Category: security

Arms race M&A in application security

Brenon Daly

Contact: Brenon Daly

If IBM and Hewlett-Packard basically matched each other’s deal size in the first round of M&A for application security, HP has gone much bigger than Big Blue in the second round. In fact, we gather that the price tag for HP’s recent purchase of Fortify Software is more than 10 times larger than the amount IBM paid last summer for rival static code analysis vendor Ounce Labs. (When IBM announced the deal, we speculated that HP may well work out its own tit-for-tat deal, reaching for its partner Fortify.)

Terms weren’t revealed on either the Fortify or Ounce Lab transactions. However, we gather that IBM picked up Ounce Labs for about $25m and that HP likely paid about $275m (including an earnout) for Fortify. Our understanding is that Ounce Labs garnered roughly 3 times trailing sales, while Fortify went for about 4.6x trailing sales of about $60m.

Those deals, which were separated by roughly a year, came after both tech giants had made acquisitions of dynamic code analysis vendors within two weeks of one another. Back in mid-2007, IBM purchased Watchfire for an estimated $140m, roughly matching HP’s $135m acquisition of SPI Dynamics. Both transactions were done at more than 5x trailing sales, according to our understanding. For those keeping track of the arms race M&A by these two tech superpowers, the collective bill for their application security purchases now exceeds a half-billion dollars.

Select application security acquisitions

Date announced Acquirer Target Deal value Target trailing revenue
August 17, 2010 HP Fortify Software $275m* $60m*
July 28, 2009 IBM Ounce labs $25m* $8m*
June 19, 2007 HP SPI Dynamics $135m* $20m*
June 6, 2007 IBM Watchfire $140m* $30m*

Source: The 451 M&A KnowledgeBase *451 Group estimate

‘You bought what? For how much?’

Brenon Daly

Contact: Brenon Daly

In both of the largest enterprise IT acquisitions so far this year, the deals are not what they seem. Or more accurately, the target companies were not acquired for what they are. What do we mean? Well, we would posit that Intel didn’t buy McAfee for its core security applications any more than SAP scooped up Sybase for its core database product. Instead, in each case, the buyers really only wanted a small part of the business but found themselves nonetheless writing multibillion-dollar checks for a whole company.

For SAP, the apps giant really wanted Sybase’s mobile technology, essentially using the Sybase Unwired Platform to ‘mobilize’ all of its offerings. It’s nice that the purchase also brought along some data-management capabilities, particularly some pretty slick in-memory database technology. But for SAP, this deal was all about getting its apps onto mobile devices. However, Sybase’s mobile business only generated about one-third of total revenue at the company. So SAP ends up handing over $5.8bn in cash for a business that’s currently running at just $400m.

If anything, Intel is paying even more for the business that it truly wanted – or, at least, the business that’s most relevant – at McAfee: embedded security. Yet that’s only a small (undisclosed) portion of the roughly $2bn revenue at McAfee, the largest stand-alone security vendor. Tellingly, Intel plans to operate as a kind of holding company, letting McAfee continue undisturbed with its business of selling security applications to businesses and consumers.

Intel ‘inside’ of largest security acquisition

Brenon Daly

Contact: Brenon Daly

The largest stand-alone security company is no longer standing on its own. McAfee agreed Thursday to a $7.7bn all-cash offer from Intel. The bid of $48 for each share represents a 60% premium over the security vendor’s previous closing price – and the highest price for its shares since early 1999. Intel’s purchase represents a significant gamble that security can be hardened by pairing software with hardware, which will likely be even more important as the need for security expands from just computers to consumer electronics, datacenter equipment and other devices. Despite that rationale, Intel still struck most observers as a surprise buyer for McAfee, which had been linked in earlier rumors to Hewlett-Packard.

The deal stands as the largest security acquisition ever, nearly twice the size of the number two deal, Juniper Networks’ $4bn purchase of NetScreen Technologies in early 2004. (Juniper used equity to cover that transaction; its stock is currently at the same price it was when it announced that deal.) Interestingly, the banks on both of these mammoth security transactions were the same: Goldman Sachs had both sole buy-side mandates (for Juniper and, more recently, Intel) while Morgan Stanley worked the sell side (sole advisor for McAfee and co-advisor, along with JP Morgan Securities, on NetScreen).

