Will Fortinet go shopping after going public?

Contact: Brenon Daly, Paul Roberts

Not that Fortinet actually needs more cash to go shopping, but the company will likely substantially fatten its treasury by the end of the year. Officially, the security vendor, which has been generating cash for the past three years, said in its IPO prospectus this week that it plans to raise $100m. However, we suspect the actual amount that it raises could be as much as $200m, a fitting offering for a firm that may well hit the market with a valuation in the neighborhood of $1bn. (Which exchange Fortinet debuts on is still undecided. We can only imagine the fight between the NYSE and the Nasdaq over listing a big-time IPO like Fortinet in such a lean time for new offerings.)

Whatever the amount of money Fortinet ends up raising in the offering, it will have plenty to go shopping. (Not to mention the fact that it will also have freshly minted shares if it wants to do a larger deal.) My colleague Paul Roberts, who heads our security practice, put together a possible shopping list for the company back in April, based on our understanding that Fortinet was a few months away from filing to go public. Roberts discussed a number of possibilities for Fortinet, including network access control and perhaps WAN traffic optimization.

However, he argued that Fortinet would perhaps be best served by making a play for an enterprise security information management (ESIM) provider to make sense of all the information generated by the various offerings. And, as fate would have it, Fortinet already knows one ESIM vendor rather well. Since 2004, the company has been OEMing eIQnetworks’ Network Security Analyzer and reselling it as FortiReporter.

SaaS deals echo in security industry

Contact: Brenon Daly

There are more than a few echoes of Symantec’s purchase of MessageLabs last October in McAfee’s reach last week for MX Logic. In terms of strategy, both acquisitions added millions of end users of on-demand security to the two largest security software companies, which have been slowly looking to increase that side of their business. MessageLabs had attracted more than eight million users at 19,000 customers, while MX Logic brings more than four million users at 30,000 customers.

As far as deal terms go, both buys were done at a similar valuation. Symantec paid 4.8 times trailing sales for MessageLabs, while we estimate McAfee is paying closer to 4 times trailing sales for MX Logic. (If we include the potential $30m earnout in the price, the multiple hits 4.9 times MX Logic’s trailing revenue.) And, we would add that both deals stand as the largest security transactions of their respective years, with the sales of these private software-as-a-service (SaaS) companies eclipsing the prices paid even for public vendors. Symantec shelled out $695m in cash for MessageLabs, topping McAfee’s $497m pickup of Secure Computing as the largest security deal in 2008. So far this year, McAfee’s $140m purchase of MX Logic is the industry’s biggest security transaction, slightly ahead of the contested take-private of Entrust for $124m.

We also suspect that both SaaS acquisitions will pay dividends for Symantec and McAfee. (We have heard from several sources that Symantec is particularly high on its reach across the Atlantic for MessageLabs.) Undoubtedly, these deals will deliver a higher return than the other large SaaS security acquisition, Google’s pickup of Postini. Done two years ago, that buy handed Postini a valuation that’s twice as rich as either MessageLabs or MX Logic. But unlike the moves by Symantec and McAfee, Google didn’t snag Postini for its security offering. Instead, the search giant had the ill-conceived notion that a startup could serve as the platform for its push of Google Apps. Not surprisingly, that idea hasn’t panned out. We certainly haven’t heard much about Postini in the two years since the search giant bought it.

Trans-Atlantic transactions take off

Contact: Brenon Daly

It was a big and busy day on Wednesday for British companies shopping in the country’s former colony across the Atlantic. Collectively, the three deals boosted the total disclosed value of acquisitions by UK-based firms so far this year by nearly 20%. For starters, LSE-traded software vendor Micro Focus picked up one full Nasdaq-listed company and bits of another US public company, spending a total of about $155m. Taken together, the simultaneously announced deals are the second-largest transaction announced in 2009 by a UK-based buyer. Adding to that, British defense giant QinetiQ reached for a well-funded security startup in a deal that features a handsome valuation and a pretty rich possible earn out.

In the more significant purchase, Micro Focus picked up long-ailing Borland Software for $1 per share, or an equity value of about $75m. In the same breath, it also scored a business line from Compuware for $80m. Micro Focus says the addition of Compuware’s application testing/automated software quality (ASQ) unit will help bolster its existing ASQ offering, a suite of tools that it sells under the Data Express name.

One of the more interesting aspects of Micro Focus’ double-up deal is that the company tapped Arma Partners to run both processes. (The transaction was headed up by Arma’s Paul-Noël Guély, along with Keith Robinson, Varun Sunderraman and Graham Smith.) Arma has served as a kind of house bank for Micro Focus, advising on four of the company’s past five deals. On the other side of the table, Updata Advisors worked with Compuware on its divestiture and JP Morgan Securities advised Borland. We’ll have a full report on the moves by Micro Focus in Thursday’s 451 Group sendout.

In a separate transaction, QinetiQ (through its North American arm) moved deeper into the cyber-intelligence world by buying Cyveillance. Terms call for QinetiQ to hand over $40m upfront, along with a possible $40m earn out over the next two years. Cyveillance, which we understand didn’t use a banker, generated sales of about $10m in 2008. Look for a full report on the relatively richly valued transaction in tonight’s 451 Group MIS email.

