Infrastructure Management Cycle Continues – Fragmentation, Growth, Consolidation…Repeat

M&A Market – Consistent Volume and Expanding Valuations. In 2005, the volume of Infrastructure Management deals announced jumped significantly to $18.5 billion as compared to $3.3 billion in announced deals during the same period in 2004. However, the transactions during 2005 included two large, storage related transactions (Sun/Storage Technologies and Symantec/Veritas). Excluding these two transactions, 2005 is generally on the same pace as 2004 with 46 announced deals totaling $3.7 billion and versus 39 during 2004. Despite this steady volume, we have seen a marked improvement in the median Deal Value/Trailing Revenue multiple of disclosed or estimated deals to 3.2x during the year ended September 2005 from 2.4x during the year ended September 2004. (Figure 3) (Note that multiples vary widely based on individual transaction circumstances and, in many cases, are unobtainable.)

We believe that this improvement in M&A, multiples can be attributed to a combination of ongoing consolidation activity (which we discuss later in this report) and relatively strong buyer demand from multiple sources. Large cap buyers within and outside the sector have been active buyers of Infrastructure Management vendors accounting for approximately half of the announced transactions since the beginning of 2004. Large buyers outside of the Infrastructure Management group have included EMC, Cisco, Tibco and Oracle, among others. A significant amount of M&A activity within the sector is also attributable to repeat buyers consolidating solution offerings (Figure 4).

Venture Market - Stable. Venture investing activity in the Infrastructure Management sector reflects the relative maturity of the sector and has been focused on niche growth opportunities. During 2004, 22 transactions were completing totaling $208 million. Year to date 2005, 23 transactions consisting of $204 million of invested capital have been completed.

Emerging IT Management and Operating Challenges. The Infrastructure Management market is large ($7 billion in 2004: Gartner) and growing (10% compound annual growth 2004 to 2009: Gartner). The size and growth of the sector has been a function of the rapid evolution of enterprise IT over the past few decades. This continued evolution combined with new, external factors will drive Infrastructure Management tool and solution procurement decisions over the next few years.

New Ways to Leverage IT. Enterprise adoption of new technologies such as web services, wireless and VoIP is leading to more business functions and processes becoming enmeshed in and enabled by the IT infrastructure. For example, a recent Goldman Sachs survey of 100 IT executives within the Fortune 1000 indicates that 54% have deployed, or will deploy in the next 12 months, infrastructure with the intent of supporting web services applications. This is resulting in increasingly complex and critical infrastructure environments for which broadly deployed Infrastructure Management tools and approaches are inadequate. In addition, the universe of businesses (including SMB) that can leverage IT in the context of critical business processes is expanding as new economic models for acquiring technology including open source and software as a service (SaaS) take hold. IDC estimates that annual spending on SaaS will grow at a rate of 25% from approximately $3 billion in 2004 to approximately $7.2 billion in 2008. Many existing Infrastructure Management solutions are designed and priced for large organizations with access to skilled IT management professionals.

Visibility in the Executive Suite. Where IT was once solely the domain of the IT department a number of external factors has forced management to pay much closer attention to the management of IT infrastructure including: regulatory and compliance requirements associated with Sarbanes Oxley, IAS and Basel II as well as increasing demand for data and application reliability and availability.  This trend is driving demand for new capabilities to evaluate, analyze and report on IT infrastructure.

Continued budget pressure. Despite the changes mentioned above, overall IT budgets have only increased marginally over the past four years (2.6% on average: Merrill Lynch) and are not expected to grow rapidly in the coming years. This pressure has forced IT managers to seek software solutions that allow them to “do more with less” and maximize the life and capacity of previous capital investments.

Enterprises are Seeking Alternative Solutions. Current approaches to infrastructure management are not adequate in the face of these emerging trends. According to Giga, 70% to 80% of problems are reported by end users through the service desk and not detected by infrastructure management tools. According to Gartner, most enterprises experience only 10% to 20% utilization of their IT infrastructure. Signs that enterprises are responding to these issues include continued adoption of standards such as the IT Infrastructure Library (ITIL), efforts to centralize and share performance data, and continued standardization of the elements in the IT environment. However, we believe that enterprises will require new Infrastructure Management functionality and solutions to adequately respond creating opportunities for strong growth within the sector.