Recent significant security transactions

Date announced Acquirer Target Equity value
August 19, 2010 Intel McAfee $7.7bn
February 9, 2004 Juniper Networks NetScreen Technologies $4bn
June 29, 2006 EMC RSA Security $2.1bn
August 23, 2006 IBM Internet Security Systems $1.3bn

Source: The 451 M&A KnowledgeBase

Strategic ardor for Arbor

Brenon Daly

Contact: Brenon Daly

In yet another sign that private equity (PE) still hasn’t recovered to the level that the buyout barons enjoyed in the halcyon days before the Credit Crisis, consider the process around Arbor Networks. The network security and monitoring vendor had many of the characteristics that would typically appeal to a PE shop: a mature company that was running at about $100m, with EBITDA margins approaching the mid-teens, according to our understanding. Along with the decent cash generation, 10-year-old Arbor was also growing, targeting about 20% expansion for 2011.

Even though some half-dozen PE firms looked at Arbor, the company ended up going to a strategic acquirer, Tektronix. (See our full report on the deal, which wasn’t the most intuitive pairing we could have come up with for Arbor. That said, as my colleague Andrew Hay notes in the report, the acquisition of Arbor gives Tektronix a way to couple its network diagnostics and management of fixed, mobile, IP and converged multiservice networks with security and threat mitigation products.)

So while the portfolio expansion certainly makes sense for Tektronix, there’s also the interesting side note that, in this case, a strategic buyer is outbidding would-be financial acquirers. Further, that’s largely without relying on so-called ‘synergies,’ or cost savings from cutting duplicative operations at the acquired company to effectively lower the valuation for a corporation. (The reason: Tektronix is basically absorbing all of Arbor, running it as a stand-alone business.) That sort of corporate dealmaking is a far cry from three years ago, when the low cost of capital sometimes allowed PE firms to outbid companies, even when a not-insignificant amount of synergies figured into the deal.

Private equity activity

Period Deal volume Deal value
Jan. 1-Aug. 10, 2010 170 $18.4bn
Jan. 1-Aug. 10, 2009 170 $3.8bn
Jan. 1-Aug. 10, 2008 158 $18.3bn
Jan. 1-Aug. 10, 2007 209 $109.7bn
Jan. 1-Aug. 10, 2006 189 $53bn

Source: The 451 M&A KnowledgeBase

McAfee doubles down with tenCube

Contact: Jarrett Streebin

McAfee recently made its second purchase this year in the mobile security field, picking up tenCube. The Singapore-based startup’s applications provide backup and restore for select data, device tracking, as well as remote lock and wipe for Android, BlackBerry, Symbian and Windows Mobile smartphones. Combined with McAfee’s recent acquisition of Trust Digital, recently disclosed in an SEC filing as a $33m purchase, the two deals help provide the largest stand-alone security company with the ability to secure and manage both consumer and enterprise smartphones.

Although mobile hacking is increasing, the several levels of control present in the devices and networks have prevented a major outbreak of malware infections. But due to the rapid expansion of mobile traffic, as well as the amount of sensitive information stored on and sent by these devices, the likelihood of such attacks is increasing. McAfee is well aware of these threats and has been expanding its offerings since its purchase of SafeBoot in 2007. Then, in May it purchased Santa Clara-based startup Trust Digital, providing McAfee with a robust set of Enterprise Mobility Management tools to help manage smartphones on employer networks. Now with tenCube, McAfee adds WaveSecure, the leading device security application for Android phones. WaveSecure is also offered on most other mobile operating systems, providing McAfee with a complete suite to sell to carriers and OEMs.

To say that mobile security has been a hot space recently would be an understatement. TenCube was the most recent of seven acquisitions this year – up from zero in all of last year and only one the year before. Although McAfee gets one of the best device security application makers with tenCube, there are still others left on the market. It’s likely that we’ll see tenCube’s competitors SmrtGuard and Lookout Inc, as well as other mobile device management players like Conceivium, BoxTone, MobileIron and Zenprise, attract M&A attention in the future as more players look to enter the mobile market or strengthen current offerings. Look for our full report in tonight’s MIS sendout.

