Belden plugs into Tripwire

Contact: Brenon Daly

Belden’s acquisition of Tripwire marks not only the company’s largest purchase, but also the richest valuation it has ever paid. Belden is handing over $710m in cash for the security management vendor. That values Tripwire at nearly 5x sales, which is more than twice the multiple Belden has paid in its past half-dozen deals. (For its part, Belden trades at less than 2x sales, despite its shares hitting an all-time high upon the deal announcement.)

A company known primarily for cables and wiring, Belden has inked seven purchases over the past four years as part of a broader effort to get into new markets. Not all of those moves have worked. (For instance, it divested a wireless LAN startup after more than two years on the books. Despite the irony of a wiring provider buying a wireless vendor, Belden actually sold Trapeze Networks for more than it originally paid for it.) Nonetheless, growth in new markets is one of the main reasons why Belden shares have more than tripled since the end of the recession, roughly three times the gain in the broader US indexes.

Still, the pickup of Tripwire is a not-insignificant gamble. Strategically, Belden imagines extending Tripwire’s security, which is currently focused entirely on enterprises, to industrial settings. And financially, Belden is essentially clearing out its coffers to cover the transaction. (It is drawing down approximately $200m on an existing line of credit to help pay for Tripwire.)

And, as noted, Belden is paying up for Tripwire. Terms value the Portland, Oregon-based target at 4.9x sales. For context, Tripwire sold to its current owner – private equity shop Thoma Bravo – for about $225m, or 2.2x sales, in mid-2011, according to our understanding. So one way to look at the three-year period Tripwire was owned by Thoma Bravo is that while revenue didn’t quite double, the company’s price more than tripled.

The primary reason why Thoma Bravo is getting an above-market valuation on its exit is the operational efficiencies that it helped bring into Tripwire. The company is projected to grow in the high teens, which is twice the rate it was growing before being acquired by the PE shop. Maybe more importantly, Tripwire more than tripled its EBITDA margin, to above 30% currently, while also accelerating its growth.

Look for a more detailed report on Belden’s acquisition of Tripwire in tomorrow’s 451 Market Insight.

For more real-time information on tech M&A, follow us on Twitter @451TechMnA.

After staying out of the M&A market, Qualys is ready to deal

Contact: Brenon Daly

Having built a $1bn market capitalization largely on the back of its core vulnerability management (VM) technology, Qualys is now looking to further expand into new markets. And to get there, the company is considering M&A for the first time in its 15-year history.

Qualys, which opens its annual user conference today, has already organically added new offerings to its VM, including Web application security and compliance monitoring. However, that expansion has only come in the past several years. Further, those products currently generate less than 20% of total revenue at the company. Overall, Qualys has moved slowly, hanging a ‘beta’ tag on products for extended periods. (The need to expand its portfolio was something we highlighted during the company’s IPO two years ago.)

Yet when Qualys does make new offerings available, they tend to be well received. At the end of Q2, some 44% of its more than 6,500 customers had purchased more than one product from the company. That’s up from 30% at the end of 2013 and just 20% at the end of 2012. Cross-selling has been one of the main reasons Qualys has been able to accelerate growth in 2014 compared with last year.

Any acquisition by Qualys, which has about $100m in cash, would likely be small. Also, the technology would have to be multi-tenant. (The company’s revenue is entirely annual subscriptions: no licenses and, unlike most other SaaS vendors, no professional services.)

What technology might Qualys be looking to pick up? Mobility represents an obvious market, as a way to help secure the ‘extended enterprise.’ Other areas that Qualys has been developing but could use a boost via M&A include SIEM and compliance automation.

For more real-time information on tech M&A, follow us on Twitter @451TechMnA.

For Symantec, the spinoff is just the start

Contact: Brenon Daly

After a decade of uneasy – and ultimately unfulfilling – marriage, Symantec has finally served divorce papers to its ill-matched partner, Veritas. In going solo, Big Yellow will return to its roots as a stand-alone information security company while spinning off the smaller information management (IM) business at some point before the end of next year.

