Buyout shops buy big in infosec

by Brenon Daly

Buyout shop Symphony Technology Group will carve out most of the information security (infosec) assets from Dell, paying $2.1bn in cash for RSA Security and several other businesses the namesake company picked up over the past decade and a half. The transaction, which had been rumored for months, represents the latest first-generation infosec vendor to land in a private equity (PE) portfolio.

STG will be joined in the purchase by Ontario Teachers’ Pension Plan Board and AlpInvest Partners, with the deal expected to close by Q3. The PE trio’s reach for 32-year-old RSA shares more than a few similarities with several other recent sponsor-led infosec transactions.

For instance, Sophos, which is also a 30-something-year-old veteran of the security industry, went private with Thoma Bravo last fall in a $3.8bn deal. Additionally, ForescouTechnologies is in the process of getting absorbed by a buyout group as it endures a sharp slowdown in sales. And, of course, six months ago, the enterprise security business of industry kingpin Symantec got cleaved off by Broadcom, a corporate acquirer that has built its software division borrowing heavily from the PE playbook.

For Dell, which also tends to operate a bit like a buyout shop, the divestiture wraps up a long holding period for RSA. Dell inherited the security business as part of its 2015 blockbuster $63bn acquisition of EMC. Since that transaction, Dell has shed a number of massive businesses, announcing multibillion-dollar sales of its services unit and infrastructure software division, as well as unwinding EMC’s earlier Documentum buy.

EMC used a similar ‘string of pearls’ M&A strategy with both Documentum and RSA, as the storage giant looked to expand into content management and security, respectively. However, based on proceeds that Dell is pocketing by undoing those two deals, RSA has lost a bit of luster.

According to 451 Research’s M&A KnowledgeBase, EMC paid $2.1bn for RSA in mid-2006. However, the ultimate tab kept climbing because RSA had been a fairly active acquirer. Our data shows the company put up at least one print every year for the first few years under EMC’s ownership. (Under Dell, RSA’s pace dropped sharply, with the most recent transaction being the relatively small purchase of Fortscale Security in April 2018.)

Altogether, by our calculation, EMC/RSA would have spent roughly an additional $1bn on M&A, on top of the original $2.1bn price tag for RSA. Subscribers to the M&A KnowledgeBase can see our proprietary estimates for key acquisitions for the EMC/RSA division, including the 2010 purchase of Archer Technologies, the 2011 reach for NetWitness and the 2013 pickup of Aveksa.