Category: security

In latest infosec consolidation, Avast + AVG = AV(G)ast

Brenon Daly

by Brenon Daly

Reversing the flow of typical consolidation moves, privately held Avast Software said it will pay $1.3bn to remove fellow antivirus (AV) vendor AVG Technologies from the NYSE. In addition to flipping the script on the conventional roles of buyer and seller, there’s also a fair amount of irony in the announced pairing of the companies, which share similar roots and vintage. After all, the acquisition comes four years after Avast scrapped its plans to be a public company, a decision that was partly due to AVG’s lackluster performance immediately following its own IPO in early 2012.

Terms call for private equity-backed Avast, which has secured about $1.7bn from a lending syndicate, to pay $25 for each share of AVG. Although that represents a 33% premium over the previous closing price, it is actually lower than AVG shares were trading on their own at this time last year.

Both companies, which have been in business for more than a quarter-century, have struggled to adjust their portfolios to match recent changes in the threat landscape. Specifically, they have been somewhat caught out by the ineffectiveness of their historic desktop-based AV offerings, as well as the emerging threats posed by mobile devices. Over the past two years, Avast and AVG have used M&A to help move into the post-AV world, including doing four acquisitions to bolster their mobile security portfolios.

However, the overall transition of the business has been slow. AVG, for instance, said revenue in the first quarter expanded just 5% and indicated that sales in the just-ended Q2 actually declined slightly. AVG’s sluggish recent performance goes some distance toward explaining its rather muted valuation. Avast is paying $1.3bn, or slightly more than 3x the $433m in trailing sales put up by AVG. That’s just half the average multiple of 6.4x trailing sales in the 10 other information security transactions valued at $1bn or more, according to 451 Research’s M&A KnowledgeBase.

For more real-time information on tech M&A, follow us on Twitter @451TechMnA.

Still early days for IoT security

Brenon Daly

Contact: Christian Renaud Brenon Daly

The Internet of Things (IoT) market is transitioning from early (over) hype to production deployments, causing problems with operational security. This has raised the visibility of an increasing number of IoT startups, ranging from legacy operational technology (OT) security vendors that have been ‘IoT washed’ to IT security providers and pure plays. In a just-published report, we profile 11 startups looking to take advantage of the growing interest in IoT security. (Collectively, these companies have received about $115m from venture investors, and we would note that they represent a small subset of all IoT security technology startups.)

In terms of exits, 451 Research’s M&A KnowledgeBase tallies just nine security-related transactions that we believe were driven entirely, or in large part, by IoT. Spending on just those rather narrowly defined IoT security deals totaled $966m, with one pairing (Belden-Tripwire) accounting for the vast majority of the total.

The fact that security isn’t spurring more IoT acquisitions isn’t all that surprising, when viewed against how M&A has played out in other emerging tech markets. Vendors tend to focus on the opportunities – rather than the threats – that come with the new, new thing. Consider the SaaS space, which essentially changes the delivery of software. Literally, thousands of SaaS applications have been acquired in recent years, whether through consolidation or expansion into adjacent areas.

However, only a handful of transactions have gone toward securing the app, despite the fact that 451 Research surveys have shown that concerns about security are the primary obstacle for SaaS adoption, just as they are for IoT deployments. (For instance, just two of the 43 acquisitions that SaaS kingpin Salesforce has done since its founding have involved security, and both have been tiny deals.) As IoT deployments broaden and become more complex, we expect security to account for more than its current 3% of deal flow. Again, to see which startups might be figuring into upcoming deal flow, see our full report on IoT security M&A.

IoT MA as % of overall

Cisco puffs up M&A totals with CloudLock buy

Scott Denne

Contact: Scott Denne

Cisco continues its aggressive streak with the $293m purchase of CloudLock. The networking equipment giant has spent $2.2bn on five deals since the start of the year – its busiest first half since 2012. It’s not just the amount of spending that marks the aggressive streak. Cisco has been paying healthy multiples. Today’s transaction values the cloud security vendor at over 10x trailing revenue: its acquisitions of cloud application manager CliQr and early-stage chip startup Leaba Semiconductor were also likely above that multiple.

To pick up CloudLock, a cloud application security broker, Cisco needed to continue to pay a high multiple, as several deals in that segment have gone off at a premium. Adallom and Elastica were able to fetch above $200m when they sold to Microsoft and Blue Coat, respectively. Both were only starting to generate revenue. Skyfence was able to get $60m from Imperva before earning a dime in revenue.

