Barracuda bites again

Contact: Brenon Daly

A ravenous eater, Barracuda Networks has now gobbled up four companies in the past 14 months. (And that doesn’t even count the privately held security company’s unsolicited bid in May for publicly traded Sourcefire, the Snort vendor.) Barracuda’s latest bite is backup and recovery company Yosemite Technologies. The company will be lumped in with the technology Barracuda picked up in November 2008 when it bought another backup vendor, BitLeap.

As we have chronicled, Yosemite evolved from a tape-based backup vendor to a disk-based one, and then added technology for continuous data protection for notebooks and laptops with the acquisition of early-stage FileKeeper. We understand that Yosemite, under the leadership of storage veteran George Symons, had been investing heavily in commercializing the technology. However, we suspect that fully realizing the value of the FileKeeper technology would have likely required another round of funding, which is tough to come by these days.

Instead, Yosemite opted for a sale to Barracuda. Terms weren’t disclosed, but a Barracuda insider once characterized the company’s approach to M&A to us this way: ‘We don’t mind picking through the boneyard.’ Barracuda has already built a powerful distribution channel to SMBs, so it just wants more products to push through that. With data protection covered, where might Barracuda look next? Our bet is that it is still interested in WAN traffic optimization (WTO). As we have noted, Barracuda CFO David Faugno knows the market well, having served as the top numbers guy at WTO vendor Actona Technologies before its sale to Cisco.

Barracuda’s deals

Date Target Rationale
September 2007 NetContinuum Web application security
November 2008 BitLeap Backup and recovery
November 2008 3SP SSL VPNs
January 2009 Yosemite Technologies Backup, data protection

Source: The 451 M&A KnowledgeBase

Polishing off Aladdin

Contact: Brenon Daly

After almost five months of sometimes-heated negotiations, buyout shop Vector Capital and Aladdin Knowledge Systems have agreed to take the authentication vendor private. The accord comes after two formal price adjustments (one up, one down) that left the final deal valued at $160m. Vector plans to slot Aladdin into SafeNet, which it acquired in March 2007 for $634m.

Vector’s two security purchases stand in sharp contrast to each other, since the SafeNet transaction went through with a minimum of histrionics. Consider that SafeNet took just five weeks to close, compared to the drawn-out battle for Aladdin, which included the threat of a proxy fight. Part of that may be explained by the relative valuation of the two deals. Vector paid about 2x trailing 12-month sales for SafeNet, twice the multiple it is paying for Aladdin. That discount compares to a roughly 40% slump in the Nasdaq during the time between the two acquisitions.

CA back in M&A

Contact: Brenon Daly

It turns out that there is some shopping going on out on Long Island, after all. Back in September, we noted that CA Inc had been out of the market for two years and that some bankers weren’t ‘bothering with the trip’ out to the company’s headquarters. (On a recent call with CA’s corporate development team, which has added four members since the start of the year, one participant good-naturedly tweaked us that he had to end our call to catch a meeting a meeting with a banker.)

Since our original piece, the company has done a lot more than just meet with bankers or ‘book read.’ It has closed three deals and has others in ‘various stages.’ (One note about the M&A pause: CA skipped a period of high-priced deals, and will undoubtedly find that it will get more bang for its buck in the current environment and into next year. In our recent survey of corporate development officials, nine out of 10 said private company valuations are going to come down in 2009.)

The return to shopping is part of CA’s announced intent to add 1-2% of revenue through acquisitions over the year. (On a current $4.1bn revenue base, that works out to $40-$80m of sales at acquired companies.) CA will likely be talking about that – along with other financial matters – during its annual meeting with Wall Street analysts on Friday.

CA’s return to the market

Date Target Target sector
November 13, 2008 Eurekify Identity & access management
October 15, 2008 Optinuity Infrastructure management
October 7, 2008 IDFocus Identity & access management

Source: The 451 M&A KnowledgeBase

A Freudian deal?

We’ve run a lot of different analyses on transactions, but AccessData’s proposed acquisition of Guidance Software is the first one we’ve ever subjected to Freudian analysis. What do we mean? Well, almost all of the executives at AccessData, a private data forensics software vendor, used to work at publicly traded Guidance. (AccessData’s CEO, COO and two VPs are former employees of the company they are now bidding on.)

After its initial bid a month ago was rebuffed, AccessData took public on Tuesday its offer of $4.50 for each share of Guidance. With about 23 million shares outstanding, the proposed transaction values Guidance at about $105m. However, debt-free Guidance holds $28m in cash, lowering the enterprise value of the bid to about $77m. Guidance is expected to record about $90m in sales this year. In comparison, AccessData is about one-third that size, primarily because it doesn’t have any services revenue.

We understand AccessData, which has never taken outside funding, plans to finance the deal internally, if it goes through. Guidance has rejected the bid. And, although AccessData has threatened to take its unsolicited proposal directly to shareholders, a tender offer is unlikely to go through unless it gets the blessing of one Guidance executive: Chairman and CTO Shawn McCreight, who founded the company and owns some 44% of its stock. If nothing else, AccessData’s bid will make Guidance’s third-quarter conference call on Thursday more interesting.

Unsecured M&A

In the past month alone, we’ve seen a number of landmark IT security transactions. Symantec inked the largest-ever software-as-a-service security deal, paying $695m for MessageLabs. The largest pure security vendor, McAfee, announced its biggest deal, doubling down on network security with its $497m purchase of Secure Computing. And the formerly somnolent Sophos shook off its sleepiness to go shopping. It recently closed its $341m purchase of Utimaco, the largest acquisition of a publicly held security company by a private company.

So with all of these big-ticket transactions, overall deal flow in security should be strong, right? Actually, year-to-date totals are running at less than half the level of either of the previous two years. The reason: large consolidation plays have been knocked off the table this year. So far, just one security transaction worth more than $500m has been announced, down from five during the same period last year and four in 2006.

Security M&A totals

Period Deal volume Deal value Selected transactions
January 1-October 13, 2006 96 $6bn EMC-RSA, IBM-Internet Security Systems
January 1-October 13, 2007 70 $7.2bn Cisco-IronPort, SafeNet LBO, Google-Postini
January 1-October 13, 2008 68 $2.7bn Symantec-MessageLabs, McAfee-Secure Computing

Source: The 451 M&A KnowledgeBase

Another security buy for VMware?

Although the knickknacks have long since been packed up from VMworld earlier this month, one rumor continues to make the rounds. Several sources have indicated that VMware, the host of VMworld in Las Vegas, has acquired startup Blue Lane Technologies for about $15m. The two companies have been technology partners for more than a year, with Blue Lane’s VirtualShield integrated with VMware’s VirtualCenter.

Security and virtualization in general have been major concerns for VMware. To help shore up the hypervisor and broader virtual environment, VMware in March introduced VMsafe, a set of APIs that third-party security vendors can use to write interoperable programs. Blue Lane was one of about 20 initial partners in VMsafe, as were the security industry’s heavyweights.

If indeed Blue Lane has been acquired (as one industry source and two financial sources reveal is the case), then it marks the end of a company that got its start more than six years ago. When we initially checked in with the vendor shortly after it rolled out its first product three years ago, the Cupertino, California-based company was shipping a patch management appliance. Along the way, it received some $18.4m in two rounds of funding. Remaining startups that are focusing on securing virtual networks include Catbird Networks and Reflex Security.

Selected VMware acquisitions

Date Target Price Rationale
June 2006 Akimbi $47.3m Testing and configuration
August 2007 Determina $15m* Hypervisor security
September 2007 Dunes Technologies $45* Workflow and orchestration
January 2008 Thinstall Not disclosed Application virtualization

Source: The 451 M&A KnowledgeBase *Estimated deal value

Preferred gets preference

Even with McAfee’s offer of $5.75 in cash for each share of Secure Computing representing a premium of about 27% over the previous close, many Secure shareholders are underwater. In June, Secure sank to its lowest level in six years, part of a slide that has seen some 40% of its market value erased this year. The decline left the company trading at just 1x revenue. (When it shed its authentication business at the end of July, we noted that the divested unit sold for twice the valuation of the remaining Secure business, a highly unusual situation in corporate castoffs. We also asked if the move wasn’t a prelude to an outright sale of the company.)

It turns out, however, that the stock’s decline didn’t really affect Secure’s largest shareholder, Warburg Pincus. The private equity firm took a $70m stake in Secure in January 2006. (Secure took the money to help it pay for its mid-2005 purchase of CyberGuard.) Yet, because of the way Warburg structured its purchase, the shop ended up making money on its holding. That’s true even though Secure stock, even with McAfee’s offer, is some 60% below where it was when Warburg took its stake. (Shares changed hands at $14.40 each when Warburg picked up its holding, although the conversion price was adjusted slightly six months later to offset the potential dilution caused by Secure’s cash-and-stock purchase of CipherTrust.)

In the end, Warburg pocketed $84m from McAfee for its Secure holdings, which were largely made up of series A preferred shares. Having put $70m into Secure, and then seen the shares sink, we guess Warburg is probably content to book even a slight gain on its investment.

Vector’s velocity

With all the bidding and buying, it’s hard to keep straight what’s going on with Vector Capital. Already this year, the tech buyout shop has made several offers for down-and-out companies. It even got one through last week, as portfolio company Tripos announced a $57m purchase of drug development software maker Pharsight. The deal is expected to close by year-end.

However, Vector’s other recent M&A moves, most of them coming as unsolicited offers, haven’t been as straight-forward. It made an on-again, off-again run this summer at Corel, a half-decade after taking it private and two years after spinning it back onto the public market. (We would note that Corel shares have never traded as high as they did at the IPO in spring 2006.) Vector also bid for troubled content management vendor Captaris, but lost out to the acquisition-hungry Open Text. The $131m deal is expected to close before year-end, and Captaris shares are trading as if the transaction will go through.

