The general consensus among our clients is that any security software vendor that fills a hole in the acquirer’s portfolio, is highly malleable and is likely generating less than $50m in revenue, is a potential target for acquisition. Some organizations that have previously bought systems integration or consulting companies, however, might also place quite a bit of importance on the follow-on revenue-generation potential for their respective services arms.
As we noted in our ‘2011 M&A Outlook – Security and networks‘ (451 Research subscription required), federal cybersecurity and critical infrastructure mandates are pushing compensating controls requirements down to enterprise vendors in the hopes that at least a few will step up to fill in the situational awareness gaps that exist. Little has changed since that prediction. With the huge global focus on cybersecurity continuing to drive defense contractors and systems integrators like SAIC, CSC, L-3 Communications, Boeing, Lockheed Martin, General Dynamics, Northrop Grumman, Booz Allen Hamilton, Raytheon, EADS, BAE Systems and Ultra Electronics Holdings beyond traditional consulting engagements, enterprise security software providers could be seen as a valuable piece of a larger cybersecurity portfolio.
Previous M&A activity
ManTech International made some medium-sized deals over the past few years, including the acquisition of Worldwide Information Network Systems in October 2011 for $90m and the takeout of HBGary in February for an undisclosed amount. We’re fairly certain, however, that ManTech is only beginning to ramp up its M&A strategy – what with the $500m secured credit facility the company closed last October to help with its organic and inorganic growth in the security software space.
Raytheon has inked a handful of acquisitions in the name of cybersecurity, including the purchases of software anti-tamper vendor Pikewerks in December 2011, thin-client-focused secure network access, anti-malware and cross-domain interoperability software firm Trusted Computer Solutions in November 2010, and anti-data-leakage software provider Oakley Networks in September 2007. Boeing also made moves with the pickups of data management software vendor Solutions Made Simple in July 2011, network traffic-monitoring software firm Narus in July 2010 and secure data transfer systems provider eXMeritus in June 2009.
Ultra Electronics Holdings announced two back-to-back acquisitions on December 5, 2011, reaching for security-monitoring company Special Operations Technology and software portfolio company Zu Industries. The company also bought secure application access control, SSL VPN and encryption key management appliance vendor AEP Networks in September 2011 and wireless-networking systems provider 3e Technologies International in January 2011.
Other notable transactions in the space include NetScout’s acquisition of data reconstruction and forensic analysis software vendor FoxReplay in September 2011, Harris Corp’s purchase of application-whitelisting firm SignaCert in May 2010, SAIC’s takeout of CloudShield Technologies in January 2010, QinetiQ’s pickup of online anti-phishing, anti-fraud, corporate compliance and identity theft and corporate brand protection provider Cyveillance in May 2009, and EMC’s reach for DPI vendor NetWitness in April 2011. Although EMC is not known as a major defense player when placed alongside some of the other companies we’ve mentioned, buying NetWitness does open some interesting doors into defense and intelligence organizations that did not previously exist.