What lies ahead for independent ESIM vendors?

Contact: Thejeswi Venkatesh, Ben Kolada

Hewlett-Packard recently announced the availability of ArcSight Express 3.0, an upgraded version of the product it acquired last year. In light of this release, we note that independent ESIM vendors aren’t resting on their laurels, either. They continue to develop, innovate and position themselves as potential IPO/acquisition candidates. Competition is already fierce among ESIM players, with each trying to expand their addressable markets, but with HP, Attachmate and Sophos adding ESIM offerings to their portfolios, rivals might look to add to their own to compete effectively.

In a recent report, my colleague Andrew Hay notes that there are several potential acquirers and targets. The list of takeout candidates continues to include Q1 Labs, although there have been M&A rumors around the company for a decade. Q1 Labs is also primping itself for an IPO, but we wouldn’t be surprised if it became the latest target in the growing line of dual-track acquisitions announced so far this year. Given its enviable revenue growth (Q1 Labs reported that its revenue grew 75% in 2010), we expect that Q1 Labs would catch a valuation similar to ArcSight. HP picked up that Cupertino, California-based security provider in September 2010 in a deal valued at nearly 8 times trailing sales. Beyond Q1 Labs, we could point to NitroSecurity, which was allegedly in talks with McAfee earlier this year. We’d also note that McAfee lost out on the ArcSight assets, and could look to NitroSecurity as an alternative.

One sale leads to another at Sophos?

Contact: Brenon Daly

As leading indicators go, the recent decisions around Sophos paint a rather bearish picture for the current IPO market. The anti-malware vendor had briefly filed to go public back in late 2007 but then pulled the paperwork as the markets tumbled. We understand that Sophos had lined up banks earlier this year for another run at an IPO, but it ended up selling a majority chunk to buyout shop Apax Partners earlier this week. (Two of the three bookrunners on the most recent lineup were the same as the 2007 prospectus, according to a source.)

A dual-track process typically adds at least a few dollars to the price of a company, since it at least introduces the idea of another buyer (the public market). However, Sophos’ sale to Apax, in our view, comes at a discount to the valuation we would have penciled out for the company. The deal values Sophos at $830m, about 3.2 times trailing sales and 2.7 times projected revenue. Sophos’ stillborn IPO comes at time when other would-be debutants are having to cut terms or shelve their offerings altogether.

Yet somewhat paradoxically, we think the move by Apax actually makes an offering by the security company more likely, at least down the road. For starters, it replaces Sophos’ somewhat cumbersome ownership structure, which didn’t always share the same alignment, with a single owner to call the shots. (For instance, we heard there was a fair amount of dissention inside Sophos over its mid-2007 purchase of Utimaco, which stands as the largest acquisition of a public security company by a private one.)

Also, Apax probably got in at a low enough price that it could make a decent return by taking Sophos public in a year or two, provided the equity markets stay receptive. (We would argue that’s a much more likely exit than a flip to yet another buyout shop.) And finally, there are plenty of banks ready to (at long last) get Sophos on the market. Many of the underwriters have been working with Sophos for more than a half-decade, so it would be just a matter of updating numbers in what has to be a well-worn pitch book.

Sophos is a seller

Contact: Brenon Daly

Former IPO hopeful Sophos will stay private (at least for the time being), but will have a new owner, the anti-malware company said. The new majority holder is Apax Partners, having picked up a 70% stake from both TA Associates, which had been a minority shareholder since 2002, and Sophos’ two founders. The purchase put an overall price tag of $830m on Sophos.

The sale comes after much speculation that Sophos, which had filed to go public in November 2007, was once again looking for an IPO. In fall 2009, British media reports indicated Sophos was planning an offering in 2010 that would have valued the company at about $1bn. Instead, Sophos is taking what we would consider a multiple at the low end of the range, even though the company’s size and recent growth rate might imply an above-market valuation.

Sophos indicated it recorded billings of $330m and revenue of $260m for its fiscal year, which ended March 31. On a trailing basis, that works out to just 2.5 times bookings and 3.2 times sales. Assuming Sophos continued growing at a 19% rate for the current fiscal year, it would have finished this year with about $310m in sales. That means Apax is valuing Sophos at just 2.7 times projected revenue.

Other security companies that have danced on and around the public stage have recently fetched much richer valuations, at least in one key measure. Encryption vendor PGP garnered four times trailing revenue in last week’s sale to Symantec. While PGP may or may not have been planning to go public, the most recent security IPO does trade at a notable premium to the valuation Sophos just got in its sale. Unified threat management vendor Fortinet currently commands a $1.25bn market capitalization, which works out to 4.9 times trailing sales.

