Q2 2016

Investment Banking
Public Valuation Pullback Reshapes
Exit Environment in IT Security

IT Security

In This Report
SymantecBlue Coat illustrates strong
demand from strategics
Financial sponsors aggressively
pursue late-stage companies

Take-privates facilitate portfolio

transformations

Portfolio rationalization continues via

carve-outs and spin-offs

FRONT LINE INSIGHTS

Public Valuation Pullback Reshapes

Exit Environment in IT Security

As the bar to go public has

gone up, high-growth IT
security companies are
actively pursuing alternative
paths to liquidity.
In 2013, 2014, and the first half of
2015, public markets were very
receptive to high-growth IT security
companies. Increased volatility in late
summer 2015 and early 2016,
however, caused a sharp reduction in
investors risk appetites and a
significant pullback in valuations for
publicly traded IT security companies.
While this valuation reset has made it
more difficult for IT security
companies to go public, the secular
market dynamics that have driven the
growth of the industry remain very
much intact.

In todays environment, IT security

companies that would have been
candidates to go public under
previous market conditions are now
actively pursuing alternative paths
to liquidity via strategic acquisition,
late-stage growth equity investment
that includes secondary selling, or
outright acquisition by wellcapitalized private equity firms. We
examine the forces that have caused
the exit opportunities to morph in IT
security and look at examples of
transactions that illustrate todays
deal-making landscape.

SymantecBlue Coat Illustrates

Continued Strong Demand From
Strategic Acquirers
Blue Coat Systems, which filed to go
public on June 2 and then announced
that it was being acquired by
Symantec for $4.65 billion on June 12,
is the latest example of a company that
eschewed plans to go public in favor of
a strategic acquisition. Symantecs
acquisition of Blue Coat illustrates the
strong demand for companies with
unique technologies that target
attractive end-markets. Blue Coats

ability to take a portfolio approach to

building a suite of products that
leverage mobile, web security, and
other next-generation capabilities
integrated into a single platform made
it a valuable strategic fit for Symantec.
Other notable strategic transactions
over the past few months include
Avast Softwares $1.3 billion
acquisition of AVG Technologies,
which went public in 2012, and
Experians $360 million acquisition
CSIdentity. In a July 7 press release

IT Security Index vs. Broader Market

After significantly outperforming the broader market from July 2013 through
July 2015, IT security companies have seen a dramatic pullback in valuations as
volatility surged over the past 12 months. While this valuation reset has made it
more difficult for IT security firms to go public, strategic acquisitions and latestage growth investments continue to be attractive paths to liquidity given the
industrys strong secular growth dynamics.
Last Three Years
250
200
150
100
50
8/8/13
2/6/14
Last Twelve Months
110
95
80
65
50
8/7/15
10/7/15
S&P 500

48.5%
42.1%
28.5%
8/8/14

2/7/15

8/8/15

2/7/16

8/8/16
5.0%
3.4%
(29.2%)

12/7/15

2/6/16

4/7/16

NASDAQ Composite Index

6/7/16

8/8/16

IT Security

Source: FactSet, as of July 13, 2016; index comprises: Barracuda Networks, CyberArk, FireEye,
Fortinet, Imperva, Mimecast, Palo Alto Networks, Proofpoint, Qualys, Sophos, Rapid7, and
Varonis Systems

announcing the AvastAVG merger,

Gary Kovacs, CEO of AVG, said, As the
definition of online security continues
to shift from being device-centric, to
being concerned with devices, data,
and people, we believe the combined
company, with the strengthened value
proposition, will emerge as a leader in
this growing market."

Financial Sponsors Aggressively

Pursue Late-Stage Companies
In an environment where public
markets are less receptive to new
issues, private equity firms have
become more aggressive in their
pursuit of late-stage companies that,
in the past, may have been likely IPO
candidates. When evaluating IT
security companies at this stage of
their life cycle, private equity firms are
focusing on both growth and
profitability. In previous cycles,
private equity firms and other
providers of growth equity were
primarily focused on revenue growth
given the lack of profitability across a
majority of the sector. Today these
investors increasingly are able to find
IT security companies that are
generating positive cash flow or have
a near-term path to profitability, in
addition to strong growth.