A somewhat secure M&A market

Contact: Brenon Daly

With RSA set to open later this week, we thought we’d take a look back on deal flow since the trade show closed last year. Over the past year, we’ve seen some 83 acquisitions of security companies, with total spending of about $4.2bn. While that’s down from the comparable year-earlier period (April 2007-April 2008: 90 deals worth $5.2bn), the drop-off in security M&A has not been as steep as the overall decline in tech deals. In fact, the number of security transactions slipped just 7% from the previous year, compared to an 18% drop in the number of total tech M&A. Spending on security deals also fell less than the overall market.

Moreover, there are a number of trends that have emerged since the last RSA event that suggest security M&A may well remain healthier than the overall market. For starters, the big shoppers have done big deals. By our tally, Symantec has inked the largest security transaction since the end of last year’s RSA, paying $695m in cash to bolster its on-demand offering with MessageLabs. And McAfee checked in with the second-largest acquisition. Its $497m all-cash purchase of Secure Computing was its largest deal in a decade, and its only acquisition of a public company in at least seven years (excluding the pickup of Bulletin Board-listed Citadel Security Software in 2006).

In addition to the strategic vendors, we’re also seeing financial buyers – both through funds and PE-backed companies – looking to do deals. For instance, Sophos went back to its investors to help finance its $341m acquisition of Utimaco, the largest purchase by a privately held security company of a public counterpart. Also, Vector Capital took home Aladdin Knowledge Systems and, more recently, Thoma Bravo has a pending $114m offer for Entrust. Certainly there have been a few scrap sales, but that’s to be expected in an over-funded market like security. Overall, deal flow remains comparatively healthy in the security sector.

Symantec goes box shopping?

Contact: Brenon Daly

After holding off for some time, Websense finally rolled out its first secure Web gateway appliance earlier this month. Now we’re hearing that another major security vendor is about to get into the box business. Only this time, it’ll be through acquisition, rather than internal development like it was at Websense. Several market sources have indicated that Symantec has purchased Mi5 Networks, a security appliance startup based in Sunnyvale, California.

The acquisition is expected to be announced at next week’s RSA conference, according to a source. If indeed the deal goes through, it will be Symantec’s first since picking up MessageLabs for $695m last October. Obviously, the purchase of five-year-old Mi5 would be much smaller. (We weren’t able to learn terms of the deal.)

Mi5 has raised just $3.5m in venture backing from Labrador Ventures, First Round Capital and several angel investors. Among the company’s early backers is Sunil Paul, who founded Brightmail. (That’s right, the very same company that was run by current Symantec CEO Enrique Salem.) And finally, there’s an even more direct link in the rumored pairing: Mi5 is currently headed by Doug Camplejohn, a former executive at Vontu, which Symantec acquired in late 2007.

Empire Capital: rain-making in security M&A

Contact: Brenon Daly

For the second time in less than a year, a micro-cap security company in which hedge fund Empire Capital holds a big position is being taken off the board. On Monday, Entrust said it agreed to a $114m offer from buyout firm Thoma Bravo. Terms call for the acquirer to pay $1.85 for each of the 61.3 million Entrust shares outstanding. The roughly 22% premium essentially values Entrust where it was last October. (The deal also carries a ‘go-shop’ provision.)

Empire, which has a seat on Entrust’s board, holds about 11.8 million shares of the company, or 19% of the total. (That means the hedge fund’s payday for its stake will be just $22m.) Although the board has signed off on it, the terms of the buyout aren’t exactly staggeringly rich: Entrust has $24m in cash and no debt, lowering the company’s enterprise value to just $90m. Entrust did about $100m in sales in 2008 and was expected to record only a slight dip in revenue this year, according to Wall Street projections.

The valuation of less than 1x trailing revenue for Entrust is just half the level of Tumbleweed Communications, the previous security company that Empire was involved with. In a trade sale last June, Tumbleweed got picked up by French rival Sopra. The deal valued Tumbleweed at nearly 2x trailing sales. Of course, it was a different time back then. For its part, Entrust was trading at about $3 on the day Sopra announced the Tumbleweed acquisition.

Crossbeam looks to deal

Contact: Brenon Daly

After growing organically to $90m in sales in 2008, Crossbeam Systems is actively looking to acquire a company in the near future, the company said Tuesday at the Montgomery Technology Conference. Crossbeam has been generating cash for more than a year, and currently has some $11m in the bank. It also has an untouched $15m line of credit and indicated that it could raise another round of funding for a significant transaction. (Crossbeam has already raised some $105m in venture backing over the past seven years.)

Although Crossbeam is lumped into the security market, it is a platform – rather than an application – vendor. In fact, it partners with several key security companies, including Check Point Software Technologies, Sourcefire and IBM’s ISS unit. Obviously, it couldn’t buy any single security application vendor without risking the loss of one of those partners. Instead, the company is looking to do a network-related deal, perhaps adding analysis or application acceleration. (However, Crossbeam won’t be considering WAN traffic optimization companies; the company said that market is too crowded.)

