Is it Good News or Bad News that Comes in Threes?

An abstract picture of camera lens and code floating with three, blue arrows going forward and upIt’s been a wild week in the security industry as three sizeable transactions were announced. The long-rumored spinout of Intel’s security business finally happened; HPE jettisoned a host of “non core” software assets, including its enterprise security business; and Dell finalized its acquisition of EMC.

This year, private equity firms have been investing strongly in technology companies and particularly in carve-outs of underperforming assets at these companies. All of the deals this week have a private equity component, but if the IPO market was more robust today, then some of these announcements would surely have been structured differently.

Intel Drops McAfee
In hindsight, Intel has likely been positioning to divest its security business for several years. It lured Chris Young away from Cisco in late 2014, and last year it sold off several assets, including the Stonesoft NGFW business (which it only acquired in 2013). With Young now positioned to be CEO of the new independent entity, one might speculate that he was brought on board to find an exit strategy for Intel Security.

However, the deal announced does not completely divest Intel of its security assets—the company still owns 49% of the new McAfee; but the business will no longer be a distraction to Intel’s larger silicon business. Intel entered the security market in 2011 when it acquired McAfee for US$7.7B. The business is currently valued at about half that dollar figure, which represents about 2x its current annual revenue. Security valuations typically run more around 5x revenues, which highlights the slow growth Intel Security has seen over the last few years. TPG, which now owns 51% of McAfee, has become an increasingly visible player in security markets over the last couple years with a US$100M investment in Zscaler, and a US$120M investment in Tanium.

The rationale for Intel’s acquisition of McAfee was questioned by many at the time, but we will admit to being mildly bullish on the deal. The idea of baking more security into Intel’s chips seemed promising at a high level and the ability to work with Intel asset Wind River Systems to build out a security business around the Internet of Things (IoT) would have been innovative and ahead of many competitors. However, after a few stagnant years it became clear that the ability of Intel to execute on either of these ideas was limited for technological and cultural reasons. And since the deal, the importance of McAfee’s relationships with PC vendors to host its AV software has begun to wane, further reducing any common cause with Intel.

Dell Holds onto RSA
RSA executives sought to reassure customers and channel partners that it’s business as usual now that the Dell/EMC merger is completed. The new Dell Technologies remains committed to the three primary assets in the RSA portfolio: the Archer eGRC products, SecureID authentication, and NetWitness network and endpoint (formerly eCat) monitoring and analytics product lines. RSA also vowed to maintain its existing channel partner ecosystem.

And if there were any expectations of a grander vision that laid out plans to exploit potential synergies, those were dashed in the conference call RSA had with press and analysts this week. In fact, one potential synergy between RSA and Dell properties became less likely because of Dell’s earlier decision to spin off its SecureWorks security services organization into a public company. RSA is engaging with SecureWorks to establish a managed security service practice around RSA’s NetWitness monitoring and analytics products, but that will now have to be balanced against SecureWorks’ more immediate need to become profitable.

In fact, the SecureWorks IPO in April 2016 positioned the newly independent company as the poster child for why tech IPOs—and security IPOs specifically—are not viable alternatives in today’s volatile investing climate. SecureWorks, which had priced its stock lower than initially indicated, opened even lower still at US$13.89 per share. It continues to trade around that figure today. Other potential security synergies with Dell’s portfolio were ruled out again in June when the company opted to peel off its SonicWALL network security business and Quest Identity and Access Management business as part of its sale to Francisco Partners and activist investors Elliott Management for a reported US$2 billion.

Many questions remain about how the new entity will evolve. EMC was a master at managing a loose federation of assets between its storage business, VMware, RSA, and other solutions, but Joe Tucci is no longer running the organization, and it’s not yet clear how Michael Dell intends to organize the IT technology behemoth he’s created. That will remain somewhat murky since EMC is now privately owned.

How will Dell Technologies rationalize overlapping enterprise mobility management (EMM) businesses between its own products and VMware’s market-leading AirWatch products? Will VMware’s growing virtual security business (made possible by its promising NSX network virtualization technology) remain with VMware? And how can RSA exploit easier access to NSX to improve its own competitive posture?
For RSA, perhaps the biggest question yet to be answered is whether it can remain an agile security technology provider as just one of the moving parts in the much larger Dell machine.

HPE Really Unloads
Micro Focus and Hewlett Packard Enterprise’s Software Business Segment announced their proposed merger. The value of the deal is roughly US$8.8 billion and pending necessary approvals (shareholder, anti-trust clearances, etc.) is projected to close in the third quarter of 2017. In the deal, Micro Focus will give US$2.5 billion in cash to HPE while HPE shareholders will own 50.1% of the newly formed company.

In addition to its enterprise security assets, HPE is divesting lines of business that center on application delivery management, big data, information management and governance, and IT operations management. The security assets unloaded include ArcSight, Fortify, and Voltage Security. The relative importance of the security technologies to Micro Focus is yet to be determined.

Our feelings on these deals are, not surprisingly, mixed. McAfee will surely have more autonomy and hopefully will show more agility as an independent entity. RSA has been tightening its integration with VMware, and while there is no reason to see that change under the Dell regime, it is hard to see much additional benefit for RSA. The HPE assets are not likely to be neglected by Micro Focus to the degree they were by HPE, but if HPE could have found a better home (and price) for its security products, it would have sold them off separately— as it did with TippingPoint earlier this year.

Follow us on Twitter (@NSSLabs) to keep informed as new research is released.

Follow us on Twitter (@NSSLabs) to keep informed as new research is released.

TAGS: Acquisition, Dell, EMC, HPE, Intel Security, McAfee, Micro Focus, RSA, Security Market, TPG,