security – Page 22 – Inorganic Growth

The saga of Certicom’s sale

February 9, 2009 Brenon Daly

After more than two months of bid and counterbid, the saga of the sale of Certicom appears to be nearing its close. In early December, fellow Canadian tech company Research in Motion tossed out a low-ball bid of $1.21 for each of the 43.7 million shares of Certicom. Overall, that valued the cryptography vendor at some $53m. We should hasten to add that RIM’s offer was unsolicited.

Certicom, along with adviser TD Securities, mulled over the offer for about three weeks before saying ‘thanks but no thanks’ to RIM. Undeterred, RIM kept its bid alive for the next month, before officially pulling it January 20. Three days after that, VeriSign stepped in with an offer of $1.67 for each Certicom share, or a total of $73m.

Just last week, RIM reentered the picture with a bid of $2.44 per share, or about $106m. (Viewed another way, RIM’s new offer values Certicom at exactly twice the level as its initial bid.) As part of the terms, VeriSign now has until Wednesday to up its offer or see Certicom go to RIM. (The deal carries a $4m breakup fee.)

Of course, there could always be a third suitor in the picture. If we had to pick one likely candidate, we might tap IBM. Last April, Big Blue inked a ‘multiyear, multimillion-dollar’ license agreement with Certicom, and has already handed over a $2m upfront payment.

Barracuda bites again

January 21, 2009 Brenon Daly

Contact: Brenon Daly

A ravenous eater, Barracuda Networks has now gobbled up four companies in the past 14 months. (And that doesn’t even count the privately held security company’s unsolicited bid in May for publicly traded Sourcefire, the Snort vendor.) Barracuda’s latest bite is backup and recovery company Yosemite Technologies. The company will be lumped in with the technology Barracuda picked up in November 2008 when it bought another backup vendor, BitLeap.

As we have chronicled, Yosemite evolved from a tape-based backup vendor to a disk-based one, and then added technology for continuous data protection for notebooks and laptops with the acquisition of early-stage FileKeeper. We understand that Yosemite, under the leadership of storage veteran George Symons, had been investing heavily in commercializing the technology. However, we suspect that fully realizing the value of the FileKeeper technology would have likely required another round of funding, which is tough to come by these days.

Instead, Yosemite opted for a sale to Barracuda. Terms weren’t disclosed, but a Barracuda insider once characterized the company’s approach to M&A to us this way: ‘We don’t mind picking through the boneyard.’ Barracuda has already built a powerful distribution channel to SMBs, so it just wants more products to push through that. With data protection covered, where might Barracuda look next? Our bet is that it is still interested in WAN traffic optimization (WTO). As we have noted, Barracuda CFO David Faugno knows the market well, having served as the top numbers guy at WTO vendor Actona Technologies before its sale to Cisco.

Barracuda’s deals

Date	Target	Rationale
September 2007	NetContinuum	Web application security
November 2008	BitLeap	Backup and recovery
November 2008	3SP	SSL VPNs
January 2009	Yosemite Technologies	Backup, data protection

Source: The 451 M&A KnowledgeBase

Polishing off Aladdin

January 13, 2009 Brenon Daly

Contact: Brenon Daly

After almost five months of sometimes-heated negotiations, buyout shop Vector Capital and Aladdin Knowledge Systems have agreed to take the authentication vendor private. The accord comes after two formal price adjustments (one up, one down) that left the final deal valued at $160m. Vector plans to slot Aladdin into SafeNet, which it acquired in March 2007 for $634m.

Vector’s two security purchases stand in sharp contrast to each other, since the SafeNet transaction went through with a minimum of histrionics. Consider that SafeNet took just five weeks to close, compared to the drawn-out battle for Aladdin, which included the threat of a proxy fight. Part of that may be explained by the relative valuation of the two deals. Vector paid about 2x trailing 12-month sales for SafeNet, twice the multiple it is paying for Aladdin. That discount compares to a roughly 40% slump in the Nasdaq during the time between the two acquisitions.

North of the border disorder

January 5, 2009 Brenon Daly

Contact: Brenon Daly

The ‘storm’ caused by Research in Motion’s ‘bold’ play for Certicom looks likely to linger a bit longer. The Blackberry maker originally launched its unsolicited offer for Certicom a month ago, but the cryptography vendor has nixed it. (Certicom also lined up TD Securities to help it fend off the unwanted attention from the fellow Canadian company.) RIM’s bid, which values Certicom at some $52m, was originally slated to expire next week but has been extended through the end of the month.

With this unsolicited offer, RIM joins a growing list of big-name tech firms that have used this once-taboo M&A strategy. Over the past year, firms using unsolicited offers include Microsoft, EMC, Electronic Arts and Cadence Design Systems, among others. If RIM does manage to secure Certicom, it will mark the company’s second recent deal, after some two years out of the market.

