Insights from Gartner’s Security & Risk Management Summit

June 27, 2012

Image  Gartner’s Security & Risk Management Summit at the National Harbor in Baltimore, MD, held June 11, 2012 to June 14, 2012, attracted organizations from every corner of the IT security industry. From mobile management and eDiscovery to big data and migration to the cloud, there were sessions and exhibitors to address all major sector trends currently discussed in the market. Headline speakers included Michael Dell, CEO of Dell Computers, and Howard Schmidt, Special Assistant to the President on Cybersecurity.

The Summit kicked off with interesting keynotes by Gartner analyst Carsten Casper and communication consultant Mark Jeffries. Casper used the automobile as a metaphor for IT; he said new security features – anti-lock brakes, airbags, cameras – are part of a continual improvement process. Similarly, IT security must keep advancing. Jeffries’ keynote asserted that whether or not one’s title reads “Sales,” in order to be successful, IT professionals must be able to sell themselves and their ideas in a crowded market.

A major topic at the Summit was the massive migration of data to the cloud and the implications for control over one’s information. Another topic was ‘big data’ and how it can improve security through the analysis of patterns and reputations, leading to the successful identification of threats. To illustrate the growing importance of big data in today’s business environment, Gartner’s Neil MacDonald predicted that by 2016, 40 percent of enterprises will actively analyze at least 10 terabytes of data for Information Security intelligence, an increase from less than three percent in 2011.

The Summit also hosted a panel regarding the security investment climate. Speakers, including Signal Hill partner Don More, discussed how the investment environment for early stage players is strengthening and the acquisition interest in innovators is ongoing. The conclusion made was that mobile, cloud, social and other major IT advances are dependent on addressing security first, driving strong sector growth for the foreseeable future.

For more coverage of the summit, see http://www.gartner.com/technology/summits/na/security/

Leave a Comment » | IT Security | Tagged: , , , , | Permalink
Posted by Signal Hill

Signal Hill Publishes Q1 2012 M&A Reviews

April 25, 2012

Signal Hill is pleased to announce it has published its Q1 2012 M&A Reviews for the following sectors:

A list of all published Signal Hill M&A Sector Insights are available here.

Leave a Comment » | Enterprise Application Software, Infrastructure Software, IT Healthcare, IT Security, IT Services, Signal Hill News & Reports | Tagged: | Permalink
Posted by Signal Hill

Reflections from CISO Executive Network’s Second Annual Leadership Summit

April 23, 2012

We attended the CISO Executive Network Leadership Summit in DC last week, which attracted chief information security officers from leading organizations such as the CIA, The Ohio State University and State Street Bank. The Summit provides a good platform for CISOs to share security areas of greatest interest/concern.

Topics of high CISO focus these days include: advanced persistent threats (APTs), the bring your own device (BYOD) challenge, employee awareness (the social threat), and the future of compliance – which is moving toward focus on continuous threat and risk management.

Val Rahmani, CEO of Damballa, gave the opening keynote and highlighted that APT may be a misnomer as many so-called advanced persistent threats don’t use “advanced” technologies or methodologies but DIY kits off the web and basic techniques such as phishing. APTs become advanced when cybercriminals develop custom malware tools, utilize multiple techniques, exploit zero-day vulnerabilities, etc.  Advanced hackers deploying APTs also often follow a stealthy, “low and slow” approach; Val suggested that 35% of these threats sit on a network for months before they are discovered and 9% go undetected for years.

The discussion surrounding BYOD and its security implications were the source of heavy debate among CISOs present; issues included financial advantages/disadvantages, legal responsibilities and privacy rights. Those in attendance conceded that any cost-savings created by employees bringing their own smartphones/tablets to work are presently outweighed by the costs of providing security and support for these devices; however, BYOD is an inevitable IT transformation, and solutions that manage it will be in high demand.

Increasingly, CISOs are focusing on honing their skills to address board-level concerns regarding security. CISO roles have evolved beyond merely identifying and implementing policies and technologies to secure their organizations’ IT assets to educating executives and employees on how to effectively use these technologies and monitoring their compliance.

CISO Executive Network is the leading peer-to-peer organization for information security, privacy, and risk management executives.  It includes chapters in ten cities across the US, bringing CISOs and industry experts from top-level vendors together in intimate roundtable settings. The next events are the third Breakfast Roundtable Series of 2012, focusing on Virtualization and Cloud Computing Security – for more information on these events and the organization that arranges them, check out their website:  http://cisoexecnet.com/.