The separation means that Symantec’s long-suffering shareholders will continue to own Veritas, which cost them a record $13.5bn worth of stock nearly a decade ago. (Since the acquisition closed in mid-2005, Symantec stock has returned just 10%, while the Nasdaq has doubled during that period.) Or more accurately, we should say Symantec shareholders will continue to own the lower-valued IM division until it can finally be sold.

There’s little doubt, in our view, that the spinoff is an interim step. It allows the unit to put up a few quarters of stand-alone performance, perhaps even get some growth back in the IM business. But even as it stands, the division generates more than a half-billion dollars of operating income each year. A buyout shop could certainly make the leverage work on a business like that, particularly once it was ‘optimized.’ (Overall, Symantec spends some 36% of revenue on sales and marketing, even as its sales flatline.)

While the IM business is ultimately likely to land in a private equity portfolio, we would note that we heard an intriguing rumor as Symantec was working through this process. The rumor essentially had Symantec trading its IM unit to EMC for its security division, RSA.

On paper, the swap makes sense, allowing each of the tech giants to focus on their core businesses. According to our understanding, however, talks didn’t get too far along because of the valuation (the Veritas business is about twice as big as RSA) and because of the tax hit that the companies would take due to the asset swap. (As it is, the spinoff of Veritas is tax-free to Symantec shareholders.) And now, of course, EMC is under pressure to undertake a corporate restructuring of its own.

For more real-time information on tech M&A, follow us on Twitter @451TechMnA.

With its IPO, Cyber-Ark floats on high water

Contact: Brenon Daly

It seems the record-setting Alibaba offering didn’t suck up all the IPO money on Wall Street after all. Although investors handed out a staggering $25bn to the Chinese e-commerce vendor last week, they stepped right back into the market to buy newly minted shares of Cyber-Ark on Thursday. And boy, did they buy.

Cyber-Ark, an Israel-based identity and access management (IAM) provider, sold 5.4 million shares at an above-range price of $16 each. Once free to trade, shares doubled. (In early afternoon trading under the ticker ‘CYBR’ the stock was changing hands at $32.20, having never dipped below $30 on its debut.) Cyber-Ark’s IPO stands as the first tech offering (aside from Alibaba) in some three months.

The strong demand for Cyber-Ark pushed it to a rather princely valuation. With roughly 30 million shares outstanding, the company’s market cap is nosing toward the magical $1bn mark. That stands out because Cyber-Ark, while profitable, will put up less than $100m in sales in 2014. Further, those sales are coming from old-fashioned license and support, rather than the more highly valued subscription delivery model. The company has been increasing revenue in the 30-40% range in recent quarters. (See our full report on Cyber-Ark’s filing.)

Cyber-Ark is particularly richly valued when compared with other IAM providers, in both the IPO and M&A markets. It trades at more than twice the current multiple of Imprivata, which went public three months ago and is currently under water. (Imprivata focuses entirely on the healthcare market, while Cyber-Ark counts more than 1,500 customers across a range of industries.) Meanwhile, earlier this month, direct rival BeyondTrust got flipped to another PE portfolio in a deal that we estimate went off at about 3x trailing sales.

For more real-time information on tech M&A, follow us on Twitter @451TechMnA.

LogMeIn signs into identity market

Contact: Scott Denne Adrian Sanabria

Earlier this year, we took a look at M&A possibilities for the cloud application control (CAC) market, and pegged cloud SSO/IAM products as a good matchmaking opportunity. That’s exactly what’s happened with LogMeIn’s acquisition of Meldium. The acquirer’s AppGuru product allows enterprises to monitor and control employee access to SaaS apps. With authentication being the key chokepoint for CAC services, the ‘melding’ of Meldium’s offering with AppGuru could give LogMeIn customers an opportunity to address two issues with one stone.

