How many former Fortify Software employees does AlienVault need to execute its future plans? Apparently one more than it had – the company has announced the addition of former Fortify Software CEO John Jack to its board of directors. Jack has over 30 years of experience in sales, executive management and open source software with companies like Sybase; Vantive (later acquired by PeopleSoft); Covalent Technologies (later acquired by VMware); and, most recently, Fortify Software, which was acquired by HP in August 2010 for what is believed to be somewhere in the neighborhood of $275m.
Building on the launch of its mobile device management (MDM) service in early 2011, Sophos has acquired the company behind this product, DIALOGS Software. The endpoint vendor says it has been very happy with its MDM offering, and wants to bring DIALOGS into the fold to help expand its offerings around enterprise mobility. First on the list is the addition of a secure container to support the distribution of documents across mobile devices, which will be launched later this spring.
The general consensus among our clients is that any security software vendor that fills a hole in the acquirer’s portfolio, is highly malleable and is likely generating less than $50m in revenue, is a potential target for acquisition. Some organizations that have previously bought systems integration or consulting companies, however, might also place quite a bit of importance on the follow-on revenue-generation potential for their respective services arms.
As we noted in our ‘2011 M&A Outlook – Security and networks‘ (451 Research subscription required), federal cybersecurity and critical infrastructure mandates are pushing compensating controls requirements down to enterprise vendors in the hopes that at least a few will step up to fill in the situational awareness gaps that exist. Little has changed since that prediction. With the huge global focus on cybersecurity continuing to drive defense contractors and systems integrators like SAIC, CSC, L-3 Communications, Boeing, Lockheed Martin, General Dynamics, Northrop Grumman, Booz Allen Hamilton, Raytheon, EADS, BAE Systems and Ultra Electronics Holdings beyond traditional consulting engagements, enterprise security software providers could be seen as a valuable piece of a larger cybersecurity portfolio.
Previous M&A activity
ManTech International made some medium-sized deals over the past few years, including the acquisition of Worldwide Information Network Systems in October 2011 for $90m and the takeout of HBGary in February for an undisclosed amount. We’re fairly certain, however, that ManTech is only beginning to ramp up its M&A strategy – what with the $500m secured credit facility the company closed last October to help with its organic and inorganic growth in the security software space.
Raytheon has inked a handful of acquisitions in the name of cybersecurity, including the purchases of software anti-tamper vendor Pikewerks in December 2011, thin-client-focused secure network access, anti-malware and cross-domain interoperability software firm Trusted Computer Solutions in November 2010, and anti-data-leakage software provider Oakley Networks in September 2007. Boeing also made moves with the pickups of data management software vendor Solutions Made Simple in July 2011, network traffic-monitoring software firm Narus in July 2010 and secure data transfer systems provider eXMeritus in June 2009.
Ultra Electronics Holdings announced two back-to-back acquisitions on December 5, 2011, reaching for security-monitoring company Special Operations Technology and software portfolio company Zu Industries. The company also bought secure application access control, SSL VPN and encryption key management appliance vendor AEP Networks in September 2011 and wireless-networking systems provider 3e Technologies International in January 2011.
Other notable transactions in the space include NetScout’s acquisition of data reconstruction and forensic analysis software vendor FoxReplay in September 2011, Harris Corp’s purchase of application-whitelisting firm SignaCert in May 2010, SAIC’s takeout of CloudShield Technologies in January 2010, QinetiQ’s pickup of online anti-phishing, anti-fraud, corporate compliance and identity theft and corporate brand protection provider Cyveillance in May 2009, and EMC’s reach for DPI vendor NetWitness in April 2011. Although EMC is not known as a major defense player when placed alongside some of the other companies we’ve mentioned, buying NetWitness does open some interesting doors into defense and intelligence organizations that did not previously exist.