One sale leads to another at Sophos?

Contact: Brenon Daly

As leading indicators go, the recent decisions around Sophos paint a rather bearish picture for the current IPO market. The anti-malware vendor had briefly filed to go public back in late 2007 but then pulled the paperwork as the markets tumbled. We understand that Sophos had lined up banks earlier this year for another run at an IPO, but it ended up selling a majority chunk to buyout shop Apax Partners earlier this week. (Two of the three bookrunners on the most recent lineup were the same as the 2007 prospectus, according to a source.)

A dual-track process typically adds at least a few dollars to the price of a company, since it at least introduces the idea of another buyer (the public market). However, Sophos’ sale to Apax, in our view, comes at a discount to the valuation we would have penciled out for the company. The deal values Sophos at $830m, about 3.2 times trailing sales and 2.7 times projected revenue. Sophos’ stillborn IPO comes at time when other would-be debutants are having to cut terms or shelve their offerings altogether.

Yet somewhat paradoxically, we think the move by Apax actually makes an offering by the security company more likely, at least down the road. For starters, it replaces Sophos’ somewhat cumbersome ownership structure, which didn’t always share the same alignment, with a single owner to call the shots. (For instance, we heard there was a fair amount of dissention inside Sophos over its mid-2007 purchase of Utimaco, which stands as the largest acquisition of a public security company by a private one.)

Also, Apax probably got in at a low enough price that it could make a decent return by taking Sophos public in a year or two, provided the equity markets stay receptive. (We would argue that’s a much more likely exit than a flip to yet another buyout shop.) And finally, there are plenty of banks ready to (at long last) get Sophos on the market. Many of the underwriters have been working with Sophos for more than a half-decade, so it would be just a matter of updating numbers in what has to be a well-worn pitch book.

Sophos is a seller

Contact: Brenon Daly

Former IPO hopeful Sophos will stay private (at least for the time being), but will have a new owner, the anti-malware company said. The new majority holder is Apax Partners, having picked up a 70% stake from both TA Associates, which had been a minority shareholder since 2002, and Sophos’ two founders. The purchase put an overall price tag of $830m on Sophos.

The sale comes after much speculation that Sophos, which had filed to go public in November 2007, was once again looking for an IPO. In fall 2009, British media reports indicated Sophos was planning an offering in 2010 that would have valued the company at about $1bn. Instead, Sophos is taking what we would consider a multiple at the low end of the range, even though the company’s size and recent growth rate might imply an above-market valuation.

Sophos indicated it recorded billings of $330m and revenue of $260m for its fiscal year, which ended March 31. On a trailing basis, that works out to just 2.5 times bookings and 3.2 times sales. Assuming Sophos continued growing at a 19% rate for the current fiscal year, it would have finished this year with about $310m in sales. That means Apax is valuing Sophos at just 2.7 times projected revenue.

Other security companies that have danced on and around the public stage have recently fetched much richer valuations, at least in one key measure. Encryption vendor PGP garnered four times trailing revenue in last week’s sale to Symantec. While PGP may or may not have been planning to go public, the most recent security IPO does trade at a notable premium to the valuation Sophos just got in its sale. Unified threat management vendor Fortinet currently commands a $1.25bn market capitalization, which works out to 4.9 times trailing sales.

Double-door exits

Contact: Brenon Daly

When companies look for an exit, there is usually door number one (IPO) or door number two (trade sale). But in some rare cases, it’s not either/or, it’s both. That’s playing out in two very different ways around Symantec’s acquisition of encryption vendor PGP. The purchase by Big Yellow was the first of a doubleheader day in which it also picked up its OEM partner, GuardianEdge Technologies. (Incidentally, the PGP buy was Symantec’s largest acquisition since reaching across the Atlantic for on-demand vendor MessageLabs in October 2008.)

But back to exits. With the sale of PGP, we expect the next big liquidity event for an encryption vendor to be the IPO of SafeNet. We’ve heard recent talk of an offering for the company, which was taken private by Vector Capital in early 2007. Since its buyout, SafeNet has done a few deals of its own, including the contentious acquisition of Aladdin Knowledge Systems in August 2008. We understand that SafeNet is running at north of $400m in revenue.

The sale of PGP also means that investment firm DE Shaw has now recorded one of each potential exit over the past month. In late March, portfolio company Meru Networks went public, and now fetches a market valuation of about $250m. (The offering by Meru came after many other wireless LAN providers got snapped up.) DE Shaw also owned a chunk of PGP, meaning it will also get a payday from Symantec’s $300m purchase of the encryption vendor.

Next to nothing for Novell

Contact: Brenon Daly

As bargains go, Novell’s valuation in the recently floated bid from a hedge fund is a bit like a ‘crazy Eddie’ discount. Earlier this week, Elliott Associates offered $5.75 for each of the roughly 350,000 shares for Novell. Altogether, the equity value totals about $2bn.