Recent Research in Motion deals

Date	Target	Deal value	Rationale
December 2008	Chalk Media	$18.4m	Mobile content
December 2008 (announced)	Certicom	$53.2m	Encryption
November 2006	Epoch Integration	Not disclosed	Network management
March 2006	Ascendent Systems	$14m*	VoIP networking

Source: The 451 M&A KnowledgeBase *451 Group estimate

GRC=Get Ready for Consolidation

December 11, 2008 Brenon Daly

Contact: Brenon Daly

After a pretty thin stretch of deals in the governance, risk and compliance (GRC) market, Thomson Reuters reached for startup Paisley Consulting last week. The deal comes after the two companies partnered for a year, but not in the conventional manner. Rather than the big company reselling the startup’s wares, Paisley actually resold Thomson’s tax and auditing product, Checkpoint. The two companies also had a fair number of joint customers.

We understand that Paisley wasn’t really looking for a deal. Founded in 1995, Paisley is still run – and was majority owned – by its founding husband-and-wife team of Tim and Stacey (née Paisley) Welu. (The pair will continue to run the business after the acquisition.) The Minneapolis–based company took only one round of outside money, a $10m slug in 2003 from Insight Venture Partners. Despite its beginnings, Paisley was no mom-and-pop shop. We understand the company is set to finish 2008 with sales of more than $40m.

The Thomson-Paisley pairing comes after several large software companies, which would be the most conventional buyers of GRC startups, inked deals of their own. Oracle stayed close to home, and grabbed existing GRC partner LogicalApps last year, while SAP made a big play for Virsa Systems in mid-2006. (As a side note on SAP’s move, we would mention that longtime Oracle executive Ray Lane sat on Virsa’s board and helped broker the initial partnership that led to the purchase.)

With Paisley gone, there are still a few high-profile GRC vendors in the market. BWise, which has its roots in the Netherlands, has a strong presence in Europe; OpenPages, which started life as a content management vendor before focusing on GRC; and a company that’s not unlike Paisley, Archer Technologies, which my colleague Paul Roberts recently profiled. We understand that both BWise and Archer, which is about half the size of Paisley, have been talking with potential suitors throughout the year. However, a month ago, Archer sold a 40% stake of the company to Bain Capital Ventures, which likely takes it off the block for now.

Dealing with a legacy

November 18, 2008 Brenon Daly

Justly or not, acquisitions go a long way toward shaping a CEO’s legacy. (If you don’t believe us, just ask Jerry Levin, who sold Time Inc for what turned out to be a pile of wampum, in the form of overinflated AOL equity.) With Monday’s announcements that two major tech CEOs are on their way out, we pause to look at how deals – or lack of deals – will shape their respective legacies.

Let’s start with Symantec’s John Thompson, who will leave the storage and security giant by the end of its current fiscal year next April. Under his nearly decade-long leadership, Symantec shares rose some 500%, compared to a flat performance over the same period in shares of rival McAfee and a 40% decline in the Nasdaq. However, the one blemish on his record is Symantec’s largest-ever deal, its $13.5bn purchase of Veritas. (Thompson guided Symantec through more than 40 other acquisitions during his tenure.) Symantec shares peaked at about the time the company announced the deal, and have given back most of the gains they had piled up since mid-2003.

And then there’s Yahoo’s once-and-future king, Jerry Yang. We’re guessing history will be less kind to the man who turned down Microsoft’s offer of at least $31 for each share of Yahoo. Shares of the foundering search giant briefly dipped into the single digits earlier this month. However, they jumped almost 10% on Tuesday as Wall Street applauded the imminent departure of Yang, who has overseen the incineration of some $20bn of shareholder value since he reassumed the top spot at Yahoo in June 2007.

Aside from the ‘relief rally’ for Yang’s move, Yahoo shares also got a boost from speculation that the turnover in the corner office makes a deal with Microsoft more likely. We have our doubts about that. Instead, we’d focus on what the CEO change at Symantec means for deal activity. Our bet: Incoming CEO Enrique Salem will unwind several large chunks of the Veritas business, perhaps starting with NetBackup. As recently as last summer, Thompson said ‘nothing’ from the under-performing Veritas portfolio was for sale. Salem will set the company’s line on that in the future, and we wouldn’t be surprised to see NetBackup or other storage assets find their way onto the block.

A Freudian deal?

November 5, 2008 Brenon Daly

We’ve run a lot of different analyses on transactions, but AccessData’s proposed acquisition of Guidance Software is the first one we’ve ever subjected to Freudian analysis. What do we mean? Well, almost all of the executives at AccessData, a private data forensics software vendor, used to work at publicly traded Guidance. (AccessData’s CEO, COO and two VPs are former employees of the company they are now bidding on.)

After its initial bid a month ago was rebuffed, AccessData took public on Tuesday its offer of $4.50 for each share of Guidance. With about 23 million shares outstanding, the proposed transaction values Guidance at about $105m. However, debt-free Guidance holds $28m in cash, lowering the enterprise value of the bid to about $77m. Guidance is expected to record about $90m in sales this year. In comparison, AccessData is about one-third that size, primarily because it doesn’t have any services revenue.

