Category: security

SonicWALL heads behind closed doors

Brenon Daly

Contact: Brenon Daly

After more than a decade as a public company, SonicWALL is set to go private in a $717m leveraged buyout (LBO) led by Thoma Bravo. Terms call for the private equity (PE) firm to pay $11.50 for each of the roughly 62 million shares outstanding for the unified threat management (UTM) vendor. That marks the highest price for SonicWALL shares since early 2002. (However, that didn’t stop several law firms from investigating a possible breach of fiduciary responsibility by SonicWALL’s board, as the ambulance chasers have done in so many other recent transactions.)

As we look at the proposed LBO, the valuation strikes us as pretty fair. Our math: while the deal carries an equity value of $717m, the net cost is much lower thanks to the profitable company’s fat treasury. SonicWALL holds $213m of cash and short-term investments, lowering the enterprise value (EV) of the planned take-private to $504m. That works out to 2.5 times the company’s sales of $200m in 2009 and 2.2x projected revenue of about $230m this year.

That valuation sits about midway between SonicWALL’s two closest rivals. Four years ago, WatchGuard Technologies went private in an LBO by Francisco Partners that valued the UTM vendor at basically 1x trailing sales, on an EV basis. Meanwhile, fellow UTM provider Fortinet, which went public last November, currently trades at slightly more than 3x trailing sales. (Again, that’s calculated on an EV basis, and without any acquisition premium for Fortinet.) SonicWALL shareholders stand to get a 28% premium on their stock, assuming the LBO closes as expected in the third quarter.

Imagining ‘what if’ on Tripwire

Brenon Daly

Contact: Brenon Daly

As we were skimming through Tripwire’s recently filed IPO paperwork, we couldn’t help but wonder ‘what if….’ Specifically, we were wondering what the company would be like if it had gone for the other exit and taken the rumored offer from BMC more than three years ago. At the time, Tripwire was only about half the size it is now and nowhere near as profitable. But with the benefit of hindsight, it’s almost certain that Tripwire would have been valued at a much richer multiple in a trade sale during a time when M&A dollars were flowing freely (late 2006-07) than by going public in the current bearish environment.

To be clear, that’s not a knock on Tripwire. As we highlight in our report on the proposed offering, the company has a solid growth story to tell Wall Street: six consecutive years of revenue growth, while generating cash in each of those years. Instead, it’s just a reflection of the dramatic change in the valuation environment over the past three years. Consider this: In March 2008, BMC paid roughly 11 times trailing sales and 9x projected sales for BladeLogic, a valuation that wasn’t at all out of whack for the fast-growing datacenter automation vendor. (It was actually lower than what Hewlett-Packard spent on Opsware, a BladeLogic rival.)

While we have no idea what kind of valuation BMC was kicking around for Tripwire at the time, we have to believe it’s above the multiple we have penciled out for the IT security and compliance vendor in its market debut. Because of the bear market, we figure Tripwire will probably come public at about $300m. If that initial valuation holds more or less accurate, it will value Tripwire at basically 4x trailing sales and 3x projected sales – just one-third the valuation that BladeLogic got in its sale.

What’s new at Novell?

Brenon Daly2 Comments

Contact: Brenon Daly

Even though its shareholders aren’t overwhelmingly concerned with Novell’s financial numbers right now, the company will nonetheless be releasing results for its fiscal second quarter later Thursday afternoon. For what it’s worth, Wall Street expects earnings of about $0.07 per share on sales of $205m, representing year-over-year declines on both the top and bottom lines. (We should add that if Novell does manage to hit expectations, it will snap two straight quarters of earnings whiffs.)

But then Novell hasn’t traded on fundamentals for the past three months, ever since hedge fund Elliott Associates launched an unsolicited offer for the company. Novell, which is being advised by JP Morgan Securities, stiffed the bid, but did leave the door open to other ‘alternatives to enhance shareholder value.’ Since Elliott floated the offer, shares of Novell have basically changed hands at or above the $5.75-per-share bid.

As a decidedly mixed bag of businesses, Novell isn’t the cleanest match for any other company that might want to take it home. For that reason, most speculation around a possible buyer for Novell has centered on private equity firms. (The buyout shops are undoubtedly licking their chops at the prospect of picking up Novell’s $600m of maintenance and subscription revenue, not to mention the $1bn that sits in the company’s treasury.) However, we understand from a person familiar with the process that there are a handful of strategic buyers still interested in Novell.

