Yesterday, after markets closed, Websense announced it's intent to acquire SurfControl for about $400 million (Websense press release [1]). On the heels of a decent quarter from Websense, this is a strong move to consolidate the web filtering market and gain exposure to the large (and modestly growing) email security space. As an extra bone, Websense also puts a toe in the water on the content security managed services business (via SurfControl's Black Spider operations).

On the surface, this deal makes sense along a number of strategic fronts:

1. Channels - Websense has traditionally been enterprise focused via a direct model, SurfControl more on the mid-sized business via channels. There is little overlap, though it has been a strategic focus for Websense to go through distribution and more effectively target the mid-market. This obviously accelerates that effort.
   
   
2. Exposure to email security - SurfControl was the first of the web filtering companies to make a significant commitment to email security, and the combined offering (with some innovative packaging) has been modestly successful. The product is not robust enough to compete in the high end enterprise accounts, but for the mid-market it was good enough. This was a big hole in Websense's story that is now patched up.
   
   
3. Exposure to managed services - The trend in the mid-market is more towards managed services for content security. SurfControl bought a UK-based company (Black Spider) last year to go after that market. Their US presence has been minimal, but at least Websense will have an offering.
   
   
4. Geographies - Being a UK company (at least started in the UK), SurfControl has a decent presence in EMEA and that will help Websense further push their international objectives.
   
   
5. They are doing something - Websense was a company going nowhere fast and waiting for ankle biters (like Barracuda) and the high end folks to come and loot their installed base. They definitely had "CheckPoint-itis" for quite a while. So doing something is better than doing nothing, and though this is a big something - the alternative of waiting to become the walking dead didn't look too good either.

So, there is a good strategic rationale for doing this deal, but as always the devil is in the details. Here are some gotchas that jump out at me:

1. Product line overlap - It is not efficient to support to distinct, competitive, overlapping product sets. But to pacify fears on the part of SurfControl's customer base, Websense committed to support the existing product lines for 3 years. That is problematic when one of the key strategies behind the deal were to gain synergies in the market.
   
   
2. On the deal sidelines - Like Secure Computing's acquisition of CipherTrust, this deal is heavily leveraged. By pushing a cash deal, WebSense is killing their cash position (at about $50 million after the deal, it seems a bit low) and taking on debt. The Wall Street guys can comment on the economics, but it clearly will keep Websense out of the acquisition game for 2 years or so. So they are going to play the hand they are dealt and in a business that changes as fast as security - the inability to do deals can be problematic.
   
   
3. Customer retention - There are very low switching costs both on the web filtering and the email security product lines. So SurfControl customers can (and should) look at the market, as opposed to blindly renewing with the new regime. Websense customers should do that too, so there is a lot of risk that the so-called revenue synergies actually mean 1+1 = 1.6.
   
   
4. Channel conflict - Websense has made it a point to buddy up to the channel and those efforts are proceeding, but there is still a lot of acrimony based on past sins. SurfControl plays into a different channel, and reconciling the programs and providing consistency is going to be a challenge.
   
   
5. Lots of balls in the air - Websense has one, very small deal under their belt. Obviously Hodges and Co have done a lot of deals in their past lives, but culturally this is a lot different than PortAuthority. This changes the face of Websense and creates a lot of execution risk.
   
   
6. What about ProofPoint? - When you think about potential partners for Websense, SurfControl wasn't really on the list. For a lot less money (although with IronPort's valuation, all the email security vendors may have an overinflated sense of their own worth), they could have acquired ProofPoint to gain exposure to email security, outbound compliance/encryption, and a largely enterprise oriented customer base. Of course, if the price would have been roughly the same, then they did the right thing - but ProofPoint would have been a cleaner fit.

So you are a Websense and/or SurfControl customer, what do you do? As with anyone that uses web filtering or email security products, you should scan the market every year. This business changes rapidly and you need to make sure your current product reflects your current needs. If anything, this deal creates the impetus to go shopping again.

The channel needs to figure out what the new programs are going to look like, so it's business as usual until the deal closes (probably 4 months at least, since it's an international deal) and then resellers should be pinning down Websense to clearly codify what the new programs are going to look like.

Whether you are a customer or a reseller, understand content security is a VERY VERY VERY competitive business and you have options. If you don't like what you hear from Websense, then go find something else. There is a lot of stuff to pick from.