December 16, 2004

Symantec-Veritas Merger – Major Shift in Strategy a Smart Move for Both Companies

Symantec Merger with Veritas
With the purchase of Veritas by Symantec announced this week, Merger Madness charges toward Christmas encouraging us all to compare the relative fortunes and merit of each. So, in what in my view is the most strategic of the deals so far, the $13.5 billion transaction creating the world's fourth-largest software vendor behind Microsoft, SAP and Oracle. Lack of a common technology platform for data management and integration means the merger of technology assets will take a lot longer than the financial ones, but operating synergy can probably be squeezed from its sales channel in the meantime, despite "information integrity" being so far off in the future. Symantec's 30-plus percent growth rate makes this look like a more strategic, offensive move, but with Microsoft likely to bundle antivirus on its desktop in the first half of 2005, Symantec could lose as much as 50 percent of its revenue stream, making the more modest 17% growth of Veritas less of a drag to take on.

But this deal was far from unpredictable - Symantec has long tried to begin applying security principles to storage, first by attempting to buy VMware (eventually bought by EMC) and then following through with the purchase of PowerQuest. And, Symantec has been shoring up its security-software portfolio since the summer of 2002 when the company started a shopping spree that continues here today, acquiring managed-security services provider Riptech for $145 million, intrusion-detection software maker Recourse Technologies for $135 million, and threat-management and security-intelligence provider SecurityFocus for $75 million. The company also acquired security-management software maker Mountain Wave for $20 million in cash that year. Just last week Symantec acquired Platform Logic to strengthen it's weak spot in host-based intrusion prevention and also recently acquired application security consulting firm @stake, as well as anti-spam vendors TurnTide and Brightmail.

Plus, with Microsoft's most serious tactical threat to its platform dominance arising from security questions, getting into the antivirus market would seriously impact Symantec's consumer-driven revenue base. It's been happening already - the Windows XP operating system equipped with Service Pack 2 provides more security features, including a pretty good firewall, than any of Microsoft's other operating systems. Then Thursday, Microsoft acquired anti-spyware company Giant Company Software for an undisclosed sum to build anti-spyware capabilities into its Windows operating system.

From the Press Release:

    The leader in storage software and the leader in security software will provide enterprise customers with a more effective way to secure and manage their most valuable asset, their information. The combined company will be uniquely positioned to deliver information security and availability solutions across all platforms, from the desktop to the data center, from consumers and small businesses to large organizations and service providers.

    The combined company will operate under the Symantec name. John W. Thompson, Chairman and Chief Executive Officer of Symantec, will continue as Chairman and CEO of the combined company. Gary L. Bloom, Chairman, President and Chief Executive Officer of VERITAS, will be Vice-Chairman and President of the combined company. The board directors of the combined company will include 6 members of Symantec's current board and 4 from VERITAS' current board for a total of 10 members.

    "Customers are looking to reduce the complexity and cost of managing their IT infrastructure and drive efficiency with fewer suppliers," said John W. Thompson, Chairman and CEO, Symantec. "The new Symantec will help customers balance the need to both secure their information and make it available, thus ensuring its integrity. We believe that information integrity provides the most cost-effective, responsive way to keep businesses up, running and growing in the face of system failures, Internet threats or natural disasters."

    "Our customers have told us that one of their most critical needs is to enable 24x7 access to information. At the same time, they must maintain tight security, comply with all regulatory requirements and operate within their existing budget constraints," said Gary L. Bloom, Chairman, President and CEO of VERITAS Software. "Through our unique portfolio of solutions, Symantec and VERITAS are best positioned to address the ever-growing needs of our customers. Based on IDC data, the total market opportunity for the combined company today is approximately $35 billion and is expected to grow to $56 billion by 2007."

    By merging with VERITAS, Symantec will expand its combined revenue base and create an entity with significantly greater financial scale and resources. The aggregate revenue of the combined company is expected to be approximately $5 billion for fiscal year 2006, which begins in April 2005 and ends in March 2006. Approximately 75 percent of the revenue of the combined company is expected to come from the enterprise business and 25 percent from the consumer business. In addition, the combined company will have approximately $5 billion in cash.

The deal will integrate Symantec’s expertise in security, including virus protection, firewall software, and intrusion prevention, with Veritas’ expertise backing up corporate data. In an interview before the Symantec-Veritas deal was announced, Vincent Weafer, Symantec’s senior director of development for the security response division, said the company has been working with partners for some time to develop a unified response to digital threats. “If we saw cyber activity increase, we could dynamically increase the frequency of backups,” said Mr. Weafer.

For Veritas, the deal represents an opportunity to escape a difficult financial history. In 2002, the company restated its revenues and earnings after an internal audit showed its CFO had lied about when expenses occurred and when sales representatives were compensated. The restatement kept Veritas from filing its annual report on time and its stock took a hit.

Although Veritas’ recent earnings have been solid at $470 million on almost $2 billion in annual revenues, analysts worry the company may face increasing market pressure and have trouble growing. In January, Veritas bought Ejasent, a file-management company, for $59 million. In July, it acquired IT automation company Invio for $35 million, and in September, Veritas purchased email archiving company KVault Software for $225 million. Last year the company shelled out $537 million for Precise Software Solutions to augment its data collection capabilities. “It’s probably good technology, but it doesn’t generate a lot of revenue yet,” Dan Cummins, an analyst at UBS Cummins, said of the Precise acquisition.