Cisco has been particularly active in security M&A. In addition to CloudLock, it paid $452m for Lancope and $635m for OpenDNS, both at above-market multiples. There’s good reason for that. Security is the company’s second-fastest-growing segment, up 17% to $482m in sales last quarter. The macro trends are in its favor. According to our most recent Voice of the Enterprise: Information Security survey, 62% of all IT managers expect security budgets to increase over the next 12 months.

For more real-time information on tech M&A, follow us on Twitter @451TechMnA

Dell’s discounted divestiture

Brenon Daly

Contact: Brenon Daly

Continuing its efforts to slim down before it gets massively bigger, Dell has announced plans to divest its software business to a buyout group led by Francisco Partners. The sale essentially unwinds Dell’s previous acquisitions of Quest Software and SonicWALL, which cost the company some $3.5bn. Although terms weren’t revealed, we understand that Dell will pocket $2.2bn from the deal.

The discount divestiture of the Dell Software Group (DSG), which generated some $1.3bn in trailing sales, comes less than three months after the company likewise sold its IT services unit, Perot Systems, for less than it originally paid. Dell’s portfolio pruning serves two purposes as it prepares to close its pending $63.1bn purchase of EMC. Divesting the software unit will not only raise some much-needed cash for Dell to cover the largest-ever tech acquisition, but will also clear out some software offerings that would overlap with the assets it is set to pick up from EMC/VMware, notably in the identity and IT management markets. EMC shareholders are set to vote on the sale to Dell next month, with the close of the transaction expected shortly after that. Similarly, Dell expects to complete the DSG divestiture in the late summer or fall.

Deferring to VMware as the software specialist for the combined entity makes financial sense for Dell. By and large, Dell’s software business has been a lackluster performer, unable to grow and running at single-digit operating margins. In comparison, VMware continues to increase its revenue (although at a lower rate than it once had) and operates twice as profitably as Dell’s software unit. And then there’s the matter of scale: VMware alone is five times as large as DSG.

Dell was a relative latecomer to M&A, only really starting to buy companies in 2007. While Dell was on the sidelines, for instance, EMC picked up more than 40 businesses, including RSA and, of course, VMware. Further, we would argue that if EMC hadn’t made the acquisitions it did during the early 2000s, Dell probably wouldn’t have bought the company. It certainly wouldn’t have had to pay anywhere close to the $63.1bn that it is set to hand over for EMC if the target hadn’t used M&A to expand beyond its core storage products.

DSG will be purchased by Francisco Partners, with participation from Elliott Management, a hedge fund better known for pushing businesses to sell than it is for buying them. (Indeed, Elliott took a small stake in EMC and then agitated for a sale of that company.) Francisco says this is its largest-ever deal. The DSG transaction comes as buyout shops are becoming increasingly busy with big prints. Including DSG, private equity buyers have now announced 14 acquisitions valued at more than $1bn since last June, according to 451 Research’s M&A KnowledgeBase.

For more real-time information on tech M&A, follow us on Twitter @451TechMnA.

Big Yellow tries on a Blue Coat

Brenon Daly

Contact: Brenon Daly

Announcing the second-largest information security transaction in history, Symantec says it will pay $4.7bn in cash for Blue Coat Systems. The single purchase eclipses the amount Big Yellow has spent, collectively, on all of its two dozen information security acquisitions over the past decade and a half, according to 451 Research’s M&A KnowledgeBase. Strategically, the proposed pairing is essentially a large-scale combination of Symantec’s endpoint security with Blue Coat’s Web defense, an M&A trend that has mostly featured deals valued in the tens of millions of dollars, rather than billions of dollars.

The transaction will further boost Symantec’s standing as the largest independent security vendor. On a GAAP basis, the combined company would have sales of about $4.2bn. (For perspective, that’s twice the size of McAfee at the time of its sale to Intel in 2010.) Blue Coat recorded GAAP revenue of $599m in its latest fiscal year. However, because of accounting regulations, that figure excludes a fair amount of deferred revenue. In its IPO paperwork, Blue Coat offered a non-GAAP ‘adjusted revenue’ figure that included the written-off deferred revenue totaling $775m in its latest fiscal year. By either measure, Blue Coat would bump up the combined company’s top line by about 20%.

For Symantec, however, bigger has not necessarily proven to be better. Big Yellow only recently cleaved off its Veritas division, unwinding a decade-long effort to pair security with storage that ultimately failed to produce returns. Yet even on the other side of the tumultuous separation, revenue at Symantec shrank in its previous fiscal year by 9%, with the company forecasting that the contraction would continue in the current fiscal year. The instability has also played out in the corner office, with Symantec having run through three CEOs in the past four years. (Note: Symantec currently doesn’t have a permanent chief executive, although as part of the agreement, current Blue Coat CEO Greg Clark will take the top job at the combined company after the deal closes, which is expected by September. In that way, there’s also a bit of an ‘acq-hire’ aspect to the multibillion-dollar pairing.)

