Category: application software

OpenPages: a restart that finished strong

Brenon Daly

Contact: Brenon Daly

In the startup world, a restart rarely goes anywhere. What typically happens is a company swaps one failing business plan for another, with the inevitable wind-down delayed only by a fresh round of capital. Yet that’s not the case with OpenPages, which secured a solid exit with its sale to IBM after completely overhauling its business.

OpenPages, which sells software for the governance, risk and compliance (GRC) market, has virtually nothing in common with the company that started out in 1996. As its name implies, OpenPages was originally a content management vendor. The firm survived the dot-com bust, but only after trimming its headcount from more than 300 down to 15. In the aftermath, it also switched to Plan B for the business: GRC.

Although the initial draw to the GRC space was Sarbanes-Oxley, OpenPages found success in the broader market. By 2006, Sarbanes-Oxley only accounted for about 15% of revenue at the firm. As it recast its business, OpenPages also recapitalized the business. It raised some $10m in 2004 and added another $10m in 2007. (Back in the Bubble Era, it had raised about $60m from investors.)

The sale to IBM makes a fair amount of sense, both strategically and financially. Big Blue and OpenPages have been partners for at least three years. In addition to OpenPages’ technology fitting well with the BI portfolio IBM acquired with Cognos, there’s also a large chunk of services revenue that Big Blue can pocket around an OpenPages implementation. (OpenPages has some 140 customers.)

And, at least as we understand the deal, the exit valued OpenPages at a healthy 5 times its estimated $35m in sales. (Both the price and the valuation line up almost exactly with the other large GRC deal of the year, EMC’s purchase of Archer Technologies back in January.) In our view, whatever valuation OpenPages got should probably be viewed as a rich one when we consider the fact that the company nearly died penniless earlier in its life.

Is HP overcompensating?

Brenon Daly

Contact: Brenon Daly

Since when does an army without its top general go on the attack? That strategy would seem to go against convention, yet Hewlett-Packard has done just that since dumping Mark Hurd for his foibles. The tech giant has chased a pair of deals to valuations that are basically 2-3 times the prevailing market multiple. HP’s recent bidding war over 3PAR and the purchase of ArcSight shows a level of aggressiveness that indicates to us that the drivers for the acquisitions may have been emotional as well as financial, at least to a small degree.

If we step back and look at the setting for both deals, we can’t help but conclude that HP announced the transactions at a time when it looked vulnerable. Its star CEO had dramatically crashed back to earth, while its board (yet again) appeared to have bungled what looked like a fairly routine internal investigation. Statements by the company that it was ‘business as usual’ didn’t get much of a hearing on Wall Street. Shares that changed hands in the low $50s in April have been worth less than $40 for much of the past month. HP’s market cap lingers below $100bn, despite the company ringing up sales of about $120bn.

At the risk of drifting too far into psychology, we wonder if the deals weren’t a bit of overcompensation. (Certainly, paying 11x trailing sales for 3PAR might be considered overcompensation, or at the least, ‘heavy compensation,’ if you’ll forgive the pun.) If investors and others were going to view HP as weak or directionless while its corner office was empty, well, HP could use its vast resources to counter with a signal to remind everyone that it was formidable, with or without a fulltime CEO. Of course, we’re just playing armchair psychologist here. But something beyond just straight numbers seemed to be at work in HP’s recent moves.

A second exits gets ArcSight a 2x valuation

Brenon Daly

Contact: Brenon Daly

Hewlett-Packard’s pending purchase of ArcSight is the third IT security deal so far this year valued at more than $1bn, after not having a single security transaction valued in 10 digits in 2009. While the other two deals have gone off at basically market multiples, ArcSight is being valued at twice that level. The largest ESIM vendor agreed to sell itself to HP for $43.50 per share, valuing the security firm at more than four times the level it went public just two and a half years ago.

HP put the enterprise value of the transaction, which is slated to close by the end of the year, at $1.5bn. That means the tech giant is paying 7.5 times ArcSight’s trailing sales of $200m. (For the current fiscal year, ArcSight is expected to put up about $225m in sales, meaning HP is paying about 6.7x projected sales.) On a trailing basis, both McAfee and VeriSign’s identity and authentication business garnered 3.5x sales in their respective sales to Intel and Symantec. (Morgan Stanley advised both McAfee and ArcSight, while JP Morgan Securities advised VeriSign.)

