And the next IT security IPO is…

Contact: Brenon Daly

From what we hear, investors won’t have to wait anywhere close to another two years for an IPO by an information security vendor. In fact, a pair of companies is set to put in their paperwork, with at least one prospectus possibly filed yet this year. Those offerings would follow last week’s strong debut of Imperva, which was the first IPO in the information security sector since Fortinet hit the market in November 2009.

Since then, however, a half-dozen other security providers that we might have expected to go public – both those formally on file, as well as ones in the ‘shadow’ pipeline – have been snapped up in trade sales or have scrapped IPO plans. So which companies are likely to make it through the ongoing wave of consolidation and actually hit the public market?

Several sources have indicated that both AVG Technologies and AVAST Software have picked their underwriting teams and should be filing prospectuses in the coming weeks. In addition to similar timing on their IPOs, the two companies actually have a fair number of traits in common: both trace their roots back more than 20 years to Prague, and both are primarily known for their ‘freemium’ antivirus offering. Additionally, both AVG and AVAST boast that their products have been downloaded more than 100 million times.

Assuming AVG and AVAST do indeed file and come public, they will likely benefit from two key trends on Wall Street. First, there is a clear demand among investors for security companies. Consider the fact that they are valuing Imperva at a rather rich level of nearly seven times 2011 sales, with Fortinet commanding an even higher valuation.

Second, there has been a notable shift toward the ‘consumerization’ of IPOs. Tech vendors that have debuted so far this year such as LinkedIn, Pandora Media, HomeAway, Zillow and, of course, Groupon have not only dominated headlines, they have also raised significantly more money in their offerings than pure enterprise offerings. Most notably, Groupon raised $700m in its hotly debated IPO. But LinkedIn also raised $400m and Pandora raised $240m, which is more than twice the amount Imperva garnered in its offering, for instance. We’ll have a full look at the rumored offerings by AVG and AVAST, along with a broader look at the information security market, in a special report in tonight’s Daily 451.

A public signoff from McAfee

Contact: Brenon Daly

After nearly two decades in some form or another as a public company, McAfee all but certainly reported its quarterly results to Wall Street for the final time on Tuesday morning. The company’s sale to Intel is expected to close in the coming weeks, a deal that will bring the largest stand-alone security vendor under the ownership of the largest semiconductor maker. For 2010, McAfee reported sales of $2.1bn and cash from operations of $595m. It didn’t hold a conference call because of the imminent close of its sale to Intel. (We suspect that the company won’t miss that quarterly ritual.)

The unexpected acquisition, which received our Golden Tombstone award as the most significant transaction of last year, was supposed to have already closed. When the $7.7bn deal was announced in mid-August, the companies indicated that they expected it to close before the end of 2010. It got overwhelming clearance from McAfee’s shareholders in early November, with 1,500 ‘yes’ votes for every one ‘no’ vote. US regulators signed off on the transaction in December.

But it took another month for European regulatory authorities to give their blessing – and they did so only conditionally. Among other things, Intel had to assure the European Commission that it won’t prevent other security providers from working on its chips and that the vendors will be able to use ‘functionalities’ of Intel’s products in the same way that McAfee is able to. While Intel may not be thrilled about making concessions to the EC, at least the six-month-old deal isn’t getting bogged down there. Remember that it took Oracle some nine months to close its purchase of Sun Microsystems, largely because of European regulatory concerns.

Trustwave surfing toward an IPO?

Contact: Brenon Daly

After two IT security companies put in their IPO paperwork last summer, we’re hearing that Trustwave is almost certain to be the first filer in 2011. The PCI-compliance vendor is currently baking off, with the selection of bankers expected to be complete next week. The actual prospectus would likely be filed around April and the offering would hit later this year, according to several sources.

If the filing goes ahead as planned, Chicago-based Trustwave would join both SafeNet and Tripwire as security providers looking to join the ranks of public security companies. (Or in the case of SafeNet, rejoin the ranks of public security companies.) Our understanding is that Trustwave finished 2010 with roughly $125m in sales, and continues to generate cash. Depending on the timing of the offering, the vendor would likely come to market with a valuation in the neighborhood of a half-billion dollars, according to our quick, back-of-the-envelope math.