Unsecured M&A

In the past month alone, we’ve seen a number of landmark IT security transactions. Symantec inked the largest-ever software-as-a-service security deal, paying $695m for MessageLabs. The largest pure security vendor, McAfee, announced its biggest deal, doubling down on network security with its $497m purchase of Secure Computing. And the formerly somnolent Sophos shook off its sleepiness to go shopping. It recently closed its $341m purchase of Utimaco, the largest acquisition of a publicly held security company by a private company.

So with all of these big-ticket transactions, overall deal flow in security should be strong, right? Actually, year-to-date totals are running at less than half the level of either of the previous two years. The reason: large consolidation plays have been knocked off the table this year. So far, just one security transaction worth more than $500m has been announced, down from five during the same period last year and four in 2006.

Security M&A totals

Period Deal volume Deal value Selected transactions
January 1-October 13, 2006 96 $6bn EMC-RSA, IBM-Internet Security Systems
January 1-October 13, 2007 70 $7.2bn Cisco-IronPort, SafeNet LBO, Google-Postini
January 1-October 13, 2008 68 $2.7bn Symantec-MessageLabs, McAfee-Secure Computing

Source: The 451 M&A KnowledgeBase

Deciphering encryption deals

Exactly a year ago, McAfee announced its $350m acquisition of SafeBoot, which in turn came about a year after Check Point Software made its own purchase of an encryption vendor, Protect Data AB. We mention this bit of history because, in what has seemingly become an annual autumn event, Sophos just closed its own big encryption purchase, the $341m deal for Utimaco.

Although the three encryption vendors shared a home market of Europe and were in the same neighborhood in terms of revenue, the three transactions are very different. For starters, the relative growth rates of the targets were all over the board. Protect Data, or Pointsec as it was more commonly known, was clipping along at 90% year-on-year growth when we spoke to them ahead of the takeout. (Although we have heard that some of that torrid growth came at the expense of margins.) Meanwhile, SafeBoot, which was preparing for a possible public offering, told us sales were likely to grow about 70% in the year leading up to its acquisition. In contrast, 20-year-old Utimaco had increased sales just 20% in its most recent fiscal year.

Also, Check Point inked its acquisition of Protect Data when it was running at about $600m in sales. McAfee was even larger, having topped $1bn in annual revenue when it reached for SafeBoot. That’s not the case for Sophos and its just-closed purchase of Utimaco. With Sophos having finished its fiscal year (ending March) with revenue of $213m, it will be looking to integrate a company that is nearly half its size.

Finally, the returns on the two acquisitions already on the books have varied quite a bit. Check Point, which has traditionally been strong on network security, has struggled to notch sales of Pointsec, which secures the endpoint. On the other hand, McAfee has kept SafeBoot rolling along, with one source indicating that the unit will do about $100m in sales this year. The reason: McAfee already had a strong presence on endpoint security, as well as a management console that has integrated SafeBoot. Of those two contrasting acquirers, Sophos lines up more closely with McAfee, which bodes well for its combination with Utimaco. That’s crucial for Sophos, since we consider its purchase of Utimaco a make-or-break deal for the company.

Significant data encryption deals

Date Acquirer Target Price Target revenue
July 2008 Sophos Utimaco $341m $86m
October 2007 McAfee SafeBoot $350m $60m*
November 2006 Check Point Protect Data (Pointsec) $586m $64m

Source: The 451 M&A KnowledgeBase *451 Group estimate

Sophos bags an elephant

In a twist on a private-public transaction, Sophos laid out on Monday a bold $340m plan to pick up Utimaco, an encryption vendor that trades on the Frankfurt Stock Exchange. Rather than rolling into the public company, Sophos plans to take Utimaco off the market. It plans to fund the acquisition by drawing on three sources. (My colleague, Nick Selby, has the details on the financing as well as the strategy.)

The financing is crucial because this deal is a whopper. If it goes through, it’ll be the largest IT security deal in seven months. More significantly, however, Sophos’ planned acquisition of Utimaco stands as the biggest purchase by a privately held security company. In fact, it’s nearly twice the size as the number two deal, Barracuda’s unsolicited run at Sourcefire. (And it’s not certain that deal will close at all. Sourcefire, which is slated to report second-quarter earnings on Thursday, has shot down the deal so far.)

Although Utimaco will be erased from the market, we view the disappearance as temporary. Once the two companies get through the integration, we expect Sophos to try to go public once again. (Recall that last fall, it announced plans to list on the London Stock Exchange but shelved them as the markets deteriorated.) Among the underwriters for the planned IPO was Deutsche Bank, which advised Sophos on the purchase of Utimaco. Indeed, it was the same DB banker on this deal that also co-advised on a very similar transaction last fall, McAfee’s $350m purchase of Dutch encryption vendor SafeBoot. (DB and UBS Investment Bank advised SafeBoot, while Morgan Stanley advised McAfee.)