The $15m price tag (including an unspecified earnout) for Meldium is a typical deal size for LogMeIn, which has built a diverse set of SMB applications, mostly organically, having only made four acquisitions (all between $7.5-16m) since its debut as a public company in 2009. One difference with its Meldium purchase: LogMeIn is jumping on the target earlier than it typically does. Meldium is a year out of its stint at Y Combinator, whereas Ionia and Bold Software, LogMeIn’s two most recent targets, had more than two decades of operations between them when they were picked up.

While LogMeIn has plenty of cash ($220m and growing) and equity to do larger deals, its M&A activity has been light, opting instead to lean on internal development to expand into areas like collaboration, Internet of Things and IT management for SMBs from its starting point in remote desktop applications. Small, tactical buys have served LogMeIn well – it’s projecting 30% revenue growth this year to $217m, outpacing the 15-20% gains it has put up in each of the past three years.

For more real-time information on tech M&A, follow us on Twitter @451TechMnA.

Veritas enters IAM fray with BeyondTrust buy

Contact: Scott Denne Garrett Bekker

Veritas Capital’s acquisition of BeyondTrust adds to a flurry of recent deals in the identity and access management (IAM) sector. The transactions continue to flow as CISOs become less reliant on perimeter defenses alone.

At $310m, Veritas is valuing BeyondTrust just a smidge over 3x trailing revenue, putting it below the multiple on Thoma Bravo’s purchase of SailPoint and above the 2.5x that Gemalto paid for SafeNet in its $890m acquisition of that company in August. Other recent deals in this sector include RSA’s pickup of Symplified’s assets and a pair of IAM purchases this summer by IBM.

In a December 2013 survey by TheInfoPro, a service of 451 Research, IAM was the most cited security-related spending priority for IT shops over the next 12 months. Given the increasing role of identity as a key security construct in both cloud and mobile computing architectures, we expect that identity-related technologies will remain fodder for future dealmaking.

Recent IAM transactions

Date announced Acquirer Target Deal value
September 3, 2014 Veritas Capital BeyondTrust Software $310m
August 12, 2014 Thoma Bravo SailPoint Technologies Click for estimate
August 11, 2014 IBM Lighthouse Security Group Not disclosed
August 8, 2014 Gemalto SafeNet $890m
July 31, 2014 IBM CrossIdeas Not disclosed

Source: The 451 M&A KnowledgeBase

For more real-time information on tech M&A, follow us on Twitter @451TechMnA.

IBM aims for IAM targets

Contact: Scott Denne Garrett Bekker

IBM inks its second acquisition in a month to grow its identity and access management (IAM) capabilities. In reaching for Lighthouse Security Group, Big Blue gains a managed services offering that already runs on its IAM suite, as well as hard-to-find talent in the IAM sector.

Though Lighthouse brings some unique intellectual property, the rationale is different than last month’s purchase of CrossIdeas, which added access governance and analytics software to IBM’s already broad IAM portfolio, which is mostly built around assets from Tivoli.

The relative importance of IAM within the security landscape expands as the notion of a security perimeter retreats. As we noted in an earlier report, IAM has already played a role in a number of smaller deals this year, including Ping Identity’s pickup of accells technologies and HID Global’s takeout of Lumidigm, as well as Gemalto’s agreement to spend $890m on SafeNet last week.

Whether customers are seeking decreased complexity of IAM deployments via a service like Lighthouse or advanced capabilities like CrossIdeas, IAM is a top priority for CISOs. According to a 2013 survey by TheInfoPro, a service of 451 Research, identity management was the most common security-related priority for IT shops over the next 12 months.

We’ll have a more detailed look at this transaction in tomorrow’s 451 Market Insight.

For more real-time information on tech M&A, follow us on Twitter @451TechMnA.

BlackBerry’s strategy decrypted

Contact: Scott Denne

In BlackBerry’s first purchase in more than two years, the struggling smartphone maker buys voice encryption vendor Secusmart, reflecting the importance of security in its turnaround strategy.