 

Leave a Comment » | IT Security | Tagged: , , , | Permalink
Posted by Signal Hill

Reflections from the 2012 RSA Conference

March 30, 2012

This year’s 21st RSA security confab, as in years past, saw a broad mix of early-to-mid stage vendors rubbing elbows with the world’s largest IT companies. There were many off-floor meetings, receptions and deal-making efforts, and the usual vendor initiative announcements. Themes of the day included: BYOD (for Bring Your Own Device/Disaster – an allusion to use of mobile devices at work); APT (Advanced Persistent Threats – super-bad malware used by rogue states and criminal rings); and Security Risk Management (tying security into the broader risk picture). Discussion keynotes ranged from big-picture (Tony Blair on the dangers of openness run amok, e.g. Wikileaks) to highly technical (the core of the conference), and even silly (what Darth Vader could have done better as the Empire’s CSO).

Walking around the floor and mingling at various receptions, we saw leading vendors from the 18 security subsectors we track all well represented. Traffic was high (perhaps not the highest we have seen over 12 years, but top 2-3) and enthusiasm was even higher. More than we have heard in recent years, exhibitors commented that they were actually signing up customers on the floor and seeing firmer business leads. Government customers were said to be much more visible than before.

What was evident from RSA is that the industry remains as vibrant as ever – probably more than ever. A primary reason for this is ‘Openness’ – pervasive collaboration online, Google-ization of IT, and mobility are eliminating computing silos and democratizing technology use, even at large enterprises. Everyone is becoming, in effect, their own IT administrator connectable to everything. All this has created a bonanza for vendors that secure privacy, manage access and protect digital assets. Our 2012 IT Security M&A report highlights growth in M&A momentum over the past year as big vendors (and PE firms) stock up on ‘openness enablers’ offering the greatest traction and most promising security technology.

While cloud, big data and interconnectedness are great positives, most news headlines mentioning IT security do so in the context of bad news. Recent surveys highlight a continuing rise in security vulnerabilities and breaches, confirmed by reports of major breaches – such as of Playstation, TJMaxx, U.S. DoD, and even RSA itself – and the list seems endless. A March 27 article in the WSJ (“U.S. Outgunned in Hacker War”) sums it up well, quoting the FBI’s assessment that “we’re not winning,” and that current security efforts are “unsustainable.” We believe the two-sided coin of positive advances in computing and rising security losses will fuel accelerated sector spending, investment and M&A this year and well beyond.

Discussions with exhibitors at RSA also highlighted the growing integration of security with other technology areas, including infrastructure management (notably cloud), business intelligence and applications. Vendors in all layers of the traditional IT stack are incorporating security as a key ingredient, and consequently, we are seeing more non-security vendors on the RSA floor offering security solutions, and we expect more to become acquirers.

If one were to sum up the lessons of RSA in a sentence, it would be that, “As technology becomes simpler, security becomes harder,” which suits the industry’s vendors just fine.

- Don More, Managing Director

Leave a Comment » | IT Security | Tagged: , , , , | Permalink
Posted by Signal Hill

PE Buyers in IT Remain Strong Despite Overall Market

March 26, 2012

A WSJ Deal Journal article recently noted that buyouts by PE firms have dipped so far in 2012 they are on pace to make up barely 40% of the deal values witnessed in 2011 and 2010. For the information technology sector, however, Signal Hill’s data shows that private equity buyers have contributed the highest total enterprise value for a Q1 period since before the recession.  And that’s with one week of the quarter left to go.

Year-to-date in 2012, PE buyers closed 15 transactions – flat compared to 2011 and well above the seven deals announced in Q1 2009. These 15 most recent transactions account for nearly $4.4 billion in enterprise value, the highest level since 2007. A handful of large deals this year account for the increase, such as CPA Global’s $1.4 billion acquisition by Cinven; Transunion’s $1 billion acquisition by Advent International and GS Capital Partners; as well as Quest Software’s $1.9 billion acquisition by Insight Venture Partners earlier this month. These stats do not include add-on acquisitions by PE-owned companies, a sector of the market which remains highly active.

The Deal Journal article notes that the slowdown in overall buyouts is a surprise because “private-equity investors have a multitude of reasons to whip out their checkbooks for new purchases.” That is indeed the case within the IT sector. With public equity markets on a tear (the NASDAQ Composite is up over 19% already for the year), PE firms have been more willing to spend heartily to acquire healthy, growing companies. We recently wrote about Quest Software’s acquisition, where Insight offered a 14.4% premium over the 30-day trading price and, according to recent SEC filings, a valuation of 2.2x trailing revenues and 13.1x EBITDA. Cinven noted that its acquisition of CPA Global (a global provider of intellectual property (IP) management services and software) was driven by defensive qualities and attractive growth prospects, not to mention exceptional financial performance and cash flow.

As Q1 winds to a close and the overall markets continue to rebound, we expect to see financial buyers plow even more money into the IT sector. As the Deal Journal says, there usually is a lagging correlation between firming financial markets and Monday morning deal announcements.

IT Transactions with PE Buyers, 2007-2012

IT PE Deals For Q1, 2007-2012

*Q1 2012 as of March 23.