Symantec to talk shop — and shopping

Brenon Daly

Contact: Brenon Daly

Although most of the attention in Symantec’s quarterly report Wednesday night will be focused on the top and bottom line, we expect the company’s recent shopping spree to also come up. The storage and security giant announced three acquisitions in its just-completed quarter – more deals than it did in all of 2009. The bill for Big Yellow’s almost unprecedented M&A activity in the quarter came in at $1.65bn. As we recently noted, Symantec on its own has accounted for one-third of the spending for all security deals so far this year.

The biggest part of Symantec’s spending will go toward covering its purchase of the identity and authentication business from VeriSign, its largest transaction in more than a half-decade. (As a reminder, VeriSign’s business was running at about $370m, generating a very healthy $100m or so in cash flow each year.) Big Yellow has yet to close that deal, which was announced in mid-May, or offer specific financial projections for that business. Look for more information on that acquisition on the call tonight.

Symantec will be reporting its fiscal first-quarter results, which covers the second calendar quarter, after the closing bell. Analysts are projecting earnings of about $0.35 per share on revenue just shy of $1.5bn. However, we would note that rivals in each part of Big Yellow’s two main businesses have come up short of Wall Street expectations in their recent quarters. Two weeks ago, storage vendor CommVault indicated that sales had softened while just this morning, security rival Websense offered a disappointing earnings outlook. Websense shares were down more than 10% in midday trading.

The Big Blue erasure

Brenon Daly

Contact: Brenon Daly

In addition to the current snarling bear market and the onerous regulatory requirements, we’ve noticed yet another hurdle IPO candidates have to clear to get to the public market: IBM. With last week’s purchase of BigFix, the tech giant has gobbled up two private companies this year that were both tracking for an IPO. In February, Big Blue snagged Initiate Systems, a master data management vendor that had filed to go public in late 2007 but pulled its prospectus in mid-2008.

As we understand it, BigFix wasn’t nearly as close to an offering as Initiate. But the security management startup certainly had the financial profile to become a public company. (In fact, we’ve listed the Emeryville, California-based vendor as a possible IPO candidate in our outlook for the security market in each of the past two years.) BigFix was tracking to $65m in revenue for 2010, up from $52m in 2009, according to sources. (Bookings were closer to $85m last year.) The company also generated some $14m in free cash flow in 2009, a surprisingly large amount for a 13-year-old startup that had only raised $36m in venture backing.

In both of the deals, IBM paid a fairly rich multiple. Although terms weren’t disclosed, we understand that Big Blue handed over $425m, or 5.3 times trailing revenue, for Initiate. And we hear from multiple sources that IBM paid $400m, or nearly 8x trailing revenue, for BigFix. The multiple in both deals is substantially higher than the median price-to-sales multiple (1.8x) that we recently calculated for all tech transactions in the second quarter.

As a final thought, we highly (highly, highly) doubt that if either Initiate or BigFix came public right now, it would garner anywhere near a $400m valuation. (We recently put out a special report on the dreary IPO market.) More likely, skittish investors would discount the debut valuation to around $250m, give or take. Add in lockup periods and other considerations in an IPO that draw out the path to liquidity, and it’s no wonder both Initiate and BigFix took a rich, all-cash offer from IBM.

Is SafeNet looking to secure an IPO?

Brenon Daly

Contact: Brenon Daly

A little more than three years after it went private, SafeNet is looking to return to the public market. Several sources have indicated that the encryption vendor has lined up its underwriters and plans to file an S-1 in about two weeks. If indeed the offering goes ahead, it will face a market that is proving rather hostile to IPOs right now. (We recently looked at the dreary state of the IPO market in a special report.)

Through both organic and inorganic growth, the SafeNet that returns to the market will be about half the size of the one that stepped off the market. We understand that the company is running at about $450m in revenue, compared to about $300m in revenue in the year leading up to its leveraged buyout. While private, SafeNet did a handful of small deals as well as the contentious $160m take-private of Aladdin Knowledge Systems.