Secusmart develops technology for encrypted voice and data communications. The company’s German roots should appeal to BlackBerry’s customers in the region (Europe and the surrounding areas accounted for almost half of BlackBerry’s revenue and is declining at a faster rate than North American sales), where security, especially anti-eavesdropping security, is growing in importance.

Security was a key part of BlackBerry’s rise – its secure email servers helped it become the go-to device for mobile email. This acquisition, along with its CEO’s public statements (he said the words ‘secure’ or ‘security’ 20 times on the company’s last earnings call), demonstrate that BlackBerry is looking to build off of that reputation to recapture enterprise sales of its phones and mobility management software.

BlackBerry still has a foothold in the enterprise segment, but time is limited. According to ChangeWave Research, a service of 451 Research, BlackBerry phones are far more popular among IT buyers than the general public, with 20% of IT departments reporting that they plan to purchase BlackBerry phones in the next 90 days, down from 33% in the same survey a year earlier. A separate survey by ChangeWave shows that BlackBerry still remains a leader in MDM installations, but no buyers reported planned installations or evaluations of BlackBerry’s MDM products in the near future.

For more real-time information on tech M&A, follow us on Twitter @451TechMnA.

Security Innovation brightens training portfolio with Safelight

Contact: Wendy Nather

As long as there are carbon-based life forms in the system, there will be a need for security awareness education. Security Innovation has spent several years enhancing its application-based security training, but now is expanding into general security training products by acquiring Safelight Security. Terms of the all-cash deal were not disclosed, and neither side used an adviser.

The two companies started talking about teaming up in late 2013. Safelight had last raised funding in 2011, garnering just under $1m from angel investors, and it needed more financing to ride the wave of demand for infosec awareness training. From the Security Innovation side, the deal is an opportunity to take out a likeminded competitor, pick up senior security talent (always in short supply), and collect Safelight’s customer base (since the two were rivals, there’s little overlap). While both sides had plenty of training content, Safelight’s was cast more in the mold of awareness marketing campaigns, including ‘themed collateral’ such as posters, YouTube-style short videos, tip sheets and infographics to go along with the computer-based training.

Both Safelight and Security Innovation have been around for a long time, but security training is gaining fresh interest as newcomers like PhishMe, Wombat Security and KnowBe4 join the scene. Security Compass remains a competitor, as does Denim Group, which still produces its ThreadStrong training videos. The combination of Security Innovation and Safelight is probably big enough to take on Cigital, SANS Institute and FishNet Security.

We’ll have a detailed report on this transaction in tomorrow’s 451 Research Market Insight.

For more real-time information on tech M&A, follow us on Twitter @451TechMnA.

F5 buys small DDoS vendor Defense.net to bolster growing security business

Contact: Scott Denne

F5 Networks fires another shot into the security market, buying anti-DDoS company Defense.net. The deal follows the application delivery vendor’s $91m acquisition of antifraud provider Versafe in September 2013.

As it did with Versafe (and most of its acquisitions), F5 is reaching for an early-stage company. Defense.net launched a first product last year and was just beginning to line up customers. Versafe, by comparison, was bought when it was just a $2m business, according to our understanding, and much of that from a partnership with F5.

Though F5 doesn’t break out its security sales in quarterly earnings reports, surveys by TheInfoPro, a service of 451 Research, support the company’s claim that security is a ‘major driver’ of its growth. Overall sales were up 20% year over year last quarter to $420m. In the most recent round of surveys, F5 made its first appearance in several network security categories, including unified threat management and network intrusion detection. Most notably, the company’s ranking in the application-aware firewall category rose to third place in our recent deployment survey, up from fifth a year earlier.

We’ll have a detailed report on this deal in our next 451 Market Insight.

For more real-time information on tech M&A, follow us on Twitter @451TechMnA.