The high-multiple deal represents a stunningly successful outcome for ArcSight. As we have mentioned in the past, both HP and McAfee approached ArcSight in the summer of 2007, ahead of the company’s IPO. We gather that both were bidders in the range of $600-750m. Unlike other dual-track candidates, ArcSight didn’t opt for the trade sale, but went ahead with its offering even as the equity market turned bearish. ArcSight spent virtually its entire first year as a public company trading in the single digits, including a fair amount of time below its offer price. (At one point when its shares were underwater, CA Technologies lobbed a low-ball bid at the firm, we understand.) If we had to guess at another suitor in the current process around ArcSight, we might tap EMC as an interested party.

Even as its stock took off over the past two years, ArcSight never did a secondary offering. (For a company with about $200m in sales, it has a very narrow base of shares, totaling only about 38 million.) In this case, the unwillingness to sell shares – either a small chunk or all of them – except at an eye-popping valuation has generated a return that seems reminiscent of the late 1990s. ArcSight raised only about $30m to build a business that got valued at 55 times that level on the exit.

A deal in sight for ArchSight?

Brenon Daly

Contact: Brenon Daly

If nothing else, the long Labor Day weekend gave us all a chance to catch our breath following a week of some of the most frenetic dealmaking we’ve seen in some time. We had bidding wars, doubleheader deals and even a billion-dollar chip transaction. But in some ways, the loudest buzz in the tech M&A market came from a deal that didn’t happen: ArcSight still stands on its own.

The ESIM vendor was supposedly in play, at least according to a thinly sourced and almost woefully vague recent article in The Wall Street Journal. Not to pick apart the piece, but listing a half-dozen of the largest tech companies as ‘potential bidders’ misses a great deal of context. For instance, we noted two and a half years ago that Hewlett-Packard was rumored to have offered about $600m for ArcSight the summer before it went public. ArcSight is now worth twice HP’s rumored bid, and roughly four times the amount the market valued it at when it came onto the Nasdaq in February 2008, just before the IPO window pretty much slammed shut. (For the record, Morgan Stanley led the ArcSight offering.)

That stellar aftermarket performance raises another interesting point about ArcSight: despite the fact that its shares have quadrupled during a time when the Nasdaq has essentially flat-lined, the company has never done a secondary offering. It has just 37 million shares outstanding. That strikes us a narrow base for a firm with $200m in sales and a market valuation of more than $1bn. But maybe the company figures it shouldn’t bother selling shares at current market prices if it stands to get a substantial takeout premium on top of that. For our part, we wouldn’t at all be surprised to see ArcSight get a second exit.

Wall Street job pays off for Salary.com

Brenon Daly

Contact: Brenon Daly

Strictly from the view of the corporate treasurer’s office, Salary.com got paid while on Wall Street. The compensation management vendor went public at a valuation that – in rather short order – would never again be available to the company. The outsized chunk of money that it raised in its early 2007 IPO, which came right before the window for new offerings slammed shut, has helped fund its money-burning operations since then.

In its mid-February 2007 IPO, Salary.com sold 5.7 million shares at $10.50 each. Of that amount, 4.9 million came from the company, meaning it raised some $51m. (That relatively fat offering came despite the company only recording $23m in revenue in the year leading up to its IPO.) In the year after the debut, the stock basically traded at or slightly above the offer price. But in early February 2008, it broke issue and would never again change hands in the double digits. Kenexa bid $4.09 for each share of Salary.com.

The fact that Salary.com is getting taken off the Nasdaq at less than half the price that it came on the exchange underscores just how much Wall Street has backed away from risk. And, unfortunately for Salary.com – a tiny company that’s put up only red numbers – that has meant investors backing away from it. To get a sense of just how small Salary.com is, consider this fact: each year, the company generates about $40m in sales, roughly the amount that its acquirer, Kenexa, generates each quarter. And we can’t overlook the fact that its unprofitable operations had burned down its stash of cash to about $8m, compared to more than $20m last year.

So all things considered, the planned sale of Salary.com is not such a bad outcome for the vendor. It gets valued at about 1.6 times trailing sales, roughly matching the multiple in some other recent human capital management (HCM) deals. (For instance, we understand that ADP paid about $110m for Workscape earlier this summer, a transaction that valued the HCM vendor at about 1.8x trailing sales.) In any case, if Salary.com hadn’t gotten a Wall Street windfall in the form of an IPO, we’re fairly certain that the company would have had a much rougher go of it during the Credit Crisis, and probably wouldn’t even have fetched the $80m that it got in its sale to Kenexa, or any other buyer.

