Category: security

Infosec on Wall Street: a tale of two exits

Brenon Daly

Contact: Brenon Daly

Although Sourcefire and Websense stand as the two most-recent publicly traded information security vendors erased from the stock exchange, they are dramatically different departures. Sourcefire is going out on top, garnering its highest-ever price in its half-decade on Wall Street. In contrast, Websense, which has been public since 2000, took an offer that valued its shares lower than they had traded on their own just two years earlier.

Of course, the discrepancy stems largely from the financial performance of the two companies – and, maybe more to the point, which buyer can make those numbers work. Essentially, the deals represent the dramatic difference between ‘growth’ and ‘mature’ tech companies, as well as the difference between financial and strategic buyers.

Sourcefire collected a platinum valuation from fellow corporation Cisco Systems because the networking giant assumes it can wring out additional ‘revenue synergies’ from the already quickly growing Sourcefire. (In 2012, Sourcefire bumped up overall sales 35%.) The rationale isn’t too much of a stretch: Cisco already moves much of the traffic around the Internet, so why not secure it as well? (Of course, that’s so obvious that Cisco has been trying to pitch that ‘convergence’ for about a decade, but has found only limited success on its own.)

Those earlier efforts help explain why Cisco is valuing Sourcefire at 10 times trailing revenue, the highest multiple for any all-cash acquisition of an infosec vendor valued at more than $1bn. On the other end of the valuation spectrum, we have Websense. The Web security vendor went private at just 2.5x trailing sales.

Undoubtedly, Websense’s financial profile is much more at home in a private equity (PE) portfolio than Sourcefire would ever be. The company is seven years older than Sourcefire, and while we wouldn’t say its best days were necessarily behind it, revenue at Websense actually ticked down slightly last year. Still, it generated far more cash than Sourcefire, which undoubtedly appealed to its new PE owner, Vista Equity Partners. (Websense’s operating margin is three times higher than Sourcefire’s.) As different as the two deals are, they do have one similarity: both buyers are getting what they want at a price they want.

For more real-time information on tech M&A, follow us on Twitter @451TechMnA.

With $2.7bn at stake, how will Cisco handle red-hot Sourcefire?

Brenon Daly

Contact: Brenon Daly

In one big roll of the dice, Cisco Systems has nearly matched the entire spending on all information security deals across the globe in each of the past two years. The networking giant announced Tuesday that it plans to hand over $2.7bn in cash for Sourcefire. That single transaction, which gives the network security vendor a platinum double-digit valuation, barely lags the aggregate value of 2012 ($3bn) and 2011 ($3.2bn) infosec deals.

So what is Cisco getting in its big bet on security? Sourcefire is a solid mid-20% grower and has consistently ranked well in terms of stickiness with customers. TheInfoPro, a service of 451 Research, surveyed Sourcefire customers in late 2011 and found that not a single one was planning to switch from Sourcefire to another provider. Sourcefire was the only infosec vendor among the 15 companies surveyed to receive unanimous support from its customers.

The growth and positive sentiment around Sourcefire goes some distance toward balancing the concerns that this mega-transaction brings, both specific and general. For starters, Cisco has struggled with many of its purchases outside its core market of enterprise networking gear (witness its divestiture of consumer brand Linksys earlier this year). Further, the company’s security business in the most-recent quarter shrank 4%, compared with a 5% increase in overall revenue at Cisco.

More broadly, many of the multibillion-dollar acquisitions of other infosec providers have only delivered so-so results for the buyers. In some cases, rumors have pointed to acquirers looking to unwind their purchases. For instance, we’ve heard in the past that IBM has considered shedding the Internet Security Systems business it bought in mid-2006 for $1.3bn. Additionally, EMC was rumored to be exploring alternatives for RSA Security, which it picked up in a competitive process for $2.1bn seven years ago.