The move marks a rare case of a dual-tracking, with Symantec buying Blue Coat less than two weeks after the company revealed its IPO paperwork. And, as we look at Blue Coat’s valuation, we can’t help but think that Big Yellow had to outbid Wall Street to get this transaction done. Think about it this way: a little more than a year ago, current owner Bain Capital was able to purchase Blue Coat for $2.4bn – just half the price Symantec is paying. (Of course, last spring Symantec probably wasn’t in a position to do a major deal, as it was focused on the Veritas divestiture.)

At $4.7bn, Blue Coat is valued at 7.8x its trailing GAAP revenue of $600m. (Even if we view the transaction on the adjusted revenue of $775m, Symantec is paying 6x non-GAAP revenue. Continuing on those unorthodox financial measures, we would add that the acquisition values Blue Coat at slightly more than 20x trailing adjusted EBITDA.) Overall, those valuations are only slightly above the average of just under 7x trailing sales for information security deals valued at more than $1bn over the past 14 years, according to 451 Research’s M&A KnowledgeBase.

Largest information security transactions, 2002-16

Date announced Acquirer Target Deal value Deal valuation*
August 19, 2010 Intel McAfee $7.7bn 3.4x
June 12, 2016 Symantec Blue Coat Systems $4.7bn 7.8x
Feb 9, 2004 Juniper Networks Netscreen Technologies $4bn 14.3x
July 23, 2013 Cisco Systems Sourcefire $2.7bn 10.7x
March 10, 2015 Bain Capital Blue Coat Systems $2.4bn 3.8x

Source: 451 Research’s M&A KnowledgeBase *Price-to-trailing-sales multiple

For more real-time information on tech M&A, follow us on Twitter @451TechMnA.

No longer a faded garment, Blue Coat to hit the public market

Brenon Daly

Contact: Brenon Daly

More than four years after going private, Blue Coat is set to make a return to the public market. But the company that put in its IPO paperwork is very different from the one that beat a hasty retreat from Wall Street. The resurrected Blue Coat is cleaner, more stable and throws off more cash. And, most dramatically, it’s growing at a healthy mid-teens percentage rate, while the old version was shrinking. The reboot of Blue Coat, which has been accomplished under private equity (PE) ownership, will pay dividends as it makes its debut.

The original Blue Coat, which was founded 20 years ago, was a bit of a faded garment when its initial PE owner, Thoma Bravo, got its hands on it. As noted, revenue was declining as the company stumbled from its network performance origins into Web security, while not doing either particularly well. (451 Research surveys of customers at the time of Blue Coat’s leveraged buyout showed that respondents had a largely unfavorable view of the company, with many indicating they planned to cut their spending with it.) That corporate uncertainty was compounded by churn in the corner office, as three CEOs came and went in just the 18 months leading up to Blue Coat’s LBO.

The company is now squarely focused on network security, while also spending liberally to step into securing the cloud. This growth is crucial because the cloud has effectively expanded the perimeter of a network, and many legacy network-based security products – from some of Blue Coat’s contemporaries – have proven ineffective at addressing cloud and mobile use cases. That helps explain why the company has rung up a $400m bill for SaaS security, acquiring both Perspecsys and Elastica last year.

Blue Coat has taken these strategic steps while roughly tripling cash-flow generation and increasing revenue by about two-thirds. Some caveats, however, are needed when comparing the current financial performance at the company with its earlier numbers. In its prospectus, Blue Coat has put forward several non-GAAP measures as key metrics, including ‘adjusted revenue’ and ‘adjusted EBITDA.’ Although 451 Research relies on GAAP figures, there are compelling reasons – notably the deferred revenue write-downs, which are essentially an accounting exercise – that make it understandable why the company favors those nonstandard measures. With those disclaimers, Blue Coat reports adjusted revenue of $775m and adjusted EBITDA of $223m for its most recent fiscal year, which ended in April. Regardless of the measure, however, it’s fair to say that the new Blue Coat is a whole lot bigger and throws off more cash than it ever has before.

After much of the initial cleanup at Blue Coat was done under Thoma Bravo, the buyout shop sold the company to current owner Bain Capital last March. (As an aside, we would note that Thoma Bravo – despite having one of the biggest buyout portfolios in the tech industry – still hasn’t taken a portfolio company public.) Bain Capital paid $2.4bn, and looks certain to see its blue-hued portfolio company hit the market at north of $3bn.