We understand AccessData, which has never taken outside funding, plans to finance the deal internally, if it goes through. Guidance has rejected the bid. And, although AccessData has threatened to take its unsolicited proposal directly to shareholders, a tender offer is unlikely to go through unless it gets the blessing of one Guidance executive: Chairman and CTO Shawn McCreight, who founded the company and owns some 44% of its stock. If nothing else, AccessData’s bid will make Guidance’s third-quarter conference call on Thursday more interesting.

Symantec-Veritas without the strings

October 21, 2008October 23, 2008 Brenon Daly

Where Symantec purchased, McAfee will partner. Having watched its major security competitor get bogged down with a storage acquisition, McAfee has opted for a low-risk partnership to tie its security products with storage. The largest stand-alone security vendor said Tuesday that it has struck an alliance with data management software provider CommVault. The initial integrated product, which will put CommVault’s storage resource management tool into McAfee’s ePolicy Orchestrator console, will be available next year.

With modest integration and no bundled products planned, we would characterize McAfee’s loose partnership with CommVault as ‘Symantec-Veritas lite.’ And the two sides have reason to be cautious, given the struggles Symantec has had with its $13.5bn purchase of Veritas. (Although he continues to back the deal, Symantec CEO John Thompson has said the market considers the combination a ‘purple elephant’ and is uncertain of how to value it.) Since the transaction was announced in December 2004, Symantec shares have lost about half of their value, compared to a 20% decline in the Nasdaq and a slight 5% dip in McAfee stock.

Unsecured M&A

October 13, 2008 Brenon Daly

In the past month alone, we’ve seen a number of landmark IT security transactions. Symantec inked the largest-ever software-as-a-service security deal, paying $695m for MessageLabs. The largest pure security vendor, McAfee, announced its biggest deal, doubling down on network security with its $497m purchase of Secure Computing. And the formerly somnolent Sophos shook off its sleepiness to go shopping. It recently closed its $341m purchase of Utimaco, the largest acquisition of a publicly held security company by a private company.

So with all of these big-ticket transactions, overall deal flow in security should be strong, right? Actually, year-to-date totals are running at less than half the level of either of the previous two years. The reason: large consolidation plays have been knocked off the table this year. So far, just one security transaction worth more than $500m has been announced, down from five during the same period last year and four in 2006.

Security M&A totals

Period	Deal volume	Deal value	Selected transactions
January 1-October 13, 2006	96	$6bn	EMC-RSA, IBM-Internet Security Systems
January 1-October 13, 2007	70	$7.2bn	Cisco-IronPort, SafeNet LBO, Google-Postini
January 1-October 13, 2008	68	$2.7bn	Symantec-MessageLabs, McAfee-Secure Computing

Source: The 451 M&A KnowledgeBase

Deciphering encryption deals

October 8, 2008October 8, 2008 Brenon Daly

Exactly a year ago, McAfee announced its $350m acquisition of SafeBoot, which in turn came about a year after Check Point Software made its own purchase of an encryption vendor, Protect Data AB. We mention this bit of history because, in what has seemingly become an annual autumn event, Sophos just closed its own big encryption purchase, the $341m deal for Utimaco.

Although the three encryption vendors shared a home market of Europe and were in the same neighborhood in terms of revenue, the three transactions are very different. For starters, the relative growth rates of the targets were all over the board. Protect Data, or Pointsec as it was more commonly known, was clipping along at 90% year-on-year growth when we spoke to them ahead of the takeout. (Although we have heard that some of that torrid growth came at the expense of margins.) Meanwhile, SafeBoot, which was preparing for a possible public offering, told us sales were likely to grow about 70% in the year leading up to its acquisition. In contrast, 20-year-old Utimaco had increased sales just 20% in its most recent fiscal year.

Also, Check Point inked its acquisition of Protect Data when it was running at about $600m in sales. McAfee was even larger, having topped $1bn in annual revenue when it reached for SafeBoot. That’s not the case for Sophos and its just-closed purchase of Utimaco. With Sophos having finished its fiscal year (ending March) with revenue of $213m, it will be looking to integrate a company that is nearly half its size.

Finally, the returns on the two acquisitions already on the books have varied quite a bit. Check Point, which has traditionally been strong on network security, has struggled to notch sales of Pointsec, which secures the endpoint. On the other hand, McAfee has kept SafeBoot rolling along, with one source indicating that the unit will do about $100m in sales this year. The reason: McAfee already had a strong presence on endpoint security, as well as a management console that has integrated SafeBoot. Of those two contrasting acquirers, Sophos lines up more closely with McAfee, which bodes well for its combination with Utimaco. That’s crucial for Sophos, since we consider its purchase of Utimaco a make-or-break deal for the company.

Significant data encryption deals

Date	Acquirer	Target	Price	Target revenue
July 2008	Sophos	Utimaco	$341m	$86m
October 2007	McAfee	SafeBoot	$350m	$60m*
November 2006	Check Point	Protect Data (Pointsec)	$586m	$64m

Source: The 451 M&A KnowledgeBase *451 Group estimate