Category: security

What’s brewing at Cisco?

Brenon Daly3 Comments

Although Cisco chief executive John Chambers has thrown cold water on speculation about a large acquisition, the market continues to buzz about possible deals by the networking giant. Observers who think Cisco is big-game hunting point to a number of unusual moves from the company, which – with a bit of reading between the lines – appear to suggest something big is brewing.

For starters, they point to the fact that Cisco has largely stepped out of dealflow, inking just two deals so far in 2008. (We recently noted Cisco’s conspicuous absence, just a day before it announced its $120m purchase of network device configuration vendor Pure Networks.) In comparison, this time last year Cisco had inked nine acquisitions. Additionally, Cisco has drastically scaled back its share repurchase program, perhaps suggesting the company is stockpiling cash for a big deal.

Of course, most of the rumors have concerned a possible pairing of Cisco and EMC, largely so Cisco could get its hands on VMware. (EMC sports a market capitalization of $30bn.) This comes on the heels of earlier rumors that Cisco might be looking at Citrix, largely so it could get its hands on XenSource.

We have a new name to toss into the Cisco M&A rumor mill: McAfee, which has a $6bn market cap. Speculation has recently surfaced that the networking company is eyeing the largest IT security pure play, a combination that would allow Cisco – for the first time – to have control over endpoints. It would pick up a solid portfolio of security products from McAfee, notably encryption and port and device control offerings, as well as potentially salvaging Cisco’s disastrous NAC effort. (And as an added bonus with the deal, Cisco could stick it to Symantec. Cisco has little love for Symantec.)

Whether a deal materializes, or even is being considered, we would expect Cisco to emphasize security much more in the future. It recently handed the division over to Scott Weiss, who came with the January 2007 acquisition of IronPort Systems. A VC who has invested in Weiss’ companies over the years (Weiss also ran Hotmail) said he wouldn’t be surprised if Cisco turned over the entire business to Weiss when Chambers decides to step down.

Post-acquisition decapitation

Brenon Daly

The write-offs from wrong-headed acquisitions just keep coming. And we don’t mean just financial write-offs. Instead, we’re referring to the practice of a company’s board ‘writing off’ the executives who crafted a deal. This week’s high-profile example came when Alcatel-Lucent finally tossed overboard the two architects of ‘la grande fusion.’ Since that deal was announced in April 2006, the combination has incinerated some $20bn over shareholder value, leaving the telco equipment vendor with a market capitalization of just $13.6bn. (That’s less than the sales the company posted in 2007.) That two-year performance finally got Serge Tchuruk, the company’s chairman who represents the Alcatel side of the combination, and Patricia Russo, the Lucent legacy, shown the door.

This house-cleaning at Acaltel-Lucent comes just two weeks after AMD kicked Hector Ruiz upstairs. In virtually the same breath that AMD announced Ruiz would be relieved of his CEO post but continue as chairman, the company said it will divest much of the business it picked up with its $5.4bn purchase of graphics chip maker ATI Technologies. Announcing the deal two years ago, Ruiz said his combination offered ‘limitless’ possibilities for innovation. Instead, the future of AMD looks rather limited, in large part because of the $2.5bn it borrowed to cover its disastrous purchase of ATI. AMD’s total debt stands at $5bn, compared with just $1.6bn in cash.

Meanwhile, a chief executive who we’ve always thought must be on the hot-seat for a misguided acquisition appears to have gotten a bit of a reprieve this week. Symantec CEO John Thompson said Wednesday that fiscal first-quarter sales of its backup products outpaced overall revenue growth. That reverses the recent weakness in the company’s storage offering, which Symantec acquired with its $13.5bn purchase of Veritas in December 2004. Wall Street applauded the company’s report, with shares up about 10% since Wednesday. Still, Thompson has yet to recognize much value from the three-and-half-year-old purchase of Veritas. Symantec shares, which changed hands at $21.74 midday on Friday, are still about $6 below where they were when the company picked up Veritas. Perhaps that goes some distance to explaining the loose rumors this week that something big – possibly the much-discussed divestiture of the storage business or even an outright sale of the company – was brewing at Symantec.