Founded in 1995, Trustwave has expanded far beyond its original focus on PCI auditing and remediation, largely through M&A. It has acquired seven companies in the past three years, most of them small firms that, for the most part, were having a tough go of it on their own. Trustwave then adds the acquired technology on top of its Linux platform (TrustOS) and offers it to customers either through an on-premises product or a managed service. All in, Trustwave counts some two million customers.

Kaspersky catches some cash

Contact: Brenon Daly

Add General Atlantic (GA) to the list of buyout firms that has picked up a stake in an information security vendor. The firm on Thursday acquired a 20% chunk of Russian antivirus software provider Kaspersky Lab for $200m, implying an overall valuation of $1bn. The deal marks the third significant investment by a private equity (PE) shop in a European anti-malware vendor in just the past six months.

GA also appears to have gotten a bargain in becoming the company’s second-largest shareholder. Kasperky’s $1bn valuation works out to about 2 times sales and 8-9x EBITDA, according to our understanding. For comparison, rival anti-malware vendor Sophos got more than 3x trailing sales when it sold a majority stake to Apax Partners last May. (And according to at least two sources, Kaspersky was targeting a valuation of ‘well north’ of $1bn when it was running the process, which took most of 2010.) The third recent antivirus deal was Summit Partners’ $100m investment in AVAST Software last August.

A bit of Big Blue inconsistency

Contact: Brenon Daly

Perhaps Mark Hurd feels vindicated. No, we’re not referring to the former Hewlett-Packard chief executive settling a lawsuit with his old shop. Instead, we’re talking about IBM’s stunning flip-flop with regard to high-profile M&A by itself and rival HP. At the least, Big Blue’s recent comments now appear inconsistent; at the worst, they smack of hypocrisy.

The specifics: A week ago, Big Blue’s CEO was blasting HP for ‘overpaying’ for deals, and for relying on M&A rather than R&D. Ironically, Sam Palmisano made these comments just as his own company was putting the final touches on its acquisition of Netezza, a deal that values the data-warehousing vendor at nearly 7 times this year’s forecasted sales for the current fiscal year. That’s more than twice the median software valuation, and basically matches the valuation that HP is handing over for ArcSight.

Incidentally, both transactions valued the targets, which had only come public within the past three years, at their highest-ever valuations. But if we look at how the shares of ArcSight and Netezza have performed so far this year, it becomes very clear that IBM was the much more aggressive suitor. Excluding the pop ArcSight shares got when word of a deal leaked in late August, the security vendor’s stock had only ticked up about 10%. In contrast, Netezza stock had run 150% from January to the day before Big Blue announced its purchase.

A second exits gets ArcSight a 2x valuation

Contact: Brenon Daly

Hewlett-Packard’s pending purchase of ArcSight is the third IT security deal so far this year valued at more than $1bn, after not having a single security transaction valued in 10 digits in 2009. While the other two deals have gone off at basically market multiples, ArcSight is being valued at twice that level. The largest ESIM vendor agreed to sell itself to HP for $43.50 per share, valuing the security firm at more than four times the level it went public just two and a half years ago.

HP put the enterprise value of the transaction, which is slated to close by the end of the year, at $1.5bn. That means the tech giant is paying 7.5 times ArcSight’s trailing sales of $200m. (For the current fiscal year, ArcSight is expected to put up about $225m in sales, meaning HP is paying about 6.7x projected sales.) On a trailing basis, both McAfee and VeriSign’s identity and authentication business garnered 3.5x sales in their respective sales to Intel and Symantec. (Morgan Stanley advised both McAfee and ArcSight, while JP Morgan Securities advised VeriSign.)

The high-multiple deal represents a stunningly successful outcome for ArcSight. As we have mentioned in the past, both HP and McAfee approached ArcSight in the summer of 2007, ahead of the company’s IPO. We gather that both were bidders in the range of $600-750m. Unlike other dual-track candidates, ArcSight didn’t opt for the trade sale, but went ahead with its offering even as the equity market turned bearish. ArcSight spent virtually its entire first year as a public company trading in the single digits, including a fair amount of time below its offer price. (At one point when its shares were underwater, CA Technologies lobbed a low-ball bid at the firm, we understand.) If we had to guess at another suitor in the current process around ArcSight, we might tap EMC as an interested party.

