Deal: Websense buys PortAuthority
It didn't take long for Websense to figure out they needed to own a leak prevention technology. Only a few weeks after doing an OEM deal with PortAuthority, they decided to acquire the company for $90 million in cash.
The release is here.
Why do the deal only weeks after the OEM is announced? Clearly there was some type of catalyst and given the multiple (which is probably 12-13x 2006 sales) it looks like there was another suitor involved. That is just speculation on my part, but if you are getting the milk, you don't buy the cow. Unless someone you don't like is about to buy the cow. Then you pay double.
From Websense's perspective, they had to do something. Gene Hodges (Websense's CEO) said they were going to start doing small deals, so this is as good a start as any. Their existing customer base is a good place to start pushing this technology and it's a good fit with a content-centric perimeter security strategy. PortAuthority is also software, so it fits well with Websense's existing products.
PortAuthority's technology was also pretty well regarded, especially their ability to accurately fingerprint documents. We'll see how Websense is able to integrate the product into their channels and whether they can keep up with the pace of innovation, since deals usually adversely impact product delivery by 6 months or so.
So what's in it for PA? Basically they get out, and that's a good thing. The leak prevention market is going to get even bloodier next year as leadership is fought over. Partnering up before it gets messy at a valuation that is a pretty big win for the investors and employees is a good holiday gift to all involved.
So it's not even 2007 and the consolidation in leak/extrusion prevention has begun. There is no doubt we'll be seeing more of the same next year.
Mike,
Good call -
Being a practioner in the extrusion prevention industry for over 3 years, and knowing Port Authority quite well - I would like to make two comments.
The multiple was almost 20x 2006 sales.
Port Authority's PreciseID technology is excellent but the product as a network security countermeasure to extrusion is almost worthless - for a number of reasons.
They use a forward proxy, which means that it is trivial to bypass their appliance in about 50 different ways, starting with a simple HTTP GET.
They require scanning Windows file shares which is fine if you have placed all your sensitive files in a limited number of directories which is totally non-scalable, doesn't fit most larger organizations and is like waving a red flag in front of hackers not to mention that their file system scanner is a Windows server with domain read privileges and is vulnerable to a man in the middle attack.
They are dependent on third party software from Verity for file analysis - i.e. they imply but do not have any original IP here, if Verity were ever to change the licensing they would be in a bind.
Since they are based on a proxy - they miss 20-40% of all network traffic which is non-proxied and cannot by definition mitigate non- Windows users which rules out spyware and trojans and Linux/Unix users and people with group domain privileges who can turn off their proxy definitions.
All the best,
Danny Lieberman
www.software.co.il