Leading the acquisition

Deal Stock performance since deal Status of acquiring company CEO since deal
Symantec-Veritas, Dec. 2004 Down 35% John Thompson, CEO since April 1999, continues to serve
Alcatel-Lucent, April 2006 Down 61% CEO Russo and chairman Tchuruk ousted this week
AMD-ATI, July 2006 Down 77% Long-time CEO Hector Ruiz replaced in mid-July
Secure Computing-CipherTrust, July 2006 Down 51% Chairman and CEO John McNulty replaced in April

Source: Company reports, The 451 M&A KnowledgeBase

Sizing up Secure Computing

Brenon Daly

In many ways, Secure Computing’s divestiture of its authentication business to Aladdin Knowledge Systems raises more questions than it answers. Secure’s rationale for the sale is pretty simple: pay down some debt and get out of a sideline business that’s dominated by RSA and has a solid number two in Vasco Data Security. (For the record, Vasco is about four times the size of Secure’s SafeWord business and runs at a highly respected 25% operating margin.)

So it’s pretty clear why Secure was a willing seller (in fact, we hear that Secure had been a willing seller of the business for more than a year). Less clear is why Aladdin was a willing buyer of the property – at a relatively rich price of 2x sales, no less. Aladdin investors chose not to stick around for the company’s explanation of why it was willing to shell out two-thirds of its cash holdings for a product line in a cutthroat market. They fled the stock, trimming 14% off the price and sending Vasco to its lowest level since January 2004.

Of course, Secure has had an even rougher run of it on the market recently, as the company has come up short of Wall Street estimates for the past two quarters. Shares of Secure currently change hands lower than they have at any point during the past half-decade. Since the beginning of the year, the stock has shed 60%, a decline that recently cost longtime CEO James McNulty his job.

The long, uninterrupted slide in Secure’s valuation raises an even larger question about the divestiture: Was the sale of SafeWord just a prelude to an outright sale of the company itself? The numbers certainly don’t work against a deal. In fact, Secure is currently valued at basically 1x sales – just half the level it got for the divested property. (Usually, it’s the reverse, with corporate cast-offs getting sold at less than half the overall company’s valuation.)

Any planned acquisition, however, would probably have to go through Warburg Pincus, which holds the equivalent of about 7% of Secure’s common stock, going back to a financing deal it struck to help Secure buy CipherTrust in July 2006 for $264m. Warburg invested $70m at a time when Secure stock was trading at about 3x higher than it is now. With Warburg that far underwater on its holding, we can only imagine the pointed questions the private equity firm will ask Secure.

Sophos bags an elephant

Brenon Daly

In a twist on a private-public transaction, Sophos laid out on Monday a bold $340m plan to pick up Utimaco, an encryption vendor that trades on the Frankfurt Stock Exchange. Rather than rolling into the public company, Sophos plans to take Utimaco off the market. It plans to fund the acquisition by drawing on three sources. (My colleague, Nick Selby, has the details on the financing as well as the strategy.)

The financing is crucial because this deal is a whopper. If it goes through, it’ll be the largest IT security deal in seven months. More significantly, however, Sophos’ planned acquisition of Utimaco stands as the biggest purchase by a privately held security company. In fact, it’s nearly twice the size as the number two deal, Barracuda’s unsolicited run at Sourcefire. (And it’s not certain that deal will close at all. Sourcefire, which is slated to report second-quarter earnings on Thursday, has shot down the deal so far.)

Although Utimaco will be erased from the market, we view the disappearance as temporary. Once the two companies get through the integration, we expect Sophos to try to go public once again. (Recall that last fall, it announced plans to list on the London Stock Exchange but shelved them as the markets deteriorated.) Among the underwriters for the planned IPO was Deutsche Bank, which advised Sophos on the purchase of Utimaco. Indeed, it was the same DB banker on this deal that also co-advised on a very similar transaction last fall, McAfee’s $350m purchase of Dutch encryption vendor SafeBoot. (DB and UBS Investment Bank advised SafeBoot, while Morgan Stanley advised McAfee.)

Proofpoint buys Fortiva, expands into email archiving

After a courtship that lasted the better part of a year, on-demand security provider Proofpoint finally picked up software-as-a-service email archiving startup Fortiva this week. Based on similar transactions and industry buzz, we estimate this tuck-in acquisition cost Proofpoint somewhere in the neighborhood of $70m. Fortiva, which has 45 employees, was running at about $15-20m in revenue from about 200 enterprise customers. This marks a solid exit for the company’s venture backers, Cargill Ventures, Ventures West and McLean Watson Capital, which only pumped $8m into Fortiva.

The interesting question sparked by this transaction is what’s next for Proofpoint, which is now up to 250 employees. Though some have suggested the company has now effectively dressed itself up as an acquisition target, we believe otherwise. We think an IPO will represent the next major milestone for the company. (In wrap-up of April’s RSA conference, we said as much, adding that an acquisition by Proofpoint was likely in the next few months.)

