Category: security

SaaS deals echo in security industry

Brenon Daly

Contact: Brenon Daly

There are more than a few echoes of Symantec’s purchase of MessageLabs last October in McAfee’s reach last week for MX Logic. In terms of strategy, both acquisitions added millions of end users of on-demand security to the two largest security software companies, which have been slowly looking to increase that side of their business. MessageLabs had attracted more than eight million users at 19,000 customers, while MX Logic brings more than four million users at 30,000 customers.

As far as deal terms go, both buys were done at a similar valuation. Symantec paid 4.8 times trailing sales for MessageLabs, while we estimate McAfee is paying closer to 4 times trailing sales for MX Logic. (If we include the potential $30m earnout in the price, the multiple hits 4.9 times MX Logic’s trailing revenue.) And, we would add that both deals stand as the largest security transactions of their respective years, with the sales of these private software-as-a-service (SaaS) companies eclipsing the prices paid even for public vendors. Symantec shelled out $695m in cash for MessageLabs, topping McAfee’s $497m pickup of Secure Computing as the largest security deal in 2008. So far this year, McAfee’s $140m purchase of MX Logic is the industry’s biggest security transaction, slightly ahead of the contested take-private of Entrust for $124m.

We also suspect that both SaaS acquisitions will pay dividends for Symantec and McAfee. (We have heard from several sources that Symantec is particularly high on its reach across the Atlantic for MessageLabs.) Undoubtedly, these deals will deliver a higher return than the other large SaaS security acquisition, Google’s pickup of Postini. Done two years ago, that buy handed Postini a valuation that’s twice as rich as either MessageLabs or MX Logic. But unlike the moves by Symantec and McAfee, Google didn’t snag Postini for its security offering. Instead, the search giant had the ill-conceived notion that a startup could serve as the platform for its push of Google Apps. Not surprisingly, that idea hasn’t panned out. We certainly haven’t heard much about Postini in the two years since the search giant bought it.

IBM’s ‘Tuesday twofer’ still leaves it behind most years

Brenon Daly

Contact: Brenon Daly

In a highly unusual move, IBM did the M&A equivalent of a ‘Tuesday twofer,’ buying both big and small yesterday. In terms of the high-dollar deal, Big Blue said it will hand over nearly $1.17bn in cash for predictive analytics software vendor SPSS. The purchase of SPSS is the company’s largest transaction since it shelled out $5bn for Cognos in November 2007. In fact, we suspect the $1.17bn paid for SPSS is roughly the same amount that IBM spent on the nine deals it has announced (many of them with prices undisclosed) since picking up Cognos.

On the smaller side, IBM also said yesterday that it has acquired startup Ounce Labs, which makes source code analysis software. Terms weren’t revealed, but we wouldn’t be surprised to learn that the amount IBM paid for Ounce Labs was just 1% of the price it forked over for SPSS. Ounce Labs had raised some $29.5m in venture backing.

As a final thought on Big Blue’s doubleheader yesterday, we would note that the two purchases double the number of acquisitions that IBM has announced so far this year. The total of four deals in 2009, however, is basically half the number it had announced by this time in any of the previous three years.

What’s the value of advice on the Entrust LBO?

Brenon Daly

Contact: Brenon Daly

The ‘go-shop’ period at Entrust came and went a month ago, but on Friday the security vendor nonetheless got a richer offer in its three-month-old leveraged buyout. The bidder? Thoma Bravo, the same buyout shop that has had an agreement in place since April to acquire Entrust. Originally, Thoma Bravo offered $114m, or $1.85 per Entrust share, but as the company’s shareholders were set last Friday to vote on it, Thoma Bravo bumped up its bid to $124m, or $2 for each Entrust share. The buyout shop says that is its best and final offer for Entrust.

Thoma Bravo topped itself despite having Entrust’s board unanimously back the initial $1.85-per-share bid. The raise also came despite both of the main proxy advising outfits backing the original offer, which valued Entrust at less than 1x sales, on the basis of enterprise value. If shareholders had actually listened to both Glass, Lewis & Co and Proxy Governance Inc, they would have shortchanged themselves $10m. (And shareholders have already suffered enough by holding Entrust, which has basically traded down over the past four years, with only brief interruptions.)

Undoubtedly, the proxy firms will (once again) throw their support behind the new and improved buyout bid ahead of the shareholder vote, which is slated for July 28. But any endorsement sort of strains credibility given that they already backed one deal that the would-be buyer has acknowledged was too cheap.

Zix: a prescription for divestiture

Brenon Daly

Contact: Brenon Daly

One conclusion to draw from the recent pickup in divestitures is that dividing corporate attention often means diluting corporate returns. Consider the situation at Zix Corp. The Dallas-based company has a small but growing business selling email encryption. In mid-2003, Zix moved into electronic prescriptions through its $1.5m acquisition of the assets of PocketScript. The plan was to expand its business of providing secure communications to the billions of prescriptions written every year in a less costly and more secure way.

