Double-barrel SIEM deals

Contact: Brenon Daly

In a highly unusual twist of timing, both IBM and McAfee announced significant acquisitions of security event and incident management (SIEM) startups within hours of each other Tuesday morning. First up, IBM said it was adding Q1 Labs as part of a new initiative around ‘Security Intelligence.’ (The announcement confirmed the rumored pairing between the two companies that we noted on Monday.) That was followed just two hours later by McAfee’s reach for NitroSecurity.

The transactions, which are both expected to close before the end of the year, take the two largest privately held SIEM vendors off the market. According to our estimates, Q1 was tracking to about $70m in sales this year while NitroSecurity was likely to generate roughly $30m. Between them, the two startups counted more than 2,300 customers. Further, Q1 and NitroSecurity were the highest-ranked private SIEM providers in a recent survey of IT buyers by TheInfoPro, a division of The 451 Group.

All of that goes a long way toward explaining why both startups got valuations substantially above prevailing market multiples. Collectively, Q1 and NitroSecurity took in a total of about $75m in funding over the decade or so they had been in business. As we understand it, the aggregate price for the pair is somewhere in the neighborhood of 10 times the amount they raised.

A public signoff from McAfee

Contact: Brenon Daly

After nearly two decades in some form or another as a public company, McAfee all but certainly reported its quarterly results to Wall Street for the final time on Tuesday morning. The company’s sale to Intel is expected to close in the coming weeks, a deal that will bring the largest stand-alone security vendor under the ownership of the largest semiconductor maker. For 2010, McAfee reported sales of $2.1bn and cash from operations of $595m. It didn’t hold a conference call because of the imminent close of its sale to Intel. (We suspect that the company won’t miss that quarterly ritual.)

The unexpected acquisition, which received our Golden Tombstone award as the most significant transaction of last year, was supposed to have already closed. When the $7.7bn deal was announced in mid-August, the companies indicated that they expected it to close before the end of 2010. It got overwhelming clearance from McAfee’s shareholders in early November, with 1,500 ‘yes’ votes for every one ‘no’ vote. US regulators signed off on the transaction in December.

But it took another month for European regulatory authorities to give their blessing – and they did so only conditionally. Among other things, Intel had to assure the European Commission that it won’t prevent other security providers from working on its chips and that the vendors will be able to use ‘functionalities’ of Intel’s products in the same way that McAfee is able to. While Intel may not be thrilled about making concessions to the EC, at least the six-month-old deal isn’t getting bogged down there. Remember that it took Oracle some nine months to close its purchase of Sun Microsystems, largely because of European regulatory concerns.

And the Golden Tombstone goes to …

Contact: Brenon Daly

In addition to asking corporate development executives in our annual survey to look ahead and predict M&A activity and valuations in the coming year, we also asked them to look back and tell us which deal of the previous year they thought was the most significant. The winner for 2010? Intel’s $7.7bn purchase of McAfee, an unexpected transaction that landed the largest stand-alone security company inside the dominant supplier of microprocessors. At nearly twice the value of the previous largest security deal, it’s a risky bet that security will become another integral consideration around silicon, along with power consumption and performance.

The landmark Intel-McAfee pairing barely edged out Hewlett-Packard’s contested acquisition of high-end storage vendor 3PAR in the voting by corporate development executives for the Golden Tombstone for the top deal of the year. Past winners of the highly coveted award include Oracle-Sun Microsystems (2009), HP-EDS (2008) and Citrix-XenSource (2007).

We suspect that the competition for next year’s Golden Tombstone may be even more intense, at least according to one indication in our survey. (See our full report on the survey.) When we asked corporate development executives about how likely they were to do ‘transformative acquisitions,’ more than half (52%) said they planned to do one of these risky, bet-the-company kind of transactions. In our 2009 survey, just one out of five respondents said that.

