Category Archives: Check Point

Thoma Bravo Sees Promise in SonicWALL’s UTM Plans

A reader asked me to comment on the acquisition of SonicWALL, so that’s what I’ll do now. Yes, I sometimes take requests, just like a washed-up lounge lizard.

The announced transaction has been well documented in the business and trade press. An investor group led by private-equity firm Thoma Bravo, and comprising the Ontario Teachers’ Pension Plan, will acquire SonicWALL in a deal worth approximately $717 million. SonicWALL shareholders will receive $11.50 per share in cash, a 28-percent premium over Wednesday’s close.

The deal already is being challenged by law firms alleging that SonicWALL and its board of directors breached fiduciary duties by agreeing to the proposal before diligently seeking an offer that would have provided better value to shareholders.

I don’t want to step into that fray, because it’s an inherently subjective debate based on market estimates from analysts who might or might not have applied accurate assumptions, methodologies, and statistical models. I have no idea how some analysts arrive at their forecasts — some perform thorough channel checks and build intricate spreadsheets, while others perform Santeria rituals with live chickens on neighborhood baseball diamonds under the cover of darkness.

I think you take my point. That said, I will note that the premium offered looks at least superficially attractive. What’s more, the fevered response to it from the wealth-redistribution agents of the legal profession tells you that SonicWALL is an asset that is not bereft of hope and promise.

Indeed, SonicWALL is a strong UTM-firewall and point-product security vendor in the SMB/SME space and across a number of vertical markets, including government, education, and healthcare. The company has built a strong channel presence, and its channel partners generally have a favorable view of the company.

In its latest quarter, just before this acquisition hit, its results did not suggest obvious signs of distress. You can do the math and employ your multiples based on those numbers, but this deal is about what the buyers think the company is worth going forward, not on what the company has done historically. My point regarding the recent financial results, though, is that SonicWALL’s wheels were not falling off.

SonicWALL faces a lot of competition in an Internet-security market that is consolidating on multiple fronts. Security functionality is consolidating, as evidenced by jack-of-all-trades UTM boxes from the likes of Fortinet and SonicWALL; and the market is consolidating, too. Bigger vendors are buying point-product purveyors in attempts to become one-stop shops for the security needs of SMEs and large enterprises alike.

That’s why SonicWALL’s management chose to do this deal. Thoma Bravo not only brings money to the table, but also a potentially coherent plan as to how SonicWALL fits into its existing stable of Internet-security and infrastructure companies. In previous transactions, Thoma Bravo has acquired security-management firm Attachmate, application and database-tool vendor Embarcadero Technologies, and authentication vendor Entrust. Conceivably, SonicWALL will benefit from access to this technology ecosystem and to its sales channels.

Meanwhile, Thoma Bravo saw considerable growth potential in SonicWALL. The vendor holds its own in the SSL VPN market, where it has about a 20-percent share, but the real promise is in UTM, which really is the next-generation firewall.

According to Frost & Sullivan, the UTM market was worth nearly $2 billion in 2009. The market-research firm expects UTM growth to increase through 2010 and 2011 before moderating in subsequent years.  Nonetheless, if the market researchers are right, the UTM space will reach revenues of $7 billion in 2016. With SMEs and distributed enterprises expected to account for the vast majority of those sales, SonicWALL is well placed to benefit.

This is where we have to come back to the competition, though. The company faces not only Fortinet, which rode to an IPO on its UTM exploits, but also Internet-security heavyweights such as Cisco, Juniper, and, to a lesser extent, Check Point.

One factor that could work in SonicWALL’s favor is that Cisco doesn’t seem as focused on Internet security as it has been. Not only has Cisco suffered from component shortages that deferred and cut into sales of its ASA boxes, but the Internet-gear colossus seems distracted by shinier, glossier market opportunities. Cisco also is less focused on serving SMEs than on catering to its large-enterprise and service-provider customers.

Looking ahead to the changing security demands occasioned by increasing virtualization and the adoption of cloud computing, SonicWALL is developing a new security God-box architecture under an Austin Powers-like moniker, Project SuperMassive. The company describes it as a “next-generation security platform and technology capable of detecting and controlling applications, preventing intrusions, and blocking malware at up to 40 Gbps without introducing latency to the network.”

According to SonicWALL, Project SuperMassive will implement a patented Reassembly-Free Deep Packet Inspection (RFDPI) engine to “provide increased insight into inbound and outbound network content without compromising security or performance.” SonicWALL says its new technology will intercept network threats that come from “anywhere and everywhere” and “scan everything.”