Leave a Comment » | Communications Technology, Enterprise Application Software, Financial Technology, Infrastructure Software, Internet, IT Healthcare, IT Security, IT Services, Signal Hill News & Reports, Uncategorized | Tagged: , , , , | Permalink
Posted by Signal Hill

Deal Focus: Dell acquires SonicWall

March 15, 2012

Dell announced this week that it plans to acquire security vendor SonicWall, a provider of unified threat management (UTM) solutions. While deal size was not disclosed, the transaction is estimated to be valued at around $1.2 billion and about 4.6x trailing revenue — well above the $717 million and 2.4x revenue that private equity owner Thoma Bravo paid for the company two years ago. This transaction is a testament to the rebound in the market and supports our observations that strategics have tremendous appetite for security assets.

Founded in 1991, SonicWall has 300,000 customers in 50 countries, 950 employees and a channel program with 15,000 retailers, which Dell plans to integrate into its own PartnerDirect program. SonicWall has over 130 patent apps, with 64 issued to date, which also adds value to the transaction. The acquisition will help Dell round out its security solutions portfolio with the addition of SonicWall’s firewalls, network security and data protection solutions. Dell’s security portfolio is already quite robust with its SecureWorks security services – which it acquired in January 2011 for $615 million and 5.1x revenue – as well as various other cloud security, data encryption, vulnerability and patch management solutions. UTM also complements SecureWorks by creating an opportunity to remotely manage on-presence SonicWall devices, a hybrid cloud-product converged approach which we believe is where security is heading.

The SonicWall transaction continues consolidation of the UTM market.  Last year UK-based security software maker Sophos acquired Astaro, a provider of network security solutions for $170 million and 3.8x trailing revenue. Research from Gartner suggests UTM will continue to grow faster than many other security markets; worldwide revenue for the UTM market totaled approximately $1.28 billion in 2011 and is estimated to grow at approximately 15% CAGR through 2017.

SonicWall represents the latest in a string of purchases by Dell in an effort to expand beyond personal computers to grow its product lineup, as well as its potential profit margins by being a one-stop-shop for customers. The deal also highlights the growing role of PE firms in the security M&A landscape. Over the last year Thoma Bravo acquired Blue Coat Systems ($916 million) and Tripwire ($225 million), while  other firms acquired companies including Clearswift ($46 million), Persistent Sentinel and Aladdin Knowledge Systems.

Leave a Comment » | Deal Focus, IT Security | Tagged: , , , , | Permalink
Posted by Signal Hill

Deal Focus: Juniper Networks Acquires Mykonos Software

March 2, 2012

Juniper Networks, a networking equipment provider, announced last week that it acquired Mykonos Software, a San Francisco-based provider of intrusion deception systems that protect Web sites and Web applications. Juniper paid approximately $80 million for the company, a valuation well above the median deal size the IT Security sector has witnessed over the past year (see our upcoming IT Security Sector Update). According to SEC filings, Mykonos earned less than $1 million in revenue last year, making this a very highly valued deal in any regard.

Mykonos’ technology is designed to secure websites and web applications from advanced hacker attacks. The software employs “deception-based technology” that uses a trap to detect and divert attacks. It also provides device-level tracking beyond the IP address, which allows for attackers to be uniquely identified, monitored and/or blocked – a clear benefit over traditional web security appliances and Web Application Firewalls (WAFs).

The acquisition not only complements Juniper’s existing security offerings, such as firewalls and protective systems for a corporate network, but allows Juniper the ability to provide both its enterprise and service provider customers with a new tool to detect an attack before it is in progress. Juniper will be able to sell the technology as both a standalone and as an integrated solution, allowing customers the benefit of a proactive security approach that stops hackers in real time.

This is not Juniper’s first IT security purchase, let alone its first transaction with an extremely high multiple. In 2010, Juniper paid $70 million for SMobile, a provider of security software for smartphones and tablets; a few months later, the company paid $95 million to acquire Altor, a virtualization security company. At the time of the acquisitions, both SMobile and Altor were reporting less than $5 million in sales, according to data from the 451 Group. These transactions demonstrate Juniper’s strategic shift to higher software content and offerings and the fact that they are not afraid to pay big for coveted assets. Our discussions with Juniper at RSA suggest further acquisitions down the road as the company builds out its mobile (Pulse) and cloud security and management vision.

- Patrick Chang, Associate

Leave a Comment » | Deal Focus, IT Security | Permalink
Posted by Signal Hill

Signal Hill Publishes Q4 2011 M&A Reviews

February 21, 2012

Signal Hill is has published Q4 2011 M&A Reviews for the following sectors:

Click the links above to access a PDF of the Q4 2011 M&A Review for each sector or view them all in PDF form here.  A list of all published Signal Hill M&A Sector Insights are available here.

