Thoma Bravo Lacks Options with Proofpoint

The announcement that Thoma Bravo is acquiring publicly traded Proofpoint for $12.3 billion is the latest and largest private equity deal in the cybersecurity industry.

As a rule, I am not a fan of financial shenanigans. When private equity shows up to a deal, it usually spells disaster for everyone but the investors. Customers end up with less support for the products they purchased. Employees are faced with layoffs, years of stalled product innovation and the imposition of cost-saving measures. Marketing is drastically curtailed, with fewer appearances at trade shows and events in general. Salespeople have to explain why the new ownership is better all around, while they contend with territories being rejiggered and adjust to new sales leadership. Often, the company is saddled with debt to finance the deal.

Looking back on the last two years, it is apparent that cybersecurity is viewed as “hot” by private equity firms. It started with the astounding acquisition of Recorded Future by Insight Partners for $780 million in 2019. Last year alone saw 72 acquisitions by private equity. I recorded them in Security Yearbook 2021. Some notable deals:

Armis

Armis, one of the biggest IoT security vendors, had 263 employees when Insight Partners acquired them for a reported $1.1 billion valuation. True to Insight’s past performance with Recorded Future, they have continued to invest and grow Armis, which had 372 employees at the end of 2020, a 41% growth rate.

Fidelis Cybersecurity Solutions

Skyview Capital announced the acquisition of Fidelis in January 2020. It had 281 employees at the time, and was down 50 by the close of 2020. The Fidelis Elevate platform provides security analytics, and is being marketed as an XDR product.

RSA Security

In February 2020, Dell announced that RSA security would be sold to PE firm Symphony Technology Group for $2.075 billion. Before the transaction was completed in September 2020, RSA transferred ownership of the core BSAFE libraries to Dell, along with the associated customer contracts. RSA Security grew slightly during the first three quarters of 2020, from 3,161 to 3,172 employees. It dropped 100 people after the sale to Symphony; probably attributable to the BSAFE team staying with Dell.

Forescout Technologies

Public company Forescout Technologies was taken private by Advent International with additional backing from Crosspoint Capital Partners. The deal, announced Feb. 6, 2020, was valued at $1.9 billion. At the time, Forescout had 1,133 employees. That number dropped to 1,007 by the end of the year. After the pandemic hit, Advent got cold feet and tried to back out of the deal. Finally, on July 15, 2020, the two parties came to an agreement with a new deal worth about $1.67 billion.

Finjan Holdings Inc. 

Publicly traded Finjan was acquired by an investment group in a deal valued at $43.9 million, announced in June 2020. Finjan has a storied past. Founded in 1997 in Israel with technology that could be used to counter modern viruses (so-called polymorphic) and DRM technology, it pivoted several times and was ultimately acquired by M86 Security in 2009. It finally ended up as part of a portfolio of products at Trustwave, an MSSP in Chicago. Trustwave was, in turn, acquired by Singtel in 2015.

Meanwhile, Finjan Holdings maintained ownership of Finjan’s patent portfolio. Its business model seems to be to engage in lawsuits against other security technology companies, forcing them to pay licensing fees. This model was successful enough for the company to go public in 2013. Now that it has been taken private by Fortress Investment Group LLC, it will continue to be a thorn in the side of any cybersecurity company deemed to be infringing on its patents.

Forcepoint

Forcepoint journey has taken a long and winding road. It was formed when Raytheon, the defense contractor, attempted to move into the cybersecurity realm by acquiring Websense. Websense was one of the first content URL filtering products. It went public in 2000. As that business started to become subsumed by UTM vendors, Websense entered the DLP market with the acquisition of PortAuthority. It also acquired SurfControl and Defensio. Vista Equity Partners then acquired Websense in 2013 for $906 million. Raytheon paid $1.9 billion for an 80% stake in Websense in April 2015. It was then called Raytheon|Websense.

Raytheon continued acquiring technologies, including both Stonesoft and Sidewinder, network firewalls that ended up in the hands of Intel after they acquired McAfee, which had, in turn, acquired them when they bought Secure Computing. In January 2016, the entity was spun off from Raytheon and branded as Forcepoint. In 2017 it acquired Skyfence, a cloud access security broker (CASB) product from Imperva. Raytheon purchased Vista Equity’s remaining Forcepoint stake in January 2020 for $588 million, and then announced in October 2020 that it was selling the whole company to another private equity firm, Francisco Partners.

Proofpoint appears to be different from the typical PE deal. The company is well-run, making wise strategic investments in new technologies to stay relevant and growing nicely year over year. It showed revenue growth of 15% in the first quarter of 2021; $288 million. It just passed the billion-dollar revenue mark in 2020. With a market capitalization of $7.5 billion, it was trading at a bit over 7x revenue. Compare that to Crowdstrike, which is trading at 50x 2020 revenue, and Zscaler trading at 60x.

You can see why Thoma Bravo thought Proofpoint was undervalued and worth paying a 60% premium to the market for its shares.

Email is still the primary vector for cyberattacks, and Proofpoint was the largest standalone email security company. The long-term problem for Proofpoint – and now, Thoma Bravo – is that its biggest competitor is a little company in Redmond called Microsoft. The only path forward I can see is for Thoma Bravo to clean up a few things and repackage Proofpoint for a sale to Microsoft.

Richard Stiennon

Richard Stiennon is the author of Security Yearbook 2021: A History and Directory of the IT Security Industry. He has held leadership roles at PwC, Webroot Software, Fortinet, and Blancco Technology Group. He was a Research VP at Gartner. He researches and reports on 2,615 IT security vendors. His clients are vendors, investment firms, and CISOs at large enterprises.

richard-stiennon has 11 posts and counting.See all posts by richard-stiennon