Sourcefire’s risky bet to re-spark its M&A program

Contact: Brenon Daly

As deals go, Sourcefire’s first acquisition hardly set the world on fire (if you will). Back in August 2007, the open source security vendor picked up the open source ClamAV project. The deal only set Sourcefire back $3.5m, but not much has been heard from the project since the acquisition. Undeterred, Sourcefire stepped back into the M&A market on Wednesday with an even larger – and (potentially) much more significant – transaction.

Sourcefire is paying $17m in cash for Immunet, a cloud-based anti-malware provider. (Immunet could also pocket a $4m earnout, which depends on the company hitting some product milestones, as well as a smidge of Sourcefire equity.) It’s still early days for Immunet, which raised just one round of funding and only started generating revenue last year. (The company claims some 750,000 users, but we suspect that the vast majority of those would be using Immunet Protect, which is available for free.)

There’s always a risk when a company reaches for an early-stage startup like Immunet, which has yet to really prove itself commercially. That risk is somewhat mitigated, however, by the fact that the two companies had worked together for almost a year, and all of the Immunet employees, including the founders, will be joining Sourcefire.

But, as my colleague Andrew Hay notes in his report, the deal brings a much bigger risk: Can Sourcefire, which is primarily focused on network security with its well-known Snort product, step into the endpoint security market without a stumble? How will it fare in selling antivirus against giant rivals that generate more revenue each quarter than Sourcefire has in its entire history? Sourcefire has fought through some tough setbacks in its history, including a broken sale to Check Point Software and breaking issue in its IPO. Now, with Immunet, it needs to show that it can actually pull off an acquisition.

Pouring cold water on the latest Sourcefire rumor

Contact: Brenon Daly

At the tail end of last week, the market was buzzing that Sourcefire may be back in play. Of course, that’s not all that unusual for the Snort shop, which has seen two publicly disclosed acquisition offers in the past four years come to nothing. (Recall that Check Point Software failed to land Sourcefire because of vague and off-target ‘national security concerns’ in early 2006. And then, in mid-2008, Barracuda lobbed an opportunistic low-ball bid for Sourcefire. Talks between the two sides never really got going, according to at least one source.)

So who’s the new bidder? Rumor has it that IBM may be looking at Sourcefire now. While the pairing has been making the rounds, we have our doubts about whether Big Blue would actually reach for the security company. Its $1.3bn acquisition of Internet Security Systems in mid-2006 has never generated the returns that IBM had hoped. (The ISS business, which was centered on the company’s Proventia boxes, never really fit well inside IBM Global Services.) Having little to show for that purchase of an intrusion-prevention system (IPS) vendor, we doubt that Big Blue would double down on another IPS vendor, Sourcefire.

And while IBM could certainly afford it, Sourcefire has gotten a little pricey. Over the past year, shares have more than tripled, giving the security vendor a market capitalization of about $600m. Backing out the $100m in cash and short-term investments gives Sourcefire an enterprise value (EV) of $500m. Without a takeout premium, Sourcefire commands a valuation (on an EV basis) of five times trailing sales and four times projected sales. Paying a premium on top of Sourcefire’s trailing P/E that’s in the triple digits might be tough for IBM, which trades at a trailing P/E of just 12.

Sourcefire: No sale turns into a great deal

Contact: Brenon Daly

With Barracuda Networks looking to gobble up Austrian IT security vendor phion, we thought we’d look back on the other time the rapacious privately held firm eyed a public company. Last summer, Barracuda launched an unsolicited bid for Sourcefire, initially offering $7.50 per share but later raising that to $8.25. The bumped-up bid valued Sourcefire at roughly $215m, but that wasn’t enough for Sourcefire’s board of directors.

We’ve noted in the past that the decision by a company to go it alone can prove very costly to shareholders, at least in the near term. Removing the takeout premium and letting a company trade on its own fundamentals can end up crushing a stock. Recovering that lost ground can be a long and painful process. (Just ask shareholders of Yahoo and Mentor Graphics, who see shares in those companies changing hands these days at just half the level that suitors were willing to pay for them last year.)

However, it’s a completely different story for Sourcefire. It has actually turned out to be one of those rare cases where a target says a bid ‘undervalues’ the business and Wall Street agrees. After telling Barracuda to buzz off, Sourcefire shares got dragged down by the recession and traded below the bid until early April. But since then, the stock has surged to its highest level since the vendor went public in March 2007. Sourcefire shares are currently trading at about $20, or nearly 150% higher than the price Barracuda was willing to pay for them. Looked at another way, Sourcefire’s decision to stay independent has created more than $300m of additional value for its shareholders than the Barracuda bid would have delivered.