WebSense

Yesterday, after markets closed, Websense announced it's intent to acquire SurfControl for about $400 million (Websense press release). On the heels of a decent quarter from Websense, this is a strong move to consolidate the web filtering market and gain exposure to the large (and modestly growing) email security space. As an extra bone, Websense also puts a toe in the water on the content security managed services business (via SurfControl's Black Spider operations).

On the surface, this deal makes sense along a number of strategic fronts:

1. Channels - Websense has traditionally been enterprise focused via a direct model, SurfControl more on the mid-sized business via channels. There is little overlap, though it has been a strategic focus for Websense to go through distribution and more effectively target the mid-market. This obviously accelerates that effort.
   
   
2. Exposure to email security - SurfControl was the first of the web filtering companies to make a significant commitment to email security, and the combined offering (with some innovative packaging) has been modestly successful. The product is not robust enough to compete in the high end enterprise accounts, but for the mid-market it was good enough. This was a big hole in Websense's story that is now patched up.
   
   
3. Exposure to managed services - The trend in the mid-market is more towards managed services for content security. SurfControl bought a UK-based company (Black Spider) last year to go after that market. Their US presence has been minimal, but at least Websense will have an offering.
   
   
4. Geographies - Being a UK company (at least started in the UK), SurfControl has a decent presence in EMEA and that will help Websense further push their international objectives.
   
   
5. They are doing something - Websense was a company going nowhere fast and waiting for ankle biters (like Barracuda) and the high end folks to come and loot their installed base. They definitely had "CheckPoint-itis" for quite a while. So doing something is better than doing nothing, and though this is a big something - the alternative of waiting to become the walking dead didn't look too good either.

So, there is a good strategic rationale for doing this deal, but as always the devil is in the details. Here are some gotchas that jump out at me:

1. Product line overlap - It is not efficient to support to distinct, competitive, overlapping product sets. But to pacify fears on the part of SurfControl's customer base, Websense committed to support the existing product lines for 3 years. That is problematic when one of the key strategies behind the deal were to gain synergies in the market.
   
   
2. On the deal sidelines - Like Secure Computing's acquisition of CipherTrust, this deal is heavily leveraged. By pushing a cash deal, WebSense is killing their cash position (at about $50 million after the deal, it seems a bit low) and taking on debt. The Wall Street guys can comment on the economics, but it clearly will keep Websense out of the acquisition game for 2 years or so. So they are going to play the hand they are dealt and in a business that changes as fast as security - the inability to do deals can be problematic.
   
   
3. Customer retention - There are very low switching costs both on the web filtering and the email security product lines. So SurfControl customers can (and should) look at the market, as opposed to blindly renewing with the new regime. Websense customers should do that too, so there is a lot of risk that the so-called revenue synergies actually mean 1+1 = 1.6.
   
   
4. Channel conflict - Websense has made it a point to buddy up to the channel and those efforts are proceeding, but there is still a lot of acrimony based on past sins. SurfControl plays into a different channel, and reconciling the programs and providing consistency is going to be a challenge.
   
   
5. Lots of balls in the air - Websense has one, very small deal under their belt. Obviously Hodges and Co have done a lot of deals in their past lives, but culturally this is a lot different than PortAuthority. This changes the face of Websense and creates a lot of execution risk.
   
   
6. What about ProofPoint? - When you think about potential partners for Websense, SurfControl wasn't really on the list. For a lot less money (although with IronPort's valuation, all the email security vendors may have an overinflated sense of their own worth), they could have acquired ProofPoint to gain exposure to email security, outbound compliance/encryption, and a largely enterprise oriented customer base. Of course, if the price would have been roughly the same, then they did the right thing - but ProofPoint would have been a cleaner fit.

So you are a Websense and/or SurfControl customer, what do you do? As with anyone that uses web filtering or email security products, you should scan the market every year. This business changes rapidly and you need to make sure your current product reflects your current needs. If anything, this deal creates the impetus to go shopping again.

The channel needs to figure out what the new programs are going to look like, so it's business as usual until the deal closes (probably 4 months at least, since it's an international deal) and then resellers should be pinning down Websense to clearly codify what the new programs are going to look like.

Whether you are a customer or a reseller, understand content security is a VERY VERY VERY competitive business and you have options. If you don't like what you hear from Websense, then go find something else. There is a lot of stuff to pick from.

It didn't take long for Websense to figure out they needed to own a leak prevention technology. Only a few weeks after doing an OEM deal with PortAuthority, they decided to acquire the company for $90 million in cash.

The release is here.

Why do the deal only weeks after the OEM is announced? Clearly there was some type of catalyst and given the multiple (which is probably 12-13x 2006 sales) it looks like there was another suitor involved. That is just speculation on my part, but if you are getting the milk, you don't buy the cow. Unless someone you don't like is about to buy the cow. Then you pay double.

