Blog

Acquisitions and Strategy

By Adrian Lane

There have been a couple of acquisitions in the last two weeks that I wanted to comment on; one by Oracle and one by McAfee. But between a minor case of food poisoning followed shortly by a major case of influenza, pretty much everything I wanted to do in the last 12 days, blogging notwithstanding, was halted. I am feeling better and trying to catch up on the stuff I wanted to talk about. At face value, neither of the acquisitions I want to mention are all that interesting. In the big picture, the investments do spotlight product strategy, so I want to comment on that. But before I do, I wanted to make some comments about how I go about assessing the value of an acquisition. I always try to understand the basic value proposition to the acquiring company, as well as other contributing factors. There are always a set of reasons why company A acquires company B, but understanding these reasons is much harder than you might expect. The goals of the buyers and the seller are not always clear. The market strategy and self-perception of each firm come into play when considering what they buy, why they bought it, and how much they were willing to pay. The most common motivators are as follows:

Strategic: You want to get into a new market and it is either cheaper or faster to acquire a company that is already in that segment rather than organically develop and sell your own product. Basically this is paving the road for a strategic vision. Buying the major pieces to get into a new market or new growth opportunities in existing markets. No surprises here.

Tactical: Filling in competitive gaps. A tactical effort to fill in a piece of the puzzle that your existing customers really need, or complete a product portfolio to address competitive deficiencies within your product. For example, having network DLP was fine up until a point, and then endpoint became a de facto requirement. We saw this with email security vendors who had killer email security platforms, but were still getting hammered in the market for not having complete web security offerings as well.

Neither is surprising, but there are many more than these basic two reasons. And this is where things can get weird. Other motivating factors that make the deal go forward may not always be entirely clear. A couple that come to mind:

Accretive Acquisition: Buying a solid company to foster your revenue growth curve. Clear value from the buyer’s perspective, but not so clear why profitable companies are willing to sell themselves for 2-4 times revenue when investor hopes, dreams, and aspirations are often much more than that. You have to view this from the seller’s side to make sense of it. There are many small, profitable companies out there in the $15-35M range, with no hope of going public because their market is too small and their revenue growth curve is too shallow. But the investors are pushing for an IPO that will take years, or possibly never happen. So what is your exit strategy? Which firms decide they want the early exit vs. betting their fortunes on a brighter future? You would think that in difficult economic times it is often based upon the stability of their revenue in the next couple of quarters. More often it comes down to which crazy CEOs still swear their firm is at the cusp of greatness for a multi-billion-dollar-a-year market and can convince their boards, vs. pragmatists who are ready to move on. I am already aware of a number of mid-sized companies and investment firms trying to tell “the wheat from the chaff” and target viable candidates, and a handful of pragmatic CEOs willing to look for their next challenge. Look for a lot more of these acquisitions in the next 12 months.

Leveraged/Platform Enabler: Not quite strategic, not quite tactical, but a product or feature that multiple products can leverage. For example a web application server, a policy management engine, or a reporting engine may not be a core product offering, but could provide a depth of service that makes all your other products perform better. And better still, where a small firm could not achieve profitability, a large company might realize value across their larger customer base/product suite far in excess of the acquisition price.

Good Tech, Bad Company: These firms are pretty easy to spot in this economy. The technology is good and the market is viable, but the company that produces the technology sucks. Wrong sales model, bad positioning, bad leadership decisions, or whatever – they simply cannot execute. I also call this “bargain bin”’ shopping because this is one of the ways mid-sized and larger firms can get cutting edge technology at firesale prices, and cash shortfalls force vendors to sell quickly! Still, it’s not always easy to distinguish the “over-sold bad tech” or “overfunded and poorly managed bad technology” firms from the “good tech, bad management” gems you are after. We have seen a few of these in the last 12 months, and we will see more in the coming 12 months as investors balk and lose confidence.

The Hedge: This is where you want into a billion dollar market, but you cannot afford to buy one of the leaders, or your competitors have already bought all of them. What do you do? You practice the art of fighting without fighting: You buy any other player that is a long way from being the front-runner and market that solution like crazy! Sure, you’re not the leader in the category, but it’s good enough not to lose sales, and you paid a fraction of the price. It may even give you time to build a suitable product if you want to, but more often than not, you ride the positive perception train till it runs off the rails. Sellers know this game as well, and you will often see firms not wait around, but rather raise the white flag/sales banner when the market is scaling up and their revenues are not.

