For those of you not familiar with IronPort Systems, it is a messaging-security vendor based in the Bay Area that has attracted approximately $105 million in venture-capital financing since June, 2002.
That’s a lot of money, and with it came great expectations. The VCs that poured money into IronPort looked forward to big things from their investment vehicle. The company was targeting a hot market, initially spam prevention but now extending to the whole array of malware that can infect computer networks and afflict the performance and productivity of enterprises and service providers.
Starting out with network appliances that addressed email security, IronPort since has expanded its product portfolio to include appliances that protect the integrity of web communications. It also has reputation-based networks that provide continual updates to its systems at customer installations, providing ongoing data regarding the trustworthiness of messages from specific blocks of IP addresses.
IronPort emerged as a market leader in email-security appliances, battling fiercely with CipherTrust and other startup companies attempting to lay claim to the space. Unfortunately, though, the big boys began taking notice of the problem of email security. That could have been a positive development, at least for the investors in IronPort, if the big players had determined that they had to own a market-leading email-security vendor and they were willing to part with big bucks for the privilege.
But that’s not what they decided to do. Symantec, Microsoft, McAfee, Cisco Systems, and Juniper Networks all looked carefully at the market and came to different conclusions, but none of them thought that acquiring IronPort, which would make itself available only at an exorbitant price, was an option worth pursuing.
In a couple instances — Cisco and Systems and Juniper Networks — decisions were made not to acquire anybody in the messaging-security space; the business models just weren’t thought to be right, the revenues not large enough, and the margins unsustainable. Symantec pursued other acquisitions in adjacent areas, buying private anti-spam software company Brightmail, run by a former Symantec alumnus, and spam-router startup TurnTide. Microsoft did likewise, buying up several security companies, including email-security services firm FrontBridge Technologies, content-filtering specialist Sybari Software, and Romanian anti-virus company GeCAD Software.
McAfee focused its acquisitions on other areas, choosing to address the messaging-security market with homegrown offerings.
Then, earlier this month, Secure Computing acquired CipherTrust, IronPort’s longtime nemesis in email security. The nominal acquisition price was just under $274 million, but the closing price might be considerably less than that because it was a cash-and-stock deal, and Secure Computing’s stock has taken a hammering, for a variety of reasons, since the deal was announced.
Secure Computing is not exactly a top-tier security vendor, and it’s telling that CipherTrust couldn’t attract a buyer with a bigger name at a higher price. Regardless, you can be sure that CipherTrust’s acquisition didn’t set off rejoicing in the IronPort executive suites, though the company’s marketing department put the best possible spin on developments.
The fact is, IronPort is stuck between a rock and a hard place. It would like to have an IPO, but the CipherTrust deal has forced it to retreat, at least temporarily, from that plan. Meanwhile, it’s extremely unlikely that IronPort will be acquired, certainly not for the sort of price — $800 million or more — that its executives and backers are said to think the company is worth. The price at which CipherTrust sold to Secure Computing set a benchmark, and it’s one that doesn’t provide IronPort with anything like the valuation it thinks is warranted.
Either IronPort goes public now, accepting a lower valuation in the bargain, or it finds a buyer — though it isn’t obvious who that might be — and sells itself off at a sharply discounted price.
There is a third option, though, one that, under the unfavorable circumstances, might more acceptable to IronPort’s executive team and to its investors. The company could accept another round of financing to fill out its product portfolio and modify its strategic mandate — to reinvent itself as something other than the company that competed against CipherTrust. My guess is that this process already is underway.