Symantec still struggling with storage

Contact: Brenon Daly

Symantec gives its latest quarterly update on business after the closing bell Wednesday, with Wall Street wondering if the company will ever emerge from its ‘Veritas hangover.’ The storage business, which Symantec picked up in its $13.5bn purchase of Veritas in late 2004, has long weighed on Big Yellow’s overall performance. The division posted the sharpest revenue decline at Symantec’s three business units in the previous fiscal year, and was the only one that shrank again in the first fiscal quarter. The storage business will likely shrink again in the just-completed second fiscal quarter.

None of that, of course, is new. In fact, more than two years ago, we noted how Symantec was busy knocking rumors about unwinding any of the underperforming Veritas assets. But ever since rival McAfee sold to Intel, the paltry valuation of Symantec has come into sharp relief. Consider this: Symantec generates three times the sales of McAfee ($6bn vs. $2bn) but garners less than twice McAfee’s valuation (current market cap of $12.5bn vs. McAfee’s $7.7bn equity value in its sale to Intel).

Perhaps that valuation discrepancy alone accounts for the market buzz we’ve heard recently that Symantec may be (once again) considering shedding Veritas. That move has been looked at a number of different times, in a number of different ways, over the years.

Most recently, we heard a variation on it that had the storage business going to EMC in return for the RSA division and some cash. Another rumor had the business landing at a buyout shop. (Although shrinking, the storage business is still Symantec’s largest unit, and runs at the highest margin in the company. It generates more than $1bn in operating income.) Whatever the destination, it may well be time for Symantec to acknowledge that its grand experiment of a combination of storing and securing information hasn’t gone according to plans. Wall Street has certainly given that verdict, having clipped Symantec shares in half since the Veritas deal was announced.

Why wouldn’t HP jump the McAfee bid instead?

Contact: Brenon Daly

If we had to guess about Hewlett-Packard making an uncharacteristic move and jumping an announced transaction, we would have thought the company would go after McAfee rather than 3PAR. After all, HP has a giant hole in its security portfolio (we might describe it as a ‘McAfee-sized’ hole), while it’s already pretty well covered on the storage side, even if much of its offering is a bit long in the tooth.

Yet that isn’t the way it’s playing out. The recently decapitated company offered $1.7bn earlier this week for 3PAR, adding roughly $410m, or 33%, to the proposed price of the high-end storage vendor. Meanwhile, McAfee’s planned $7.8bn sale to Intel, announced last week, continues to track to a close before the end of the year. (We would note that McAfee is being valued at 3.4 times trailing sales, exactly half the level of 3PAR following HP’s bumped bid, which took the valuation to 7.6x trailing sales.)

HP’s topping bid for 3PAR appears to be a fairly defensive move. For starters, there’s the matter that 3PAR would overlap more than a little bit with its existing core storage offering called StorageWorks Enterprise Virtual Array. Betting on an acquired property to replace – or at the very least, refresh – the heart of a company’s current offering is a risky proposal. On top of that, 3PAR would require a new architecture, rather than just running on top of HP’s existing hardware like its other software-based storage acquisitions (PolyServe, IBRIX and Lefthand Networks).

All in all, looking to derail Dell’s offer for 3PAR appears to be at odds with much of HP’s previous strategy and rationale around storage. And while it pursues that deal (cost what it may), HP passes on McAfee, a one-of-a-kind security asset that would instantly make it much more competitive with IBM, EMC and Cisco Systems. If HP has sincere aspirations about outfitting the next generation of datacenters, we might suggest that it needs to actually own its intellectual property (IP) for security.

So far, however, HP has been content with just OEM arrangements to cover itself for security. (Notably, it has extracted a fairly one-sided agreement with Symantec for consumer anti-malware protection.) And even though buying McAfee would mean an unraveling of a number of those arrangements, we would note that reality isn’t preventing HP from making its bid for 3PAR. Remember that HP currently has an OEM arrangement with Hitachi Data Systems for a high-end offering like 3PAR. Yet it’s prepared to pay – and pay a lot of money – to own the IP itself. Couldn’t the same rationale be used for McAfee?

‘You bought what? For how much?’

