A deal in sight for ArchSight?

Contact: Brenon Daly

If nothing else, the long Labor Day weekend gave us all a chance to catch our breath following a week of some of the most frenetic dealmaking we’ve seen in some time. We had bidding wars, doubleheader deals and even a billion-dollar chip transaction. But in some ways, the loudest buzz in the tech M&A market came from a deal that didn’t happen: ArcSight still stands on its own.

The ESIM vendor was supposedly in play, at least according to a thinly sourced and almost woefully vague recent article in The Wall Street Journal. Not to pick apart the piece, but listing a half-dozen of the largest tech companies as ‘potential bidders’ misses a great deal of context. For instance, we noted two and a half years ago that Hewlett-Packard was rumored to have offered about $600m for ArcSight the summer before it went public. ArcSight is now worth twice HP’s rumored bid, and roughly four times the amount the market valued it at when it came onto the Nasdaq in February 2008, just before the IPO window pretty much slammed shut. (For the record, Morgan Stanley led the ArcSight offering.)

That stellar aftermarket performance raises another interesting point about ArcSight: despite the fact that its shares have quadrupled during a time when the Nasdaq has essentially flat-lined, the company has never done a secondary offering. It has just 37 million shares outstanding. That strikes us a narrow base for a firm with $200m in sales and a market valuation of more than $1bn. But maybe the company figures it shouldn’t bother selling shares at current market prices if it stands to get a substantial takeout premium on top of that. For our part, we wouldn’t at all be surprised to see ArcSight get a second exit.

A bidding war (of sorts) between the virtualization vendors

Contact: Brenon Daly

The tech industry has another bidding war. No, we’re not talking about the parrying over 3PAR or even the private equity shops slugging it out over Phoenix Technologies, a company that had largely been consigned to the corporate ash heap. Instead, we’re talking about the latest M&A moves by the virtuosos of virtualization, Citrix Systems and VMware.

Citrix opened the bidding with one deal earlier this week, putting its chips on virtualization management startup VMLogix. One day later, VMware matched the bid of one acquisition and then raised it another one. In a rare twin billing, VMware said it would be taking home both performance analytics startup Integrien as well as identity and access management vendor TriCipher. VMware’s two deals in a single day (do we call the amalgamated company ‘Trintegrien’?) brings its total number of acquisitions so far this year to five, after just one in all of last year. For its part, Citrix had been out of the market entirely since November 2008 before announcing the VMLogix purchase.

Of the three deals, the one that caught our eye was VMware’s pickup of Integrien. That might have been due to the astronomical multiple the startup garnered. We understand that the company, which was only running at about $2m in revenue, went for about $100m. Of course, looking at this transaction on a revenue multiple largely misses the point. Instead, as my colleague Dennis Callaghan notes in his report on the deal, the move makes VMware a legitimate contender in the IT performance management market and could hurt opportunities for other IT performance management vendors looking to sell into the vast VMware installed base.

The acquisition came just one day after Integrien released a special version of its flagship predictive root cause analysis software for VMware environments, so the two sides clearly knew each other. In fact, we gather that the two sides knew each other so well they negotiated directly, without an outside adviser. The VMware team was led on the Integrien deal by Alex Wang. Meanwhile, on the day’s other transaction, America’s Growth Capital advised TriCipher, while Jason Hurst, who recently joined VMware after a long stint as a software banker at Citigroup, led the buyside effort.

Why wouldn’t HP jump the McAfee bid instead?

Contact: Brenon Daly

If we had to guess about Hewlett-Packard making an uncharacteristic move and jumping an announced transaction, we would have thought the company would go after McAfee rather than 3PAR. After all, HP has a giant hole in its security portfolio (we might describe it as a ‘McAfee-sized’ hole), while it’s already pretty well covered on the storage side, even if much of its offering is a bit long in the tooth.

Yet that isn’t the way it’s playing out. The recently decapitated company offered $1.7bn earlier this week for 3PAR, adding roughly $410m, or 33%, to the proposed price of the high-end storage vendor. Meanwhile, McAfee’s planned $7.8bn sale to Intel, announced last week, continues to track to a close before the end of the year. (We would note that McAfee is being valued at 3.4 times trailing sales, exactly half the level of 3PAR following HP’s bumped bid, which took the valuation to 7.6x trailing sales.)

HP’s topping bid for 3PAR appears to be a fairly defensive move. For starters, there’s the matter that 3PAR would overlap more than a little bit with its existing core storage offering called StorageWorks Enterprise Virtual Array. Betting on an acquired property to replace – or at the very least, refresh – the heart of a company’s current offering is a risky proposal. On top of that, 3PAR would require a new architecture, rather than just running on top of HP’s existing hardware like its other software-based storage acquisitions (PolyServe, IBRIX and Lefthand Networks).

All in all, looking to derail Dell’s offer for 3PAR appears to be at odds with much of HP’s previous strategy and rationale around storage. And while it pursues that deal (cost what it may), HP passes on McAfee, a one-of-a-kind security asset that would instantly make it much more competitive with IBM, EMC and Cisco Systems. If HP has sincere aspirations about outfitting the next generation of datacenters, we might suggest that it needs to actually own its intellectual property (IP) for security.