Problems integrating new technology, along with price competition from EMC, gave Veritas good reason to flirt with potential acquirers. “If you want to get into the storage software business, you either buy Veritas or you’re out,” said Nitsan Hargil, an analyst at Friedman, Billings, Ramsey, & Co. “There’s no halfway to play this.”

ComputerWire had another perspective from an interview with a Symantec exec:

    In an interview with ComputerWire, Symantec senior vice president for global technology and corporate development, Ajei Gopal, said that, "Veritas is a trusted brand in the enterprise, and so is Symantec. Exactly how we brand [the acquired Veritas products] going forward has not been worked out. What I can say is that we will aim to build on the brand value. If you look historically, for example when we acquired BrightMail we called it Symantec BrightMail and we still do."

    Asked whether there is likely to be a significant headcount reduction when the deal closes - likely to be in the second quarter of 2005 - Gopal would say only that, "Both companies are of approximately the same size and scale. We expect to take advantage of the skills of both companies, and in fact we would expect to be able to continue to grow the company. This is not a merger based on the goal of the elimination of cost. It is a deal done for strategic reasons."

    One possible conclusion to be drawn from the move is that Symantec is aiming to become more of an infrastructure management company, managing not only security and storage but systems too. It already has some capability in this area thanks to its acquisition of On Technology Corp in October 2003, and it will soon also be able to draw on the provisioning and applications management technology that Veritas acquired by buying Jareva Technologies and Precise Software.

    Moving in this direction of course leads it into a head to head battle with the systems management vendors such as IBM-Tivoli, HP, Computer Associates, NetIQ and Evidian. Of these, Computer Associates has the broadest portfolio so far, thanks to its eTrust security management; BrightStor storage; Unicenter enterprise management; CleverPath portal and business Intelligence; AllFusion life cycle management and Advantage data management and application development product lines.

    So is Symantec on the road to building out its capability in all of these areas, and in particular building upon its On Technology acquisition in the systems management space? "I think the way to think of this is as an evolution," said Gopal. "We needed to take the company from security into availability, in effect to start to do data integrity. That action is not complete. It is far from complete. But our immediate goal is to absolutely deliver on the promise, and that means our immediate focus is on integration [of Veritas, once the deal closes]. When it all passes compliance and so on we think it will close in April '05. There is a lot of work to be done [on integration]. We need to make sure that we deliver the deal to the marketplace. That means integration."

This deal is a capstone of sorts to Symantec's positioning of itself as a consolidator in the security industry more broadly. Its antivirus software has been a consumer staple, but Thompson has sought to make the company a provider of a broad range of security technologies to corporations, largely through acquisitions. This purchase significantly diversifies the company and helps position Symantec for an emerging competition with a host of technology giants that have been showing increasing interest in the high-growth computer security market, from Microsoft to IBM to Cisco. Their interest reflects their customers' need for tighter defenses amid a rise in attacks and government regulations requiring data security.

Veritas would bring data management pieces that would help Symantec make a case that it can provide companies with a broad set of the security technologies they need today. "It really helps them redefine what the company does and what enterprise security is all about," said Richard Parower, co-manager of the Seligman Global Technology Fund, which owns shares in both Symantec and Veritas. "Stopping attacks is important, but what it comes down to is you want your data to be secure and available all the time."

This new drive for enterprise security has created the IT "assurance" market, where software companies provide products and services that assure availability in a hostile business environment. This concept also could take Symantec to terrain such as data encryption and identity management, or even physical security systems. One other company is pursuing a similar strategy, but from the opposite direction. Computer Associates International has been bulking up its security offerings lately, having last month completed its acquisition of Netegrity, an identity and access management software maker.

The buyout is also attractive to Veritas, as the company is facing tough competition from larger rivals CA and EMC and looking increasingly lonely as the enterprise software industry consolidates. They couldn't continue to be as dependent on the backup business and really needed to grow beyond it; $13.5 billion is apparently the right price to give up going it alone.

Long-range, by putting together the system-management pieces that Symantec and Veritas have acquired recently, together the companies hope to create a dominant presence in the market that would allow them to compete effectively with the likes of IBM, HP, EMC and CA. But, as in all such mega-deals, it comes down to execution - and Symantec is only about average in its track record of successful integrations - back in 2000, when the company acquired firewall, VPN, and intrusion-detection vendor Axent Technologies for $975 million, most of those products just disappeared.

Of course, the stakes are a lot higher for all involved here - and if they can make it succeed, they may just have transformed the security and storage market forever. It essentially proves what users have been saying for quite some time - that traditional perimeter-based security leaves the crown jewels of the corporation vulnerable to compromise when they're inside the firewall spinning around on disk drives. Once completed, this merger may be the proof the industry needs that storage and information security themselves are merging.

- Arik

Posted by Arik Johnson at December 16, 2004 05:03 PM | TrackBack