It all seems impressive, but the proof is in the pudding, or — in this case — the UTM. However it turns out, Thoma Bravo is buying a company with no shortage of technological vision.

As a postscript to this note, I will say that HP bears watching in the space. It’s possible, though by no means certain, that HP will acquire a vendor such as Fortinet to fill a gap in its HP Networking security portfolio.

Advertisements

Cisco’s Flat Security Business

In my post earlier today on Cisco’s latest quarterly results, I mentioned in passing — one line, really — that Cisco’s security revenue was flat.

Jon Oltsik, a principal analyst at Enterprise Strategy Group, expounds on Cisco’s inability to boost its security revenue.

He mentions that other vendors — Check Point, Juniper, Symantec, and McAfee — are growing their Internet-security businesses. Explaining the discrepancy, Oltsik suggests that Cisco has taken its eye off the security ball, diverted and distracted by other priorities.

Security was one of the advanced technologies Cisco targeted for sustained growth. It’s entirely possible, as Oltsik suggests, that Cisco’s security-related quarterly results are lagging because of benign neglect and diffusion of strategic focus.

I know Cisco hasn’t given up on security, which is integral to the availability and integrity of its customers’ communications and operations. What’s more, Cisco is extending its security portfolio into new areas, such as smart grids. Nonetheless, Oltsik is correct in noting that other security vendors have outperformed Cisco recently.

We’ll have to see how the networking giant responds.

IBM Reportedly Acquires Guardium for $225 Million

Although I have yet to see a formal announcement from IBM, reports suggest that Big Blue is in the process of acquiring database-security vendor Guardium for approximately $225 million.

Founded as Defendo in Israel in 2002, Guardium moved to the Boston area in 2003. It has been headquartered there ever since. Most of the company’s development apparently is done in the Boston suburb of Waltham, but some is done in Israel. The company was spun off as a subsidiary of Log-On, founded by Amnon Keinan and Lior Tal, who has since left the company. Keinan was formerly a vice president at Amdocs, according to a Haaretz report.

About $21 million has been invested in the company since it was established. Investors include Ascent, Cedar Fund, StageOne Ventures and Veritas Venture Partners, as well as strategic investor Cisco Systems.

Guadium’s flagship product is SQL-Guard, which provides database security assessment, access policy control and enforcement, as well as auditing and regulatory compliance. Guardium’s products provide secure access to enterprise data, including databases from IBM, Oracle, Microsoft and others.

Haaretz notes that companies in the same space include Imperva and Sentrigo. Those two vendors, like Guardium, were launched in Israel, which has an exceptionally strong history in data-security technologies. Probably Israel’s best-known Internet-security company is Check Point Software, a firewall pioneer that has grown into an enterprise-security leader with an extensive portfolio of perimeter and endpoint products.

Guardium has about 60 employees. IBM’s acquisition of the company was reported initially by Israeli financial newspaper TheMarker, then covered by Reuters, Haaretz, and others.

Overview of Fortinet IPO

Proffering advice on whether others ought to buy into a company on its first day of public trading always is a tricky business. At any given moment, one has only limited visibility into the company’s prospects, the industry to which it belongs, and the health of the overall market. Things change — often with alarming speed.

It goes without saying that plenty of caveats, provisions, and reservations attend any recommendation. Still, I feel good about the immediate prospects of Fortinet, the unified threat management (ATM) security-appliance vendor that begins trading today under the “FTNT” symbol.

I don’t know whether the company will be successful in the longer-term against larger competitors such as Cisco, Juniper, and now HP (through its 3Com acquisition) as it attempts to take a bigger share of the high-end enterprise and service-provider market segments, but in the near term, it seems like an investment that can deliver some pop.

Fortinet makes appliances that integrate several security capabilities into a single box. Any customer that buys from Fortinet gets a security appliance that providse anti-spam, antivirus, firewall, VPN, IPS, and web filtering all in a single system. For the Fortinet customer, the value proposition is that a single appliance can deliver the security functionality of multiple point products, leading to savings in product-related security costs and in the ongoing management of devices and vendor relationships.

That said, the strength of a UTM appliance also is its weakness. I would not say that Fortinet is a jack of all trades and a master of none, but I would contend that many large enterprises might be inclined to select a best-of-breed application-security appliance over a broad-based UTM box.