From Websense's perspective, they had to do something. Gene Hodges (Websense's CEO) said they were going to start doing small deals, so this is as good a start as any. Their existing customer base is a good place to start pushing this technology and it's a good fit with a content-centric perimeter security strategy. PortAuthority is also software, so it fits well with Websense's existing products.

PortAuthority's technology was also pretty well regarded, especially their ability to accurately fingerprint documents. We'll see how Websense is able to integrate the product into their channels and whether they can keep up with the pace of innovation, since deals usually adversely impact product delivery by 6 months or so.

So what's in it for PA? Basically they get out, and that's a good thing. The leak prevention market is going to get even bloodier next year as leadership is fought over. Partnering up before it gets messy at a valuation that is a pretty big win for the investors and employees is a good holiday gift to all involved.

So it's not even 2007 and the consolidation in leak/extrusion prevention has begun. There is no doubt we'll be seeing more of the same next year.

So it looks like most of the public security companies will make Wall Street expectations this quarter. Except Websense. After the market close, Websense announced a light quarter (link here) from a bookings standpoint, though they did hit revenue and earnings numbers. I had previously covered their Q1 miss (link here) and mentioned how important it was to make the Q2 number.

I'm of the opinion that Websense's business is sick, even if the Street doesn't think so (as evidenced by the slight raise in WBSN after hours). I continue to hear a lot of back chatter from my industry contacts. Competition is getting harder, the lack of a legitimate appliance platform is also hurting, as well as emerging competition from managed services like ScanSafe.

Websense tries to explain away the shortfall because they are changing their distribution model and other sales execution issues. Here is CEO Gene Hodges quote:

"Our second quarter billings performance reflected continued transition to a pure channel distribution model, which resulted in challenges generating new business outside our renewal base, especially in North America," said Gene Hodges, president and CEO of Websense. "We believe our market opportunity remains strong and the actions we have taken will generate continued growth over the long term."

Sorry, I don't buy it. Because you are transitioning to a channel model, your existing sales force doesn't have to sell anything to new customers? That's a load of crap.

I've navigated the treacherous waters to pure channel distribution and it doesn't go down like that. What happens is that you give the new deals to the channel in good faith. But to be clear, there are still new customers and new deals. The transition does usually involve a revenue hiccup because you are taking the VAR margin off the revenue line - which you don't have to pay when you take a deal direct.

But what you don't say is that you are having trouble generating new demand. That means either the market has slowed down or you are losing deals because the product is no longer competitive, either on the functionality or pricing side. I've navigated those waters as well and both options are very painful and take at least a year to fix. On the conference call, Hodges said that prices are holding, but when your customers feel trapped (or are too lazy to switch), they continue to pay for renewals. Again, I know this from personal experience.

And they continue to believe moving to a 2-tier distribution model will help them get to the SMB market. I'm skeptical because big enterprise software is not easy to sell, especially when there are lower cost competitors that target that market.

These folks feel like Check Point more and more. Very interesting and large client base, but little technical differentiation and no real strategy. At least Check Point didn't piss off their channel.

This may be getting a bit ahead of the things, but I think Websense is now an acquisition target. If only for their customer base, they've got to be interesting to a company like CA, Symantec or even Check Point. Though I'd expect any potential suitor to wait for another quarter or two for things to get really stinky since it would still cost over a billion to take these guys out. 

In the first of the preliminary earnings misses, both Websense and Entrust announced the fact that they'll be light from a revenue standpoint this quarter. Websense is down about 10% this morning, indicating that it wasn't a huge surprise. Huge surprises take 30% haircuts.

Welcome to the party Gene Hodges, Websense's new CEO. His timing seems to be perfect. NOT! They are blaming sales execution issues, so expect some public executions in the sales force quickly. There always needs to be a fall guy/gal. Should Websense customers be worried? Not yet. They are still the clear leader in the web filtering business, the question is just whether this is the law of large numbers kicking in, or whether they are losing to more aggressive competitors. They do mention that price points are holding, so that's a good sign.

There is also a chance that Hodges is using this quarter as his opportunity to clear the decks. That's pretty common when there is a new sheriff in town. You blame the former regime while you're still in the honeymoon phase and you sweep lots of stuff under the rug. Of course, you only get to do this once, so everyone will be watching to see if this is systemic or a one-time thing in Q2.

Entrust is a bit more problematic. It's not like these guys have been a market leader in anything since PKI fell from grace as the bubble burst. But they couldn't close deals and their "new" products didn't yield the deal sizes they need. Starting to sound like a candidate for the "Hall of the Walking Dead." I'll be watching for that.

We'll also see if there are more pre-announcements over the next few weeks. Early indications are that many of the start-ups had relatively strong quarters.

Of course, we'll get a lot more information about these misses when the company formally announces results in a few weeks.