As it plans to shop, Crossbeam joins several other large privately held companies, which are all running at more than $50m in revenue, that are currently in the market. We understand that Tripwire may be looking to pick up some security technology, specifically in log management and vulnerability assessment. And, we recently noted that NetQoS is also considering a deal. In fact, we hear that the networking company may be close to a letter of intent on a small transaction, while it also continues to assess a much more significant acquisition.

IPOs: nothing to offer

Contact: Brenon Daly

Security vendor ArcSight marked its first full year on the public market with an unexpectedly solid fiscal third-quarter report Thursday. (That said, my colleague Nick Selby reads between the lines and sees some potential problems at the company, which now sports a market capitalization of nearly $350m.) Heading into the release, ArcSight shares traded essentially where they did when they hit the market last February, though an after-market rally pushed the stock above $11 for the first time in seven months.

The fact that ArcSight is now above its offer price is nothing short of astounding, given that both the Nasdaq and the Dow have nearly been cut in half since the debut of the security company. (Rackspace, which was the only other VC-backed tech IPO in 2008, has likewise been cut in half since going public last summer.) It’s telling that we have to limit our discussion about the IPO market to after-market performance, rather than new issues. Not to put too fine a point on it, but we all know that the IPO market is dead right now. (As if to reiterate that, GlassHouse Technologies on Thursday pulled its planned $100m offering, which it filed in January 2008.)

And even when the market opens up once again for debutants (and we think that date is a long time off), it will almost certainly provide even fewer exits for VC-backed companies than in the past. Sandy Miller, a general partner at late-stage venture firm Institutional Venture Partners (IVP), recently noted that roughly one-quarter of IVP’s past exits had come through an IPO. (Included in that number is ArcSight; IVP was its second-largest holder before the IPO.) In the future, however, Miller projected that the percentage of portfolio companies exiting to the public market would drop to ‘single digits.’

Startup scrap sales

With new funding difficult to come by, many cash-burning startups are finding that they have no choice but to take a scrap sale. Those desperate deals cut M&A spending on VC-backed startups in the second half of 2008 by nearly three-quarters over the same period in 2007. From July to December last year, 100 venture-backed startups got acquired, for a total bill of just $3bn. That compares to 153 startups sold for a total of $11.1bn during the same period in 2007.

And we’ve seen more of these types of deals so far this year. Oracle, SAP, Barracuda Networks and Quest Software, among other large technology buyers, have all purchased companies for less than the money raised by the startups, according to our estimates. Consider the specific case of Mirage Networks. The network access control (NAC) vendor raised some $40m before discovering that NAC wasn’t really a market after all. (The eight-year-old company generated an estimated $5m in sales last year.) Trustwave picked up Mirage for some $10m, we estimate. Meanwhile, Mazu Networks will have to hit all of its earn-outs to make its investors whole again. About a month ago, Riverbed Technology said that it would pay $25m upfront for the network security vendor, with a possible $22m earn-out. That’s actually not a bad outcome for unprofitable Mazu, which we understand was burning about $1m each quarter. And yesterday, Netezza picked up the assets of data-auditing and protection vendor Tizor Systems for $3.1m; Tizor had raised $26m from investors.

VC-backed tech startups M&A

Month 2007 deal volume 2007 deal value 2008 deal volume 2008 deal value
July 23 $2.3bn 21 $994m
August 18 $1.2bn 16 $497m
September 25 $1.7bn 16 $642m
October 39 $2bn 13 $487m
November 27 $3.1bn 20 $346m
December 21 $788m 14 $56m
Total 153 $11.1bn 100 $3bn

Source: The 451 M&A KnowledgeBase

The saga of Certicom’s sale

Contact:  Brenon Daly

After more than two months of bid and counterbid, the saga of the sale of Certicom appears to be nearing its close. In early December, fellow Canadian tech company Research in Motion tossed out a low-ball bid of $1.21 for each of the 43.7 million shares of Certicom. Overall, that valued the cryptography vendor at some $53m. We should hasten to add that RIM’s offer was unsolicited.

Certicom, along with adviser TD Securities, mulled over the offer for about three weeks before saying ‘thanks but no thanks’ to RIM. Undeterred, RIM kept its bid alive for the next month, before officially pulling it January 20. Three days after that, VeriSign stepped in with an offer of $1.67 for each Certicom share, or a total of $73m.

Just last week, RIM reentered the picture with a bid of $2.44 per share, or about $106m. (Viewed another way, RIM’s new offer values Certicom at exactly twice the level as its initial bid.) As part of the terms, VeriSign now has until Wednesday to up its offer or see Certicom go to RIM. (The deal carries a $4m breakup fee.)

Of course, there could always be a third suitor in the picture. If we had to pick one likely candidate, we might tap IBM. Last April, Big Blue inked a ‘multiyear, multimillion-dollar’ license agreement with Certicom, and has already handed over a $2m upfront payment.