Even as its stock took off over the past two years, ArcSight never did a secondary offering. (For a company with about $200m in sales, it has a very narrow base of shares, totaling only about 38 million.) In this case, the unwillingness to sell shares – either a small chunk or all of them – except at an eye-popping valuation has generated a return that seems reminiscent of the late 1990s. ArcSight raised only about $30m to build a business that got valued at 55 times that level on the exit.

A clear return and ‘cloudy’ outlook for Tripwire’s only deal

Contact: Brenon Daly

Exactly a year ago, Tripwire made its first and only acquisition in its 14-year history, picking up the assets of Activeworx. The tiny startup added log management technology to Tripwire, an IT configuration and compliance vendor. The deal itself, which only set Tripwire back about $3m, was a fittingly quiet purchase of a company that had lived a pretty quiet life. On Thursday, Tripwire took that technology to the cloud.

Although Tripwire actually closed its pickup of Activeworx last August, it only began talking about its log management offering, which is based on the acquisition, earlier this year. It also only began selling its log management offering earlier this year. As it was rolling out the offering, we noted that the log management market looked awfully crowded. But so far, Tripwire appears to be getting a solid return on its Activeworx buy. From a standing start, Tripwire’s Log Center business has generated about $2m of license sales in the first two quarters of 2010. (And to be clear, that’s GAAP revenue, as listed in the company’s latest amendment to its S-1 filed with the SEC, not some loosey-goosey figure that has been rounded way up.)

Granted, the Log Center contribution is still a small slice of the $18m in total licenses it has sold over the same period, and an even smaller portion of the $40m it tallied as total first-half 2010 revenue. But for a new product introduction, that’s a strong start out of the gate. And today, Tripwire announced a partnership with Terremark through which the datacenter provider will now be offering Log Center to its clients. The on-demand compliance and security arrangement between the two companies marks the first cloud offering from Tripwire.

Having its inaugural acquisition already producing revenue at a strong clip, we suspect that Tripwire will look to return to the market. The only question in our mind is what corporate structure Tripwire will have when it goes shopping again. Will it remain a privately held company, or will it see through its IPO filing and join the ranks of the Nasdaq-listed companies? Or will it – as we have speculated in the past – get snapped up by a larger vendor? From what we’re hearing now, however, a Tripwire trade sale is looking less likely than earlier in the summer. From our perspective, two of the companies that would head any list of likely buyers for Tripwire (McAfee and Hewlett-Packard) have their own M&A events to sort through right now.

Arms race M&A in application security

Contact: Brenon Daly

If IBM and Hewlett-Packard basically matched each other’s deal size in the first round of M&A for application security, HP has gone much bigger than Big Blue in the second round. In fact, we gather that the price tag for HP’s recent purchase of Fortify Software is more than 10 times larger than the amount IBM paid last summer for rival static code analysis vendor Ounce Labs. (When IBM announced the deal, we speculated that HP may well work out its own tit-for-tat deal, reaching for its partner Fortify.)

Terms weren’t revealed on either the Fortify or Ounce Lab transactions. However, we gather that IBM picked up Ounce Labs for about $25m and that HP likely paid about $275m (including an earnout) for Fortify. Our understanding is that Ounce Labs garnered roughly 3 times trailing sales, while Fortify went for about 4.6x trailing sales of about $60m.

Those deals, which were separated by roughly a year, came after both tech giants had made acquisitions of dynamic code analysis vendors within two weeks of one another. Back in mid-2007, IBM purchased Watchfire for an estimated $140m, roughly matching HP’s $135m acquisition of SPI Dynamics. Both transactions were done at more than 5x trailing sales, according to our understanding. For those keeping track of the arms race M&A by these two tech superpowers, the collective bill for their application security purchases now exceeds a half-billion dollars.

