Category: security

Sophos rides the endpoint-network convergence wave with SurfRight deal

Scott Denne

Contact: Scott Denne Eric Ogren

Sophos has made its first acquisition as a public company with a $32m deal for endpoint security player SurfRight. The purchase adds behavioral endpoint threat detection to its current drive to unify its network- and endpoint-security products. Sophos recently launched its XG Firewall, a product that aims to share data between its cloud endpoint products and its network-security products, in order to synchronize security strategies.

Sophos has picked up a few endpoint-security companies since becoming a semi-frequent acquirer in 2011, although it hasn’t spent much more than $10m on past deals. Advanced endpoint detection, such as the signatureless variety championed by SurfRight, doesn’t come cheaply. In recent years, we’ve seen Palo Alto Networks pay $200m for Cyvera and F5 Networks spend $92m for Versafe – both targets were putting up modest revenue at the time.

Several security companies are looking to merge endpoint and network security into a single offering. That’s something that Sophos hopes will be particularly appealing to its base of midsize customers, most of which have limited capabilities to deploy multiple security point solutions.

One of the hallmarks of a behavioral endpoint security approach is that you don’t have to know all the gory details of an attack to know that one program should not be manipulating the memory of another. The ability to detect memory-oriented threats, such as those commonly introduced by browsers, without reliance on signatures is a key technology that Sophos is acquiring along with the rest of SurfRight. After integration with its Heartbeat features, Sophos will have an enhanced early-warning capability to coordinate endpoint and network responses to advanced threats.

Holland Corporate Finance advised SurfRight on the transaction. Look for a full report on this deal in tomorrow’s 451 Market Insight Service.

For more real-time information on tech M&A, follow us on Twitter @451TechMnA.

InfoSec startups wonder: why bother with Wall Street?

Brenon Daly

Contact: Brenon Daly

Why bother with Wall Street? An increasing number of tech startups – particularly those in the red-hot information security market – are saying ‘thanks, but no thanks’ to going public, and instead raising IPO-like rounds from private investors. So rather than an IPO for security startups being an ‘initial public offering,’ it stands for ‘inflated private offering.’

This trend toward big checks reached new heights this week with a $250m round raised by Tenable Network Security from Insight Venture Partners and Accel Partners. Yes, that’s right: a quarter-billion dollars in a single investment, with no SEC headaches, no public financial disclosure and very few stops on an abbreviated roadshow. If that kind of relatively hassle-free money is sloshing around the security landscape, why wouldn’t a company divert some of it to its own treasury?

And to be clear, that kind of money is available in infosec. So far this year, at least eight security startups have announced single rounds of funding that in years past would have only been available from Wall Street. In addition to this week’s whopper from Tenable, we also saw Illumio raise $100m in April, Zscaler raise $100m in early August, CloudFlare raise $110m in late September, Tanium raise $120m in early September, CrowdStrike raise $100m in mid-July and Okta and Netskope both raise $75m in early September.

Against this flurry of private-market fundings, we’ve seen just one infosec provider go public on US exchanges in 2015. In many ways, Rapid7’s decision to go ahead with its $100m IPO in June is almost endearingly recherché. But the out-of-step decision to go public also comes at a financial cost to Rapid7. Because of an inversion in conventional financing, the liquidity of Rapid7 shares and the transparency actually get discounted when compared with private-market fundings. Rapid7 isn’t even a unicorn, unlike the majority of still-private infosec startups that raised as much – if not more – than it did.

Classical economic theory holds that an imbalance such as this tends to correct over time. (The only open question is when, not if.) However, assuming we do return to a time when Wall Street is the primary – if not exclusive – source for, say, fundings of $100m or more, simply working through the existing backlog of infosec companies that have already done these big-money rounds in the private market could take several years. And, as we have seen in other markets that are temporarily distorted because of an overabundance of capital, working through that can be a painful process.

For more real-time information on tech M&A, follow us on Twitter @451TechMnA.

Wrapping a ‘blue coat’ around SaaS apps

Brenon Daly

Contact: Brenon Daly

For the second time in about three months, 20-year-old infosec vendor Blue Coat has bought its way into the cloud, paying an astronomical multiple for cloud application control startup Elastica in a $280m deal. Paired with its recent purchase of Perspecsys, Blue Coat has rung up a $400m bill in building out an offering to help secure SaaS applications. That makes it the biggest buyer in this nascent market.

