Deciphering encryption deals

Exactly a year ago, McAfee announced its $350m acquisition of SafeBoot, which in turn came about a year after Check Point Software made its own purchase of an encryption vendor, Protect Data AB. We mention this bit of history because, in what has seemingly become an annual autumn event, Sophos just closed its own big encryption purchase, the $341m deal for Utimaco.

Although the three encryption vendors shared a home market of Europe and were in the same neighborhood in terms of revenue, the three transactions are very different. For starters, the relative growth rates of the targets were all over the board. Protect Data, or Pointsec as it was more commonly known, was clipping along at 90% year-on-year growth when we spoke to them ahead of the takeout. (Although we have heard that some of that torrid growth came at the expense of margins.) Meanwhile, SafeBoot, which was preparing for a possible public offering, told us sales were likely to grow about 70% in the year leading up to its acquisition. In contrast, 20-year-old Utimaco had increased sales just 20% in its most recent fiscal year.

Also, Check Point inked its acquisition of Protect Data when it was running at about $600m in sales. McAfee was even larger, having topped $1bn in annual revenue when it reached for SafeBoot. That’s not the case for Sophos and its just-closed purchase of Utimaco. With Sophos having finished its fiscal year (ending March) with revenue of $213m, it will be looking to integrate a company that is nearly half its size.

Finally, the returns on the two acquisitions already on the books have varied quite a bit. Check Point, which has traditionally been strong on network security, has struggled to notch sales of Pointsec, which secures the endpoint. On the other hand, McAfee has kept SafeBoot rolling along, with one source indicating that the unit will do about $100m in sales this year. The reason: McAfee already had a strong presence on endpoint security, as well as a management console that has integrated SafeBoot. Of those two contrasting acquirers, Sophos lines up more closely with McAfee, which bodes well for its combination with Utimaco. That’s crucial for Sophos, since we consider its purchase of Utimaco a make-or-break deal for the company.

Significant data encryption deals

Date Acquirer Target Price Target revenue
July 2008 Sophos Utimaco $341m $86m
October 2007 McAfee SafeBoot $350m $60m*
November 2006 Check Point Protect Data (Pointsec) $586m $64m

Source: The 451 M&A KnowledgeBase *451 Group estimate

National (in)security

With Sourcefire likely to get gobbled up shortly by a hungry Barracuda Networks, we couldn’t help but flashback to the earlier attempt by Check Point Software Technologies to acquire the Snort vendor. (For those of you keeping score at home: Yes, Check Point’s offer more than two years ago valued Sourcefire higher than Barracuda’s current bid.) We mention the stillborn deal because there are echoes of Check Point-Sourcefire in a current proposed pairing.

Recall that the deal got snagged because of US regulators’ concern about ‘sensitive’ technology (Sourcefire’s Snort intrusion prevention technology) falling into the hands of foreign companies (Check Point’s Israeli ownership). That concern – an overblown bit of nutty protectionism that doesn’t exist anywhere outside of Washington DC – is back at issue in the proposed pairing of Oregon-based identification card maker Digimarc and a French defense firm called Safran.

Earlier this week, Safran offered $300m in cash for Digimarc, hoping to trump a three-month-old agreement Digimarc had with US company L-1 Identity Solutions. (We looked at the deal, which represented a five-bagger for Digimarc, back in March.) L-1’s offer, which is half in stock and half in cash, is roughly worth $260m.

On word that Safran is now in the running, L-1 played the national security card, warning about the sinister threat posed by a French firm owning Digimarc’s ID card business. Safran’s bid would face scrutiny from the same regulatory agency that spiked Check Point’s planned purchase of Sourcefire, the Committee on Foreign Investment in the US. We think such regulatory meddling is misguided. But we certainly understand L-1’s move to wrap themselves in the flag to secure this deal. It’s a lot cheaper for them to hire a few well-connected lobbyists than actually raise their bid.