Leave a Comment » | Communications Technology, Enterprise Application Software, Financial Technology, Infrastructure Software, IT Healthcare, IT Security, IT Services, Signal Hill News & Reports | Tagged: | Permalink
Posted by Signal Hill

Deal Focus: Twitter Acquires Dasient

January 27, 2012

Twitter announced this week that it acquired Dasient, an Internet security start-up focusing on anti-malware for large enterprises in the financial services, media, and online sectors. Dasient’s scanning software helps businesses identify and contain malware on the Web and is touted as an anti-malvertising service, which claims to protect advertising networks and publishers from malware. Deal value was not disclosed.

We wrote last summer about the increased focus on social media security and venture investments in the space. Since then, there have been four acquisitions of social media security vendors (including Dasient): Whisper Systems/Twitter, Unsubscribe.com/TrustedID and Garlik/Experian. These deals represent the first M&A activity Signal Hill has tracked in the area.

Dasient’s acquisition will allow Twitter to provide anti-malware technology to its ever-growing, real-time information network. Dasient’s technology will become part of Twitter’s revenue engineering team, which suggests its will most likely be used to identify malicious ads submitted through the company’s self-serve ad platform, Twitter’s latest attempt at increasing monetization. Three-year-old Dasient, which was founded by ex-Googlers, had raised $2 million in investments from Google Ventures, Floodgate and Radar Partners.

Twitter has had a number of issues over the years with scams and spam, and recently fell victim to a number of high-profile account hacks, including Fox News and Lady Gaga, and has been bulking up on its security offerings. In November, Twitter also acquired Whisper Systems, a provider of enterprise-grade security on Android devices. Its products included WhisperCore, a system which integrates with the underlying Android OS to protect everything on the phone, as well as TextSecure, which allows for secure texting by storing them in an encrypted database on your phone and the ability for encryption during transmission.

With the Dasient acquisition leading the way, we expect social security deal activity will accelerate this year as more social media leaders grow and ultimately decide to go public.

Leave a Comment » | IT Security | Tagged: , , , | Permalink
Posted by Signal Hill

Israel IT M&A Activity Steadily Rising

January 20, 2012

Israel is increasingly becoming a hot bed of IT M&A activity. Already this year, Apple officially announced it made its first acquisition in the country – flash memory developer Anobit. Acquisitions of Israeli IT companies have increased substantially every year since 2009, with 2011 boasting 23 transactions valued at over $930 million, according to Signal Hill data (not including semiconductor transactions).

The largest acquisitions of Israel-based companies in 2011 included Intel’s acquisition of Telmap for $325 million and 9.8x revenue; Citi Venture Capital’s $341 million acquisition of Ness Technologies; and VMware’s $100 million acquisition of Shavlik Technologies. These transactions are spread across the gamut of IT sectors as well – which means the country provides an opportunity for nearly every company looking to expand.

IT M&A Transactions with Israel-based Targets

israel IT M&A deals

M&A in Israeli IT dates back to the late 1990’s, when AOL paid $407 million to acquire instant messaging computer program ICQ (which was later acquired by DST in 2010 for $187.5 million). AOL came back to the country nearly 10 years later in 2007 to acquire Google AdWords competitor Quigo for $300 million – which at the time was expected to open the door for acquisitions in the country. Since then, M&A in the IT sector has taken off.

Apple’s latest purchase is not only a big deal because it is the company’s first foray into the country – but it highlights venture firm Pitango, which backed Anobit. Pitango is actually one of the few Israeli private equity firms to spread to U.S. – it has an established Silicon Valley office and regularly invests in U.S. companies. Signal Hill has been active with Israel-based companies as well: last year, Signal Hill security client iJet was acquired by 3iMind, which has a significant presence in Israel, while earlier this year, we announced a strategic investment in risk management solutions provider EXZAC by Israel-based Matrix.

Israel, with a population of 7.7 million, has about 60 companies traded on the NASDAQ, the most of any nation outside North America after China, according to Bloomberg. Israel is also home to the largest number of startups per capita in the world. Many big U.S. private equity and venture firms have set up shop in Israel, including Apax Partners, Landmark Ventures and Bessemer Venture, while large IT firms such as Intel, HP and Microsoft all have established operations in the country as well. The Israeli economy is relatively strong with A+ credit rating, which was upgraded in September, making investments in the area an easy choice. The Israeli tech community is also building ties to Europe and India more, not just the U.S. which means robust M&A activity will no doubt continue well over the next several years.

Leave a Comment » | Enterprise Application Software, Financial Technology, Infrastructure Software, Internet, IT Security | Tagged: , , , | Permalink
Posted by Signal Hill

« Previous Entries
Follow

Get every new post delivered to your Inbox.

Join 55 other followers

%d bloggers like this: