Proofpoint refills the IPO pipeline

Contact: Brenon Daly

Wedged between the strong debuts this week of two tech companies, Proofpoint has put in its paperwork to refill the IPO pipeline. The subscription-based email security vendor filed for a rather small $50m offering, which is being led by Credit Suisse and Deutsche Bank. Earlier this week, Jive Software hit the market well above its expected price while Zynga raised a cool $1bn as it priced its offering at the top end of its range.

Founded in 2002 by a former Netscape executive, Proofpoint has expanded beyond its core email security. Most recently, we noted that the company has begun to position itself as a full compliance platform, complete with email discovery and litigation support. While Proofpoint’s technology is solid, Wall Street may be left wanting a bit more from its financials.

For starters, Proofpoint has never printed black numbers, and has wrung up a total of $155m in accumulated deficit. Meanwhile on the top line, the company increased revenue a less-than-stellar 27% through the first three quarters of 2012. That compares to 43% growth in sales over the same period at Imperva, the most recent security vendor to hit the public market. Proofpoint plans to trade on the Nasdaq under the ticker PFPT.

Securing a tweet

Contact: Wendy Nather

Whisper Systems has announced that it has been acquired by Twitter (appropriately enough, the news was tweeted). Terms of the acquisition were not disclosed, but given Whisper’s emphasis on Google Android security, we expect that the deal was as much about the brains behind the technology as it was about the tools themselves. Whisper’s products include WhisperCore, a set of functions for data and network encryption as well as permissions management; WhisperMonitor, an Android-based firewall for mobile devices; Flashback, a cloud-based secure backup service for Android data; TextSecure, a facility for encrypting SMS messages on the fly; and RedPhone, an encryption function for voice that saw heavy use by activists during Egypt’s political uprising.

Twitter has inked 15 transactions, but this is the first one that focuses on security, and it’s in an area that appears to add real gravitas to the communications technology: it’s not just for ensuring that your Uncle Fred can’t accidentally get to your status updates. Mobile devices and protection against regimes make a solid combo, and they bolster Twitter’s use as a real-time reporting system. It’s not clear how many of the current products will remain viable under Twitter’s control, but the reasoning behind the choice of Whisper, as opposed to any number of other mobile device security startups, seems pretty clear.

But we find this deal even more interesting due to the fact that one of Whisper’s founders, security researcher Moxie Marlinspike, has also been making the conference rounds discussing a well-known problem: that of Internet-wide trust in domain name system (DNS) and SSL infrastructure. Certificate authorities that underpin transactions over the Internet have been increasingly attacked directly (with COMODO and DigiNotar being prime examples; the latter went bankrupt as a result of its breach), and DNS-based attacks are on the rise. Marlinspike not only points out the inherent design problems in the trust-based system, but also has proposed the most plausible solution: overhauling the structure into a new system he has dubbed Convergence. When you have access to an Internet security architect of Marlinspike’s caliber, you don’t let it go to waste. We’ll be watching for new developments on a possibly more fundamental level than just secure text messaging for Tweets.

Symantec gets the better end of a ‘win-win’ deal

Contact: Brenon Daly

When a marriage dissolves, it’s typically a messy process with bitter recriminations and resentments over how to divide the results of lives pooled together. Not so with Symantec’s step out of its three-and-a-half-year-old joint venture (JV) with Huawei. Selling its 49% stake in the storage and security appliance JV to its Chinese partner for $530m brings both companies a number of advantages. And while we might be tempted to label it one of those mythical win-win transactions, a closer look at the deal shows that Big Yellow gets more of the ‘win’ than Huawei, at least in our view.

From a purely financial standpoint, Symantec exits the JV having more than tripled the valuation of the entity. As CFO James Beer noted on a call discussing the sale, Symantec is realizing an annualized internal rate of return (IRR) of 31%. (We might add that performance came in the face of the worst global economic slowdown since the Great Depression, and is roughly three times the return of the Nasdaq over the same period. The IRR is undoubtedly higher than the numbers put up by many of the late-stage investors and buyout shops over that time.)

Additionally, the terms don’t limit Symantec from expanding its business in China, either in terms of distribution or even in new agreements with other hardware providers. Meanwhile, Huawei will be paying Symantec OEM royalties from its contributions to products for the next seven years. (No amount was given for those payments.) That’s not a bad deal at all for Symantec, which was advised by Citigroup Global Markets while Morgan Stanley banked Huawei.

Confab-ulous M&A at two cloud companies

Contact: Brenon Daly

Two of the most richly valued tech companies are each hosting annual get-togethers this week, and M&A is figuring into both of the confabs. VMware opened VMworld in Las Vegas on Monday, while saleforce.com followed a day later with Dreamforce in San Francisco. As these companies were getting ready to open the doors for the event, both announced that they had done acquisitions – with both deals coming in the security market.

VMware reached for PacketMotion, a startup that was able to capture who’s doing what on a network and whether they should be doing that at all. VMware indicated that the acquisition should allow its customers to automate security and compliance policies. For its part, salesforce.com added encryption vendor Navajo Systems. While terms weren’t announced on either transaction, we suspect that the price tags for both startups were in the low tens of millions of dollars. On the other side, we’d note that, collectively, VMware and saleforce.com are valued at north of $50bn.

Part of the tremendously rich valuation that both VMware and salesforce.com enjoy can be chalked up to the fact that each company is the sort of corporate representation for two key components of the whole cloud computing model: VMware for virtualization and salesforce.com for on-demand delivery of software and, more recently, infrastructure.

So it’s no surprise that these cloud stalwarts both recognized the need to shore up their cloud offerings by going out and buying security startups. After all, security remains probably the most important concern for broader adoption of cloud computing. In a recent survey, our sister organization ChangeWave Research asked both IT purchasers and users at companies to rate the security of current cloud offerings on a scale of 1 (very unsecure) to 10 (very secure). The median response was a distinctly middling 5.6. As a point of reference, the rating for cloud security was actually lower than the median rating for the reliability of cloud offerings, even after several high-profile outages at Amazon Web Services so far this year.

Updata secures a bargain from CA

Contact: Brenon Daly

When CA Technologies ‘partnered’ with Indian outsourcing firm HCL Technologies to try to offload its security business in November 2007, we termed the move a ‘kind-of, sort-of’ divestiture that was unlikely to fit well with either party. Three and a half years later, the full divestiture is finally done: CA sold it to Updata Partners last week. Although terms weren’t disclosed, we understand that Updata is paying only about $10m for the business, a price that reflects just how much the division had suffered under the joint venture. The roughly $50m in sales at the unit is less than half the level it was at the time of the CA-HCL accord.

The fact that CA got any money for its security assets surprised some. We hear from several participants that at least one bidder put forward a ‘cashless’ offer, offering to take the unit off of CA’s hands for only the assumption of liabilities. (We gather that there was some interest in the business from a few of the larger, privately held security vendors, while from the financial world, both Platinum Equity and Symphony Technology Group were rumored to be bidders.) However, the deal was a very complicated one, not the least of which because there were some questions about the revenue sharing with HCL.

The split ownership, exacerbated by uneven commitments from the two sides, meant that the security business itself was rather starved, particularly for sales and marketing support. (It didn’t help that the division focused on consumers and small businesses, while its corporate parent, CA, targets enterprises. CA will continue to sell enterprise security offerings, which is primarily its identity and access management software.) Out from under the untenable ownership structure, the security unit will likely enjoy renewed focus and resources from its soon-to-be owners at Updata as the buyout firm tries, first, to stabilize the business and then ultimately get it growing again. The deal should close next month.

RSA = Rumors Swirling Around

Contact: Brenon Daly

Candidly, one of the main reasons we’ve always enjoyed the RSA conference is all the gossip at the event. From the show floor to get-togethers that take place along the periphery of the conference, people talk. That’s especially true at the boozy after-hours parties sponsored by vendors and their backers, where the focus is more on martinis than malware.

And once again, last week’s conference didn’t disappoint, with ‘RSA’ once again living up to its abbreviation of ‘rumors swirling around.’ Of course, most of the speculation centered on which security company was going to get taken out next. That’s more than a guessing game if you consider the following conference regulars that have been gobbled up just since last year’s RSA event: McAfee, ArcSight, PGP, SonicWall, Arcot Systems along with dozens of other smaller companies.

As for the next significant player to go, we heard a fair amount of M&A buzz around NetWitness. The company sells a powerful network-analysis platform for traffic capture, classification and analysis, and is thought to be running at roughly $60m in sales. The Washington DC-based startup is run by Amit Yoran, who already sold a company to Symantec back in 2002. (Private equity firm Summit Partners picked up a minority stake in NetWitness about a year ago.) The two names that came up most often as the rumored buyer of NetWitness were Hewlett-Packard, looking to add to its recent ArcSight acquisition, and Cisco, which has already done deals to add security to its core network business.

Sourcefire’s risky bet to re-spark its M&A program

Contact: Brenon Daly

As deals go, Sourcefire’s first acquisition hardly set the world on fire (if you will). Back in August 2007, the open source security vendor picked up the open source ClamAV project. The deal only set Sourcefire back $3.5m, but not much has been heard from the project since the acquisition. Undeterred, Sourcefire stepped back into the M&A market on Wednesday with an even larger – and (potentially) much more significant – transaction.

Sourcefire is paying $17m in cash for Immunet, a cloud-based anti-malware provider. (Immunet could also pocket a $4m earnout, which depends on the company hitting some product milestones, as well as a smidge of Sourcefire equity.) It’s still early days for Immunet, which raised just one round of funding and only started generating revenue last year. (The company claims some 750,000 users, but we suspect that the vast majority of those would be using Immunet Protect, which is available for free.)

There’s always a risk when a company reaches for an early-stage startup like Immunet, which has yet to really prove itself commercially. That risk is somewhat mitigated, however, by the fact that the two companies had worked together for almost a year, and all of the Immunet employees, including the founders, will be joining Sourcefire.