The Panic Buy: This is when there is a “hot” new market that may be viewed as “disruptive” to your business. In reality, it’s nothing more than the day’s passing fashion, but buying is imperative due to either delusion or investor prodding. You pay too much and you never generate enough revenue to cover the purchase price, but hey, maybe you’ll sell it for pennies on the dollar a few years later to recoup some of your loss.

Body shop: You need engineers with particular background or skills and buying an engineering heavy company is cheaper than recruiting employees away from another company. The technology is irrelevant. In today’s economy this is rare, but it’s common in hot markets.

Competitive Blocking: Buying a company to prevent a competitor from getting it. Keeps them from customers or competitive technology that, even if it does not make you better, at least does not work against you in sales situations. Sometimes the company is so cheap that there are enough customers or reseller relationships it makes sense to buy it. Who knows, they may even have some salvageable pieces of technology as well.

Ego: Just because they can.

There are more, but that’s enough for now. What started me thinking about all of this was when McAfee acquired Solidcore Systems a little over a week ago. I was looking that Solidcore’s web site and was unable to determine if it was the food poisoning making me gag or their PCI and database marketing claims. It’s “Locked Down” and “Dynamic” all at the same time! Regardless, there’s value in the ability to verify an application set for diverse platforms, especially in virtual or mobile computing environments. Sure, it’s a checkbox for most compliance efforts, but I doubt that is the motivation behind the purchase. This looks like McAfee making an early bet on one vision of “cloud” and virtualization security. They will leverage this across multiple enterprise security and compliance products and multiple value propositions. When you boil it down, the core value is “whitelisting” an appropriate set of applications that run in any given device or environment. Will it provide real value for baselining virtual environments? Who knows, but I doubt it. I suspect that it will be an interesting way to get a handle on mobile device application sets and provide a greater degree of security in that mercurial environment. And at $33M plus incentives, this is an inexpensive investment in the ability tell customers McAfee offers cloud security!

Two weeks ago, Oracle acquired Virtual Iron. Virtual Iron produces a server virtualization product, but they are known for their management tools/capabilities, which are platform neutral. I got to an event they sponsored in San Francisco a couple years ago and the product offerings they demoed appeared competent. Still, they were a small fish in a very large VMware/Xen/Microsoft pond. Virtual Iron does not offer security products, but they do offer systems management, change management, and control for virtual environments. Think about EMC and their systems management vision of security and compliance and you can see the tie-in. Type of acquisition? Tactical, with a little “Good Tech, Bad Management” thrown in. I had commented in a recent post that Oracle’s Sun acquisition supported a long-term growth strategy. This acquisition fills in many of the gaps for the virtualization offering, and helps Oracle with one of the biggest gripes I hear from people using virtualization technologies: the lack of management tools. Not sure what they paid for this, but I am willing to bet that it is at or below the $65M in investment. So the investors got their money back and Oracle accelerated realization of their data center management dreams. Seems like a win-win.

No Related Posts
Comments

Excellent summation.

I just got back (hello email) from the ITWeb Security Summit and the McAfee keynote was “blahblahblahCLOUDblahblahblahCLOUDblahblah” so I think you are on the right track.

They were talking about a different technology altogether but they certainly used the word cloud a number of times. (Usually stretching the definition so thin that even Hoff wouldn’t recognise it)

By Allen Baranov


IMO, the McAfee/Solidcore acquisition was all about whitelisting being a feature of the endpoint suite. For $33MM, McAfee will just build it into TOPS and continue to use that to maintain price in a commodity market. It’ll also force the other Big AV shops to make similar moves. But McAfee struck first and got a good deal. Prices will be going up for the others, especially if McAfee is successful in using the whitelist to differentiate. And agree that the PCI positioning from Solidcore was ridiculous.

Good post.

By Mike Rothman


If you like to leave comments, and aren’t a spammer, register for the site and email us at info@securosis.com and we’ll turn off moderation for your account.