security – Page 16 – Inorganic Growth

The 451 Group picks up ‘voice of the consumer’

March 3, 2011 Brenon Daly

For today’s deal, we move a little bit closer to home: The 451 Group announced today that it has acquired the assets of TheInfoPro, a New York-based advisory and research firm. Founded in 2002, TheInfoPro counts more than 100 organizations as clients and draws on extensive surveys of those IT buyers to get real-world perspectives and forecasts on IT innovation. Focus areas for TheInfoPro include security, storage, networks, servers as well as virtualization.

With the acquisition, TheInfoPro will become a division of The 451 Group, joining the New York City office. (Terms of the transaction weren’t disclosed.) The deal is the third significant purchase by The 451 Group in the past half-decade to expand our offerings around analyzing and advising our clients on the business of IT innovation

Google adds zynamics to its security capabilities

March 2, 2011 Ben Kolada

Contact: Wendy Nather, Ben Kolada

Reverse engineering and code analysis vendor zynamics just announced that it is being acquired by Google for an undisclosed sum. Google has made other security plays before, with the largest being the $625m purchase of SaaS messaging security vendor Postini in July 2007, but this is its first reverse engineering deal. Google isn’t providing details on the rationale for the transaction, but we suspect that the target could be used for a number of purposes, including inspecting its ad streams for malware.

Bochum, Germany-based zynamics was founded as Sabre Security in 2004 by Thomas Dullien (aka Halvar Flake), who in 2007 was barred by the Transportation Security Administration from entry to the US as he attempted to travel to Las Vegas to present at the Black Hat conference. Google isn’t disclosing the deal terms, but when we covered zynamics back in 2008 we noted that it was profitable, with revenue of just over a half-million dollars. Google is retaining the entire zynamics team.

Google hasn’t divulged what it plans to do with zynamics’ IP and team, but given the target’s specialties, a pretty obvious use would be to check its hosted ads for malware, as well as improve detection of malware in the Android application market (given that Google just pulled 21 applications from the market today for security issues, this is an ongoing concern). We assume that Google will be using the zynamics assets to augment or replace what it’s presumably using today for these activities. But even in that case, Big G could have just licensed the software, which would mean that it plans to use the zynamics team and its talent to expand upon it for its own use – and since Google has such a wide footprint on the Internet, it’s a target-rich environment.

RSA = Rumors Swirling Around

February 22, 2011 Brenon Daly

Contact: Brenon Daly

Candidly, one of the main reasons we’ve always enjoyed the RSA conference is all the gossip at the event. From the show floor to get-togethers that take place along the periphery of the conference, people talk. That’s especially true at the boozy after-hours parties sponsored by vendors and their backers, where the focus is more on martinis than malware.

And once again, last week’s conference didn’t disappoint, with ‘RSA’ once again living up to its abbreviation of ‘rumors swirling around.’ Of course, most of the speculation centered on which security company was going to get taken out next. That’s more than a guessing game if you consider the following conference regulars that have been gobbled up just since last year’s RSA event: McAfee, ArcSight, PGP, SonicWall, Arcot Systems along with dozens of other smaller companies.

As for the next significant player to go, we heard a fair amount of M&A buzz around NetWitness. The company sells a powerful network-analysis platform for traffic capture, classification and analysis, and is thought to be running at roughly $60m in sales. The Washington DC-based startup is run by Amit Yoran, who already sold a company to Symantec back in 2002. (Private equity firm Summit Partners picked up a minority stake in NetWitness about a year ago.) The two names that came up most often as the rumored buyer of NetWitness were Hewlett-Packard, looking to add to its recent ArcSight acquisition, and Cisco, which has already done deals to add security to its core network business.

A public signoff from McAfee

February 8, 2011 Brenon Daly

Contact: Brenon Daly

After nearly two decades in some form or another as a public company, McAfee all but certainly reported its quarterly results to Wall Street for the final time on Tuesday morning. The company’s sale to Intel is expected to close in the coming weeks, a deal that will bring the largest stand-alone security vendor under the ownership of the largest semiconductor maker. For 2010, McAfee reported sales of $2.1bn and cash from operations of $595m. It didn’t hold a conference call because of the imminent close of its sale to Intel. (We suspect that the company won’t miss that quarterly ritual.)

The unexpected acquisition, which received our Golden Tombstone award as the most significant transaction of last year, was supposed to have already closed. When the $7.7bn deal was announced in mid-August, the companies indicated that they expected it to close before the end of 2010. It got overwhelming clearance from McAfee’s shareholders in early November, with 1,500 ‘yes’ votes for every one ‘no’ vote. US regulators signed off on the transaction in December.

But it took another month for European regulatory authorities to give their blessing – and they did so only conditionally. Among other things, Intel had to assure the European Commission that it won’t prevent other security providers from working on its chips and that the vendors will be able to use ‘functionalities’ of Intel’s products in the same way that McAfee is able to. While Intel may not be thrilled about making concessions to the EC, at least the six-month-old deal isn’t getting bogged down there. Remember that it took Oracle some nine months to close its purchase of Sun Microsystems, largely because of European regulatory concerns.

Trustwave surfing toward an IPO?

January 27, 2011 Brenon Daly

Contact: Brenon Daly

After two IT security companies put in their IPO paperwork last summer, we’re hearing that Trustwave is almost certain to be the first filer in 2011. The PCI-compliance vendor is currently baking off, with the selection of bankers expected to be complete next week. The actual prospectus would likely be filed around April and the offering would hit later this year, according to several sources.

If the filing goes ahead as planned, Chicago-based Trustwave would join both SafeNet and Tripwire as security providers looking to join the ranks of public security companies. (Or in the case of SafeNet, rejoin the ranks of public security companies.) Our understanding is that Trustwave finished 2010 with roughly $125m in sales, and continues to generate cash. Depending on the timing of the offering, the vendor would likely come to market with a valuation in the neighborhood of a half-billion dollars, according to our quick, back-of-the-envelope math.

Founded in 1995, Trustwave has expanded far beyond its original focus on PCI auditing and remediation, largely through M&A. It has acquired seven companies in the past three years, most of them small firms that, for the most part, were having a tough go of it on their own. Trustwave then adds the acquired technology on top of its Linux platform (TrustOS) and offers it to customers either through an on-premises product or a managed service. All in, Trustwave counts some two million customers.

Kaspersky catches some cash

January 21, 2011 Brenon Daly

Contact: Brenon Daly

Add General Atlantic (GA) to the list of buyout firms that has picked up a stake in an information security vendor. The firm on Thursday acquired a 20% chunk of Russian antivirus software provider Kaspersky Lab for $200m, implying an overall valuation of $1bn. The deal marks the third significant investment by a private equity (PE) shop in a European anti-malware vendor in just the past six months.

GA also appears to have gotten a bargain in becoming the company’s second-largest shareholder. Kasperky’s $1bn valuation works out to about 2 times sales and 8-9x EBITDA, according to our understanding. For comparison, rival anti-malware vendor Sophos got more than 3x trailing sales when it sold a majority stake to Apax Partners last May. (And according to at least two sources, Kaspersky was targeting a valuation of ‘well north’ of $1bn when it was running the process, which took most of 2010.) The third recent antivirus deal was Summit Partners’ $100m investment in AVAST Software last August.

Sourcefire’s risky bet to re-spark its M&A program

January 7, 2011 Brenon Daly

Contact: Brenon Daly

As deals go, Sourcefire’s first acquisition hardly set the world on fire (if you will). Back in August 2007, the open source security vendor picked up the open source ClamAV project. The deal only set Sourcefire back $3.5m, but not much has been heard from the project since the acquisition. Undeterred, Sourcefire stepped back into the M&A market on Wednesday with an even larger – and (potentially) much more significant – transaction.

Sourcefire is paying $17m in cash for Immunet, a cloud-based anti-malware provider. (Immunet could also pocket a $4m earnout, which depends on the company hitting some product milestones, as well as a smidge of Sourcefire equity.) It’s still early days for Immunet, which raised just one round of funding and only started generating revenue last year. (The company claims some 750,000 users, but we suspect that the vast majority of those would be using Immunet Protect, which is available for free.)

There’s always a risk when a company reaches for an early-stage startup like Immunet, which has yet to really prove itself commercially. That risk is somewhat mitigated, however, by the fact that the two companies had worked together for almost a year, and all of the Immunet employees, including the founders, will be joining Sourcefire.

But, as my colleague Andrew Hay notes in his report, the deal brings a much bigger risk: Can Sourcefire, which is primarily focused on network security with its well-known Snort product, step into the endpoint security market without a stumble? How will it fare in selling antivirus against giant rivals that generate more revenue each quarter than Sourcefire has in its entire history? Sourcefire has fought through some tough setbacks in its history, including a broken sale to Check Point Software and breaking issue in its IPO. Now, with Immunet, it needs to show that it can actually pull off an acquisition.