However, after nearly six years of trying to realize those goals, Zix has little to show for it. Revenue from the e-prescriptions unit totaled just $5.4m, or 19% of Zix’s overall sales, in 2008. Sales at the division last year slipped 11% from the year before, compared to a 26% increase in its core email encryption business. (And we would note that both units employed some 73 people, giving an idea of the relative returns of each unit.)

Moreover, the e-prescriptions division has only one-third the number of subscribers that Zix estimates would be required to cover the costs of developing the service, according to the company’s own calculations. And now, Zix has acknowledged that it may never get the business to that level on its own. The firm hired Allen & Co late last week to advise it on ‘strategic alternatives’ for its e-prescriptions unit.

What’s on NICE Systems’ shopping list?

Brenon Daly

Contact: Brenon Daly

After being out of the market for more than a year, NICE Systems is looking to do deals again. The Israeli company inked a pair of asset purchases in 2008, with a total bill just shy of $20m. Those pickups came after NICE made its largest acquisition to date, the $280m cash-and-stock purchase of Actimize. With no debt and some $530m in cash and equivalents, NICE certainly has the means to do deals. The firm didn’t offer a peak at its shopping list, but said Tuesday at the RBC Technology, Media and Communications Conference that it will be active.

As its most-significant acquisition, the addition of Actimize bolstered NICE’s analytics offering, helping to expand the number of applications the company sells. (Actimize has also thrived under NICE. We understand that the startup has doubled its revenue to $60m in the two years since NICE acquired it.) Founded in 1986, NICE sold recording technology for call centers for much of its corporate life. In the past year or so, it has expanded into additional applications, such as workforce management, customer feedback and governance, risk and compliance. Roughly three-quarters of NICE’s revenue comes from its enterprise business, with the rest coming from its security unit.

Of course, the market has been speculating on and off for many years about a large deal by NICE involving a combination with archrival Verint Systems. However, valuing any potential transaction remains a challenge because of Verint’s majority owner, Comverse Technology. (Yes, that’s the company that has been wracked by allegations of fraud and options backdating scandals, with its founder and former CEO living on the lam in Africa. The company’s financial statements are also woefully out of date.) We understand that Comverse retained a banker some time ago to help sell off some assets. If Comverse wanted to reheat that effort and shed Verint, we’re pretty sure that NICE would put aside historical rivalries and consider that consolidation play.

Trans-Atlantic transactions take off

Brenon Daly

Contact: Brenon Daly

It was a big and busy day on Wednesday for British companies shopping in the country’s former colony across the Atlantic. Collectively, the three deals boosted the total disclosed value of acquisitions by UK-based firms so far this year by nearly 20%. For starters, LSE-traded software vendor Micro Focus picked up one full Nasdaq-listed company and bits of another US public company, spending a total of about $155m. Taken together, the simultaneously announced deals are the second-largest transaction announced in 2009 by a UK-based buyer. Adding to that, British defense giant QinetiQ reached for a well-funded security startup in a deal that features a handsome valuation and a pretty rich possible earn out.

In the more significant purchase, Micro Focus picked up long-ailing Borland Software for $1 per share, or an equity value of about $75m. In the same breath, it also scored a business line from Compuware for $80m. Micro Focus says the addition of Compuware’s application testing/automated software quality (ASQ) unit will help bolster its existing ASQ offering, a suite of tools that it sells under the Data Express name.

One of the more interesting aspects of Micro Focus’ double-up deal is that the company tapped Arma Partners to run both processes. (The transaction was headed up by Arma’s Paul-Noël Guély, along with Keith Robinson, Varun Sunderraman and Graham Smith.) Arma has served as a kind of house bank for Micro Focus, advising on four of the company’s past five deals. On the other side of the table, Updata Advisors worked with Compuware on its divestiture and JP Morgan Securities advised Borland. We’ll have a full report on the moves by Micro Focus in Thursday’s 451 Group sendout.

In a separate transaction, QinetiQ (through its North American arm) moved deeper into the cyber-intelligence world by buying Cyveillance. Terms call for QinetiQ to hand over $40m upfront, along with a possible $40m earn out over the next two years. Cyveillance, which we understand didn’t use a banker, generated sales of about $10m in 2008. Look for a full report on the relatively richly valued transaction in tonight’s 451 Group MIS email.

A somewhat secure M&A market

Brenon Daly

Contact: Brenon Daly

With RSA set to open later this week, we thought we’d take a look back on deal flow since the trade show closed last year. Over the past year, we’ve seen some 83 acquisitions of security companies, with total spending of about $4.2bn. While that’s down from the comparable year-earlier period (April 2007-April 2008: 90 deals worth $5.2bn), the drop-off in security M&A has not been as steep as the overall decline in tech deals. In fact, the number of security transactions slipped just 7% from the previous year, compared to an 18% drop in the number of total tech M&A. Spending on security deals also fell less than the overall market.