An IPO would mark a second straight exit for SafeNet’s owner, Vector Capital. The buyout shop sold its Register.com portfolio company last week, realizing a return of two and a half times its investment. Vector took the Web registration and design firm private in 2005, pared down the business, made it dramatically more profitable and then sold it to Web.com.

Also noteworthy about the rumored IPO by SafeNet is that the offering is being handled entirely by bulge-bracket banks. The book-runners are said to be JP Morgan Securities, Morgan Stanley and Goldman Sachs, with the offering co-managed by Bank of America Merrill Lynch and Deutsche Bank. Off the top of our heads, that’s the first tech IPO that we can think of that doesn’t have a regional or boutique bank also helping to bring out a company.

Securing a busy time for M&A

Brenon Daly

Contact: Brenon Daly

Overall M&A is nowhere near the level it was in the boom days of 2007, but there is one sector where deal makers are actually more active than ever: IT security. So far this year, we’ve tallied 45 security acquisitions with an aggregate deal value of some $5.4bn. That is substantially higher than the same period in the previous two years, when the recession knocked M&A into a tailspin.

This year’s level of security M&A is even higher than the $3.7bn spent on 44 deals that we recorded in the same period in 2007, which was a record year for tech acquisitions. The activity in the sector stands out even more when we consider that, overall, deal makers have spent a total of just $80bn on transactions across all sectors so far this year – just one-third the level of spending at this point in 2007.

Perhaps the single biggest reason for the jump in spending so far this year has been the return to the market of Symantec. On its own, Big Yellow accounts for about one-third of the total shopping bill in the sector, having announced four deals valued at nearly $1.7bn in 2010. Included in that quartet of purchases is the pick-up of the identity and authentication business from VeriSign, which was Symantec’s largest single transaction since its misguided purchase of storage company Veritas Software in December 2004. It also announced a pair of deals for encryption vendors in a single day in April.

The other security deal this year we’d highlight is the planned take-private of SonicWALL. With an equity value of $717m, that’s the largest security LBO we’ve seen in some time. (For comparison, a year ago, the same buyout shop, Thoma Bravo, took digital identity firm Entrust private in a deal valued at just $124m.) Add in other smaller deals by McAfee, EMC, Oracle and Check Point Software, and the security M&A market has been busy this year. Given the strength of the sector and the broad base of buyers, we expect activity to remain brisk for the rest of 2010.

Security M&A

Period Deal volume Deal value
Jan. 1 – June 14, 2010 45 $5.4bn
Jan. 1 – June 14, 2009 33 $381m
Jan. 1 – June 14, 2008 35 $648m
Jan. 1 – June 14, 2007 44 $3.7bn

Source: The 451 M&A KnowledgeBase

SonicWALL should be right at home in PE portfolio

Brenon Daly

Contact: Brenon Daly

Except for losing its ticker, we don’t expect the soon-to-be private SonicWALL to be radically different from the one that traded on the Nasdaq. At least not the SonicWALL of the past few years. The reason? The unified threat management vendor has already been running a strategy that’s found fairly often in PE portfolios.

Basically, the company has taken the cash it has generated from its rather mature core product (firewalls) and done acquisitions to expand into emerging markets. SonicWALL has inked about a deal each year for the past half-decade, buying startups that had developed technology for anti-spam, continuous data protection and, most recently, WAN traffic optimization.

The collective bill on those deals is about $78m, a relatively small amount for a company that held more than $200m in its treasury and generated roughly $10m of cash each quarter. Once it goes private, we wonder if SonicWALL won’t start eyeing some larger deals. After all, it will have deep-pocketed new owners and will no longer be penalized in its accounting for acquisitions.

SonicWALL’s shopping trips

Date announced Target Deal value Market
April 19, 2010 DBAM Systems (assets) $4m WAN traffic optimization
June 12, 2007 Aventail $25m SSL/VPN
February 8, 2006 MailFrontier $31m Anti-spam
November 21, 2005 Lasso Logic $15.5m Continuous data protection
November 21, 2005 enKoo $2.4m SSL/VPN

Source: The 451 M&A KnowledgeBase