Category: security

LifeLock takes its lumps in IPO

Brenon Daly

Contact: Brenon Daly

The post-IPO slide of LifeLock highlights yet another case of overinflated private market valuations. The identity theft prevention vendor has had a tough run since its debut on the NYSE on Wednesday. LifeLock priced at $9 per share, which was below its expected range, and has never traded above that level in the aftermarket. In mid-Thursday afternoon trading, shares were changing hands at about $8.10.

That decline has brought LifeLock shares to nearly the same level they were when the company sold equity more than two years ago. In May 2010, Industry Ventures paid $7.88 per preferred share of LifeLock in a series E round. That’s only a 3% discount to LifeLock’s current market price.

Obviously, both valuations are just ‘moment in time’ prices. And in this particular moment, consumer names in nearly all markets are out of favor on Wall Street. Recall that consumer Internet security provider AVAST Software pulled its IPO paperwork in late July after not being able to get a valuation it wanted.

As we look back on recent IPOs in the security market, we are reminded that where a company starts out isn’t necessarily where it ends up. For instance, enterprise security vendors Sourcefire and ArcSight both had underwhelming IPOs, trading underwater before going on a tear on Wall Street. In the end, ArcSight got taken off the board in September 2010 at four times its offering price. Meanwhile, Sourcefire is currently trading at three times the level at which it first sold shares to the public in early 2007, compared with a 30% return over that period for the Nasdaq.

For more real-time information on tech M&A, follow us on Twitter @MAKnowledgebase.

Qualys looks to transition from a product to a platform

Brenon Daly

Contact: Brenon Daly

As it gets set to hit the public market later this week, the question for Qualys is whether the on-demand security vendor can make the transition from a product to a platform. The 13-year-old company is known primarily for its vulnerability management offering, which will account for the vast majority of the $100m or so of bookings it will generate this year.

But Qualys is acutely aware of the fact that it won’t get a premium valuation if it doesn’t expand beyond that. The company has already helped its own cause with the early steps it has made in expanding its portfolio. It recently noted that revenue growth is outpacing customer growth. (In the first half of this year it bumped up its overall top line by 22%, about 5 percentage points higher than its growth rate in 2011.)

Qualys has a number of advantages as it attempts to pull off the transition. For starters, the company sells its service entirely on a subscription basis, which makes it easier – both commercially and in terms of technology architecture – to add additional security offerings. Besides its vulnerability management product, Qualys already offers five other products around compliance, Web application security and other areas.

That approach has drawn in nearly 6,000 customers for the company, providing a broad base to sell new products into. Yet, as Qualys highlighted during its roadshow, the company has only begun its cross-selling efforts. Currently, only one out of five customers uses more than one Qualys product.

The underwriters for Qualys, led by J.P. Morgan Securities and Credit Suisse Securities, are likely to be conservative in their initial pricing of what would be the fourth information security vendor to go public in the past year. As it stands, the range is set at $11-13 per share. We expect Qualys to actually price above that on Thursday and then likely move higher in the aftermarket, as the previous trio of enterprise security offerings have done. Even with the expected bump, Qualys will likely only create about $500m of market value. However, if the company can emerge as a true platform, that will be just the starting point.

KEYW picks up Sensage to build out Project G

Ben Kolada

Contact: Ben Kolada

Just three days after announcing its largest acquisition – the $126m pickup of cybersecurity software development firm Poole & Associates – KEYW has snagged small security information and event management (SIEM) vendor Sensage for $24m, with an earnout potentially raising that price by $10.5m. The two companies had previously been partners, working together on KEYW’s networking cybersecurity platform, dubbed Project G.

KEYW is handing over $15m in cash and $9m in stock. The deal also includes an earnout of up to $3m in cash and $7.5m in stock, achievable based on unspecified revenue targets for the second half of the year. The transaction is expected to close in October.