Proofpoint has drawn in some $86m in funding since its inception in 2002, including a $28m round in February, even though it was running at close to breakeven. With more than 1,600 customers, bookings are up 70% on a year-over-year basis for 2008. The growth comes despite stiff competition. Google, Cisco and Autonomy Corp made a big push into the market last year with their respective acquisitions of Postini, IronPort Systems and Zantaz.

Yet, Proofpoint has held its own against these larger vendors, even recruiting a few high-ranking employees from Postini, we’ve heard. Speaking of hiring at Proofpoint, we would also highlight last year’s move to bring Paul Auvil on board as CFO. Auvil served as the top numbers guy at VMware, guiding that company from the tens of millions of dollars in revenue to hundreds of millions of dollars. Of course, that company never made it fully public. We have a feeling Auvil may yet have a chance to be CFO at a public company, given the direction of Proofpoint.

Select on-demand security deals

Announced Acquirer Target Deal value Target revenue
July 9, 2007 Google Postini $625m $70m*
July 3, 2007 Autonomy Zantaz $375m Not available
May 14, 2007 Verizon Business Cybertrust $450m* $225m*
April 26, 2007 Websense SurfControl $400m $220m
Jan. 4, 2007 Cisco IronPort $830m $100m*
May 19, 2004 Symantec Brightmail $370m $26m

Source: The 451 M&A KnowledgeBase, * official 451 Group estimates

National (in)security

Brenon Daly

With Sourcefire likely to get gobbled up shortly by a hungry Barracuda Networks, we couldn’t help but flashback to the earlier attempt by Check Point Software Technologies to acquire the Snort vendor. (For those of you keeping score at home: Yes, Check Point’s offer more than two years ago valued Sourcefire higher than Barracuda’s current bid.) We mention the stillborn deal because there are echoes of Check Point-Sourcefire in a current proposed pairing.

Recall that the deal got snagged because of US regulators’ concern about ‘sensitive’ technology (Sourcefire’s Snort intrusion prevention technology) falling into the hands of foreign companies (Check Point’s Israeli ownership). That concern – an overblown bit of nutty protectionism that doesn’t exist anywhere outside of Washington DC – is back at issue in the proposed pairing of Oregon-based identification card maker Digimarc and a French defense firm called Safran.

Earlier this week, Safran offered $300m in cash for Digimarc, hoping to trump a three-month-old agreement Digimarc had with US company L-1 Identity Solutions. (We looked at the deal, which represented a five-bagger for Digimarc, back in March.) L-1’s offer, which is half in stock and half in cash, is roughly worth $260m.

On word that Safran is now in the running, L-1 played the national security card, warning about the sinister threat posed by a French firm owning Digimarc’s ID card business. Safran’s bid would face scrutiny from the same regulatory agency that spiked Check Point’s planned purchase of Sourcefire, the Committee on Foreign Investment in the US. We think such regulatory meddling is misguided. But we certainly understand L-1’s move to wrap themselves in the flag to secure this deal. It’s a lot cheaper for them to hire a few well-connected lobbyists than actually raise their bid.

VeriSign’s yo-yo diet

Brenon Daly

We’ve noted several times in the past that former binge eater VeriSign has set itself on a fairly severe corporate diet. (Last November, we outlined VeriSign’s divestiture plan that could trim up to one-third of the company’s revenue.) Having already sold off three businesses so far in 2008, VeriSign is nearing a fourth divestiture, we hear.

At the America’s Growth Capital security conference in early April, we heard hallway chatter that VeriSign was deep into talks with a networking equipment vendor and a services shop about selling its managed security service provider (MSSP) business. Now, a source indicates that VeriSign has a letter of intent signed to shed its MSSP business. The acquirer isn’t immediately known, but we hear it’s a strategic, rather than financial, buyer. Given the recent moves by telcos to buy security service shops – for instance, Verizon Business’ purchase of Cybertrust a year ago and BT Group’s acquisition of Counterpane Internet Security in October 2006 – we could also imagine a phone company adding the MSSP business to its service offering.

Like any divorce, a divestiture tends to take longer and be more expensive than any of the parties imagined at the start. And we can only guess at the discount for VeriSign’s MSSP business. The divestiture would effectively unwind its $140m cash-and-stock acquisition of Guardent in December 2003. Ironically, VeriSign inked the Guardent purchase at a time when it was also dieting, having shed its domain name-registry business and other assets. Is this the corporate equivalent of yo-yo dieting? 