Emerging Opportunities for Focused Vendors. The Infrastructure Management sector is dominated by the “Big 4” of BMC, CA, HP and IBM who on a combined basis account for an estimated 60% of license revenue in the market (Gartner) with broad, “framework” offerings. The balance of the market is populated by numerous smaller vendors with more narrowly focused solutions. In Figure 5, we have laid out a high level view of the Infrastructure Management landscape and identified the key areas of functionality within the broader segments in bold which represent the areas of strong potential growth where smaller, focused vendors are gaining traction with customers by solving targeted problems. In general, we believe that two key categories capture the majority of these opportunities:

Business Services Management (BSM) – Managing IT Like a Business. BSM-oriented solutions allow enterprises to align IT with its business operations by allowing IT managers to link information on the availability and performance across IT infrastructure components with the IT-enable business processes.  Vendors addressing this opportunity enable enterprises to understand complex dependencies among infrastructure components, correlate relevant data, perform business-relevant analysis and automate underlying service delivery and management processes. According to Gartner and Updata estimates, the BSM market was approximately $600 million in 2004 and is expected to grow at a compound annual rate of 21% through 2009.  Figure 6 provides a list of representative vendors addressing the components of functionality that comprise the BSM opportunity.

Real-Time Infrastructure (RTI) – Operating IT as a Utility. RTI goes by several names but in essence represents an infrastructure model where components are distributed, shared, and dynamically optimized. Vendors addressing this opportunity enable enterprises to virtualize, dynamically provision, and automate components of the IT infrastructure based upon business policies. Several of the major vendors including IBM, HP, CA and Sun have all announced major initiatives targeting this opportunity. However, we believe that we are very early in the evolution and adoption of this approach and that, again, key components of functionality will be developed and delivered by smaller, focused vendors. Figure 7 provides a list of representative vendors addressing the components of functionality that comprise the RTI opportunity.

Continued Support for Robust M&A Activity. There are a number of factors supporting continued strong M&A activity in the Infrastructure Management sector from the perspective of capital market conditions generally and ongoing consolidation trends in this sector specifically.

Capital Market Conditions. As depicted in Figures 1 and 2, investors are placing premiums on leadership and growth. As a result, the Big 4 and second tier sector vendors alike have undertaken acquisitions to achieve growth and advance their market position. For example, since late 2004, HP has announced or completed four acquisitions (Novadigm, AppIQ, RLX and Peregrine) that add significant functionality around the OpenView platform. The larger vendors have ample supplies of cash to support acquisition activity. The vendors included in the Bellwether group have an average of more than $3 billion in cash on the balance sheet (or the equivalent of $4 per share in cash) based upon public filings for the most recent quarter. In addition to the presence of motivated and qualified strategic buyers, the Infrastructure Management sector has started to attract its share of the significant amounts of private equity focused on the broader enterprise software market. Recent examples include the July 2004 $235MM acquisition of Sniffer Technologies by Silver Lake and Texas Pacific, the October 2005 $200 million acquisition of the TrackIT business from Intuit by TA Associates and the recently announced $1.2 billion acquisition of Serena Software by Silver Lake. Strong demand for acquisitions from multiple sources is balanced by adequate supply. While the IPO market for venture backed firms has improved markedly over the past few years, the hurdles for going public and the implicit costs of being public has lead many VC-backed technology companies to view M&A as their most likely exit.

Sector Conditions.  The Infrastructure Management market has experienced various cycles of fragmentation and consolidation as enterprise IT has evolved.  Current sector dynamics support continued consolidation around BSM and RTI oriented solutions.  Customer desires for simplified environments, unified support and discounted pricing are best provided by large vendors offering complete suites.  CA’s recent acquisition of Concord Communications, which had shortly before that acquired Aprisma, is a good example of this dynamic.  Another consolidation driver is broader convergence of the management of disparate infrastructure technologies that are typically handled with separate staff and tools.  We have seen early signs of consolidation between systems and infrastructure management (EMC/Smarts), infrastructure management and security (Micromuse/GuardedNet and Altiris/Pedestal), and security and storage management (Symantec/Veritas).  We expect this trend to broaden and accelerate providing additional support for M&A in this sector.