For more real-time information on tech M&A, follow us on Twitter @451TechMnA.

The SecureWorks IPO: delayed, downsized and discounted

Brenon Daly

by Brenon Daly

So much for the comeback of the tech IPO market. Although SecureWorks did manage to make it public on Friday, the managed security service provider – along with its 17 underwriting banks – had to trim both the size and price of its offering to get investors interested. In afternoon trading on the Nasdaq exchange, SecureWorks shares were changing hands around its offer price of $14, which is lower than the range it laid out earlier.

Recent enterprise tech IPOs*

Company Date of offering
Box, Inc Jan. 23, 2015
GoDaddy April 1, 2015
Apigee April 24, 2015
Xactly June 26, 2015
Rapid7 July 17, 2015
Pure Storage Oct. 7, 2015
Mimecast Nov. 20, 2015
Atlassian Dec. 10, 2015
SecureWorks April 22, 2016

*Includes Nasdaq and NYSE listings only

SecureWorks’ underwhelming debut comes as the first enterprise tech offering since Atlassian hit the market in December. In the intervening months, concerns about slowing economic growth have swept through the world’s equity markets. Here in the US, the Nasdaq Composite Index dropped 15% in the first six weeks of this year. During that bear market, tech companies prudently opted not to continue with their offerings, much as a ship captain would not choose to set sail in stormy seas.

However, by late April, as SecureWorks launched its delayed offering, the storm had mostly passed. The Nasdaq has recovered its losses from earlier in the year, and Wall Street was no longer shaky ground. An April survey of individual investors by ChangeWave (a subsidiary of 451 Research) showed a dramatic turnaround in sentiment: Only one-third of respondents to our April survey said they were ‘less confident’ in the stock market than they were three months ago. That was just half the level at the start of 2016, and the lowest reading in more than a year. On the other hand, almost one-quarter of the respondents indicated they are feeling ‘more confident’ in Wall Street, which was the most-bullish reading we’ve had in three years.

So SecureWorks wasn’t necessarily heading out into stormy weather. Yet it still had to give up a fair amount to get public, which doesn’t seem to make much sense. (And Wall Street is nothing if not rational and judicious.) Sure, the company is unprofitable. But red ink has never stopped investors from buying, even when a company counts its revenue in the tens of millions of dollars but its net losses in the hundreds of millions of dollars. (For the record, SecureWorks is nowhere near that level, having lost $72m on revenue of $340m in its most-recent fiscal year, which ended in January.)

If SecureWorks’ so-so IPO wasn’t entirely due to the broad market or the company, maybe it had something to do with the offering itself. The basics of the SecureWorks IPO could be summarized like this: An established tech company acquires a fast-growing startup, then spins off a minority stake of a class of equity that effectively gives shareholders no voice in the direction or outcome at the company. That’s virtually the same structure as the VMware IPO, which hasn’t necessarily been kind to the company’s minority shareholders.

CW wall street April 2016

CenturyLink grows managed security services practice with netAura buy

Mark Fontecchio

Contact: Mark Fontecchio

CenturyLink acquires IT security services firm netAura as it gears up a managed security services (MSS) practice. In a forthcoming report, we write that CenturyLink has launched an updated MSS suite, which has been a popular portfolio addition for many multi-tenant datacenter and managed service providers in the past year. The target also brings experienced security personnel at a time of a shortage in skilled security workers. Finally, the move bolsters CenturyLink’s managed services platform as its legacy telecom services decline.

CenturyLink has steadily climbed the services stack since 2011, in part through acquisitions such as Savvis, database-as-a-service vendor Orchestrate and cloud management provider Tier 3. Others are doing the same. ViaWest acquiring AppliedTrust and Level 3 buying Black Lotus are just two recent examples of M&A activity in this sector. The deals particularly make sense in security, where staffing issues abound. According to 451 Research’s Voice of the Enterprise survey of 786 IT decision-makers in Q4 2015, staffing information security was one of the top pain points, ahead of options like firewall/edge network security and mobile device security. In today’s transaction, all 15 of netAura’s employees will move to CenturyLink.

We expect interest and activity to continue in this space through the rest of the year. Dell’s cybersecurity unit SecureWorks filed for an IPO in December, a move we predicted last May. Potential M&A candidates that could conceivably become targets in similar deals might include Red Canary, which is focused on advanced endpoint defense, and Encode, a UK-based security analytics firm with a managed service offering.