Thoma Bravos acquisition of Bomgar

illustrates late-stage investors surging
interest in IT security. William Blair
advised Bomgar on the transaction,
which closed on June 23. Bomgar
provides secure access software that
enables enterprises to support and
manage privileged access on any

remote device on any platform around

the world. In addition to Bomgars
experienced management team and
leadership position in remote support,
Thoma Bravo was attracted to
Bomgars growth profile, which
provides ample runway for organic
and inorganic expansion in integrated
remote access, privileged access, and
related security solutions.

Other recent private equity

acquisitions of later-stage companies
include Vista Equity Partners'
("Vista") acquisition of Ping Identity,
which was announced in June 2016,
and Veritas Capital's acquisition of
BeyondTrust in September 2014.

Take-Privates Facilitate
Portfolio Transformations
Private equity investors also have
helped shape the IT security industry
by facilitating several take-private
transactions in recent years. Most
recently, Imprivata announced on
July 13 that it had agreed to be taken
private by Thoma Bravo for $544
million. In addition to providing
liquidity for shareholders, takeprivate transactions allow companies
to undergo difficult financial and
product portfolio transitions
outside the pressure of reporting
quarterly earnings.

Blue Coat and Websense became

attractive targets for strategic
acquisitions because the companies
were able to successfully refresh their
product offerings after being taken
private by Thoma Bravo in 2011 and
Vista Equity Partners ("Vista") in

2013, respectively. Blue Coats

November 2015 acquisition of
Elastica allowed Blue Coat to offer a
comprehensive cloud solution across
the security stack, enhancing Blue
Coats strategic value to consolidators
such as Symantec. In April 2015, two
years after Websense was taken
private by Vista, Raytheon announced
that it was investing $1.9 billion into a
joint venture with Vista to combine
Websense with Raytheon Cyber
Products to form a new commercial
cybersecurity company, which is now
known as Forcepoint.

Carve-outs and Spin-offs Show

Continued Portfolio Rationalization
by Large IT Providers
Recent divestitures of IT security lines
by large diversified IT providers
illustrate how large providers are
trying to unlock liquidity and value
from their security-focused business
units. Dell announced on June 20 that
is was selling Dell Software Group,
which includes the SonicWall network
security business, to Francisco
Partners and Elliott Management. This
transaction came two months after
Dell spun off SecureWorks via IPO, the
first technology IPO of 2016. In
October 2015, Hewlett-Packard (now
HP enterprise) announced that it was
selling HP TippingPoint to
cybersecurity firm Trend Micro.
We will continue to monitor these and
other trends that are shaping the
capital-raising and deal-making
landscape in IT security.
William Blair

MARKET UPDATE AND ANALYSIS

Pre-IPO Acquisitions

Like Blue Coat, which was acquired by Symantec 10 days after Blue Coat filed to
go public, Ping Identify and Tripwire are examples of companies that were on a
path to go public before opting to be acquired.

Private Equity Investments/Acquisitions

IT Security
Market Analysis

In previous cycles, private equity firms and other providers of growth equity
were primarily focused on revenue growth given the lack of profitability across a
majority of the sector. Today these investors increasingly are able to find IT
security companies that are generating positive cash flow or have a near-term
path to profitability, in addition to strong growth.

Against a backdrop of less

receptive public equity
markets, we examine the
range of liquidity paths
that IT security companies
have pursued over the past
several years

3/12/14

= Private Equity Transaction

= Strategic Acquisition

Take-Privates
Take-private transactions by private equity firms have helped shape the IT security industry over the last several years.
Symantec and Websense are two examples of once-public companies that were able to successfully revamp their portfolios
and increase their value to strategic acquirers while private.

6/24/14

IPO

7/13/16

2/1/12

IPO

7/7/16

11/18/99

IPO

12/9/11

3/10/15

3/27/00

IPO

5/20/13

4/20/15

8/17/98

IPO

4/13/09

12/17/13

6/12/16

Carve-outs and Spin-offs

Recent divestitures of IT security lines by large diversified IT providers illustrate how large providers are trying to unlock
liquidity and value from their security-focused business units.