But, as my colleague Andrew Hay notes in his report, the deal brings a much bigger risk: Can Sourcefire, which is primarily focused on network security with its well-known Snort product, step into the endpoint security market without a stumble? How will it fare in selling antivirus against giant rivals that generate more revenue each quarter than Sourcefire has in its entire history? Sourcefire has fought through some tough setbacks in its history, including a broken sale to Check Point Software and breaking issue in its IPO. Now, with Immunet, it needs to show that it can actually pull off an acquisition.

Symantec still struggling with storage

Contact: Brenon Daly

Symantec gives its latest quarterly update on business after the closing bell Wednesday, with Wall Street wondering if the company will ever emerge from its ‘Veritas hangover.’ The storage business, which Symantec picked up in its $13.5bn purchase of Veritas in late 2004, has long weighed on Big Yellow’s overall performance. The division posted the sharpest revenue decline at Symantec’s three business units in the previous fiscal year, and was the only one that shrank again in the first fiscal quarter. The storage business will likely shrink again in the just-completed second fiscal quarter.

None of that, of course, is new. In fact, more than two years ago, we noted how Symantec was busy knocking rumors about unwinding any of the underperforming Veritas assets. But ever since rival McAfee sold to Intel, the paltry valuation of Symantec has come into sharp relief. Consider this: Symantec generates three times the sales of McAfee ($6bn vs. $2bn) but garners less than twice McAfee’s valuation (current market cap of $12.5bn vs. McAfee’s $7.7bn equity value in its sale to Intel).

Perhaps that valuation discrepancy alone accounts for the market buzz we’ve heard recently that Symantec may be (once again) considering shedding Veritas. That move has been looked at a number of different times, in a number of different ways, over the years.

Most recently, we heard a variation on it that had the storage business going to EMC in return for the RSA division and some cash. Another rumor had the business landing at a buyout shop. (Although shrinking, the storage business is still Symantec’s largest unit, and runs at the highest margin in the company. It generates more than $1bn in operating income.) Whatever the destination, it may well be time for Symantec to acknowledge that its grand experiment of a combination of storing and securing information hasn’t gone according to plans. Wall Street has certainly given that verdict, having clipped Symantec shares in half since the Veritas deal was announced.

Oracle steps back into M&A market

Contact: Brenon Daly

After taking the summer off from M&A, Oracle on Monday announced the acquisition of authentication management startup Passlogix. The purchase is the first one by the normally acquisitive Oracle since it announced a pair of asset pickups in late May. Sitting out the summer slowed Oracle’s pace from steady deal flow earlier this year as well as other years. The Passlogix buy is Oracle’s eighth deal in 2010.

The first seven purchases, however, came in the first five months of 2010. That was ahead of the M&A pace Oracle held from 2005-2008, when it inked an average of a deal a month in each of the years. Oracle announced just eight acquisitions in recession-wracked 2009, when overall M&A activity was muted.

As we noted in our report on Q3 M&A, Oracle was one of the highly visible companies that didn’t announce a single transaction in the July-September period. Similarly, both Microsoft and Symantec sat out the quarter, too. But their inactivity was more than made up for by fellow tech giants Hewlett-Packard and IBM. That duo went on an M&A safari in the third quarter, with an eye toward bagging big game. In the just-completed July-September period, IBM and HP combined to announce 11 deals with a total bill of more than $7.3bn.

Is HP overcompensating?

Contact: Brenon Daly

Since when does an army without its top general go on the attack? That strategy would seem to go against convention, yet Hewlett-Packard has done just that since dumping Mark Hurd for his foibles. The tech giant has chased a pair of deals to valuations that are basically 2-3 times the prevailing market multiple. HP’s recent bidding war over 3PAR and the purchase of ArcSight shows a level of aggressiveness that indicates to us that the drivers for the acquisitions may have been emotional as well as financial, at least to a small degree.

If we step back and look at the setting for both deals, we can’t help but conclude that HP announced the transactions at a time when it looked vulnerable. Its star CEO had dramatically crashed back to earth, while its board (yet again) appeared to have bungled what looked like a fairly routine internal investigation. Statements by the company that it was ‘business as usual’ didn’t get much of a hearing on Wall Street. Shares that changed hands in the low $50s in April have been worth less than $40 for much of the past month. HP’s market cap lingers below $100bn, despite the company ringing up sales of about $120bn.

At the risk of drifting too far into psychology, we wonder if the deals weren’t a bit of overcompensation. (Certainly, paying 11x trailing sales for 3PAR might be considered overcompensation, or at the least, ‘heavy compensation,’ if you’ll forgive the pun.) If investors and others were going to view HP as weak or directionless while its corner office was empty, well, HP could use its vast resources to counter with a signal to remind everyone that it was formidable, with or without a fulltime CEO. Of course, we’re just playing armchair psychologist here. But something beyond just straight numbers seemed to be at work in HP’s recent moves.