For more real-time information on tech M&A, follow us on Twitter @451TechMnA.

What is Charles Darwin doing at this year’s RSA Conference?

Brenon Daly

Contact: Brenon Daly

In addition to the Pollyanna marketers and go-getter executives that make up most of the attendees at the RSA Conference, there will also be a slightly more unsettling figure looming around the security industry’s marquee event: Charles Darwin. No, the long-dead scientist won’t be actually docking his ship, HMS Beagle, on the San Francisco waterfront to attend next week’s confab. But Darwin’s seminal theory about ‘natural selection’ is going to be one of the more visible – if unacknowledged – themes at this year’s RSA Conference. Bluntly put, some of the 500 companies and sponsors that help put on this year’s event won’t be around when RSA opens the doors on future conferences. (451 Research subscribers, see our full preview of this year’s RSA Conference.)

This isn’t to say that the RSA show floor is somehow going to turn into a killing ground. Rather than viewing it cinematographically, we view it clinically. The RSA Conference is nothing more than a petri dish of organisms that, until now, have had ideal conditions to evolve and reproduce. In the months leading up to this year’s gathering, however, those life-sustaining conditions have deteriorated to the point where some of the organisms will not survive. The weak will be ‘selected out’ – a process that in some ways is overdue in the crowded information security market.

We’re already seeing some of that pressure come through in infosec M&A. Consider the contrast between the two largest acquisitions by FireEye, which has served as a convenient bellwether for the next-generation infosec vendors. Two years ago, it spent almost $1bn, more than 10x trailing sales, for incident response firm Mandiant. Last month, it handed over just $200m upfront for iSIGHT Partners, valuing the threat intelligence specialist at half the multiple it paid for Mandiant. Further, according to our understanding, iSIGHT garnered only a slight uptick in valuation in its sale compared with its valuation in a funding round announced a year earlier. The return can still be boosted, provided iSIGHT hits the targets of a $75m earnout. But even including the additional kicker, it’s still a relatively modest exit for a company that as recently as last year had positioned itself in the IPO pipeline.

That bearishness might not come through on the RSA Conference show floor or even in the afterhours cocktail parties next week. But long after the booths are packed up and the drinks have stopped flowing, infosec startups will have to get back to business. And what they are likely to find is that business for the rest of the year is going to get a whole lot tougher as buyers and backers hold much more tightly onto their life-sustaining purchases and investments, respectively. To help adapt to that new environment, startups might be well served to tuck a copy of Darwin’s On the Origin of Species into their RSA Conference swag bag and look for some pointers on how to make it through the upcoming selection cycle in the infosec industry. See our full report.

CW infosec spend 2016

Infoblox jumps on threat intel bandwagon with IID buy

Scott Denne

Contact: Scott Denne Scott Crawford

Adding threat intelligence to a wider security portfolio has potential, though as a stand-alone offering growth has been tough to come by. Against that backdrop, we’ve seen a notable uptick of acquisitions in this space, with Infoblox’ purchase of IID being the latest. The DNS security vendor will pay $45m in cash for IID and its threat intel capabilities, putting the deal right in the same neighborhood as several other recent transactions.

Today’s move combines two companies with a background in securing network identity. Infoblox has roots inside the network, while IID specializes in external networks. Part of IID’s early focus was to protect individuals and organizations from phishing risks and its offering has since matured into an intelligence aggregation and sharing strategy centered on IID’s ActiveTrust threat data exchange platform. The deal combines Infoblox’s ability to manage and control access to enterprise networks with threat intel gathered from multiple sources, including vetted contributors to ActiveTrust. IID will enrich Infoblox’s capabilities for providing secure DNS, network DHCP/IPAM services and control automation through greater insight into network threats. AGC Partners advised IID on its sale.

The potential to add threat intelligence to an existing channel and related product line is pushing up valuations in this segment. Last year, LookingGlass and Proofpoint paid $35m and $40m for Cyveillance and Emerging Threats, respectively. Though there was some variation in the multiples of those deals, most recent threat intel acquisitions have printed above market valuations. Infoblox appears to be paying north of 4.5x trailing revenue (based on its disclosure that IID had $10m in 2015 billings), while Emerging Threats fetched a valuation closer to 10x. Even FireEye’s purchase of iSIGHT, the largest we’ve tracked in the subsector at $200m, got done at 5x. The Cyveillance sale was the exception to this trend, yet it still landed more than most divestitures at just under 2x.

For more real-time information on tech M&A, follow us on Twitter @451TechMnA.