1/4/11

4/21/16

4/12/10

10/21/15

8/20/12

4/14/15

6/2/10

3/3/12

IPO

(1)

= Private Equity Transaction

6/20/16

= Strategic Acquisition

(1) TippingPoint was owned by 3Com Corporation and was run as an autonomous security-focused division from 2005 to 2010

William Blair

WILLIAM BLAIR IT SECURITY INVESTMENT BANKING

William Blair
By the Numbers

300+
Drawing on our deep sector expertise and the strength
of our relationships, William Blair has built a leading
IT security franchise.
Recent transactions include:

bankers globally with local

cultural knowledge

2,000+
completed advisory and
financing transactions

$200+
billion in transaction value
for our clients

Top Rankings in 2016 Greenwich Associates Survey

William Blairs institutional equity research, sales, and trading groups received
multiple top rankings in the 2016 Greenwich Associates survey. Small- and
midcap portfolio managers ranked William Blair No. 1, No. 2, or No. 3 in ten
categories in the Greenwich survey, which is the preeminent survey in the
institutional investor community.
Our analysts cover more than 120 technology companies across the
following industries:

Communications equipment, hardware, and software infrastructure

Cybersecurity and security technology
Digital media and Internet
Financial technology

Internet infrastructure and communications services

IT and business process services
Semiconductors and wireless
Relevant Research Coverage:
Barracuda Networks

Imperva

Cisco

Palo Alto Networks

Citrix

CyberArk Software
EMC

FireEye

Fortinet

Gigamon

IT Security
Dan Daul
Managing Director
+1 312 364 8457
ddaul@williamblair.com

Scott Stevens
Managing Director
+1 312 364 8337
sstevens@williamblair.com

Drew Thomas
Director
+1 312 364 8633
dthomas@williamblair.com

Software and SaaS

Check Point

With more than 145 senior

bankers around the world,
William Blair has completed
more than 2,000 advisory and
financing transactions totaling
more than $200 billion in value
for our clients*

Infoblox

Proofpoint
Rapid7

Secureworks
Splunk

Symantec
VMware

*In the past five years as of

January 1, 2016

William Blair

Disclosure

William Blair is a trade name for William Blair & Company, L.L.C., William Blair Investment Management, LLC and
William Blair International, Ltd. William Blair & Company, L.L.C. and William Blair Investment Management, LLC
are each a Delaware company and regulated by the Securities and Exchange Commission. William Blair & Company,
L.L.C. is also regulated by The Financial Industry Regulatory Authority and other principal exchanges. William Blair
International, Ltd is authorized and regulated by the Financial Conduct Authority (FCA) in the United Kingdom.
William Blair only offers products and services where it is permitted to do so. Some of these products and services
are only offered to persons or institutions situated in the United States and are not offered to persons or institutions
outside the United States.
This material has been approved for distribution in the United Kingdom by William Blair International, Ltd.
Regulated by the Financial Conduct Authority (FCA), and is directed only at, and is only made available to, persons
falling within COB 3.5 and 3.6 of the FCA Handbook (being Eligible Counterparties and Professional Clients). This
Document is not to be distributed or passed on at any Retail Clients. No persons other than persons to whom this
document is directed should rely on it or its contents or use it as the basis to make an investment decision.

About William Blair

Investment Banking

William Blairs investment banking group combines significant transaction experience,

rich industry knowledge, and deep relationships to deliver successful advisory and
financing solutions to our global base of corporate clients. We serve both publicly traded
and privately held companies, executing mergers and acquisitions, growth financing,
financial restructuring, and general advisory projects. This comprehensive suite of
services allows us to be a long-term partner to our clients as they grow and evolve. From
2011 to 2015, the investment banking group completed more than 350 merger-andacquisition transactions worth $95 billion in value, involving parties in 26 countries and
four continents, was an underwriter on more than 20% of all U.S. initial public offerings,
and raised more than $120 billion in public and private financing.