So far, however, HP has been content with just OEM arrangements to cover itself for security. (Notably, it has extracted a fairly one-sided agreement with Symantec for consumer anti-malware protection.) And even though buying McAfee would mean an unraveling of a number of those arrangements, we would note that reality isn’t preventing HP from making its bid for 3PAR. Remember that HP currently has an OEM arrangement with Hitachi Data Systems for a high-end offering like 3PAR. Yet it’s prepared to pay – and pay a lot of money – to own the IP itself. Couldn’t the same rationale be used for McAfee?

‘You bought what? For how much?’

Contact: Brenon Daly

In both of the largest enterprise IT acquisitions so far this year, the deals are not what they seem. Or more accurately, the target companies were not acquired for what they are. What do we mean? Well, we would posit that Intel didn’t buy McAfee for its core security applications any more than SAP scooped up Sybase for its core database product. Instead, in each case, the buyers really only wanted a small part of the business but found themselves nonetheless writing multibillion-dollar checks for a whole company.

For SAP, the apps giant really wanted Sybase’s mobile technology, essentially using the Sybase Unwired Platform to ‘mobilize’ all of its offerings. It’s nice that the purchase also brought along some data-management capabilities, particularly some pretty slick in-memory database technology. But for SAP, this deal was all about getting its apps onto mobile devices. However, Sybase’s mobile business only generated about one-third of total revenue at the company. So SAP ends up handing over $5.8bn in cash for a business that’s currently running at just $400m.

If anything, Intel is paying even more for the business that it truly wanted – or, at least, the business that’s most relevant – at McAfee: embedded security. Yet that’s only a small (undisclosed) portion of the roughly $2bn revenue at McAfee, the largest stand-alone security vendor. Tellingly, Intel plans to operate as a kind of holding company, letting McAfee continue undisturbed with its business of selling security applications to businesses and consumers.

Intel ‘inside’ of largest security acquisition

Contact: Brenon Daly

The largest stand-alone security company is no longer standing on its own. McAfee agreed Thursday to a $7.7bn all-cash offer from Intel. The bid of $48 for each share represents a 60% premium over the security vendor’s previous closing price – and the highest price for its shares since early 1999. Intel’s purchase represents a significant gamble that security can be hardened by pairing software with hardware, which will likely be even more important as the need for security expands from just computers to consumer electronics, datacenter equipment and other devices. Despite that rationale, Intel still struck most observers as a surprise buyer for McAfee, which had been linked in earlier rumors to Hewlett-Packard.

The deal stands as the largest security acquisition ever, nearly twice the size of the number two deal, Juniper Networks’ $4bn purchase of NetScreen Technologies in early 2004. (Juniper used equity to cover that transaction; its stock is currently at the same price it was when it announced that deal.) Interestingly, the banks on both of these mammoth security transactions were the same: Goldman Sachs had both sole buy-side mandates (for Juniper and, more recently, Intel) while Morgan Stanley worked the sell side (sole advisor for McAfee and co-advisor, along with JP Morgan Securities, on NetScreen).

Recent significant security transactions

Date announced Acquirer Target Equity value
August 19, 2010 Intel McAfee $7.7bn
February 9, 2004 Juniper Networks NetScreen Technologies $4bn
June 29, 2006 EMC RSA Security $2.1bn
August 23, 2006 IBM Internet Security Systems $1.3bn

Source: The 451 M&A KnowledgeBase

Symantec to talk shop — and shopping

Contact: Brenon Daly

Although most of the attention in Symantec’s quarterly report Wednesday night will be focused on the top and bottom line, we expect the company’s recent shopping spree to also come up. The storage and security giant announced three acquisitions in its just-completed quarter – more deals than it did in all of 2009. The bill for Big Yellow’s almost unprecedented M&A activity in the quarter came in at $1.65bn. As we recently noted, Symantec on its own has accounted for one-third of the spending for all security deals so far this year.

The biggest part of Symantec’s spending will go toward covering its purchase of the identity and authentication business from VeriSign, its largest transaction in more than a half-decade. (As a reminder, VeriSign’s business was running at about $370m, generating a very healthy $100m or so in cash flow each year.) Big Yellow has yet to close that deal, which was announced in mid-May, or offer specific financial projections for that business. Look for more information on that acquisition on the call tonight.

Symantec will be reporting its fiscal first-quarter results, which covers the second calendar quarter, after the closing bell. Analysts are projecting earnings of about $0.35 per share on revenue just shy of $1.5bn. However, we would note that rivals in each part of Big Yellow’s two main businesses have come up short of Wall Street expectations in their recent quarters. Two weeks ago, storage vendor CommVault indicated that sales had softened while just this morning, security rival Websense offered a disappointing earnings outlook. Websense shares were down more than 10% in midday trading.

Desktop virtualization could lead to real security deals

Contact: Brenon Daly, Steve Coplan

Despite virtualization sweeping datacenters and now serving as a cornerstone of cloud computing, virtualization security has largely been an afterthought. Few startups focused on this market are generating much revenue, and M&A activity has been muted, both in terms of deal flow and valuations.