Select application security acquisitions

Date announced Acquirer Target Deal value Target trailing revenue
August 17, 2010 HP Fortify Software $275m* $60m*
July 28, 2009 IBM Ounce labs $25m* $8m*
June 19, 2007 HP SPI Dynamics $135m* $20m*
June 6, 2007 IBM Watchfire $140m* $30m*

Source: The 451 M&A KnowledgeBase *451 Group estimate

Strategic ardor for Arbor

Contact: Brenon Daly

In yet another sign that private equity (PE) still hasn’t recovered to the level that the buyout barons enjoyed in the halcyon days before the Credit Crisis, consider the process around Arbor Networks. The network security and monitoring vendor had many of the characteristics that would typically appeal to a PE shop: a mature company that was running at about $100m, with EBITDA margins approaching the mid-teens, according to our understanding. Along with the decent cash generation, 10-year-old Arbor was also growing, targeting about 20% expansion for 2011.

Even though some half-dozen PE firms looked at Arbor, the company ended up going to a strategic acquirer, Tektronix. (See our full report on the deal, which wasn’t the most intuitive pairing we could have come up with for Arbor. That said, as my colleague Andrew Hay notes in the report, the acquisition of Arbor gives Tektronix a way to couple its network diagnostics and management of fixed, mobile, IP and converged multiservice networks with security and threat mitigation products.)

So while the portfolio expansion certainly makes sense for Tektronix, there’s also the interesting side note that, in this case, a strategic buyer is outbidding would-be financial acquirers. Further, that’s largely without relying on so-called ‘synergies,’ or cost savings from cutting duplicative operations at the acquired company to effectively lower the valuation for a corporation. (The reason: Tektronix is basically absorbing all of Arbor, running it as a stand-alone business.) That sort of corporate dealmaking is a far cry from three years ago, when the low cost of capital sometimes allowed PE firms to outbid companies, even when a not-insignificant amount of synergies figured into the deal.

Private equity activity

Period Deal volume Deal value
Jan. 1-Aug. 10, 2010 170 $18.4bn
Jan. 1-Aug. 10, 2009 170 $3.8bn
Jan. 1-Aug. 10, 2008 158 $18.3bn
Jan. 1-Aug. 10, 2007 209 $109.7bn
Jan. 1-Aug. 10, 2006 189 $53bn

Source: The 451 M&A KnowledgeBase

Securing a busy time for M&A

Contact: Brenon Daly

Overall M&A is nowhere near the level it was in the boom days of 2007, but there is one sector where deal makers are actually more active than ever: IT security. So far this year, we’ve tallied 45 security acquisitions with an aggregate deal value of some $5.4bn. That is substantially higher than the same period in the previous two years, when the recession knocked M&A into a tailspin.

This year’s level of security M&A is even higher than the $3.7bn spent on 44 deals that we recorded in the same period in 2007, which was a record year for tech acquisitions. The activity in the sector stands out even more when we consider that, overall, deal makers have spent a total of just $80bn on transactions across all sectors so far this year – just one-third the level of spending at this point in 2007.

Perhaps the single biggest reason for the jump in spending so far this year has been the return to the market of Symantec. On its own, Big Yellow accounts for about one-third of the total shopping bill in the sector, having announced four deals valued at nearly $1.7bn in 2010. Included in that quartet of purchases is the pick-up of the identity and authentication business from VeriSign, which was Symantec’s largest single transaction since its misguided purchase of storage company Veritas Software in December 2004. It also announced a pair of deals for encryption vendors in a single day in April.

The other security deal this year we’d highlight is the planned take-private of SonicWALL. With an equity value of $717m, that’s the largest security LBO we’ve seen in some time. (For comparison, a year ago, the same buyout shop, Thoma Bravo, took digital identity firm Entrust private in a deal valued at just $124m.) Add in other smaller deals by McAfee, EMC, Oracle and Check Point Software, and the security M&A market has been busy this year. Given the strength of the sector and the broad base of buyers, we expect activity to remain brisk for the rest of 2010.

Security M&A

Period Deal volume Deal value
Jan. 1 – June 14, 2010 45 $5.4bn
Jan. 1 – June 14, 2009 33 $381m
Jan. 1 – June 14, 2008 35 $648m
Jan. 1 – June 14, 2007 44 $3.7bn

Source: The 451 M&A KnowledgeBase