In addition to those mixed efforts, Vector has made an unusual two-pronged approach at Israeli security company Aladdin Knowledge Systems. First, it offered to buy Aladdin outright, offering $13 for each share it doesn’t already own. (Vector is Aladdin’s largest shareholder, holding some 14% of the company.) Then, Vector offered to pick up just Aladdin’s digital rights management (DRM) business. The DRM business is the most-attractive unit at Aladdin, and would fit nicely with SafeNet, which Vector took private last year. Perhaps not surprisingly, Aladdin has said ‘thanks, but no thanks’ to both unsolicited options, and has retained Credit Suisse to advise it.

Selected Vector transactions

Year Company Price Market
2008 Precise Software (Symantec) Not disclosed Application performance management
2007 SafeNet $634m Encryption security
2006 Tripos $26m Pharmaceutical industry software
2003 Corel $122m Desktop productivity software

Source: The 451 M&A KnowledgeBase

Buying and building at Google

Since the beginning of 2007, Google has spent nearly $3.5bn on research and development. The freewheeling company, which makes liberal use of the ‘beta’ tag for many of the in-house projects it rolls out, often goes to great pains to present a corporate portrait of uninhibited engineers running wild on their whiteboards, coming up with the next Great Idea. (All the while, founders Sergey and Larry benevolently look on.)

With all the building going on at Google, it’s easy to lose sight of the fact that the company is also buying. In fact, since the beginning of 2007, Google has averaged about a deal a month. That’s about the same acquisition pace as both Cisco and Oracle over the last 18 months, although the sizes of the deals – and the rationale – are very different. Google, for instance, has never purchased a public company.

Instead of the consolidation plays inked by other large vendors, Google tends to pick up small bits of technology or even a team of engineers that the company can eventually turn into a product. Sometimes, the acquisitions show up directly in Google products, such as its mid-2005 purchase of Android Inc. At the time, Android was reportedly working on an operating system for mobile phones, which Google officially unveiled last November. Another example is Google’s purchase in November 2006 of iRows, which became the spreadsheet offering in Google Docs.

Other Google purchases show up only as features in more significant offerings. In May 2007, for instance, Google picked up GreenBorder Technologies, a small company with a fitful history and a doubtful commercial outlook, but some solid technology. Specifically, GreenBorder developed a virtualized browser session, which isolated any browser-based security threats from the user’s computer.

However, not much had been seen from this ‘sandbox’ technology over the past year. At least, not until Google rolled out its new Chrome browser on September 1. One of the key selling points of the would-be killer of Internet Explorer: security. According to Google, Chrome prevents malware from installing itself on a computer through a browser as well as by blocking one tab from infecting another tab. In our opinion, it won’t take many people switching to Chrome to justify the $20m-30m we estimate Google spent on GreenBorder for that acquisition to pay off.

Google deal flow

Year Deal volume
YTD 2008 3
2007 15
2006 11
2005 6
2004 3

Source: The 451 M&A KnowledgeBase

What’s brewing at Cisco?

Although Cisco chief executive John Chambers has thrown cold water on speculation about a large acquisition, the market continues to buzz about possible deals by the networking giant. Observers who think Cisco is big-game hunting point to a number of unusual moves from the company, which – with a bit of reading between the lines – appear to suggest something big is brewing.

For starters, they point to the fact that Cisco has largely stepped out of dealflow, inking just two deals so far in 2008. (We recently noted Cisco’s conspicuous absence, just a day before it announced its $120m purchase of network device configuration vendor Pure Networks.) In comparison, this time last year Cisco had inked nine acquisitions. Additionally, Cisco has drastically scaled back its share repurchase program, perhaps suggesting the company is stockpiling cash for a big deal.

Of course, most of the rumors have concerned a possible pairing of Cisco and EMC, largely so Cisco could get its hands on VMware. (EMC sports a market capitalization of $30bn.) This comes on the heels of earlier rumors that Cisco might be looking at Citrix, largely so it could get its hands on XenSource.

We have a new name to toss into the Cisco M&A rumor mill: McAfee, which has a $6bn market cap. Speculation has recently surfaced that the networking company is eyeing the largest IT security pure play, a combination that would allow Cisco – for the first time – to have control over endpoints. It would pick up a solid portfolio of security products from McAfee, notably encryption and port and device control offerings, as well as potentially salvaging Cisco’s disastrous NAC effort. (And as an added bonus with the deal, Cisco could stick it to Symantec. Cisco has little love for Symantec.)

Whether a deal materializes, or even is being considered, we would expect Cisco to emphasize security much more in the future. It recently handed the division over to Scott Weiss, who came with the January 2007 acquisition of IronPort Systems. A VC who has invested in Weiss’ companies over the years (Weiss also ran Hotmail) said he wouldn’t be surprised if Cisco turned over the entire business to Weiss when Chambers decides to step down.