For instance, VMware – the kingpin of virtualization, which sits on nearly $3bn in cash and has spent hundreds of millions of dollars on acquisitions in other markets – has made only tiny moves around security. It reached for Blue Lane Technologies in October 2008 for what we believe to be less than $10m. (Blue Lane was one of about 20 initial partners in VMware’s VMsafe, which was introduced in early 2008.) That purchase came almost a year after VMware added hypervisor security vendor Determina for an estimated $15m.

Things may be about to change. My colleague Steve Coplan has written in a new report that the rise of desktop virtualization is likely to make security much more of a central concern. But as he notes, it’s not immediately clear which companies will actually be providing the security – the virtualization vendors, security firms or perhaps even management software providers? He looks at the rationale for all three groups as acquirers, and even lays out a few scenarios in the report.

Is SafeNet looking to secure an IPO?

Contact: Brenon Daly

A little more than three years after it went private, SafeNet is looking to return to the public market. Several sources have indicated that the encryption vendor has lined up its underwriters and plans to file an S-1 in about two weeks. If indeed the offering goes ahead, it will face a market that is proving rather hostile to IPOs right now. (We recently looked at the dreary state of the IPO market in a special report.)

Through both organic and inorganic growth, the SafeNet that returns to the market will be about half the size of the one that stepped off the market. We understand that the company is running at about $450m in revenue, compared to about $300m in revenue in the year leading up to its leveraged buyout. While private, SafeNet did a handful of small deals as well as the contentious $160m take-private of Aladdin Knowledge Systems.

An IPO would mark a second straight exit for SafeNet’s owner, Vector Capital. The buyout shop sold its Register.com portfolio company last week, realizing a return of two and a half times its investment. Vector took the Web registration and design firm private in 2005, pared down the business, made it dramatically more profitable and then sold it to Web.com.

Also noteworthy about the rumored IPO by SafeNet is that the offering is being handled entirely by bulge-bracket banks. The book-runners are said to be JP Morgan Securities, Morgan Stanley and Goldman Sachs, with the offering co-managed by Bank of America Merrill Lynch and Deutsche Bank. Off the top of our heads, that’s the first tech IPO that we can think of that doesn’t have a regional or boutique bank also helping to bring out a company.

SonicWALL should be right at home in PE portfolio

Contact: Brenon Daly

Except for losing its ticker, we don’t expect the soon-to-be private SonicWALL to be radically different from the one that traded on the Nasdaq. At least not the SonicWALL of the past few years. The reason? The unified threat management vendor has already been running a strategy that’s found fairly often in PE portfolios.

Basically, the company has taken the cash it has generated from its rather mature core product (firewalls) and done acquisitions to expand into emerging markets. SonicWALL has inked about a deal each year for the past half-decade, buying startups that had developed technology for anti-spam, continuous data protection and, most recently, WAN traffic optimization.

The collective bill on those deals is about $78m, a relatively small amount for a company that held more than $200m in its treasury and generated roughly $10m of cash each quarter. Once it goes private, we wonder if SonicWALL won’t start eyeing some larger deals. After all, it will have deep-pocketed new owners and will no longer be penalized in its accounting for acquisitions.

SonicWALL’s shopping trips

Date announced Target Deal value Market
April 19, 2010 DBAM Systems (assets) $4m WAN traffic optimization
June 12, 2007 Aventail $25m SSL/VPN
February 8, 2006 MailFrontier $31m Anti-spam
November 21, 2005 Lasso Logic $15.5m Continuous data protection
November 21, 2005 enKoo $2.4m SSL/VPN

Source: The 451 M&A KnowledgeBase

Where might Symantec shop?

Contact: Brenon Daly

After its double-header encryption deals last week, Symantec appears set to return to M&A. Like a number of tech giants, Big Yellow largely shunned dealmaking last year. But the drop-off was particularly notable at Symantec: It spent more than $1bn on acquisitions in both 2007 and 2008, but less than $100m in 2009. We would hasten to add that in the fiscal year that just ended on April 2, Symantec generated $1.7bn in cash flow from operations. That brought its cash stash to more than $3bn.

As to where the company might be shopping, my colleague Paul Roberts in our Enterprise Security Program outlines five areas that make sense for Symantec to buy its way into – as well as who might be of interest in those markets. In a new report, Roberts looks for M&A activity from Symantec in the following areas: threat detection and reputation monitoring, SIEM and vulnerability management, enterprise rights management, database security and endpoint control. All of those areas are a long way from Symantec’s original market of antivirus software.

A final thought on Big Yellow and its possible shopping is that the company actually enjoys a fair amount of goodwill on Wall Street right now. Symantec’s fiscal fourth quarter, which it reported Wednesday, was surprisingly strong for many investors, particularly after rival McAfee had a less-than-stellar first quarter. In fact, on many trading screens Symantec was the only green stock Thursday on an otherwise blood-red day. Symantec shares closed up less than 2%, but that was on a day that saw the Dow Jones Industrial Average plummet almost 1,000 points, or 9%, in afternoon trading.