Bloomberg reports FireEye (FEYE +5.4%) has rejected several takeover offers.
The report follows speculation a tech giant such as Cisco or IBM will bid for threat-prevention hardware/software/services provider as shares continue trading at depressed levels. FireEye rose on Monday after Symantec announced it's buying Blue Coat for $4.65B.
Update: Bloomberg reports FireEye hired Morgan Stanley to field offers, and "turned down at least two suitors that made offers below its expectations of $30 or more per share." Symantec (NASDAQ:SYMC) was one of the suitors before deciding to acquire Blue Coat. The sale process is no longer active.
FireEye (NASDAQ:FEYE) has acquired iSIGHT Partners, a provider of subscription-based threat intelligence services, for $200M in cash up-front + up to $75M in "cash and equity upon the achievement of a threat intelligence bookings target on or before the end of FireEye's second quarter of 2018."
The acquisition is FireEye's biggest since the company bought endpoint protection and incident-response software/services firm Mandiant at the end of 2013. It's expected to be slightly accretive to 2016 op. income and cash flow. FireEye notes it had $1.17B in cash/short-term investments at the end of 2015.
FireEye, already a major player in the cyber threat intelligence space (see the company's Visa deal), asserts iSIGHT has 250+ cyber threat intelligence experts in 17 countries, and has invested "nearly $100 million over eight years to build out its cyber intelligence capability."
CEO Dave DeWalt: "This acquisition extends FireEye's intelligence lead with an offering no one else in the industry can match." iSIGHT CEO John Watters: "We're bringing iSIGHT together with intelligence teams inside of FireEye and Mandiant that are among the best in the industry, fusing victim-based intelligence with attacker-based, over-the-horizon insights derived from iSIGHT's global cyber-threat ecosystem."
Cisco (NASDAQ:CSCO) could make a bid for storage array vendor NetApp (NASDAQ:NTAP) and threat-prevention hardware/software provider FireEye (NASDAQ:FEYE) in 2016, thinks FBR's Dan Ives. Cisco/NetApp speculation has been around for a while. Meanwhile, Cisco has made several security acquisitions in recent years, and appears to be up for more, but has also launched products that compete with FireEye.
Ives also thinks IBM could bid for machine/log data analytics software leader Splunk (NASDAQ:SPLK) and business intelligence/data visualization software firm QLIK. With a $7.6B market cap and high multiples, Splunk would be a costlier acquisition than IBM's traditional fare.
HP Enterprise (NYSE:HPE), meanwhile, is seen as a potential suitor for both Qlik and enterprise cloud storage/file-sharing leader BOX. And Oracle (NYSE:ORCL) a potential buyer of cloud ERP, HR, and e-commerce software firm NetSuite (NYSE:N). Larry Ellison owns a large stake in NetSuite (more SMB-focused than Oracle), and the company both competes and partners with Oracle.
Microsoft (NASDAQ:MSFT), which has made plenty of acquisitions in the Satya Nadella era, is seen as a potential buyer of database security software and Web app firewall vendor Imperva (NYSE:IMPV), as well as of cloud vulnerability management and compliance software firm Qualys (NASDAQ:QLYS). Symantec (NASDAQ:SYMC), which has signaled it will make security acquisitions after the sale of its Veritas unit closes, is considered a possible acquirer of e-mail/compliance security software provider Proofpoint (NASDAQ:PFPT).
Yesterday: FBR sees improving cybersecurity spend, likes several stocks
Several security tech plays, including ones that were tech sector darlings earlier this year as a torrent of hacking incidents led corporate cybersecurity spend to jump, are selling off on a quiet day for equities.
Major decliners include Palo Alto Networks (PANW -4%), FireEye (FEYE -4.9%), Fortinet (FTNT -4.3%), CyberArk (CYBR -4.8%), Imperva (IMPV -5.3%), Proofpoint (PFPT -3.9%), Qualys (QLYS -2.8%), and Rapid7 (RPD -6.8%).
No major news has arrived to trigger a selloff. Meanwhile, hacking-related stories have continued producing ink in recent weeks. Notable ones: China is reportedly continuing hacking attacks on U.S. firms in spite of a pact that banned government spying on companies; authorities are probing a potential Russian hack of Dow Jones; and ISIS has reportedly tried (without much success) to hack the U.S. electrical grid.
The PureFunds ISE Cyber Security ETF (HACK -1.6%) is down 24% from a June peak of $33.91. YTD, it's only down modestly.
Proofpoint reports earnings after the close, and Fortinet tomorrow afternoon. Qualys reports on Nov. 2, FireEye on Nov. 4,, CyberArk on Nov. 5,, and Rapid7 on Nov. 12,
Update: One potential culprit: Server virtualization software leader VMware is cratering due to its soft Q4/2016 guidance (partly blamed on cloud adoption). A smattering of other high-beta enterprise tech names are also selling off.
Looking to streamline ahead of its PC/printing spinoff, HP (HPQ -0.7%) is selling its Snapfish online photo-printing/storage unit to digital photo fulfillment services firm District Photo for an undisclosed sum. The deal is expected to close in the second half of FY15 (ends in October); Snapfish will continue using HP's printing hardware/software afterwards.
HP bought Snapfish for over $300M in 2005. Reuters reported last September the IT giant was thinking of selling the unit; Bloomberg reported a month later P-E firms had decided to pass. Rival Shutterfly (SFLY -1.1%), also the subject of M&A rumors, is slightly lower today.
Separately, HP has announced it's partnering with threat-prevention hardware/software/services leader FireEye (FEYE +3.5%) to deliver "a comprehensive suite of security remediation services underpinned by FireEye's advanced threat detection, intelligence, methodologies and incident response expertise."