Contact: Brenon Daly

In both of the largest enterprise IT acquisitions so far this year, the deals are not what they seem. Or more accurately, the target companies were not acquired for what they are. What do we mean? Well, we would posit that Intel didn’t buy McAfee for its core security applications any more than SAP scooped up Sybase for its core database product. Instead, in each case, the buyers really only wanted a small part of the business but found themselves nonetheless writing multibillion-dollar checks for a whole company.

For SAP, the apps giant really wanted Sybase’s mobile technology, essentially using the Sybase Unwired Platform to ‘mobilize’ all of its offerings. It’s nice that the purchase also brought along some data-management capabilities, particularly some pretty slick in-memory database technology. But for SAP, this deal was all about getting its apps onto mobile devices. However, Sybase’s mobile business only generated about one-third of total revenue at the company. So SAP ends up handing over $5.8bn in cash for a business that’s currently running at just $400m.

If anything, Intel is paying even more for the business that it truly wanted – or, at least, the business that’s most relevant – at McAfee: embedded security. Yet that’s only a small (undisclosed) portion of the roughly $2bn revenue at McAfee, the largest stand-alone security vendor. Tellingly, Intel plans to operate as a kind of holding company, letting McAfee continue undisturbed with its business of selling security applications to businesses and consumers.

Intel ‘inside’ of largest security acquisition

Contact: Brenon Daly

The largest stand-alone security company is no longer standing on its own. McAfee agreed Thursday to a $7.7bn all-cash offer from Intel. The bid of $48 for each share represents a 60% premium over the security vendor’s previous closing price – and the highest price for its shares since early 1999. Intel’s purchase represents a significant gamble that security can be hardened by pairing software with hardware, which will likely be even more important as the need for security expands from just computers to consumer electronics, datacenter equipment and other devices. Despite that rationale, Intel still struck most observers as a surprise buyer for McAfee, which had been linked in earlier rumors to Hewlett-Packard.

The deal stands as the largest security acquisition ever, nearly twice the size of the number two deal, Juniper Networks’ $4bn purchase of NetScreen Technologies in early 2004. (Juniper used equity to cover that transaction; its stock is currently at the same price it was when it announced that deal.) Interestingly, the banks on both of these mammoth security transactions were the same: Goldman Sachs had both sole buy-side mandates (for Juniper and, more recently, Intel) while Morgan Stanley worked the sell side (sole advisor for McAfee and co-advisor, along with JP Morgan Securities, on NetScreen).

Recent significant security transactions

Date announced Acquirer Target Equity value
August 19, 2010 Intel McAfee $7.7bn
February 9, 2004 Juniper Networks NetScreen Technologies $4bn
June 29, 2006 EMC RSA Security $2.1bn
August 23, 2006 IBM Internet Security Systems $1.3bn

Source: The 451 M&A KnowledgeBase

SaaS deals echo in security industry

Contact: Brenon Daly

There are more than a few echoes of Symantec’s purchase of MessageLabs last October in McAfee’s reach last week for MX Logic. In terms of strategy, both acquisitions added millions of end users of on-demand security to the two largest security software companies, which have been slowly looking to increase that side of their business. MessageLabs had attracted more than eight million users at 19,000 customers, while MX Logic brings more than four million users at 30,000 customers.

As far as deal terms go, both buys were done at a similar valuation. Symantec paid 4.8 times trailing sales for MessageLabs, while we estimate McAfee is paying closer to 4 times trailing sales for MX Logic. (If we include the potential $30m earnout in the price, the multiple hits 4.9 times MX Logic’s trailing revenue.) And, we would add that both deals stand as the largest security transactions of their respective years, with the sales of these private software-as-a-service (SaaS) companies eclipsing the prices paid even for public vendors. Symantec shelled out $695m in cash for MessageLabs, topping McAfee’s $497m pickup of Secure Computing as the largest security deal in 2008. So far this year, McAfee’s $140m purchase of MX Logic is the industry’s biggest security transaction, slightly ahead of the contested take-private of Entrust for $124m.