We view the pickups of Perspecsys and Elastica as a bit of a portfolio update and refresh ahead of what we expect to be an IPO for Blue Coat in early 2016. As one of the few large-scale infosec providers, Blue Coat has attracted acquisition interest in recent years. Before its take-private in late 2011, the company was rumored to have drawn a bid from HP. More recently, Raytheon was thought to be considering a run at Blue Coat before nabbing fellow PE-owned network security firm Websense instead. Earlier this year, Blue Coat’s original PE owner, Thoma Bravo, sold the company to Bain Capital. (Incidentally, Goldman Sachs worked Blue Coat’s LBO as well as the secondary transaction.)

Subscribers to 451 Research can see our report on this deal – including valuation, market context and integration outlook – on our website later today and in tomorrow’s 451 Market Insight.

For more real-time information on tech M&A, follow us on Twitter @451TechMnA

Securing an IPO pipeline

Brenon Daly

Contact: Brenon Daly

As we saw in the recent lackluster debut of Pure Storage, there isn’t much demand on Wall Street for new offerings. The fast-growing storage startup became only the fifth enterprise tech vendor to go public in 2015. Virtually all of the tech IPOs, including Pure Storage, have broken issue, often falling below the valuation they achieved as private companies, when they were smaller and more speculative investments. However, there is one exception to the generally dismal tech IPO market: information security.

Consider the standout offering from Rapid7 . Since debuting three months ago, the threat-detection provider has not only delivered a tidy return to its earlier investors, but has also traded relatively strongly in the aftermarket. And it is doing all that while maintaining a rather rich valuation. Investors value Rapid7 at about $840m, roughly 8x the $100m or so in sales this year that the company will put up.

As with any market that indicates demand, supply will look to satisfy that demand. We understand there are at least three information security firms currently on file and hoping to go public before the end of the year:

  • Veracode: The code-scanning startup is rumored to have picked J.P. Morgan Securities to lead its offering. We gather the company ran a dual-track process, but is now set to go public. It raised a late-stage round about a year ago, bringing its total to about $120m.
  • LogRhythm: The SIEM vendor has navigated through the consolidation that has thinned the number of sizable independent vendors to just a handful. An IPO from LogRhythm would come almost eight years after rival ArcSight went public.
  • SecureWorks: We noted in May that Dell’s managed security service division is looking at spinning off a minority stake of the company. The move would give SecureWorks currency to pick up other MSSPs, as well as (possibly) raise money for Dell as it looks to pay for the largest-ever tech acquisition.

For more real-time information on tech M&A, follow us on Twitter @451TechMnA.

Dell looks to become ‘indelible’ IT vendor with EMC

Brenon Daly

Contact: Brenon Daly Simon Robinson

Announcing the largest tech deal since the Internet bubble burst, Dell plans to pay approximately $63.1bn for EMC. The debt-laden combination would create a sprawling IT giant with multibillion-dollar businesses in many of the primary enterprise technology markets, including storage, information security, IT services, servers and PCs. (For context, the combined Dell-EMC entity would be larger than Hewlett-Packard Enterprise (post-split), NetApp, Juniper Networks and Symantec combined.) Dell’s bold transformational transaction is not coming cheap, however. The company is valuing EMC significantly more richly than it valued itself when it went private two and a half years ago.

Further, Dell’s relatively pricey bulking up comes at a time when a number of rival enterprise IT vendors are slimming down. More to the point, several of these competitors are unwinding earlier blockbuster acquisitions they made in hopes of staying more relevant in a shifting IT market. The arrival of the public cloud has siphoned off billions of dollars that once flowed unimpeded to Dell, EMC and other first-generation technology firms. However, IT customers increasingly lack the appetite to buy, install and manage dozens of ‘piece parts’ and mold them into a cohesive whole. As a result, we can look at the combination of Dell and EMC as essential if the traditional IT model is to survive the onslaught from public cloud providers, most notably Amazon Web Services.

Though Dell has been on a path to build a ‘better together’ story for almost a decade, it clearly hasn’t been enough. In its effort to buy its way out of the commodity PC business, the company stitched together a patchwork of properties. However, the resulting ‘big picture’ has still not materialized. Dell has lacked a core focus point, as well as the heft and scale in any one market to dominate. Further, it has so far not sufficiently penetrated the large enterprise segment, or moved beyond its two longtime key verticals of healthcare and the public sector. Against this backdrop, it’s easy to see the attraction of EMC, which brings large enterprise credibility in storage, perhaps the industry’s most focused and effective sales operation and, in VMware, still one of the most strategic entities on the market.