And then there’s the cautionary tale provided by a directly comparable transaction in early 2004. In that deal, Cisco rival Juniper Networks decided that it wanted to make a play for the convergence of networking and security, announcing a $4bn stock swap for NetScreen Technologies. That deal dragged on Juniper’s results for years, and was one of the primary reasons why Juniper was out of the M&A market entirely for a half-decade (2005-2010). We would note that during that five-year period with its rival sidelined, Cisco was incredibly active, spending more than $20bn on 40 acquisitions.

For more real-time information on tech M&A, follow us on Twitter @451TechMnA.

RSA adds Aveksa, bolstering goverance and provisioning

Brenon Daly

Contact: Wendy Nather, Brenon Daly

The identity and access management (IAM) market has evolved far beyond hooking up Active Directory with cloud-based identity management and single sign-on to a whole realm of business context that needs to be addressed. To cover that, EMC’s RSA Security has acquired Aveksa, a ‘business-driven IAM’ vendor, adding to the security giant’s existing portfolio of authentication, analytics and governance offerings.

Much of RSA’s portfolio has come through a steady flow of M&A. The security division of EMC typically acquires one or two startups each year. We would note that deal flow is much slower than EMC’s other major division, VMware. Nonetheless, RSA has made significant moves in recent years, adding Silver Tail Systems (antifraud), NetWitness (event monitoring) and Archer Technologies (GRC), among others.

With Aveksa, RSA will get a solid source of identity governance, user provisioning and access management to go along with its authentication business. RSA says that another reason for the acquisition was the speed with which Aveksa could be rolled out in the enterprise. The published claim is that roughly 70% of customers were up and running in production within four months – a far cry from traditional IAM infrastructures, which can take years to customize and deploy. (See our full report.)

Same price but very different deals for Tumblr and Websense

Brenon Daly

Contact: Brenon Daly

It’s often said that tech M&A valuations are more art than science, a perspective that stood in stark relief thanks to a pair of transactions announced Monday morning. The deals, which have wildly different strategic underpinnings, involve companies at opposite ends of their corporate lifecycle but came in at the same price: $1bn.

On the one hand, we have a fairly staid take-private of a 20-year-old information security vendor with flatlining sales of slightly more than one-third of a billion dollars. On the other, we have a wildly popular blogging site that gets a multiple of nearly 100x its nascent sales as a faded Internet kingpin makes a highly speculative acquisition.

In the more conventional transaction, buyout shop Vista Equity Partners said it will hand over about $1bn for Websense. The offer values the Web content filtering vendor at loosely 3x sales. (That’s just slightly higher than the multiple that fellow private equity firm Thoma Bravo paid a year and a half ago for Blue Coat Systems, a ‘vintage’ technology company that also offered Web content filtering as part of its broader portfolio.) According to a recent survey of IT buyers by TheInfoPro, a service of 451 Research, Blue Coat was the top-ranked Web content filtering vendor, cited by 27% of respondents, followed by Websense at 22%.

And then, there’s Yahoo’s reach for Tumblr. The $1.1bn all-cash acquisition is Yahoo’s largest in about a decade. And while Tumblr has a heavy user base (about 300 million unique monthly visitors), it had only really begun generating revenue. The company has only about one-tenth the number of employees at Websense.

For more real-time information on tech M&A, follow us on Twitter @451TechMnA.

FireEye eyes an IPO

Brenon Daly

Contact: Brenon Daly

Many tech IPO underwriters are spending this week trying to catch the eye of FireEye. The advanced anti-malware vendor is currently baking off for an offering later this year that will likely create the next publicly traded information security company valued at more than $1bn.

FireEye has been tracking to the public market for some time, making moves earlier this year – such as adding several executive heavyweights and raising a ‘top-off’ $50m round of funding – that indicated an IPO may be close at hand. Further, it has the financial profile that will undoubtedly find buyers on Wall Street. According to our understanding, FireEye generated some $130m in bookings in 2012, about double its bookings from the previous year.

