BeyondTrust buys beyond its core market

Contact: Brenon Daly

Announcing its first acquisition since the September 2009 combination that created the current company, BeyondTrust recently picked up the assets of Lumigent. The deal adds Lumigent’s database monitoring to BeyondTrust’s core privileged identity management platform, so the purchase is a fairly logical step into an adjacent market. Terms weren’t disclosed, but we would guess that Lumigent didn’t sell for much more than the $4m of revenue that it generated last year. The company had been struggling in part because of a strategic misstep two years ago to go into the market for application governance, risk and compliance.

BeyondTrust paid for the Lumigent acquisition from its own treasury, even though it does have Insight Venture Partners as a backer. And the company is not done buying. We understand that it is likely to announce another two acquisitions this year. BeyondTrust can afford to do deals because it generates a fair amount of cash, running at a 35% EBITDA margin. The company recorded revenue of some $40m last year, up from $32m in 2009. Assuming those transactions go through, we gather that roughly half of the growth at BeyondTrust for 2011 would come organically, with the remaining half coming through M&A.

Searching for identity, Quest picks up e-DMZ

Contact: Steve Coplan

Quest Software has announced the acquisition of e-DMZ Security, an independent and self-funded player in the growing privileged identity management (PIM) market, for an undisclosed sum. The PIM market originally coalesced around compliance requirements for enforcing the separation of duties for administrators and logging their access to sensitive systems, but security and governance concerns have added further impetus. While certainly attractive given its discrete focus and capital structure, e-DMZ also appealed to Quest on the basis of its proxy-based architecture (and a new set of capabilities to constrain the sudo command environment). (Click here for our full report on the transaction.)

This is Quest’s second acquisition in the identity management market (broadly defined), following the purchase of Völcker Informatik last July. That deal marked a sea change in Quest’s identity management strategy – and signaled that M&A would play a key role in that strategy. Quest’s identity management portfolio has held the most appeal for IT administrators relying on Microsoft Active Directory (AD) to manage users, a constituency that Quest describes as ‘AD-centric.’ The Völcker buy showed that Quest is looking to migrate from serving this well-defined customer set with an array of operational tools to addressing more fundamental enterprise-level requirements for provisioning, entitlement management, auditing and compliance based on a service-oriented architecture.

PIM was already a category on the M&A radar before Quest’s purchase of e-DMZ. However, the deal does remove one potential acquirer from the list for the remaining vendors in the market, including Cyber-Ark Software, Lieberman Software, Cloakware (a division of Irdeto, which itself is a subsidiary of media conglomerate Naspers), BeyondTrust and potentially Xceedium and FoxT technologies. On the other hand, the transaction will likely reinforce the rationale for an acquisition that is already in motion.