Moreover, there are a number of trends that have emerged since the last RSA event that suggest security M&A may well remain healthier than the overall market. For starters, the big shoppers have done big deals. By our tally, Symantec has inked the largest security transaction since the end of last year’s RSA, paying $695m in cash to bolster its on-demand offering with MessageLabs. And McAfee checked in with the second-largest acquisition. Its $497m all-cash purchase of Secure Computing was its largest deal in a decade, and its only acquisition of a public company in at least seven years (excluding the pickup of Bulletin Board-listed Citadel Security Software in 2006).

In addition to the strategic vendors, we’re also seeing financial buyers – both through funds and PE-backed companies – looking to do deals. For instance, Sophos went back to its investors to help finance its $341m acquisition of Utimaco, the largest purchase by a privately held security company of a public counterpart. Also, Vector Capital took home Aladdin Knowledge Systems and, more recently, Thoma Bravo has a pending $114m offer for Entrust. Certainly there have been a few scrap sales, but that’s to be expected in an over-funded market like security. Overall, deal flow remains comparatively healthy in the security sector.

Symantec goes box shopping?

Brenon Daly

Contact: Brenon Daly

After holding off for some time, Websense finally rolled out its first secure Web gateway appliance earlier this month. Now we’re hearing that another major security vendor is about to get into the box business. Only this time, it’ll be through acquisition, rather than internal development like it was at Websense. Several market sources have indicated that Symantec has purchased Mi5 Networks, a security appliance startup based in Sunnyvale, California.

The acquisition is expected to be announced at next week’s RSA conference, according to a source. If indeed the deal goes through, it will be Symantec’s first since picking up MessageLabs for $695m last October. Obviously, the purchase of five-year-old Mi5 would be much smaller. (We weren’t able to learn terms of the deal.)

Mi5 has raised just $3.5m in venture backing from Labrador Ventures, First Round Capital and several angel investors. Among the company’s early backers is Sunil Paul, who founded Brightmail. (That’s right, the very same company that was run by current Symantec CEO Enrique Salem.) And finally, there’s an even more direct link in the rumored pairing: Mi5 is currently headed by Doug Camplejohn, a former executive at Vontu, which Symantec acquired in late 2007.

Crossbeam looks to deal

Brenon Daly

Contact: Brenon Daly

After growing organically to $90m in sales in 2008, Crossbeam Systems is actively looking to acquire a company in the near future, the company said Tuesday at the Montgomery Technology Conference. Crossbeam has been generating cash for more than a year, and currently has some $11m in the bank. It also has an untouched $15m line of credit and indicated that it could raise another round of funding for a significant transaction. (Crossbeam has already raised some $105m in venture backing over the past seven years.)

Although Crossbeam is lumped into the security market, it is a platform – rather than an application – vendor. In fact, it partners with several key security companies, including Check Point Software Technologies, Sourcefire and IBM’s ISS unit. Obviously, it couldn’t buy any single security application vendor without risking the loss of one of those partners. Instead, the company is looking to do a network-related deal, perhaps adding analysis or application acceleration. (However, Crossbeam won’t be considering WAN traffic optimization companies; the company said that market is too crowded.)

As it plans to shop, Crossbeam joins several other large privately held companies, which are all running at more than $50m in revenue, that are currently in the market. We understand that Tripwire may be looking to pick up some security technology, specifically in log management and vulnerability assessment. And, we recently noted that NetQoS is also considering a deal. In fact, we hear that the networking company may be close to a letter of intent on a small transaction, while it also continues to assess a much more significant acquisition.

Startup scrap sales

With new funding difficult to come by, many cash-burning startups are finding that they have no choice but to take a scrap sale. Those desperate deals cut M&A spending on VC-backed startups in the second half of 2008 by nearly three-quarters over the same period in 2007. From July to December last year, 100 venture-backed startups got acquired, for a total bill of just $3bn. That compares to 153 startups sold for a total of $11.1bn during the same period in 2007.

And we’ve seen more of these types of deals so far this year. Oracle, SAP, Barracuda Networks and Quest Software, among other large technology buyers, have all purchased companies for less than the money raised by the startups, according to our estimates. Consider the specific case of Mirage Networks. The network access control (NAC) vendor raised some $40m before discovering that NAC wasn’t really a market after all. (The eight-year-old company generated an estimated $5m in sales last year.) Trustwave picked up Mirage for some $10m, we estimate. Meanwhile, Mazu Networks will have to hit all of its earn-outs to make its investors whole again. About a month ago, Riverbed Technology said that it would pay $25m upfront for the network security vendor, with a possible $22m earn-out. That’s actually not a bad outcome for unprofitable Mazu, which we understand was burning about $1m each quarter. And yesterday, Netezza picked up the assets of data-auditing and protection vendor Tizor Systems for $3.1m; Tizor had raised $26m from investors.

VC-backed tech startups M&A

Month 2007 deal volume 2007 deal value 2008 deal volume 2008 deal value
July 23 $2.3bn 21 $994m
August 18 $1.2bn 16 $497m
September 25 $1.7bn 16 $642m
October 39 $2bn 13 $487m
November 27 $3.1bn 20 $346m
December 21 $788m 14 $56m
Total 153 $11.1bn 100 $3bn

Source: The 451 M&A KnowledgeBase