If we were to put forward one potential suitor that could probably benefit more than any other company in picking up Novell’s broad portfolio of businesses, we might single out SAP. OK, we know it’ll never happen. (Never, ever.) But a hypothetical pairing certainly does go a long way toward filling a few notable gaps in SAP’s offering, while also making the German giant far more competitive with Oracle.

Consider this fact: some 70% of SAP apps that run on Linux run on Novell’s SUSE Linux Enterprise. Add in Novell’s additional technology around identity and access management, systems management, virtualization and other areas, and SAP’s stack suddenly looks a lot more competitive with Oracle’s stack. Again, an SAP-Novell deal will never happen, but the combination certainly does lend itself to some intriguing speculation.

Timeline: Novell in the crosshairs

Date Event Comment
March 2, 2010 Elliott Associates launches unsolicited bid of $5.75 per share for Novell The offer values Novell at a $2bn equity value but only a $1bn enterprise value
March 20, 2010 Novell rejects Elliott’s bid as ‘inadequate’ By our calculation, Elliott is valuing Novell at just 1.6 times its maintenance/subscription revenue

Source: The 451 Group

VeriSign saves best for last

Brenon Daly

Contact: Brenon Daly

When we look back at VeriSign’s two-year period of jettisoning unwanted businesses, we can only marvel at how it saved the best for last. The divestiture of its identity and authentication division to Symantec for $1.28bn caps a massive process of unwinding the previously misguided acquisitions of former CEO Stratton Sclavos. The longtime chief executive had used the money that gushed from VeriSign’s core registry business to buy his way into markets that were pretty far afield, such as mobile messaging and telecom billing.

Indeed, the scale of VeriSign’s divestitures is unprecedented among technology vendors, with the company dumping seven businesses in 2009 alone. (It’s interesting to note that while Morgan Stanley handled at least three of the divestitures last year, JP Morgan Securities banked VeriSign on the big sale of its security unit.) The company had seemingly wrapped up the grueling process last fall, telegraphing to Wall Street that it liked its two remaining businesses: registry and security. For that reason, the sale of the security division came as a bit of a surprise, the rumors of the divestiture earlier this week notwithstanding.

The sale also came at a substantial premium to virtually all of the other divestitures that VeriSign has closed. While the other divisions were lucky if they went for 1 times sales, the security business is going to Big Yellow for 3.5x sales. (More representative of the divestiture process is the 1x sales that VeriSign received when it sold its managed security services business to SecureWorks a year ago.) On a cash-flow basis, we understand that Symantec is paying about 10x EBITDA, which is roughly twice the valuation of most corporate castoffs.

As we see it, there are two basic reasons for the security division to fetch such a premium. For starters, it hummed along at a mid-20% operating margin. (Granted, that’s lower than VeriSign’s core registry business, but it’s still a level that most companies would envy.) But more importantly, we understand that Symantec actively sought out the VeriSign business, and indicated that it was a serious suitor right from the outset. Certainly, the pairing makes sense. As my colleague Paul Roberts points out, Symantec significantly bolstered its offering around cloud identity, broadening the reach of its policies around data protection, threat monitoring and compliance with enhanced authentication.

Where might Symantec shop?

Brenon Daly

Contact: Brenon Daly

After its double-header encryption deals last week, Symantec appears set to return to M&A. Like a number of tech giants, Big Yellow largely shunned dealmaking last year. But the drop-off was particularly notable at Symantec: It spent more than $1bn on acquisitions in both 2007 and 2008, but less than $100m in 2009. We would hasten to add that in the fiscal year that just ended on April 2, Symantec generated $1.7bn in cash flow from operations. That brought its cash stash to more than $3bn.

As to where the company might be shopping, my colleague Paul Roberts in our Enterprise Security Program outlines five areas that make sense for Symantec to buy its way into – as well as who might be of interest in those markets. In a new report, Roberts looks for M&A activity from Symantec in the following areas: threat detection and reputation monitoring, SIEM and vulnerability management, enterprise rights management, database security and endpoint control. All of those areas are a long way from Symantec’s original market of antivirus software.