But the true cost of Novell is actually about half that amount because the company carries about $1bn in cash and short-term investments. (Don’t forget that some of that cash flowed from Novell’s good friends at Microsoft, which handed over some $350m in cash several years ago and is still buying more licenses.) So, at the current valuation, what does the $1bn buy?

Perhaps the most revealing way to look at it is that Elliott (or any other buyer, for that matter) would get more than $600m in rock-steady maintenance and subscription revenue, meaning the bid values Novell at a paltry 1.6 times maintenance/subscription revenue. And let’s be honest, that’s the most attractive asset at Novell. The business actually grew in the just-completed fiscal year, while revenue from both licenses and services declined. (License revenue plummeted 38% in the previous fiscal year, and continued to slide in the most-recent quarter, which ended January 31.)

Novell has said only that it is reviewing the bid. (It is being advised by JP Morgan Securities, which also worked with Novell on its purchase of PlateSpin two years ago. At $205m in cash, that was the largest acquisition Novell had done in a half-decade.) Meanwhile, the market has indicated that it expects Novell to go for a bit more than Elliott’s ‘crazy Eddie’ discount price. Shares have traded above $6 each since Elliott revealed its $5.75-per-share bid, changing hands at $6.07 each in mid-afternoon trading on Thursday.

Pouring cold water on the latest Sourcefire rumor

Contact: Brenon Daly

At the tail end of last week, the market was buzzing that Sourcefire may be back in play. Of course, that’s not all that unusual for the Snort shop, which has seen two publicly disclosed acquisition offers in the past four years come to nothing. (Recall that Check Point Software failed to land Sourcefire because of vague and off-target ‘national security concerns’ in early 2006. And then, in mid-2008, Barracuda lobbed an opportunistic low-ball bid for Sourcefire. Talks between the two sides never really got going, according to at least one source.)

So who’s the new bidder? Rumor has it that IBM may be looking at Sourcefire now. While the pairing has been making the rounds, we have our doubts about whether Big Blue would actually reach for the security company. Its $1.3bn acquisition of Internet Security Systems in mid-2006 has never generated the returns that IBM had hoped. (The ISS business, which was centered on the company’s Proventia boxes, never really fit well inside IBM Global Services.) Having little to show for that purchase of an intrusion-prevention system (IPS) vendor, we doubt that Big Blue would double down on another IPS vendor, Sourcefire.

And while IBM could certainly afford it, Sourcefire has gotten a little pricey. Over the past year, shares have more than tripled, giving the security vendor a market capitalization of about $600m. Backing out the $100m in cash and short-term investments gives Sourcefire an enterprise value (EV) of $500m. Without a takeout premium, Sourcefire commands a valuation (on an EV basis) of five times trailing sales and four times projected sales. Paying a premium on top of Sourcefire’s trailing P/E that’s in the triple digits might be tough for IBM, which trades at a trailing P/E of just 12.

More than one way to market

by Brenon Daly

Apparently, UPEK really wants to be a public company. It put in its IPO paperwork back in mid-2007, only to pull it in March 2008. Unlike other former filers, however, the biometric security vendor hasn’t dusted off its S-1 in an attempt to hit the public markets. (In the past week, both Convio and GlassHouse Technologies have re-filed to go public.) Instead, UPEK wants to get on the Nasdaq by picking up a rival that already trades there.

UPEK lobbed an unsolicited offer at AuthenTec on Friday that basically envisioned consolidating the two companies, which make fingerprint sensors, into a single business. Equity ownership would be evenly divided between the two sides. For its part, AuthenTec has been a public company since mid-2007, although its shares have lost some three-quarters of their value in that time. On Monday, AuthenTec, advised by America’s Growth Capital, rejected UPEK’s ‘highly dilutive and speculative transaction.’

What a pair of startup sales tells us about the recession

Contact: Brenon Daly

If there was any doubt that the M&A climate has warmed since the beginning of this year, consider the relative exits for a pair of database-monitoring startups. Back in February, when venture funding was hard to come by and wind-down sales were plentiful, Tizor Systems sold to Netezza for just $3m. Fast-forward nine months, and Guardium sells to IBM for an estimated $230m. Viewed another way, Tizor returned just one-tenth the amount of venture funding it raised, while Guardium returned more than 10 times the funding it raised.

Granted, the relative returns of Guardium and Tizor probably have more to do with the business performance of the two rivals than what was going on in the economy. After all, Tizor was limping along with just $2m in sales, while Guardium was sprinting along at around $40m. (Both companies were founded in 2002.) That said, we’re pretty confident that the fact that the US is no longer (officially) in a recession certainly didn’t hurt the valuation of Guardium, a company we have thought has been in play for some time.

Indeed, as we look down our list of recent IT security deals, we can’t help but notice that the three largest transactions – all of which saw marquee tech companies paying above-market multiples – have come in the past four months. In addition to the sale of Guardium to IBM at an estimated 6x trailing sales, we’ve also seen Cisco Systems pay the same multiple for ScanSafe and McAfee pick up MX Logic for an estimated 4x trailing sales. A few more of these types of deals and we may start to believe that we are indeed out of the recession.