The company, which has more than 1,000 customers, has made huge strides since it emerged from stealth in mid-2006. It has pivoted from its initial focus on the network access control market to botnets to a broader advanced anti-malware platform. Along the way it has raised some $95m in backing from investors including DAG Ventures, Goldman Sachs, Jafco Ventures, Juniper Networks, Norwest Venture Partners and Sequoia Capital, which incubated FireEye.

However fitful FireEye’s evolution has been, the company has drawn fans in the information security market. According to a late-2012 survey by TheInfoPro, a service of 451 Research, FireEye was ranked as the second ‘most exciting’ infosec company. It trailed only Palo Alto Networks, which went public last summer and currently commands a $3.5bn market capitalization.

For more real-time information on tech M&A, follow us on Twitter @451TechMnA.

Fortinet acquires CDN software startup XDN

Contact: Tejas Venkatesh

Unified threat management vendor Fortinet has acquired four-year-old startup XDN, adding software that is used for building and managing CDNs. The deal helps Fortinet closely tie its security and WAN optimization services with content acceleration software from XDN, thereby providing a distributed, cloud-based approach to adapt effectively to disruptive attack traffic.

Fortinet’s move comes as companies like Akamai have fortified their security lineups with cloud-based Web application firewall and other related services. Fortinet did not disclose terms of the deal. In fact, it was XDN that announced the transaction in a blog post, almost a month after my colleague Jim Davis wrote about the deal. XDN raised about $7m in funding from Storm Ventures and Canaan Partners. For a full report on the acquisition, click here.

For more real-time information on tech M&A, follow us on Twitter @MAKnowledgebase.

End of an encryption era?

Ben Kolada

Contact: Ben Kolada

There has been considerable consolidation in the drive encryption sector over the past half-decade, most recently with Dell acquiring OEM partner Credant Technologies. However, with Dell taking Credant off the table, meaningful consolidation may be complete as there are few potential buyers left.

Dell is buying its OEM disk encryption software partner Credant in what could be seen as a tech tuck-in. The acquisition provides Dell with the IP rights to technology it already sells – Credant’s Data Protection Suite was available on Dell’s laptops and workstations as a preconfigured option. Terms weren’t disclosed, but we’re hearing that Credant generated trailing revenue in the $20-30m ballpark. (We’ll have a full report on the transaction in our next Daily 451.)

After earlier rounds of consolidation in this sector by security giants Symantec, McAfee and Check Point Software, there aren’t many potential acquirers left. In fact, it appears that the number of likely targets may outnumber the likely acquirers. Although M&A in this sector seems to be either at its end or near it, two remaining targets we would point to are still-independent vendors WinMagic and Zecurion.

Similar acquisitions to Dell buying Credant

Date announced Acquirer Target Deal value TTM revenue
September 22, 2011 Wave Systems Safend $12.8m Not disclosed
April 29, 2010 Symantec GuardianEdge Technologies $70m $18m
April 29, 2010 Symantec PGP $300m $75m
October 8, 2007 McAfee SafeBoot $350m $60m*
November 20, 2006 Check Point Software Technologies Protect Data [dba Pointsec] $586m $63.8m

Source: The 451 M&A KnowledgeBase *451 Research estimate

For more real-time information on tech M&A, follow us on Twitter @MAKnowledgebase.

Dell’s down, but still dealing

Brenon Daly

Contact: Brenon Daly

Undeterred by a sharp slump in business, Dell continues to shop. Just a day after reporting an 11% decline in fiscal Q3 revenue, the tech giant on Friday reached for infrastructure automation startup Gale Technologies. Gale should help bolster Dell’s recently launched Active System Manager (ASM) by adding an automation layer above the hypervisor, extending ASM beyond on-premises enterprise systems to support hybrid clouds.

