Sendmail - Watch this space
ProofPoint - who are serial acquirers in the cyber-security industry - acquired Sendmail for about $23 Million in cash, paying a revenue multiple of something like 10, and a profit multiple of n/a since by the sounds of the announcement, Sendmail as a commercial enterprise has been losing money pretty consistently.
"For the fourth quarter of 2013, Proofpoint expects Sendmail to have an immaterial impact on revenue while widening the company's non-GAAP net loss by approximately $2 million or $0.06 per share, as the company takes on the costs associated with this new team and begins to build a recurring revenue stream." (http://finance.yahoo.com/news/proofpoint-inc-acquires-sendmail-inc-201000890.html)
"Sendmail brings a global community of open source users and a compelling set of enterprise customers, but little in the way of near-term recurring revenue due to their legacy business model built around the sale of appliances and perpetual licenses." (http://finance.yahoo.com/news/proofpoint-inc-acquires-sendmail-inc-201000890.html)
So why are they buying it? It seems the strategy is primarily about supply chain protection and/or integration:
"Noting that ProofPoint's enterprise protection solution is built on Sendmail's MTA, ProofPoint CEO Gary Steele said, "Acquiring Sendmail gives Proofpoint ownership of this definitive industry-standard technology..."" (http://www.fool.com/investing/general/2013/10/01/proofpoint-makes-another-acquisition.aspx)
Although the opportunity could well also be larger than that. There is certainly precedent for taking a semi-open-source software product and surrounding it with commercial services and support (with Snort/Sourcefire and Nessus/Tenable being two prime examples in the cyber-security industry) and creating significant value in the process. Key to success will be ensuring the community continues to participate in the open source project, and see that the overarching commercial organisation that is now supervising them, is an organisation whose values they align to. That ProofPoint has already started reaching out the community (eg http://www.sendmail.com/sm/open_source/community_letter/) is a positive start to that relationship.
Sensory Networks - A mixed result
The same day as the Sendmail transaction, it was announced that Intel is acquiring Australian cyber-security tech company Sensory Networks for $21.5 Million (http://www.smh.com.au/it-pro/business-it/intel-to-acquire-australian-tech-company-sensory-networks-for-21-million-20131001-hv1un.html). Intel is listed on the Sensory website as a partner, so as with the Sendmail acquisition, it could simply be case from Intel's perspective of protecting the supply chain.
I have a soft spot for Sensory Networks as it was on Matt Barrie's recommendation that a number of our earliest team members at SIFT were recruited, and without exception they turned out to be some of the best and brightest minds in security that I have had the privilege to work with. That being said, early media reports of the Sensory Networks sale really wanted to be able to present it as a success story, but that became progressively more difficult when additional context was added to the deal and the company.
Like the fact Sensory had raised about USD $30M in venture capital to get to this point. Like the fact Sensory was not a 'start-up', but had been running since 2003. Like the fact Sensory started life as a hardware company (and by all accounts was excellent at it, from an engineering standpoint) and in 2009 changed tack to be software focused. And the fact that at the date of the transaction the company had only five (5) employees.
Does anyone actually make any money in a deal like this? It's an interesting question, and the answer is... It depends.
It depends on a few things, like:
- The terms under which the venture capitalists invested
- The degree to which the early shareholders were diluted in the various funding rounds
- The importance of the remaining key employees and their ability to renegotiate equity plans over time
- Other technical things like whether it's an asset sale or a share sale, and what the balance sheet of the company looks like
The first of those is probably the most significant. Essentially, a venture capitalist is likely to get 'Preferred Stock' rather than 'Common Stock'. One of the benefits of this preferred stock is that it will generally have 'liquidation preferences' attached to it. At the simplest level, the 'preference' referred to in the name of the stock, is that it gets paid before the common stock. There are a few different approaches to preferred stock (broadly known as 'Straight Preferred', 'Participating Preferred', or 'Partially Participating Preferred' - http://venturebeat.com/2010/08/16/beware-the-trappings-of-liquidation-preference/), but the crux of the issue is the same... basically, if you've got preferred stock, you will generally get back the cash you put in, prior to the common stockholders getting anything. And if you put in $30M, and the company sells for $20M, that means there is zero left for anyone holding non-preferred shares.
Now to be clear, I don't have inside information on any of these transactions, and don't know what the terms were in any of the agreements. It's likely that the share register at Sensory changed a great many times over the years as funds were raised, investors came and went, founders departed, the employee share scheme ebbed and flowed (since it is in everyone's interests to ensure the key team members remain motivated and incentivised to make the company succeed), and perhaps at the end a few people were holding enough of the right shares to do reasonably well after years of hard work... But it's also possible that nobody did.
My intention here is simply to highlight the fact that for aspiring tech entrepreneurs out there who heard the figure "$21.5 Million" and thought "Pay Day! I'm starting a company!", life often isn't that simple. While it's fairly self-evident that a company going bust doesn't make the founders rich, it's less self-evident that a company being sold for an eight-figure sum, also may not make the founders a fortune.
I do hope that the team who worked so hard, for so long, to build the technology and the business of Sensory, did reasonably well out of this. Looking to build an engineering-heavy cyber-security hardware company in Australia in the early 2000s was ambitious and courageous, and they contributed significantly to the cyber-security talent pool that we now have.
PacketLoop - The next generation
A month before the Sensory Networks and Sendmail transactions, it was announced that Arbor Networks (www.arbornetworks.com) acquired PacketLoop (www.packetloop.com) - see http://www.arbornetworks.com/recent-in-the-news/4983-news-packetloop for official press release. While both innovative cyber-security technology companies, in many ways, PacketLoop is the antithesis of the Sensory Networks story. It was started in 2011 and sold just 2 years later, and as far as I know, was bootstrapped throughout that period, without external venture capital involvement (although I could be wrong in that assumption).
For those who are new to the industry, it is worth noting that the PacketLoop team have experience in this area - their previous cyber-security consulting firm ThinkSecure was sold to Infoplex in 2007 (http://www.computerworld.com.au/article/188385/infoplex_acquires_thinksecure_/).
The great thing about this transaction from my perspective, is that PacketLoop is genuinely innovative, IP-driven, and Australian. The company has focused on research and development, and getting the product right before taking it hard to market. The attraction of PacketLoop to Arbor can only have been the IP - while I'm sure they have some clients and revenue, an acquisition at this early stage of the company's genesis is about getting access to the technology. And that is really exciting, a great credit to Scott Crane, Michael Baker and others involved, and also is a really powerful message to others that it can be done.
The financial details of the deal haven't been made public and I don't know what they are, but I hope the founders and others have done well out of it, and I am also very confident that the deal would have been structured to provide significant incentive to stay and build the company further with Arbor's support and backing - which is great for the industry, the technology, and for cyber-security research and development in Australia.