EMC’s attractiveness also shows through in the valuation that Dell is paying, if not when viewed against the broader tech M&A market than certainly when put against Dell’s own worth. According to terms, Dell is paying 2.5x trailing sales and 11.5x trailing EBITDA for EMC. For comparison, in orchestrating the take-private of his namesake company, Michael Dell and his consortium paid just one-quarter the price-to-sales multiple of EMC and half the cash-flow multiple. Dell’s LBO, which stands as the third-largest private equity tech transaction in history, valued the company at just 0.5x trailing sales and 5.2x trailing EBITDA.

Look for a full report on the proposed Dell-EMC pairing later today on our website and in tomorrow’s 451 Market Insight.

For more real-time information on tech M&A, follow us on Twitter @451TechMnA.

Microsoft adds Adallom

Brenon Daly

Contact: Adrian Sanabria Brenon Daly

Continuing its accelerated shopping spree, Microsoft has reached for infosec startup Adallom. Although terms weren’t released, reports from newspapers in Israel, where Adallom has its roots, peg the price at $250m-320m. Assuming those reports are reasonably accurate, the acquisition would be larger than our understanding of the Aorato buy last November. Aorato stands as Microsoft’s most recent security purchase, and the technology will run alongside the just-acquired technology from fellow Israeli company Adallom.

The Adallom pickup fills a gap between cloud-based IAM and third party SaaS products, allowing Microsoft customers to add much broader control over user authorization and activity within internal (Office 365) and third-party SaaS applications such as Salesforce, Workday and Google Apps. This extension of user permissions and directory services creates a layer of monitoring and control not previously possible in the traditional enterprise. Also, with Office 365 as one of the most popular services for vendors such as Adallom to enhance, Microsoft now has the opportunity to offer much greater control, visibility and security to existing customers.

Microsoft’s purchase of Adallom is the tech giant’s twelfth transaction of 2015, which is twice as many as it has averaged in the same period each year over the past half-decade. Moreover, virtually all of the companies that Microsoft has snagged this year have been relatively small startups. (All but one of the startups acquired in 2015 has raised $50m or less in total funding.) In years past, Microsoft has typically announced a 10-digit deal (e.g., Nokia devices, Yammer, Skype) along with the technology tuck-ins. Of course, that shift to smaller targets might have something to do with the billion-dollar write-downs Microsoft has made on several of its larger acquisitions inked under previous CEO Steve Ballmer.

Recent Microsoft M&A activity

Period Number of announced transactions*
January 1 – September 8 2015 12
January 1 – September 8 2014 7
January 1 – September 8 2013 7
January 1 – September 8 2012 5
January 1 – September 8 2011 3
January 1 – September 8 2010 0

Source: 451 Research’s M&A KnowledgeBase *Excludes purchases of domain names and IP addresses

For more real-time information on tech M&A, follow us on Twitter @451TechMnA.

Family drama at VMworld

Brenon Daly

Contact: Brenon Daly

Even before he talked products or markets, VMware CEO Pat Gelsinger kicked off his comments to Wall Streeters at his company’s annual conference with a moment of ‘family time.’ In this case, it was to defend the current corporate parentage, with EMC owning a super majority of VMware as part of a larger ‘EMC Federation.’

Gelsinger essentially said that the way things are now in the EMC family is the way they should be. He went on to knock down rumors that he was planning – or even considering – any changes in the current corporate structure, specifically singling out recent reports about a kind of fratricide by VMware in which his company would take over EMC. ‘Better together’ is the family motto.

Not everyone agrees, however. Some critics, such as the kind that buy small chunks of stock in a company and then try to tell it what to do, counter that the current structure actually inhibits growth in the family.

The activist hedge funds have a point, given that VMware stock has basically flatlined over the past five years while the S&P 500 Index has nearly doubled. (The underperformance stands out even more when we consider that a half-decade ago, VMware was running at less than $1bn in quarterly revenue. It now puts up more than $1.5bn in sales each quarter. There aren’t too many S&P 500 companies that are two-thirds bigger now than they were in 2011. Most, including EMC, have only slightly grown.)

Given that Elliott Associates, an activist hedge fund that has already successfully pushed to reshuffle EMC’s board of directors, effectively crashed the VMworld party, it’s not unreasonable to expect even more changes in the EMC Federation. (Remember, too, that the ‘standstill’ agreement between Elliott and EMC expires this month.) There may well be some family drama before the year is out.

For more real-time information on tech M&A, follow us on Twitter @451TechMnA.

LANDesk lands a new dashboard with Xtraction acquisition

Brenon Daly

Contact: Brenon Daly

In its first acquisition in almost a year, LANDesk picks up existing partner Xtraction Solutions in an effort to make data more visible for the systems management vendor’s clients. The two companies have been partners for more than a year, with a handful of joint customers using Xtraction’s dashboards. Although terms weren’t disclosed, we understand that LANDesk paid in the low tens of millions of dollars for Xtraction, which had only a dozen or so employees and no outside funding.