The Redwood City, California-based target, which has 35 employees, generated about $12m in revenue last year and recorded a small operating loss for the first half of this year. However, although the legacy Sensage business will be retained, the company isn’t being valued on its sales, but rather its potential contribution to KEYW’s nascent Project G platform. Sensage CEO Joe Gottlieb will head the combined company’s Project G network security initiative. KEYW began commercially testing Project G in June.

Select precedent ESIM acquisitions

Date announced Acquirer Target Price/sales valuation
April 3, 2012 TIBCO Software LogLogic 3.5*
October 4, 2011 IBM Q1 Labs 8.8*
October 4, 2011 McAfee NitroSecurity 5.3*
June 23, 2011 SolarWinds TriGeo Network Security 3.9
September 13, 2010 Hewlett-Packard ArcSight 7.7

Source: The 451 M&A KnowledgeBase *451 Research estimate. Click links for full deal details.

For more real-time information on tech M&A, follow us on Twitter @MAKnowledgebase.

Qualys: a quality offering at a tough time

Brenon Daly

Contact: Brenon Daly

Continuing a run of enterprise-focused IT security IPOs, Qualys has set an initial range of $11-13 per share for its upcoming offering. The range would value the on-demand vulnerability management vendor a bit above $400m, a rather conservative valuation for a company that will record bookings of more than $100m this year. We understand that Qualys will price its offering in two weeks, and we wouldn’t at all be surprised to see it debut at a price in the mid-teens. J.P. Morgan Securities and Credit Suisse Securities are co-leading the offering.

The IPO of Qualys would mark the fourth enterprise IT security provider to hit the market in the past year, following Imperva, Proofpoint and Palo Alto Networks. That makes this particular slice of the tech landscape the most active – and most lucrative – area for IPOs. Collectively, the quartet – including the roughly half-billion-dollar initial market cap we project for Qualys at its debut – will have created about $6bn in market value.

Two-thirds of that amount comes from the wildly successful IPO of Palo Alto Networks. But we would note that Imperva and Proofpoint have been fairly well received on Wall Street, with both offerings trading above water. That stands in contrast to the loosely related consumer security companies and, even more broadly, the overall IPO market, which is highly skeptical of new offerings as a number of recent high-profile IPOs have turned out to be big money losers for investors.

For instance, shares of consumer Internet security provider AVG Technologies have broken issue and are currently changing hands at nearly their lowest level since the company debuted in February. AVG’s woeful performance contributed to the decision by AVAST Software, a similar consumer Internet security provider, to pull its IPO in late July.

Undoubtedly, the bearishness around the consumer security market is weighing on the offering from Qualys. However, we suspect that pressure will be relatively short-lived for Qualys, and the company will enjoy the same strong aftermarket performance of other recent enterprise security IPOs.

For more real-time information on tech M&A, follow us on Twitter @MAKnowledgebase.

Google grabs antivirus, antimalware scanning aggregator VirusTotal

Contact: Wendy Nather

Málaga, Spain-based VirusTotal, a company that provides free antivirus and antimalware aggregation services, announced that it has been acquired by Google, following the search giant’s acquisition last year of zynamics for code analysis and reverse engineering. No terms were disclosed, but given that VirusTotal is a labor of love by a team of seven engineers, we believe both sides got a good deal.

VirusTotal aggregates the results of scans from numerous antivirus engines and website scanners: a user can upload a file or submit a URL for scanning, and will receive any findings from the collection of tools. In return, VirusTotal gets to use the data from the upload and its results to add to its data store, which it will then share with all subsequent comers. The company has been firmly vendor-independent, and says it will continue to operate that way as a subsidiary of Google. (We do wonder, however, whether it plans to change the name of its company blog, currently titled ‘Inside VirusTotal’s Pants.’) The value to Google comes from VirusTotal’s position at the crossroads of antimalware research: the more people who use its service, the richer the data and intelligence will be.

The VirusTotal team makes very clear that its service is not intended to take the place of antivirus software, nor should it be used to compare commercial tools. And indeed, we can’t see it being a threat to the established antimalware vendors (in fact, the latest announced integration was Sucuri’s SiteCheck). It’s more an intelligence sink and source, and as a free service it has the best chance of collecting agnostic data that benefits the entire community. But that intelligence, together with its public and private API access, could also be used by Google internally in a number of ways, such as checking submissions to its Android store, or scanning sites before offering them as search results. The number of threat intelligence feeds is growing daily, and Google just picked up a meta-version of many of them for what we assume was a relatively low price – viewed from this angle, it was a smart move.

For more real-time information on tech M&A, follow us on Twitter @MAKnowledgebase.

Renewed rumors in MDM M&A, spotlight on Fiberlink

Ben Kolada

Contact; Ben Kolada

Rumors are swirling again about a possible takeover of one of the largest mobile device management (MDM) vendors. While we previously reported on speculation that AirWatch was nearing a sale to BMC, rumors this time put the spotlight on Fiberlink Communications.

Several industry sources have told us that mobile and laptop management veteran Fiberlink, better known nowadays for its MaaS360 mobile management product line, has been shopping itself. If a deal comes to fruition, it would most likely be the largest sale yet of an MDM provider.

We’re hearing varying rumors regarding the Blue Bell, Pennsylvania-based company. A couple of sources noted that Fiberlink had been shopping itself for a while, and that talks at one point fell apart, until an unknown suitor unexpectedly came back to the table. The company declined to comment on those rumors.

No word yet on who may be bidding for Fiberlink. Last year we wrote that the 21-year-old company was profitable, with revenue in the $50-100m range. Fiberlink has not taken funding since 2003, when it secured a $50m round led by Technology Crossover Ventures.

For more real-time information on tech M&A, follow us on Twitter @MAKnowledgebase.

LifeLock plans life as public company

Brenon Daly

Contact: Brenon Daly

Despite consumer technology names falling largely out of favor on Wall Street, LifeLock has announced plans for a $175m IPO. The identity theft prevention vendor, which has 2.3 million customers, ran at basically breakeven on sales of $125m in the first half of 2012. The offering is being led by Goldman Sachs & Co, which owns 11% of LifeLock, along with Bank of America Merrill Lynch and Deutsche Bank Securities.

LifeLock’s filing comes as other consumer-focused technology IPOs have had a rough go of it. That’s true across a number of markets, from social networking (Facebook) to gaming (Zynga) to online backup (Carbonite has been nearly cut in half during its first year on the public market) to information security (AVAST Software pulled its IPO paperwork last month). Fairly or not, LifeLock – a company that spends about half its revenue on sales and marketing – will have to work its way through that bearish sentiment in the market.

Still, the company has been steadily increasing its subscriber base (at about a 20% rate) as well as bumping up its average revenue per subscriber (currently $9 per month). That has helped LifeLock get to a point where it generated $21m of free cash flow in the first half of 2012, which is only slightly less than it generated in all of last year. Also, we recently noted that LifeLock used some of that cash to take its first step into the enterprise market, acquiring ID Analytics. Although that business is still less than 10% of total revenue, it’s a welcome hedge for LifeLock, both in terms of technology and end markets.

For more real-time information on tech M&A, follow us on Twitter @MAKnowledgebase.

General Dynamics nabs networking cybersecurity vendor Fidelis

Ben Kolada

Contact: Ben Kolada

General Dynamics on Monday announced the acquisition of network security vendor Fidelis Security Systems. Fidelis’ customer profile and proximity to security operations at federal agencies appealed to General Dynamics as the defense giant looks to expand its cybersecurity capabilities against several competitors that have already announced inorganic moves in this market.

General Dynamics isn’t disclosing terms of the all-cash deal, but did say that Fidelis has approximately 70 employees. When we last wrote about Fidelis in February 2011, we noted that it had 52 employees and that its average deal size had steadily grown from $200,000 in 2008 to $350,000. At the time, the company had 62 customers (up from 21 in 2008).

We’ve written before about traditional military contractors moving toward cybersecurity as the government cuts back on traditional military spending. In June, Northrop Grumman printed a similar transaction, reaching for Australian network security systems integrator M5 Network Security. And in October 2011, ManTech International announced that it was acquiring network, security and systems integration and software development vendor Worldwide Information Network Systems for $90m. General Dynamics also bought Fortress Technologies, which provides wireless mesh network access points and software that enable US defense agencies to establish secure wireless LAN connections, in July 2011. We’ll have a full report on this deal in an upcoming Daily 451.

For more real-time information on tech M&A, follow us on Twitter @MAKnowledgebase.

After setting sail for IPO, Avast changes its tack

Brenon Daly

Contact: Brenon Daly

In the half-year leading up to AVAST Software pulling its IPO paperwork on July 25, the market moved steadily against it. A number of high-profile consumer-focused offerings – and, importantly, their subsequent after-market trading – have burned a lot of investors, making them hesitant to buy shares of a security vendor selling entirely to consumers. Additionally, there’s the overhang about the health of Europe, where AVAST has its headquarters and where it still does half its business.

In terms of perception, it also didn’t help AVAST that the IPO of fellow European security software vendor AVG Technologies earlier this year has been a money-loser. AVG priced its shares at the low end of its expected range, and has been underwater since then. The stock is currently changing hands at about $10, one-third lower than where the company initially sold it.

Amid those bearish grumblings on Wall Street, business at AVAST also started to slow. After soaring along with 50% bookings growth in 2011, the pace in the first quarter dipped to 38%. Meanwhile, its margins also ticked lower this year compared with 2011.

Granted, both the revenue growth and the company’s incredibly rich margins are at levels that most companies could only aspire to reach. For instance, AVAST – a company that generates around $100m in bookings with just 207 employees – runs at around a 65% Free Cash Flow (FCF) margin. It currently nets more than $10m each quarter.

But we suspect that business model wouldn’t have gotten much appreciation on Wall Street – at least not initially. If AVAST had gone ahead and priced at the high end of its expected range, it would have debuted at about eight times trailing bookings and 13x trailing FCF. That’s hardly an outrageous valuation, particularly when compared to the rich multiples enterprise-focused vendors have drawn in their recent IPOs. To put a point on that, consider this: at around an $800m debut valuation, AVAST would be worth just one-fifth the amount of the most-recent security IPO, Palo Alto Networks.

For more real-time information on tech M&A, follow us on Twitter @MAKnowledgebase.

With new CEO at Symantec, is Big Yellow planning a big unwind?

Brenon Daly

Contact: Brenon Daly

Is Big Yellow planning to slim down? That’s the question that was echoing around Wall Street on June 25 after Symantec showed Enrique Salem the door following another lackluster quarterly performance.

Symantec reported fiscal Q1 revenue was essentially flat with the year-earlier period, as its storage and server management unit (the company’s largest single business) actually shrank in Q1. Even when the unit grows, it lags Symantec’s other main business of security. For the full previous fiscal year, the storage business increased just 4%, compared to a 20% rise in security sales.

That discrepancy – along with the fact that Symantec shares have lost about one-third of their value since the security company got into the storage business with its mid-2005 acquisition of Veritas – has prompted calls from investors to unwind Veritas. We understand Symantec has been exploring that option since Salem took the top spot three years ago. One of the more intriguing ideas we heard was Symantec swapping its storage business for the RSA unit at EMC. However, we gather the separation of the units, along with tax implications, made that too complicated.

Incoming CEO Steve Bennett, who has been chairman of Symantec for a year, has indicated that he will review Symantec’s portfolio. Wall Street, of course, read a fair amount into that, as well as the CEO changeover. One source noted that Bennett had overseen a handful of divestitures during his tenure as chief executive of Intuit, including shedding the construction management software unit and unwinding the company’s Blue Ocean acquisition. However, we would characterize those moves as a typical bit of corporate housecleaning – a far cry from the teardown that some investors are calling for at Symantec.

For more real-time information on tech M&A, follow us on Twitter @MAKnowledgebase.