DLP deal flow

Contact: Brenon Daly, Steve Coplan

When Trustwave recently reached for Vericept, the Chicago-based security services company joined a long list of acquirers of data-loss-prevention (DLP) technology. Over the past three years, we’ve seen roughly a baker’s dozen DLP deals, with the total spending on the transactions hitting $850m, according to our 451 M&A KnowledgeBase. Not surprisingly, both the size and valuations of recent DLP deals have declined sharply, sinking to 1-2 times trailing sales, which is down from a high of about 10x trailing sales.

The list of buyers of DLP, which basically works to snuff out insider threats and control the flow of data, includes all of the obvious IT security giants. Symantec gobbled up Vontu for $350m in November 2007, while McAfee has taken smaller bites. It paid $20m for Onigma in October 2006 and then followed that up almost two years later with the $46m purchase of Reconnex. Additionally, Websense, CA Inc, RSA and even Raytheon have made sizeable DLP acquisitions in recent years.

If we had to guess which large security provider will go shopping next in the DLP space, Check Point would probably be our choice. The vendor, which is best known for its firewall offering, could use additional security on the network edge. Check Point also shifted earlier this year to an appliance model, where distinct software ‘blades’ cover specific security threats. Among other benefits, that makes it much easier to plug acquired technology into Check Point’s existing platform. DLP startups that might be of interest include Verdasys, GuardianEdge and Safend, among others.

Select DLP deals

Date announced Acquirer Target Target revenue Deal value
September 10, 2009 Trustwave Vericept $10m* $20m*
January 5, 2009 CA Inc Orchestria $22m* $30m*
November 5, 2007 Symantec Vontu $30m $350m
October 25, 2007 Trend Micro Provilla Not disclosed $15m*
September 20, 2007 Raytheon Oakley Networks $33m* $193m
August 9, 2007 RSA [EMC] Tablus $6m* $50m*

Source: The 451 M&A KnowledgeBase *451 Group estimate

NICE Systems double-dips on deals

Contact: Brenon Daly

Less than three months after indicating that it was looking to step back into the M&A market, NICE Systems announced two deals back-to-back. The Israeli company reached for Hexagon System Engineering on Monday, and followed that up immediately with the much more substantial purchase of Fortent. Together, the transactions run NICE’s tally of acquisitions to a baker’s dozen since 2002.

Hexagon will add location-based services technology for cell phones to NICE’s portfolio. NICE will hand over $11m in cash for Hexagon, which we estimate was generating revenue in the low single digits of millions of dollars. As an aside on this deal, we would note that it marks the first time that NICE has shopped in its home market. (Although Actimize, NICE’s largest target, was founded in Israel and still does much of its R&D there, Actimize had moved its corporate headquarters to New York City several years before NICE picked it up.) In its other acquisitions, NICE has been a bit of a globetrotter, buying companies based in Australia, the Netherlands, Germany, the UK and the US.

Meanwhile, NICE (through its Actimize subsidiary) will pay $73.5m in cash for Fortent. We estimate that Fortent was running at about $30m in revenue, with most of that coming from sales of its anti-money-laundering (AML) product. Actimize competed with Fortent in the AML market, but also offers products for fraud detection and trading compliance. Actimize, which NICE acquired in July 2007 for $280m, has now inked three deals as part of NICE. The Actimize business, combined with Fortent, is expected to top $100m in revenue next year, roughly triple where it was when NICE bought it two years ago.

Sourcefire: No sale turns into a great deal

Contact: Brenon Daly

With Barracuda Networks looking to gobble up Austrian IT security vendor phion, we thought we’d look back on the other time the rapacious privately held firm eyed a public company. Last summer, Barracuda launched an unsolicited bid for Sourcefire, initially offering $7.50 per share but later raising that to $8.25. The bumped-up bid valued Sourcefire at roughly $215m, but that wasn’t enough for Sourcefire’s board of directors.

We’ve noted in the past that the decision by a company to go it alone can prove very costly to shareholders, at least in the near term. Removing the takeout premium and letting a company trade on its own fundamentals can end up crushing a stock. Recovering that lost ground can be a long and painful process. (Just ask shareholders of Yahoo and Mentor Graphics, who see shares in those companies changing hands these days at just half the level that suitors were willing to pay for them last year.)

However, it’s a completely different story for Sourcefire. It has actually turned out to be one of those rare cases where a target says a bid ‘undervalues’ the business and Wall Street agrees. After telling Barracuda to buzz off, Sourcefire shares got dragged down by the recession and traded below the bid until early April. But since then, the stock has surged to its highest level since the vendor went public in March 2007. Sourcefire shares are currently trading at about $20, or nearly 150% higher than the price Barracuda was willing to pay for them. Looked at another way, Sourcefire’s decision to stay independent has created more than $300m of additional value for its shareholders than the Barracuda bid would have delivered.