Tag: Postini

Google adds zynamics to its security capabilities

Ben Kolada

Contact: Wendy Nather, Ben Kolada

Reverse engineering and code analysis vendor zynamics just announced that it is being acquired by Google for an undisclosed sum. Google has made other security plays before, with the largest being the $625m purchase of SaaS messaging security vendor Postini in July 2007, but this is its first reverse engineering deal. Google isn’t providing details on the rationale for the transaction, but we suspect that the target could be used for a number of purposes, including inspecting its ad streams for malware.

Bochum, Germany-based zynamics was founded as Sabre Security in 2004 by Thomas Dullien (aka Halvar Flake), who in 2007 was barred by the Transportation Security Administration from entry to the US as he attempted to travel to Las Vegas to present at the Black Hat conference. Google isn’t disclosing the deal terms, but when we covered zynamics back in 2008 we noted that it was profitable, with revenue of just over a half-million dollars. Google is retaining the entire zynamics team.

Google hasn’t divulged what it plans to do with zynamics’ IP and team, but given the target’s specialties, a pretty obvious use would be to check its hosted ads for malware, as well as improve detection of malware in the Android application market (given that Google just pulled 21 applications from the market today for security issues, this is an ongoing concern). We assume that Google will be using the zynamics assets to augment or replace what it’s presumably using today for these activities. But even in that case, Big G could have just licensed the software, which would mean that it plans to use the zynamics team and its talent to expand upon it for its own use – and since Google has such a wide footprint on the Internet, it’s a target-rich environment.

Take the next exit

Brenon Daly1 Comment

In addition to clobbering existing stocks, the recent financial crisis has thinned the ranks of companies that we had expected to offer up stock in the coming months. In the past week alone, two companies that we had short-listed as IPO candidates (back when there was an IPO market) both got swallowed in trade sales.

On Wednesday, MessageLabs took a $695m offer from Symantec to help establish Big Yellow’s on-demand security offering. We understand MessageLabs had put together its underwriting ticket, and was planning to hit the market once the IPO window opened again. The IPO track was a distinct change from the path rumored for MessageLabs for more than two years. Several sources have indicated that MessageLabs had been shopped widely, with Trend Micro considered the most serious suitor at times.

And last week, we had to take LeftHand Networks out of the ‘shadow IPO pipeline’ when Hewlett-Packard came calling with a $360m offer. For more than a year we have noted that, pending the return of the market for new offerings, LeftHand appeared set to join the IPO parade of storage vendors (a half-dozen storage companies have gone public in the past two years). Instead, LeftHand sold, in a deal banked by Merrill Lynch. Incidentally, Merrill Lynch also banked the sale of another company that had its eye on the public market: Postini, a direct rival to MessageLabs, went to Google for $625m in July 2007.

Proofpoint buys Fortiva, expands into email archiving

After a courtship that lasted the better part of a year, on-demand security provider Proofpoint finally picked up software-as-a-service email archiving startup Fortiva this week. Based on similar transactions and industry buzz, we estimate this tuck-in acquisition cost Proofpoint somewhere in the neighborhood of $70m. Fortiva, which has 45 employees, was running at about $15-20m in revenue from about 200 enterprise customers. This marks a solid exit for the company’s venture backers, Cargill Ventures, Ventures West and McLean Watson Capital, which only pumped $8m into Fortiva.

The interesting question sparked by this transaction is what’s next for Proofpoint, which is now up to 250 employees. Though some have suggested the company has now effectively dressed itself up as an acquisition target, we believe otherwise. We think an IPO will represent the next major milestone for the company. (In wrap-up of April’s RSA conference, we said as much, adding that an acquisition by Proofpoint was likely in the next few months.)

Proofpoint has drawn in some $86m in funding since its inception in 2002, including a $28m round in February, even though it was running at close to breakeven. With more than 1,600 customers, bookings are up 70% on a year-over-year basis for 2008. The growth comes despite stiff competition. Google, Cisco and Autonomy Corp made a big push into the market last year with their respective acquisitions of Postini, IronPort Systems and Zantaz.

Yet, Proofpoint has held its own against these larger vendors, even recruiting a few high-ranking employees from Postini, we’ve heard. Speaking of hiring at Proofpoint, we would also highlight last year’s move to bring Paul Auvil on board as CFO. Auvil served as the top numbers guy at VMware, guiding that company from the tens of millions of dollars in revenue to hundreds of millions of dollars. Of course, that company never made it fully public. We have a feeling Auvil may yet have a chance to be CFO at a public company, given the direction of Proofpoint.

Select on-demand security deals

Announced Acquirer Target Deal value Target revenue
July 9, 2007 Google Postini $625m $70m*
July 3, 2007 Autonomy Zantaz $375m Not available
May 14, 2007 Verizon Business Cybertrust $450m* $225m*
April 26, 2007 Websense SurfControl $400m $220m
Jan. 4, 2007 Cisco IronPort $830m $100m*
May 19, 2004 Symantec Brightmail $370m $26m

Source: The 451 M&A KnowledgeBase, * official 451 Group estimates