As of now, according to information provided in the Fortinet prospectus, the company’s product sales are evenly divided between its low-end, midrange, and high-end models, with each product class accounting for about a third of sales. A perception lingers that UTM solutions sell mainly to small and midrange companies, and not to larger enterprises, and Fortinet cites that perception as a risk in its prospectus, particularly in light of its desire to get more business from high-end enterprise, government, and service-provider customers.

Unlike Cisco, Fortinent doesn’t have much in the way of a direct sales force. Its sales are made through its channel partners, comprising distributors, resellers, and some specialized integrators. That strategy covers a lot of ground and helps defray cost of sales, but it can also be a weakness in some large accounts.

Another potential weakness for Fortint is its reliance of open-source software for various facets of its security functionality. Fortinet argues that its “secret sauce,” if you will, is its FortiASIC hardware, which is optimized for accelerated processing of security and networking tasks. It also has its underlying FortiOS, an operating system that provides a foundation for application-security functionality.

Above those two technological cornerstones, however, one will find open-source software that Fortinet has licensed to provide disparate security functionality. With such code in play, there always is a danger, as Fortinet’s history attests, of patent-related litigation. Fortinet has been down that litigious road before, and it readily concedes that further courtroom drama could ensue.

Fortinet has has a lot of R&D in China, as well as in Canada (Vancouver), and in the USA. The China-based R&D will provide it with cost advantages over many competitors.

In the second quarter of 2009, market-researcher IDC said Fortinet had about 15.4 percent of the worldwide UTM market. According to IDC projections, the market will grow from $1.3 billion in 2007 to $3.5 billion in 2012, representing a compounded annual growth rate (CAGR) of 22.3 percent. In its prospectus, Fortinet said it has shipped more than 475,000 appliances to more than 5,000 channel partners and 75,000 customers worldwide — including more than 50 customers in the Fortune Global 100 — during the first nine months of 2009.

Regarding that latter point, my observation is that Fortinet would like deeper penetration in those high-end Fortune 500 accounts. Although it has cracked Fortune 500 companies, Fortinet’s account presence often is at a small number of branch offices rather than throughout the organizations. As much as it resists the notion, Fortinet probably would reluctantly concede that UTM products traditionally have enjoyed more success in SME accounts than in high-end enterprises.

Fortinet reported revenue of $123.5 million, $155.4 million, and $211.8 million for its fiscal years 2006, 2007, and 2008, respectively. It says it had revenue of $152.7 million and $181.4 million in the first nine months of fiscal 2008 and 2009, respectively. I regard as a strength the geographical diversification of Fortinet’s revenue mix. In first nine months of fiscal 2009, 37 percent of total revenue came from the Americas, 37 percent from Europe, and 26 percent from APAC. Since 2006, more than 60 percent of Fortinet’s revenue has been derived from outside the Americas.

For its size, the company has accrued a respectable amount of cash. Fortinet has generated positive cash flow from operations since 2005. Operational cash flow has grown from $3.4 million in fiscal 2005 to $37.7 million in fiscal 2008. During the first nine months of fiscal 2009, the company saw positive cash flow from operations of $45.8 million.

With the company’s revenue coming from product sales as well as from subscription-based services, the latter have provided a significant and growing source of recurring, high-margin revenue. That’s all good. As long as new customers are brought into the fold, subscription-based revenue will continue to proliferate and Fortinet will continue to generate meaningful operational cash flow.

Given the cash it is spinning and the proceeds it will derive from today’s IPO, Fortinet should be reasonably well placed to fortify itself, through acquisitions or other means. Although some factors are beyond its control, it is positioning itself strongly for the competitive struggles ahead.

The company has a good, battle-hardened management team. It’s a balanced group, with business and technological acumen. Fortinet also has been through some trials and tribulations. This isn’t a group of neophytes. The company has met adversity and endured.

Nothing lasts forever and nothing is a sure thing, but Fortinet comes into its IPO in good health, and with the near-term prospect of trading above its opening price range of $9 to $11 per share.

It now will sell 12.5 million shares instead of the originally planned 12 million shares.

eWeek Would Like to See Security Acquisitions

eWeek has compiled a slide-show list of security acquisitions it would like to see happen.

The list, according to eWeek, was assembled without regard to acquisition rumors, Instead, eWeek put together the list on the basis of product portfolios and competitive positioning.

All the scenarios eWeek puts forward are plausible, and you’ll notice that one — an HP acquisition of McAfee — has been and remains a focus of rumors and speculation.