Defense goes on offense

December 20, 2010 Ben Kolada

Contact: Ben Kolada

Constraints in federal defense spending are causing traditional defense contractors to look outside their core for growth. The latest move is Raytheon’s pickup of cyber security firm Applied Signal Technology. The $490m acquisition, announced today, wraps up a two-month process from when Applied Signal announced that it would seek ‘strategic alternatives’ to increase shareholder value.

Raytheon’s $38-per-share offer for Applied Signal represents a 37% premium over Applied Signal’s closing share price the day before it announced it was looking to boost its share price. We suspect the high valuation was partly the result of a competitive bidding process that included Raytheon competitors L-3 Communications and Cobham. However, this isn’t the first competitive process we’ve seen for a defense-focused IT service provider. The Applied Signal transaction comes just half a year after its larger rival, Argon ST, was scooped up by Boeing. We understand the Argon property was the focus of an even more hotly contested process, with Boeing eventually paying a premium of 41% above Argon’s share price the day before the deal was announced.

The rise in defense IT valuations is the result of traditional defense contractors looking for growth channels as the federal spigot tightens. After a dozen years of consistent growth in federal defense spending, the Office of Management and Budget projects defense expenditures will decrease by an aggregate of 5% from 2010-2015. Meanwhile, spending on IT defense is expected to rise. As a result, firms like Argon and Applied Signal have received healthy valuations, but they are not alone. Since late October, when Applied Signal announced it was looking at strategic alternatives to increase shareholder value, including selling itself, acquisition speculation has spilled over to Mercury Computer Systems, a maker of hardware and software systems for the defense industry. Since Applied’s announcement, shares of Mercury Computer have risen 40%.

And the Golden Tombstone goes to …

December 17, 2010 Brenon Daly

Contact: Brenon Daly

In addition to asking corporate development executives in our annual survey to look ahead and predict M&A activity and valuations in the coming year, we also asked them to look back and tell us which deal of the previous year they thought was the most significant. The winner for 2010? Intel’s $7.7bn purchase of McAfee, an unexpected transaction that landed the largest stand-alone security company inside the dominant supplier of microprocessors. At nearly twice the value of the previous largest security deal, it’s a risky bet that security will become another integral consideration around silicon, along with power consumption and performance.

The landmark Intel-McAfee pairing barely edged out Hewlett-Packard’s contested acquisition of high-end storage vendor 3PAR in the voting by corporate development executives for the Golden Tombstone for the top deal of the year. Past winners of the highly coveted award include Oracle-Sun Microsystems (2009), HP-EDS (2008) and Citrix-XenSource (2007).

We suspect that the competition for next year’s Golden Tombstone may be even more intense, at least according to one indication in our survey. (See our full report on the survey.) When we asked corporate development executives about how likely they were to do ‘transformative acquisitions,’ more than half (52%) said they planned to do one of these risky, bet-the-company kind of transactions. In our 2009 survey, just one out of five respondents said that.

Juniper back in the market — and how

December 7, 2010 Brenon Daly

Contact: Brenon Daly

Just nine months after Juniper Networks picked up a small stake in Altor Networks through the startup’s second round of funding, the networking giant decided Monday to take home the whole thing. Juniper will hand over $95m in cash for the rest of the virtual firewall vendor. (Altor had raised around $16m in backing, including the undisclosed investment from Juniper.) At the time of the investment, Juniper said it planned to develop an ‘even closer’ relationship with Altor, its primary virtualization security partner. See our full report on the deal.

The purchase of Altor stands as Juniper’s fifth acquisition this year, and brings its M&A spending to almost $400m so far in 2010. That’s fairly remarkable activity, considering that Juniper had been out of the market for a half-decade. And with the exception of its recent pickup of Trapeze Networks, Juniper’s buys have been big bets on small companies. The networking giant has paid $70m-100m each for Ankeena Networks, SMobile Systems and Altor – and we gather that all three of the target companies were running in the single digits of millions of dollars.

Recent Juniper acquisitions

Date	Target	Deal value	Rationale
December 6, 2010	Altor Networks	$95m	Virtualization security
November 18, 2010	Blackwave (assets)	Not disclosed	Internet video content delivery
November 16, 2010	Trapeze Networks	$152m	Wireless LAN infrastructure
July 27, 2010	SMobile Systems	$70m	Mobile device security
April 8, 2010	Ankeena Networks	$69m	Online media content delivery

Source: The 451 M&A KnowledgeBase