After staying out of the M&A market, Qualys is ready to deal

Contact: Brenon Daly

Having built a $1bn market capitalization largely on the back of its core vulnerability management (VM) technology, Qualys is now looking to further expand into new markets. And to get there, the company is considering M&A for the first time in its 15-year history.

Qualys, which opens its annual user conference today, has already organically added new offerings to its VM, including Web application security and compliance monitoring. However, that expansion has only come in the past several years. Further, those products currently generate less than 20% of total revenue at the company. Overall, Qualys has moved slowly, hanging a ‘beta’ tag on products for extended periods. (The need to expand its portfolio was something we highlighted during the company’s IPO two years ago.)

Yet when Qualys does make new offerings available, they tend to be well received. At the end of Q2, some 44% of its more than 6,500 customers had purchased more than one product from the company. That’s up from 30% at the end of 2013 and just 20% at the end of 2012. Cross-selling has been one of the main reasons Qualys has been able to accelerate growth in 2014 compared with last year.

Any acquisition by Qualys, which has about $100m in cash, would likely be small. Also, the technology would have to be multi-tenant. (The company’s revenue is entirely annual subscriptions: no licenses and, unlike most other SaaS vendors, no professional services.)

What technology might Qualys be looking to pick up? Mobility represents an obvious market, as a way to help secure the ‘extended enterprise.’ Other areas that Qualys has been developing but could use a boost via M&A include SIEM and compliance automation.

For more real-time information on tech M&A, follow us on Twitter @451TechMnA.