2019, 451 Research‘s M&A KnowledgeBase shows not a single deal in the segment valued at more than $1bn.

Obviously, the unusual carve-up of Big Yellow blows past that threshold. But setting aside this transaction, which we would very much describe as a one-time deal, a couple of trends are playing out in the infosec market that may make it tough to see many more of those three-comma deals coming for the rest of 2019. We suspect that this year’s total will end up looking up at the three separate billion-dollar transactions we tallied last year.

Helping to keep a lid on deals at the top end of the infosec sector right now are factors including:

Several of the industry’s largest vendors appear unlikely to pursue big-ticket transactions. In some cases, that’s due to internal upheaval (e.g., Symantec, which has announced five billion-dollar acquisitions in the past 15 years). In other cases, it’s due to a likely period of digestion (e.g., Palo Alto Networks, which has dropped $1.6bn in a half-dozen high-valuation deals over the past 18 months).

After only recently starting to print big purchases, private equity firms have slowed their activity at the top end of the market. That move down-market comes after buyout shops have been behind significant infosec take-privates in the past two years, including Barracuda and Imperva.

And most notably, VC dollars have replaced M&A dollars in the ‘unicorn universe.’ In just the past four months, Auth0, SentinelOne, Cybereason and Sumo Logic have all landed funding rounds that value the infosec startups at more than $1bn, according to the premium version of 451 Research’s Private Company Database.

As long as startups only have to give up a portion of their equity to VCs (rather than full ownership to an acquirer), funding will likely be the option of choice for popular infosec startups. Of course, taking money now at such an elevated level assumes that billion-dollar buyers will return at some point to provide big exits. That may well be the case, but it’s a pretty high-stakes gamble nonetheless.

Broadcom broadens into security

August 9, 2019 Mark Fontecchio

by Brenon Daly

What began last summer as a head-scratching novelty has now become a consistent strategy at chipmaker-turned-software vendor Broadcom. A year after the semiconductor giant inked the second-largest software acquisition in history, Broadcom has made a big splash in information security (infosec), paying $10.7bn for Symantec’s enterprise security business.

Although the transaction is ‘just’ an asset purchase, it nonetheless stands as the largest infosec acquisition in history, according to 451 Research’s M&A KnowledgeBase. Another way to look at it: Broadcom’s massive bet on Symantec basically equals a full year’s worth of M&A spending for the entire infosec market. (The M&A KnowledgeBase shows annual spending across the infosec sector over the past two decades has ranged widely from $2bn to $28bn, depending on blockbuster deals.)

By virtually any measure, Broadcom is paying up for Symantec’s castoff business. Divestitures, particularly those involving low- or no-growth businesses, invariably garner a discount to broad-market M&A multiples. Depending on the segment and the assets, divestitures can get done at 1-2x sales, or half the prevailing prices in outright acquisitions.

At a purchase price of more than $10bn, Broadcom is valuing the enterprise security division at 4.5x sales. (In the most-recent fiscal year, Symantec’s enterprise group posted sales of $2.4bn, a level that hasn’t really changed in three years.) That’s even slightly richer than the 4.3x that Broadcom paid in its landmark acquisition last summer of CA Technologies.

The most-significant portion of Symantec falling into the portfolio of a financially minded consolidator comes after a prolonged slump at Big Yellow, which has served – not entirely fairly – as a company caught on the wrong side of disruption. As one indicator, consider that its stock price has basically been stuck in place for the past half-decade. During that same period, other business-focused security vendors have emerged and created somewhere in the neighborhood of $100bn – or 10x the terminal value of Symantec’s enterprise business – in both the public and private markets. We’ll have a full report on this transaction for subscribers to 451 Research’s Market Insight service later today.

A rare services deal from Salesforce

August 8, 2019August 8, 2019 Mark Fontecchio

by Scott Denne

Salesforce accelerates its 10-figure acquisitions, making its third such deal in 18 months. The $1.35bn purchase of ClickSoftware is notable not only because, coming just days after the close of its $15.1bn reach for Tableau, it represents an uptick in billion-dollar transactions from the CRM giant, but also because it marks a new phase its Salesforce’s M&A strategy – paying $1bn for a bolt-on acquisition.

In its five previous $1bn-plus purchases, Salesforce launched new lines of business, beginning with its entry into marketing software when it bought ExactTarget back in 2013. More recently, it got into data integration with MuleSoft ($6.6bn) and drastically reshaped its BI portfolio with Tableau. In reaching for ClickSoftware, a developer of field services management applications, Salesforce adds to its already sizeable Service Cloud offerings.

Only twice in any of its previous 57 acquisitions this decade has Salesforce added to its Service Cloud. The reason: it hasn’t needed to. Service Cloud generates about $3.6bn in revenue, making it the second-largest of Salesforce’s product groups, just behind its $4bn Sales Cloud, which it will likely catch, as the former grew 27% and the latter 13% year over year in the last quarter.

Salesforce M&A