Coming and going at VeriSign

Year Acquisitions Divestitures
YTD 2008 0 3
2007 0 1
2006 8 1
2005 7 1

Source: The 451 M&A KnowledgeBase

Lessons from a big Yahoo

Brenon Daly

Talk about being thrown straight into the shark tank (or more accurately a barracuda tank): John Burris has agreed to step from the board to the CEO spot at Sourcefire. The appointment comes just two weeks after Barracuda Networks made an unsolicited offer for the network security vendor. We noted that the low-ball bid of $7.50 per share from Barracuda – an aggressive company that lives up to its name – will likely set the ‘floor price’ for any sale of Sourcefire. (Since the bared-teeth bid was revealed, Sourcefire’s long-suffering shares have closed above the offer price in every trading session, finishing Wednesday at $7.92. The $0.42 difference equates to about a $10m gulf between what the market says Sourcefire is worth and what Barracuda says the company is worth.)

The fact that Sourcefire – which had been looking for a chief executive replacement since February – stayed in-house to fill the top spot makes us wonder if the company hasn’t resigned itself to a sale. Don’t forget that Sourcefire was supposed to be sold to Check Point Software Technologies more than two years ago – at a higher price than its current valuation, no less. And although we are far from experts in employment contracts, we saw nothing in Burris’ agreement that would make an acquisition of Sourcefire prohibitively expensive. Certainly nothing like the employee severance plan at Yahoo, which is effectively a poison pill.

Indeed, Burris may well look at the tenure of Yahoo’s Jerry Yang during Microsoft’s unsolicited approach to the search engine as a quick executive lesson in how not to handle M&A. On the no-no list: refusing to talk to a suitor, erecting all sorts of obstacles to consolidation and, above all, continuing to insist that you know best in creating value at a company – even when all evidence points to the contrary. “I bleed purple,” Yang said at one point, using Yahoo’s signature color to demonstrate his closeness to the company he helped found. Yang may see it that way, but Carl Icahn and other Yahoo shareholders don’t particularly care. They’re very clear that blood is red, just as money is green. We think Burris – whose connection to Sourcefire only dates back to March and who previously headed up sales at Citrix Systems – won’t suffer a similar case of color blindness.

How do you say ‘Tumbleweed’ in French?

Brenon Daly

About a year and a half ago, we heard Tumbleweed Communications was being shopped hard by private equity firms. The intervening credit crises – which bumped up the price of debt and trimmed the returns on LBOs – quite likely tabled any buyout. The email security vendor has struggled since then. It came up short of Wall Street estimates in every quarter in 2007. Shares that changed hands above $3 each in early 2007 dropped in a straight line to just above $1 this March.

Rather than a PE shop, however, it turns out Tumbleweed’s buyer will be the Sopra Group, a French IT consulting firm. Sopra will make the acquisition through its Axway subsidiary, paying $2.70 in cash for each share. With about 51 million shares outstanding, Tumbleweed gets a an equity value of about $138m, only slightly more than twice the sales it is expected to record this year. Sopra also got a discount from its currency: the Euro has climbed about 18% in value since we reported on Tumbleweed in February 2007. See full report.

Creative destruction and its discontents

Brenon Daly

In a February 2007 report, we asked an egghead question about valuations in a sector that had been ‘creatively destroyed,’ to borrow Joseph Schumpeter’s oft-used phrase. At the time, we weren’t asking for purely academic reasons. Rather, we were trying to put a price on Tumbleweed Communications following Cisco’s purchase of rival anti-spam appliance vendor IronPort Systems. (Rumors had private equity firms looking at Tumbleweed.)

It turns out we weren’t far off in our valuation. We slapped a $150m price tag on Tumbleweed; last Friday, French IT consulting firm Sopra Group said it would pay $138m in cash for the company. The deal is expected to close in the third quarter. While the companies see a bright future for the combination, we have some reservations. Specifically, we wonder how Sopra, which is making the acquisition through its Axway subsidiary, will hit its target of 12-15% operating margins for the combined company next year. (Tumbleweed has run at negative operating margins for years, piling up an accumulated deficit of $300m in its history.)

Whatever the performance of Tumbleweed under its new owners, we have to say that Sopra certainly didn’t overpay for the company, which should double its sales here in North America. At just two times trailing sales, Tumbleweed was valued at less than half the price-to-sales multiple found in comparable transactions.

Anti-spam shopping

Acquirer Target Date Price Target TTM sales
Sopra/Axway Tumbleweed June 2008 $138m $58m
Google Postini July 2007 $625m $70m*
Cisco IronPort Jan. 2007 $830m $100m
Secure Computing CipherTrust July 2006 $264m $48m
Symantec Brightmail May 2004 $370m $26m

*estimated, Source: The 451 M&A KnowledgeBase