The addition of Gale makes sense for Dell both operationally and competitively. The acquisition furthers Dell’s push toward ‘convergence,’ pretty much the only area of the company’s business that is expanding. (Through the first three quarters of this fiscal year, the servers and networking business unit has increased revenue 9%, compared with a 9% decline in total revenue at Dell.) The transaction also matches a similar purchase by Cisco of Cloupia just one day earlier.

However, beyond the Gale acquisition, there are growing questions about the broader M&A program at Dell. Although the company has been spending steadily to buy into markets beyond its historic PC business, the results have yet to show up in its top line.

Granted, the purchases are part of a multiyear transition and it may be too soon to expect full returns on them. But, with Dell shares bumping along at their lowest level since the end of the recession, Wall Street is getting impatient with the company’s turnaround. The stock has dropped 40% over the past year.

Over the past two years, Dell has spent more than $7bn on M&A, expanding into areas such as storage, security, services and software. And yet, despite that not-insignificant financial outlay, Dell is shrinking. The company is likely to put up about $57bn in sales in this fiscal year, which wraps at the end of January. That would be roughly $5bn, or 8%, less than it generated in the previous fiscal year.

For more real-time information on tech M&A, follow us on Twitter @MAKnowledgebase.

A quickly to Z

Ben Kolada

Contact: Ben Kolada

Rather than go for the quick exit, Andreessen Horowitz’s investing thesis focuses on the long haul, investing in companies that have the potential to become tech giants. Its investment in anti-fraud startup Silver Tail Systems counters that thesis, but that’s what happens when the money comes knocking early.

Andreessen Horowitz first disclosed that it invested in Silver Tail in June 2011. The thought was that, like the malware wave, sophisticated fraud attacks would first hit the largest enterprises and eventually move downwind to SMBs. However, the market has greatly expanded, as a variety of fraud attacks are now hitting businesses of all sizes.

Noticing the market’s potential, EMC moved to take Silver Tail’s capabilities in-house. Terms were not officially disclosed on EMC’s acquisition of Silver Tail, although the price was reported to be in the $300-400m range.

As we understand it, though, Silver Tail was initially looking for the opposite of an exit. The story we’re hearing is that Silver Tail was out on the fundraising circuit, looking for upward of $30m, but EMC made a table-clearing offer. That reported price, if true, would have been about twice the post-money valuation Silver Tail was seeking in its round. As it is, the midpoint of the reported price is actually about five times the post-money valuation it took in its last round, according to our understanding.

For more real-time information on tech M&A, follow us on Twitter @MAKnowledgebase.

Is Sucuri for sale?

Ben Kolada

Contact: Ben Kolada

Just a month after its newfound partner VirusTotal was scooped up by Google, antimalware detection and remediation startup Sucuri may be next on the auction block. Word has it that the two-year-old company is attracting takeover attention. That shouldn’t come as too much of a surprise, given the growth potential of the website antimalware monitoring market and the strategic importance companies are placing these days on their online presences.

Sucuri provides a website malware detection product and associated remediation service meant to prevent customers’ websites from being blacklisted by search engines, namely Google. The company’s software scans websites for malware infection and alerts the customer. Sucuri then provides a cleanup service to remove the malware. As businesses continue to transition from brick-and-mortar to e-commerce models, such services will become increasingly important to growing sales, especially during the upcoming holiday season. Given its short lifespan, we suspect that the company is currently generating less than $10m in revenue.

No word yet on which companies may be looking to acquire Sucuri, but the list likely includes mass-market hosting vendors and large security firms. Like its competitors, Sucuri’s go-to-market strategy so far has been partnering with hosting companies, though it also sells directly to customers. The company lists Web host ClickHOST as a partner, as well as a half-dozen WordPress hosting and site design vendors. As for possible security suitors, the most likely acquirers that immediately come to mind are Proofpoint, Kaspersky Lab, Websense, Symantec, AVG Technologies or AVAST Software.

For more real-time information on tech M&A, follow us on Twitter @MAKnowledgebase.