The joint offerings, which will be sold by HP's massive IT services arm, include a global incident response and compromise assessment services from HP and FireEye's Mandiant unit (hired by many firms to probe cyberattacks), and managed threat-protection services that "provide 24/7 security monitoring for indications that a cyber-attack has bypassed traditional technology defenses."
News of the alliance comes a day after FireEye announced a partnership with firewall vendor/HP rival Check Point. FireEye's Q1 report arrives on April 30.
Check Point (CHKP +0.5%) has acquired Hyperwise, a stealth-mode Israeli startup declared to have "developed a unique and cutting-edge CPU-level threat prevention engine that eliminates threats at the point of pre-infection." Calcalistreports the purchase price is $80M.
Check Point asserts Hyperwise's software "provides a higher catch rate of threats and provides organizations an unmatched level of protection against attackers," in part by blocking malware before it become active on a network, and that its CPU-level blocking can stop previously undetected attacks. It will be added to Check Point's Threat Emulation solution, which runs suspect code in a virtual sandbox to determine if it's a malicious.
FireEye (NASDAQ:FEYE), whose virtual sandbox solution has often been praised, is arguably the leader in the threat-prevention space. Next-gen firewall vendor Check Point rival Palo Alto Networks (NYSE:PANW) is also going after the market, aided by technology obtained from startup Cyvera. Corporate interest has been growing rapidly following a string of well-publicized hacks.
Raymond James thinks H-P could acquire FireEye (NASDAQ:FEYE) or Fortinet (NASDAQ:FTNT) to expand its enterprise security position.
Remarks made in H-P's FQ3 CC last week about the presence of "material non-public information" have fueled M&A speculation. UBS named Rackspace as a potential target on Friday, but re/code soon followed up by reporting H-P is still uninterested in the company. The enterprise security space has seen plenty of M&A activity over the last two years.
SA Pro author David Hernandez offered a bullish take on FireEye on Friday, arguing (among other things) the company's threat-prevention platform is differentiated by a superior virtual sandbox for analyzing/executing potentially malicious code.
Palo Alto Networks (PANW -4.2%) is acquiring Israeli cybersecurity startup Cyvera for $200M. The deal is expected to close in 2H14.
Cyvera attempts to prevent zero-day attacks via software installed on Windows endpoints (PCs, servers) that scans for known exploit techniques. The company asserts is solution is superior to alternatives that require a threat to be triggered before action is taken.
The purchase comes on the heels of FireEye's (FEYE -7.1%) purchase of leading endpoint security software/services firm Mandiant; that deal has a value of $1.5B+, after factoring the post-acquisition gains seen by FireEye's shares. Symantec and Cisco's Sourcefire unit also offer endpoint security solutions.
Much as FireEye aims to integrate Mandiant's software/services with its threat-prevention hardware and services, Palo Alto plans to integrate Cyvera's software with its next-gen firewalls and cloud-based security services (e.g. WildFire).
Palo Alto: "Cyvera is an absolute standout. They’ve come up with a completely different approach: one that will forever change the endpoint security industry ... they’ve successfully stopped every published zero-day attack since they first began deploying their product."
Palo Alto bought threat-intelligence startup Morta Security in January. Both Palo Alto and FireEye are selling off on a rough day for tech stocks.
Palo Alto Networks (PANW +4.5%) has bought Morta Security, a cybersecurity startup in stealth mode, for an undisclosed sum. (PR)
Palo Alto asserts Morta's team "brings additional valuable threat intelligence experience and capabilities," and suggests it will help develop (together with Palo Alto's next-gen firewalls and security services) a comprehensive platform for the burgeoning cybersecurity market.
Palo Alto suggests such a platform would mesh security controls, traffic/port/protocol inspection, threat detection and analysis, and automatic policy changes to deal with new and unknown threats, and would thus be superior to traditional point solutions that "address only specific types of attacks, or phases of the attack."
The purchase comes less than a week after FireEye (FEYE) announced the acquisition of leading endpoint security and incident response software/services firm Mandiant for $1B+, with the goal of creating an unmatched cybersecurity platform.
While Palo Alto (naturally) asserts firewalls should act as "the core enforcement vehicle within the network" for cybersecurity, FireEye offers dedicated threat-prevention hardware that interacts with firewalls.
FireEye (FEYE) has acquired Mandiant, a top provider of endpoint security software (protects against threats from remote devices accessing a network), for 21.5M shares (current value of $884M), $106.5M in net cash, and performance incentives. (PR)
Mandiant claims over 1/3 of the Fortune 100 among its customers, and has had its software installed on 2M+ endpoints. The company already has a partnership with FireEye - Mandiant's software can be used to process and investigate security events detected by FireEye's threat-prevention hardware.
Mandiant competes against Symantec (SYMC), which offers endpoint security and incident response solutions of its own. The acquisition broadens the scope of FireEye's offerings for a fast-growing and very competitive cybersecurity market.
In tandem with the acquisition (closed at the end of Q4), FireEye is upping its Q4 revenue guidance to $55M-$57M from $52-$54M (consensus is at $53.6M). Billings are now expected to total $95M-$100M, up from a prior $82M-$86M.
With Mandiant in tow, FireEye now expects 2014 revenue of $400M-$410M, up from prior guidance of $240M-$250M. 2014 billings guidance has been raised to $540M-$560M from $350M-$370M.
FireEye's strong post-IPO performance and lofty multiples may have helped motivate the company to make a big strategic purchase. Shares are halted until 4:35PM ET. CC at 5PM.