Top

Large cap and small cap security vendors trade at an average of 76% and 71% of their 52-week highs, respectively, and at multiples above the average for infrastructure software companies. Mean forward (2005e) enterprise value/revenue and EBITDA multiples for Bellwethers are 4.0x and 14.0x, respectively. Among small-cap security vendors, mean forward revenue and EBITDA multiples are 2.7x and 22.7x respectively.

Robust security demand growth continues to buoy public security valuations. Projected long-term EPS growth for the industry (based on the Street equity analyst average) is 22%, representing two to three times overall projected software industry demand growth.

Figure 1


Security Bellwether Index: CHKP, COGT, GEMP, ISSX, JNPR, MFE, MVSN, RSAS, SFNT, SYMC, TMIC, VRSN, WBSN Small Cap Security Index: ACTI, ALDN, BCSI, BVEW, CGFW, DMRC, ENTU, HIFN, IDNX, INTZ, NTIQ, SCUR, SNWL, SRFZF, TMWD, VDSI, VISG, WGRD, ZIXI

Almost one-third of M&A volume comprises nine acquisitions by Computer Associates, Microsoft and Symantec. Approximately two-thirds of deal volume is driven by these and other large infrastructure software vendors including Check Point, Cisco, BMC, Oracle and VeriSign. This signals continuing convergence of security with other areas of IT. Active M&A sectors this year include anti-spyware, identity management, digital rights management, and managed security services.

On average, multiples of purchase price to 12-month trailing revenues remain steady over the prior year, at about 7x. This disguises vast variations from deal to deal. Based on disclosed data, purchase price multiples paid in transactions correlate most strongly with targets’ historical annual revenues growth. This is evidenced by the correlation chart in Figure 2, which compares multiples of enterprise value over last full-year revenues paid in acquisitions of public security targets (and targets that filed to go public), versus such targets’ last full year-over-year revenue growth rate.

Figure 2

Notable deals this year include:

• Oracle’s acquisition of three identity management companies this year – Oblix, Thor and OctetString. This highlights the tremendous activity around secure access, authentication, provisioning and directory management as infrastructure vendors realize the important of identity management to compliance and leveraging the value of the internet. Since 2004, Updata records 34 M&A transactions in the space.



• Sand Hill IT Security/Acquisition Corp.’s October merger with content security vendor St. Bernard Software, in an all-stock transaction valued at about $51 million. Sand Hill is a public acquisition vehicle that went public in 2004, raising about $25 million. Since then, it reportedly reviewed 700 companies as merger candidates before deciding on St. Bernard.



• Check Point’s first major acquisition, of intrusion prevention vendor Sourcefire for $225 million in cash. Announced in October, the deal represents an estimated revenue multiple in excess of 7 times Sourcefire’s last 12-month revenues.



• Secure Computing’s public-to-public $281 million cash and stock acquisition of Cyberguard, representing an enterprise value/revenues multiple of about 4x. This deal, announced in August, was one of three public-to-public M&A transactions so far this year.



• Network Appliance’s June-announced acquisition of storage security vendor Decru for $272 million in cash and stock, representing a whopping estimated multiple of 45 times Decru’s last 12-month revenues. This transaction highlights the importance of security to storage.



• Earthlink’s August acquisition of anti-spyware and content security vendor Aluria (an Updata client), signaling expanding participation of ISPs in the security market.



• MCI’s acquisition of managed security services vendor Netsec in January for $105 million cash, representing an estimated multiple in excess of 7x trailing revenues. MCI subsequently was acquired by Verizon. This deal is the most compelling evidence to date that carriers are moving to provide security solutions to their considerable customer bases.

Venture Market – Still Active, Holding Steady. Security continues to be one of the most active technology investment areas. Year-to-date through early November, Updata tracks 114 announced venture and private equity financings of IT security firms, with volume totaling $1.1 billion. This is a modest decline versus 2004, which recorded 148 financings valued at $1.3 billion during the same period. The 2003 January-to-early November period recorded 151 security sector investments valued at $0.9 billion.