In addition to data visualization (think, ‘BI for IT operations’), the deal is also important because it expands the sources of data that can be represented. Most IT environments are a hodgepodge of technology from various vendors and vintages. Xtraction has 50 connectors built for many of the larger IT management providers, including HP, Microsoft, BMC and ServiceNow. Another area where LANDesk might look to expand Xtraction’s reporting technology is IT security, where dashboards are increasingly being used to help make sense of the streams of reports about the ever-expanding number of vulnerabilities faced by businesses.

Xtraction is the sixth purchase LANDesk has made since private equity firm Thoma Bravo carved out the systems management vendor from Emerson Electric five years ago. Since then, according to our understanding, LANDesk has added about $100m to its top line while nearly tripling its cash flow. The company says it has plenty of cash in treasury – not to mention a deep-pocketed owner in Thoma Bravo – to continue to add pieces to its IT management platform.

For more real-time information on tech M&A, follow us on Twitter @451TechMnA.

Cisco closes in on OpenDNS

Brenon Daly

Contact: Brenon Daly

In its third-largest IT security acquisition, Cisco will pay $635m in cash for OpenDNS to shore up its threat-detection and -prevention portfolio. The deal comes a year after the networking giant participated in the 10-year-old startup’s series C funding round. (The $35m investment announced last May brought the total amount raised by OpenDNS to $51m.)

The purchase continues Cisco’s practice of paying rich multiples as it shops in information security. According to 451 Research’s M&A KnowledgeBase , Cisco has now acquired 18 security companies in the past decade and a half, mostly smaller startups. (All but three of those transactions cost the networking giant less than $200m.) We would note that although Cisco’s security business generates less than 5% of its total revenue, infosec acquisitions have accounted for 16% of the company’s overall M&A activity since 2002.

In its other large infosec purchases, Cisco paid $2.7bn, or nearly 11x trailing sales, for Sourcefire and $830m for IronPort Systems, which works out to slightly more than 8x trailing revenue. OpenDNS generated about $40m in trailing bookings and was on pace to double annual bookings to roughly $60m for full-year 2015.

That would mean Cisco is paying about 15x trailing bookings for fast-growing OpenDNS. Obviously, the price-to-revenue multiple for OpenDNS would be higher than that, likely falling in the neighborhood of twice the valuation that Cisco paid in its two other significant infosec deals. The valuation of the network security vendor stands out even more considering the recent focus in the IT security industry on endpoint protection, which has resulted in valuations there being pushed to historically high levels. Cisco expects to close the pickup of OpenDNS by the end of its first fiscal quarter, which wraps in October.

For more real-time information on tech M&A, follow us on Twitter @451TechMnA.

In a time of sky-high infosec valuations, Sophos goes for down-to-earth debut

Brenon Daly

Contact: Brenon Daly

The tech IPO market is so quiet these days that even those companies that do manage to go public do it understatedly. Consider the almost under-the-radar offering from Sophos, a giant in the infosec market that nonetheless raised a relatively small $125m on the London Stock Exchange (LSE) last Friday. Compared with the noisy funding events we’re accustomed to seeing in this current frothy investment environment, the Sophos IPO was almost refreshingly reserved.

Sophos has been around for 30 years, which makes it positively middle-aged relative to many flashy startups that still haven’t seen the ink dry on their business plans. Also, Sophos was born and raised in the UK, several time zones – and even more distant culturally – from the epicenter of tech hype in Silicon Valley. To illustrate, Sophos spends less than 40% of its revenue on sales and marketing, about half the level of some US-based IT firms (e.g., Apigee, Box) that have also come public in 2015.

Yet even as Sophos runs a business that’s clipping along at nearly a half-billion dollars in revenue, it raised the same amount of money that some startups one-tenth its size have landed from private investors. Another way to look at it: The $125m that Sophos raised in its IPO is also less than half the amount collected by Etsy, which is smaller than Sophos, in its April IPO.

And Sophos is raising money at a very down-to-earth valuation, compared with some of the sky-high valuations garnered by both public and private infosec vendors. Sophos started life on the LSE at a market cap of about $1.6bn, roughly 3.5x its trailing sales of $447m. That’s a sharp discount to many of the infosec providers trading on the NYSE and Nasdaq. For example, Proofpoint, Qualys, FireEye and Imperva, among others, all trade at more than 10x trailing sales.

For more real-time information on tech M&A, follow us on Twitter @451TechMnA.