A final thought on Big Yellow and its possible shopping is that the company actually enjoys a fair amount of goodwill on Wall Street right now. Symantec’s fiscal fourth quarter, which it reported Wednesday, was surprisingly strong for many investors, particularly after rival McAfee had a less-than-stellar first quarter. In fact, on many trading screens Symantec was the only green stock Thursday on an otherwise blood-red day. Symantec shares closed up less than 2%, but that was on a day that saw the Dow Jones Industrial Average plummet almost 1,000 points, or 9%, in afternoon trading.

One sale leads to another at Sophos?

Brenon Daly

Contact: Brenon Daly

As leading indicators go, the recent decisions around Sophos paint a rather bearish picture for the current IPO market. The anti-malware vendor had briefly filed to go public back in late 2007 but then pulled the paperwork as the markets tumbled. We understand that Sophos had lined up banks earlier this year for another run at an IPO, but it ended up selling a majority chunk to buyout shop Apax Partners earlier this week. (Two of the three bookrunners on the most recent lineup were the same as the 2007 prospectus, according to a source.)

A dual-track process typically adds at least a few dollars to the price of a company, since it at least introduces the idea of another buyer (the public market). However, Sophos’ sale to Apax, in our view, comes at a discount to the valuation we would have penciled out for the company. The deal values Sophos at $830m, about 3.2 times trailing sales and 2.7 times projected revenue. Sophos’ stillborn IPO comes at time when other would-be debutants are having to cut terms or shelve their offerings altogether.

Yet somewhat paradoxically, we think the move by Apax actually makes an offering by the security company more likely, at least down the road. For starters, it replaces Sophos’ somewhat cumbersome ownership structure, which didn’t always share the same alignment, with a single owner to call the shots. (For instance, we heard there was a fair amount of dissention inside Sophos over its mid-2007 purchase of Utimaco, which stands as the largest acquisition of a public security company by a private one.)

Also, Apax probably got in at a low enough price that it could make a decent return by taking Sophos public in a year or two, provided the equity markets stay receptive. (We would argue that’s a much more likely exit than a flip to yet another buyout shop.) And finally, there are plenty of banks ready to (at long last) get Sophos on the market. Many of the underwriters have been working with Sophos for more than a half-decade, so it would be just a matter of updating numbers in what has to be a well-worn pitch book.

Sophos is a seller

Brenon Daly

Contact: Brenon Daly

Former IPO hopeful Sophos will stay private (at least for the time being), but will have a new owner, the anti-malware company said. The new majority holder is Apax Partners, having picked up a 70% stake from both TA Associates, which had been a minority shareholder since 2002, and Sophos’ two founders. The purchase put an overall price tag of $830m on Sophos.

The sale comes after much speculation that Sophos, which had filed to go public in November 2007, was once again looking for an IPO. In fall 2009, British media reports indicated Sophos was planning an offering in 2010 that would have valued the company at about $1bn. Instead, Sophos is taking what we would consider a multiple at the low end of the range, even though the company’s size and recent growth rate might imply an above-market valuation.

Sophos indicated it recorded billings of $330m and revenue of $260m for its fiscal year, which ended March 31. On a trailing basis, that works out to just 2.5 times bookings and 3.2 times sales. Assuming Sophos continued growing at a 19% rate for the current fiscal year, it would have finished this year with about $310m in sales. That means Apax is valuing Sophos at just 2.7 times projected revenue.

Other security companies that have danced on and around the public stage have recently fetched much richer valuations, at least in one key measure. Encryption vendor PGP garnered four times trailing revenue in last week’s sale to Symantec. While PGP may or may not have been planning to go public, the most recent security IPO does trade at a notable premium to the valuation Sophos just got in its sale. Unified threat management vendor Fortinet currently commands a $1.25bn market capitalization, which works out to 4.9 times trailing sales.

Double-door exits

Brenon Daly

Contact: Brenon Daly

When companies look for an exit, there is usually door number one (IPO) or door number two (trade sale). But in some rare cases, it’s not either/or, it’s both. That’s playing out in two very different ways around Symantec’s acquisition of encryption vendor PGP. The purchase by Big Yellow was the first of a doubleheader day in which it also picked up its OEM partner, GuardianEdge Technologies. (Incidentally, the PGP buy was Symantec’s largest acquisition since reaching across the Atlantic for on-demand vendor MessageLabs in October 2008.)