Cisco and IBM Among Companies Accused of Infringing Network-Security Patent

In a case filed in May but that apparently got underway recently in a Delaware courtroom, several major vendors — Cisco, IBM, Check Point Software, 3Com, Nokia, Fortinet, SonicWall, and Sourcefire – have been accused of violating a network-security patent originally granted to Peter Shipley in 2000.

Shipley has transferred the disputed patent to Enhanced Security Research LLC, a company that he appears to own and which serves as the plaintiff. Not surprisingly, the plaintiff is seeking compensation in the form of damages.

The allegedly breached patent, for an Intelligent Network Security Device and Method (INSD), can be found at the US Patent Patent and Trademark Office (USPTO) database along with a related patent filed by Shipley.

Shipley has a LinkedIn profile and a website. He’s also involved in another patent imbroglio with Juniper Networks.

In the case against the slew of vendors mentioned above, a story at TG Daily refers to the allegedly patent-offending products sold by the defendants:

The filing mentions a number of products that are alleged to breach the patent, including the Cisco Catalyst 6500 Series Switch, 7600 Series Routers, and others; IBM’s Network Security Appliances; Check Point’s network security appliances and software; SonicWall products; 3Com’s Intrusion Prevention Systems; Nokia’s IP Security Platforms; and a series of Fortinet and Sourcefire products.

Sourcefire Precedent Suggests Bain’s 3Com Acquisition Doomed

Yes, I misread the situation. I admit it.

When Bain Capital first made public its move to acquire 3Com, I didn’t realize that Huawei Technologies’ minority stake in the deal might cause the transaction to be denied by the US government.

Yes, Huawei was and is China’s leading network-equipment vendor, with significant ties to the Chinese military. Yes, Huawei was a company charged with alleged acts of corporate espionage and intellectual-property theft against Cisco Systems and others. But Huawei was a minor player in the player in the 3Com acquisition, at arm’s length to the transaction, along for the ride at Bain’s insistence so that 3Com would continue to have market leverage and political clout in the fast-growing Chinese marketplace.

Besides, what did spent old 3Com possess that could possibly be considered of strategic national security to the United States of America? Commodity switches and routers? No, that’s not it. Maybe 3Com’s intrusion-prevention subsidiary, Austin, Texas-based TippingPoint, which was to be spun off in an IPO until the Bain acquisition was announced?

Yes, that was a possibility, if only because TippingPoint’s customers include the Pentagon and other US government departments, and because it is plausible that Huawei, as a minority owner of 3Com, could somehow discern how TippingPoint’s security technology works and use that knowledge as means of eavesdropping on or hacking into customers’ networks.

That scenario seemed a longshot to me. After all, Huawei and 3Com already had a joint venture that might have allowed the former to learn everything it needed to know about 3Com’s and TippingPoint’s products previously. What’s more, couldn’t preventive measures be put in place, either technologically or legislatively, to preclude Huawei from taking nefarious advantage of its presumptive link to TippingPoint? Probably so.

If you cast your mind back, however, you realize there’s a precedent for the US government dissuading, if not formally rejecting, a takeover by a foreign company of a US-based intrusion-prevention vendor.

It involved Israel-based Check Point Software Technologies and its ultimately unsuccessful $225-million bid for Sourcefire, Inc. in 2006. Many of Check Point’s senior executives and technologists served in the Israeli Defense Forces and retained close ties to the Israeli government. Sourcefire, like TippingPoint, had customers in the US federal government.

About a week before the Committee on Foreign Investment in the United States (CFIUS) was to hand down its decision on whether the Check Point acquisition of Sourcefire would be formally approved, Check Point withdrew its offer, evidently after learning that the takeover was about to be blocked on national-security grounds.

There are differences between the Sourcefire situation and the 3Com case. Check Point would have been the sole acquirer of Sourcefire, for instance. In addition, Sourcefire was an open-source provider of intrusion-prevention software, and its acquisition could have had far-reaching consequences if Check Point were to subsequently decide to take the security code proprietary.

Another distinction is that Israel is an ally of the USA whereas China isn’t, at least not in the same sense. Given the precedent of Sourcefire — the apparent decision of CFIUS to discourage an Israeli company from buying a US-based intrusion-prevention firm — can you imagine the uproar on Capitol Hill and elsewhere if the US government were to look the other way and permit a Chinese company to buy and own, if only in a minority sense, the very same technology? Nobody wants to step into that sort of political maelstrom.

Just as with Sourcefire, early indications have been sent that the 3Com acquisition will be strongly discouraged by CFIUS. 3Com shareholders, who welcomed the Bain offer as if it were a godsend, should heed the warning and brace for bad news.