We also suspect that both SaaS acquisitions will pay dividends for Symantec and McAfee. (We have heard from several sources that Symantec is particularly high on its reach across the Atlantic for MessageLabs.) Undoubtedly, these deals will deliver a higher return than the other large SaaS security acquisition, Google’s pickup of Postini. Done two years ago, that buy handed Postini a valuation that’s twice as rich as either MessageLabs or MX Logic. But unlike the moves by Symantec and McAfee, Google didn’t snag Postini for its security offering. Instead, the search giant had the ill-conceived notion that a startup could serve as the platform for its push of Google Apps. Not surprisingly, that idea hasn’t panned out. We certainly haven’t heard much about Postini in the two years since the search giant bought it.

Halfway through a rough year

Contact: Brenon Daly

Since we’re at the midpoint of 2009, we thought we’d tally what we’ve already seen in M&A this year and project what we’re likely to see for the remainder of the year. First, the look back at the first two quarters of 2009: The $58bn in announced and estimated deal spending so far this year is the lowest level of JanuaryJune tech shopping in a half-decade. More dramatically, spending on deals in the first two quarters of 2009 is only about one-quarter the amount spent during the comparable period in any of the past three years. June was a particularly slow month, after there were a flurry of deals in April and May.

As to what the rest of 2009 will look like, we suspect it will closely resemble the second half of last year. For the record, the announced spending from JulyDecember 2008 hit just $72bn. Obviously, it’s difficult to predict a lumpy business like M&A. But the way the economy is dragging along right now, we’re inclined to think that big buyers will look to take small bites for the rest of the year. That’s what they did in the second half of 2008. Indeed, it wasn’t that the traditionally busiest buyers in tech took themselves out of the market altogether. Rather, they just scaled back their purchases, despite holding tens of billions of dollars in cash. For instance, the largest transactions inked in the back half of last year by tech giants such as McAfee, Oracle, IBM, Google and Microsoft – among many other companies – were all less than a half-billion dollars.

Q1-Q2 tech spending

Year Deal volume Deal value
2009 1,400 $58bn
2008 1,557 $228bn
2007 2,005 $294bn
2006 2,019 $268bn
2005 1,388 $162bn
2004 999 $111bn

Source: The 451 M&A KnowledgeBase

A somewhat secure M&A market

Contact: Brenon Daly

With RSA set to open later this week, we thought we’d take a look back on deal flow since the trade show closed last year. Over the past year, we’ve seen some 83 acquisitions of security companies, with total spending of about $4.2bn. While that’s down from the comparable year-earlier period (April 2007-April 2008: 90 deals worth $5.2bn), the drop-off in security M&A has not been as steep as the overall decline in tech deals. In fact, the number of security transactions slipped just 7% from the previous year, compared to an 18% drop in the number of total tech M&A. Spending on security deals also fell less than the overall market.

Moreover, there are a number of trends that have emerged since the last RSA event that suggest security M&A may well remain healthier than the overall market. For starters, the big shoppers have done big deals. By our tally, Symantec has inked the largest security transaction since the end of last year’s RSA, paying $695m in cash to bolster its on-demand offering with MessageLabs. And McAfee checked in with the second-largest acquisition. Its $497m all-cash purchase of Secure Computing was its largest deal in a decade, and its only acquisition of a public company in at least seven years (excluding the pickup of Bulletin Board-listed Citadel Security Software in 2006).

In addition to the strategic vendors, we’re also seeing financial buyers – both through funds and PE-backed companies – looking to do deals. For instance, Sophos went back to its investors to help finance its $341m acquisition of Utimaco, the largest purchase by a privately held security company of a public counterpart. Also, Vector Capital took home Aladdin Knowledge Systems and, more recently, Thoma Bravo has a pending $114m offer for Entrust. Certainly there have been a few scrap sales, but that’s to be expected in an over-funded market like security. Overall, deal flow remains comparatively healthy in the security sector.