But back to exits. With the sale of PGP, we expect the next big liquidity event for an encryption vendor to be the IPO of SafeNet. We’ve heard recent talk of an offering for the company, which was taken private by Vector Capital in early 2007. Since its buyout, SafeNet has done a few deals of its own, including the contentious acquisition of Aladdin Knowledge Systems in August 2008. We understand that SafeNet is running at north of $400m in revenue.

The sale of PGP also means that investment firm DE Shaw has now recorded one of each potential exit over the past month. In late March, portfolio company Meru Networks went public, and now fetches a market valuation of about $250m. (The offering by Meru came after many other wireless LAN providers got snapped up.) DE Shaw also owned a chunk of PGP, meaning it will also get a payday from Symantec’s $300m purchase of the encryption vendor.

Next to nothing for Novell

Brenon Daly

Contact: Brenon Daly

As bargains go, Novell’s valuation in the recently floated bid from a hedge fund is a bit like a ‘crazy Eddie’ discount. Earlier this week, Elliott Associates offered $5.75 for each of the roughly 350,000 shares for Novell. Altogether, the equity value totals about $2bn.

But the true cost of Novell is actually about half that amount because the company carries about $1bn in cash and short-term investments. (Don’t forget that some of that cash flowed from Novell’s good friends at Microsoft, which handed over some $350m in cash several years ago and is still buying more licenses.) So, at the current valuation, what does the $1bn buy?

Perhaps the most revealing way to look at it is that Elliott (or any other buyer, for that matter) would get more than $600m in rock-steady maintenance and subscription revenue, meaning the bid values Novell at a paltry 1.6 times maintenance/subscription revenue. And let’s be honest, that’s the most attractive asset at Novell. The business actually grew in the just-completed fiscal year, while revenue from both licenses and services declined. (License revenue plummeted 38% in the previous fiscal year, and continued to slide in the most-recent quarter, which ended January 31.)

Novell has said only that it is reviewing the bid. (It is being advised by JP Morgan Securities, which also worked with Novell on its purchase of PlateSpin two years ago. At $205m in cash, that was the largest acquisition Novell had done in a half-decade.) Meanwhile, the market has indicated that it expects Novell to go for a bit more than Elliott’s ‘crazy Eddie’ discount price. Shares have traded above $6 each since Elliott revealed its $5.75-per-share bid, changing hands at $6.07 each in mid-afternoon trading on Thursday.

Pouring cold water on the latest Sourcefire rumor

Brenon Daly

Contact: Brenon Daly

At the tail end of last week, the market was buzzing that Sourcefire may be back in play. Of course, that’s not all that unusual for the Snort shop, which has seen two publicly disclosed acquisition offers in the past four years come to nothing. (Recall that Check Point Software failed to land Sourcefire because of vague and off-target ‘national security concerns’ in early 2006. And then, in mid-2008, Barracuda lobbed an opportunistic low-ball bid for Sourcefire. Talks between the two sides never really got going, according to at least one source.)

So who’s the new bidder? Rumor has it that IBM may be looking at Sourcefire now. While the pairing has been making the rounds, we have our doubts about whether Big Blue would actually reach for the security company. Its $1.3bn acquisition of Internet Security Systems in mid-2006 has never generated the returns that IBM had hoped. (The ISS business, which was centered on the company’s Proventia boxes, never really fit well inside IBM Global Services.) Having little to show for that purchase of an intrusion-prevention system (IPS) vendor, we doubt that Big Blue would double down on another IPS vendor, Sourcefire.

And while IBM could certainly afford it, Sourcefire has gotten a little pricey. Over the past year, shares have more than tripled, giving the security vendor a market capitalization of about $600m. Backing out the $100m in cash and short-term investments gives Sourcefire an enterprise value (EV) of $500m. Without a takeout premium, Sourcefire commands a valuation (on an EV basis) of five times trailing sales and four times projected sales. Paying a premium on top of Sourcefire’s trailing P/E that’s in the triple digits might be tough for IBM, which trades at a trailing P/E of just 12.