A clear return and ‘cloudy’ outlook for Tripwire’s only deal

Brenon Daly

Contact: Brenon Daly

Exactly a year ago, Tripwire made its first and only acquisition in its 14-year history, picking up the assets of Activeworx. The tiny startup added log management technology to Tripwire, an IT configuration and compliance vendor. The deal itself, which only set Tripwire back about $3m, was a fittingly quiet purchase of a company that had lived a pretty quiet life. On Thursday, Tripwire took that technology to the cloud.

Although Tripwire actually closed its pickup of Activeworx last August, it only began talking about its log management offering, which is based on the acquisition, earlier this year. It also only began selling its log management offering earlier this year. As it was rolling out the offering, we noted that the log management market looked awfully crowded. But so far, Tripwire appears to be getting a solid return on its Activeworx buy. From a standing start, Tripwire’s Log Center business has generated about $2m of license sales in the first two quarters of 2010. (And to be clear, that’s GAAP revenue, as listed in the company’s latest amendment to its S-1 filed with the SEC, not some loosey-goosey figure that has been rounded way up.)

Granted, the Log Center contribution is still a small slice of the $18m in total licenses it has sold over the same period, and an even smaller portion of the $40m it tallied as total first-half 2010 revenue. But for a new product introduction, that’s a strong start out of the gate. And today, Tripwire announced a partnership with Terremark through which the datacenter provider will now be offering Log Center to its clients. The on-demand compliance and security arrangement between the two companies marks the first cloud offering from Tripwire.

Having its inaugural acquisition already producing revenue at a strong clip, we suspect that Tripwire will look to return to the market. The only question in our mind is what corporate structure Tripwire will have when it goes shopping again. Will it remain a privately held company, or will it see through its IPO filing and join the ranks of the Nasdaq-listed companies? Or will it – as we have speculated in the past – get snapped up by a larger vendor? From what we’re hearing now, however, a Tripwire trade sale is looking less likely than earlier in the summer. From our perspective, two of the companies that would head any list of likely buyers for Tripwire (McAfee and Hewlett-Packard) have their own M&A events to sort through right now.

Why wouldn’t HP jump the McAfee bid instead?

Brenon Daly

Contact: Brenon Daly

If we had to guess about Hewlett-Packard making an uncharacteristic move and jumping an announced transaction, we would have thought the company would go after McAfee rather than 3PAR. After all, HP has a giant hole in its security portfolio (we might describe it as a ‘McAfee-sized’ hole), while it’s already pretty well covered on the storage side, even if much of its offering is a bit long in the tooth.

Yet that isn’t the way it’s playing out. The recently decapitated company offered $1.7bn earlier this week for 3PAR, adding roughly $410m, or 33%, to the proposed price of the high-end storage vendor. Meanwhile, McAfee’s planned $7.8bn sale to Intel, announced last week, continues to track to a close before the end of the year. (We would note that McAfee is being valued at 3.4 times trailing sales, exactly half the level of 3PAR following HP’s bumped bid, which took the valuation to 7.6x trailing sales.)

HP’s topping bid for 3PAR appears to be a fairly defensive move. For starters, there’s the matter that 3PAR would overlap more than a little bit with its existing core storage offering called StorageWorks Enterprise Virtual Array. Betting on an acquired property to replace – or at the very least, refresh – the heart of a company’s current offering is a risky proposal. On top of that, 3PAR would require a new architecture, rather than just running on top of HP’s existing hardware like its other software-based storage acquisitions (PolyServe, IBRIX and Lefthand Networks).

All in all, looking to derail Dell’s offer for 3PAR appears to be at odds with much of HP’s previous strategy and rationale around storage. And while it pursues that deal (cost what it may), HP passes on McAfee, a one-of-a-kind security asset that would instantly make it much more competitive with IBM, EMC and Cisco Systems. If HP has sincere aspirations about outfitting the next generation of datacenters, we might suggest that it needs to actually own its intellectual property (IP) for security.

So far, however, HP has been content with just OEM arrangements to cover itself for security. (Notably, it has extracted a fairly one-sided agreement with Symantec for consumer anti-malware protection.) And even though buying McAfee would mean an unraveling of a number of those arrangements, we would note that reality isn’t preventing HP from making its bid for 3PAR. Remember that HP currently has an OEM arrangement with Hitachi Data Systems for a high-end offering like 3PAR. Yet it’s prepared to pay – and pay a lot of money – to own the IP itself. Couldn’t the same rationale be used for McAfee?