The most active investment areas so far this year include intrusion prevention, outbound traffic monitoring, identity management, application security, wireless security, data security/DRM, anti-spyware, event management, configuration and patch management.

One quarter of security investments year-to-date represent first institutional, or A, rounds. This represents a reduction from 2004, which saw about one-third of investments going to A rounds. The year-to-date ratio of security acquisitions to first-round financings has risen to 4:1, versus a ratio of roughly 1:1 two years ago – evidence of market consolidation. However, the sizeable number of companies continuing to receive funding points to continued vibrancy in the security space, which empirically has provided superlative exit multiples (largely through M&A). The favorable security M&A environment should continue for the foreseeable future, despite a higher concentration of acquisition volume driven by a small number of major infrastructure vendors. This is due to the continuing importance and ever-changing nature of the space, as emerging opportunities described in the next section illustrate.

Select Emerging Opportunities within Security

Wireless Security. Wireless usage is booming. IDC cites 41% growth year-on-year for Wi-Fi hardware. Usage is “deepening” as well – most PDA users send confidential e-mails and almost half check bank balances using their devices, according to Symantec, and many access files from corporate networks over VPN’s. This wireless proliferation is creating security risks as half of wireless local-area (WLAN) networks are unprotected according to McAfee, and studies suggest low awareness about wireless related security dangers. Even among those seeking to secure communications and devices, confusion abounds as “the wireless security products market is still young and, in many cases, ill-defined,” notes SC Security magazine in October. Expect today’s confusion and complacency to dissipate rapidly as damages from wireless break-ins and viruses grow. PDA worms and spam are rapidly on the rise. Impetus from compliance mandates will also hasten demand growth. In-Stat research projects that WLAN and wireless infrastructure and device security demand will explode to $8.4 billion by 2008. Innovative vendors will benefit as security and infrastructure software/hardware vendors, as well as communications companies seek to incorporate wireless security capabilities.

Strong Authentication. Passwords are passé. They are relatively easy to crack or steal, for example via spyware. Further, the number of passwords needed for people to access enterprise resources has become unmanageable. Surveys show that most people keep passwords on Post-its, spreadsheets or other unsafe locations. As a result, strong authentication, such as PKI and two-factor authentication, will become increasingly dominant in the enterprise as it has already become in many financial and government organizations. Microsoft’s recent acquisition of Alacris, which facilitates roll-out of strong authentication, points to eventual sun-setting of simple password protection on the desktop. Given significant identity theft issues, the sooner the better.

Application Security. Emergence of service-oriented architectures (SOA) and distributed development magnify the importance of building security into applications. Vulnerabilities in shared code can rapidly propagate across applications, multiplying the damage and the cost to locate and fix affected sites. Further, liability risks faced by software developers selling flawed products are growing as more lawsuits hit courts and Congress debates legislation to penalize purveyors of insecure software. The solution lies in full lifecycle application protection in the form of development stage code testing and post-production application security products. Vendors offering automated detection and remediation products are expected to enjoy surging demand as a result.

VOIP Security. Transmission of voice data over the internet will soon become commonplace – witness the entrance of traditional carriers into VOIP and eBay’s $2.6 billion acquisition of Skype. As voice-over-internet proliferates, telephony will be vulnerable to the same types of attacks as other IP traffic and applications, including denial-of-services attacks and eavesdropping. As a result, expect reports of breaches to rapidly rise and spending on VOIP security to jump in 2006.

Compliance Management. Compliance – tightly intertwined with security – is likely the single largest IT budget growth driver today and over the next several years. While the term is utilized to describe many types of solutions, in essence it labels the requirement that organizations maintain objectively verifiable, robust procedures to protect the security, integrity and privacy of IT assets and data. By this definition, many security vendors – such as those in identity management, messaging security and consulting – support compliance. The overall effect of compliance is accelerated dissolution of functional silos. First, through combination of security functionality, for example through appliances and event managers. Second, through infrastructure stack convergence among security, storage and network management vendors. As a result, security vendors offering horizontal solutions readily integratable across IT environments are best placed to benefit from the compliance wave. (See Updata’s July report on IT compliance.)