Arms race M&A in application security

Brenon Daly

Contact: Brenon Daly

If IBM and Hewlett-Packard basically matched each other’s deal size in the first round of M&A for application security, HP has gone much bigger than Big Blue in the second round. In fact, we gather that the price tag for HP’s recent purchase of Fortify Software is more than 10 times larger than the amount IBM paid last summer for rival static code analysis vendor Ounce Labs. (When IBM announced the deal, we speculated that HP may well work out its own tit-for-tat deal, reaching for its partner Fortify.)

Terms weren’t revealed on either the Fortify or Ounce Lab transactions. However, we gather that IBM picked up Ounce Labs for about $25m and that HP likely paid about $275m (including an earnout) for Fortify. Our understanding is that Ounce Labs garnered roughly 3 times trailing sales, while Fortify went for about 4.6x trailing sales of about $60m.

Those deals, which were separated by roughly a year, came after both tech giants had made acquisitions of dynamic code analysis vendors within two weeks of one another. Back in mid-2007, IBM purchased Watchfire for an estimated $140m, roughly matching HP’s $135m acquisition of SPI Dynamics. Both transactions were done at more than 5x trailing sales, according to our understanding. For those keeping track of the arms race M&A by these two tech superpowers, the collective bill for their application security purchases now exceeds a half-billion dollars.

Select application security acquisitions

Date announced Acquirer Target Deal value Target trailing revenue
August 17, 2010 HP Fortify Software $275m* $60m*
July 28, 2009 IBM Ounce labs $25m* $8m*
June 19, 2007 HP SPI Dynamics $135m* $20m*
June 6, 2007 IBM Watchfire $140m* $30m*

Source: The 451 M&A KnowledgeBase *451 Group estimate

‘You bought what? For how much?’

Brenon Daly

Contact: Brenon Daly

In both of the largest enterprise IT acquisitions so far this year, the deals are not what they seem. Or more accurately, the target companies were not acquired for what they are. What do we mean? Well, we would posit that Intel didn’t buy McAfee for its core security applications any more than SAP scooped up Sybase for its core database product. Instead, in each case, the buyers really only wanted a small part of the business but found themselves nonetheless writing multibillion-dollar checks for a whole company.

For SAP, the apps giant really wanted Sybase’s mobile technology, essentially using the Sybase Unwired Platform to ‘mobilize’ all of its offerings. It’s nice that the purchase also brought along some data-management capabilities, particularly some pretty slick in-memory database technology. But for SAP, this deal was all about getting its apps onto mobile devices. However, Sybase’s mobile business only generated about one-third of total revenue at the company. So SAP ends up handing over $5.8bn in cash for a business that’s currently running at just $400m.

If anything, Intel is paying even more for the business that it truly wanted – or, at least, the business that’s most relevant – at McAfee: embedded security. Yet that’s only a small (undisclosed) portion of the roughly $2bn revenue at McAfee, the largest stand-alone security vendor. Tellingly, Intel plans to operate as a kind of holding company, letting McAfee continue undisturbed with its business of selling security applications to businesses and consumers.

Intel ‘inside’ of largest security acquisition

Brenon Daly

Contact: Brenon Daly

The largest stand-alone security company is no longer standing on its own. McAfee agreed Thursday to a $7.7bn all-cash offer from Intel. The bid of $48 for each share represents a 60% premium over the security vendor’s previous closing price – and the highest price for its shares since early 1999. Intel’s purchase represents a significant gamble that security can be hardened by pairing software with hardware, which will likely be even more important as the need for security expands from just computers to consumer electronics, datacenter equipment and other devices. Despite that rationale, Intel still struck most observers as a surprise buyer for McAfee, which had been linked in earlier rumors to Hewlett-Packard.

The deal stands as the largest security acquisition ever, nearly twice the size of the number two deal, Juniper Networks’ $4bn purchase of NetScreen Technologies in early 2004. (Juniper used equity to cover that transaction; its stock is currently at the same price it was when it announced that deal.) Interestingly, the banks on both of these mammoth security transactions were the same: Goldman Sachs had both sole buy-side mandates (for Juniper and, more recently, Intel) while Morgan Stanley worked the sell side (sole advisor for McAfee and co-advisor, along with JP Morgan Securities, on NetScreen).

Recent significant security transactions

Date announced Acquirer Target Equity value
August 19, 2010 Intel McAfee $7.7bn
February 9, 2004 Juniper Networks NetScreen Technologies $4bn
June 29, 2006 EMC RSA Security $2.1bn
August 23, 2006 IBM Internet Security Systems $1.3bn

Source: The 451 M&A KnowledgeBase