I Spy With My Little Eye $108MM
I have to admit, when I first read reports of Webroot's recent $108M VC round, I had a serious case of bubble "Deja Vu". "$108MM for a software company?!? What on god's earth are they going to do with that kind of money, paper the walls?" After all, the track record of $100M+ VC rounds for software companies has not exactly been a star-studded one.
A quick look at VentureSource shows that only 3 other Software deals have ever raised more than $90M in a single round of VC funding (Asera, Buildnet, Zaplet) and their track records weren't exactly encouraging: all three either went out of business or were basically sold for scrap.
It'll Be Different This Time
All that said, Webroot, does appear to be cut from a different cloth. First, the company has supposedly been cash flow positive for some time whereas the three other deals were all burning millions of dollars a month. Second, Webroot actually has a very well respected product (the anti-spyware product called Spy Sweeper)that is selling like hotcakes. Finally, I suspect that, given the cash flow positive nature of the company, a large chunk of the money went to buying secondary shares from the existing shareholders (perhaps a former founder or something like that). Buying secondary shares has its own risks, but it's often the only way to get a meaningful piece of an already successful business.
Given these factors, as well as the 1 million+ enterprise seats that Webroot has supposedly sold in just 6 months, I am prepared to say that the chances of Webroot ending up like the other companies in the $100M+ club are pretty remote at this point in time.
There Is This Small Matter of Microsoft Though...
However, one does have to wonder about the wisdom of sinking $108M into anti-spyware software especially given some recent developments in the space. Perhaps the most worrisome development in the space has got to be Microsoft's recent beta launch of its own anti-spyware software. For anyone that hasn't been paying attention to Microsoft in the past 2 years, they have made improving the security of their client operating system their #1 corporate priority. The only way for Microsoft to do this is to heavily integrate three technologies into its core platform: anti-virus, spam control, and anti-spywarre. Whereas in the past Microsoft was content to let 3rd parties (such as SYMC and MFE) deal with these seemingly minor nuisances, they are now not just committed, but almost compelled to enter these spaces with a vengance and deeply integrate these technologies into their platform.
While to date Microsoft's efforts have been underwhelming, they have been methodically laying the foundation necessary to enter the space and have made several acquisitions in addition the anti-spyware vendor, including a new one in the enterprise anti-virus space that they just announced today. Thus, it is clear that any player in the anti-spyware space is going to have to go mano-y-mano with Redmond at some point in the near future. Even though Microsoft's anti-trust handcuffs make it a somewhat less feared opponent than in the past, just ask Netscape about how unwise it is to underestimating the power bundling.
In addition to Microsoft, many of the other major players in the client security business have already made their moves in the spyware space including MFE which announced a product last year and CA which acquired Pestpatrol. Symantec hasn't made any major acquisitions in the space, but it claims to be close to launching its own internally developed platform shortly. With so many of the big players in the space already paired up, that doesn't leave a lot of "outlet receivers" available in the event that Webroot decides to sell out rather than try to go it alone.
Built to Sell
Of course selling out is pretty much the most likely option for Webroot, perhaps the only option. While Spyware is hot, it's not exactly the kind of core enterprise technology that you can hope to build a platform business on; it is simply a very hot niche product that would fit nicely into well established distribution channels, customer bases, and (in some cases, technical architectures) of established enterprise security firms.
I suspect the VCs are well aware of this situation. Indeed it comes as no surprise to see that two of the VCs that invested in Webroot (Accel and TCV), also invested in Brightmail. Brightmail was an anti-spam vendor that was sold to Symantec for $370M in 2004. It should also come as no surprise that these VCs invested in Webroot shortly after Brightmail's former CFO, Mike Irwin (who is great guy), joined Webroot. Thus, the most interesting thing to me about this investment is to speculate on when Webroot will attempt a similar exit and whether or not the founders of Webroot will willingly go along for the ride.
In terms of the founders, after reading their statements about the acquisition I wonder if they really believe that they are going to be able to take a stand alone anti-spyware company public or if they are just dutifully posturing. My guess is that they do believe it and who knows, they actually might be able to get the company public given its rapid growth, keeping it independent once it is public though is another matter. It's hard to comprehend that this company can or should stay independent over the long run given the industry dynamics it is facing and the fact that it is essentially limited to a single niche. Long term they stand no chance against the large integrated players as spyware is really just an extension of a bunch of other client "scanning" technologies to being with (anti-virus, intrusion detection, registry clean-ups, etc.).
Assuming the above is true, the really interesting question about this deal, is just who do the VCs expect that they will sell this company too? I have a few guesses:
1. Symantec: I have to imagine that the VCs have some pretty good intel on how the (already delayed) SYMC anti-spyware product is doing given that they recently sold Brightmail to SYMC. SYMC has shown that it is not afraid to pay up for companies that it thinks are market leaders, so perhaps the VC's figure that SYMC may abandon their internal efforts and simply buy-out Webroot in order to get their anti-spyware efforts back on track.
2. TrendMicro: Trend is the big anti-virus player in Asia (especially Japan) and it is behind the 8 ball when it comes to anti-spyware products having made no major acquisition in the space. Trend does not have the strong track record of acquisitions that SYMC and MFE does, so perhaps they will limit their interaction with Webroot to some kind of OEM deal, similar to what they did for anti-spam techniology with Postini.
3. Intrusion Detection Companies: Depending on the architecture (host or network), Intrusion detection looks a lot like the Enterprise version of Spy Sweeper. Not as much like anti-virus, but close enough. Besides, the Intrusion detection guys have got to figure out an avenue for growth and spyware is one of the better ones to come along in awhile. ISS is the main player here, but many of the other enterprise security players also have intrusion detection products.
If Webroot does not sell out and stubbornly tries to remain independent I suspect it may join the scrap heap of other $100M+ software rounds, but I suspect reason (and the VCs) will prevail and they will sell out, albeit only after the VCs can clearly justify a decent return on whatever price they paid.
P.S. If anyone has any bets on A) who will acquire Webroot B) when and C) for how much, please feel free to post a comment. I will reward the winner with laudatory praise for their investment accumen when the deal actually happens.
Other Articles In This Blog By Topic: Blogs Collaboration Content Managment CRM Database Development Tools EAI ERP Internet Middleware Network Management Open Source Operating Systems Operations Management PLM RSS Security Software Stocks Supply Chain Venture Capital Wall Street Web Services Wireless
The thoughts and opinions on this blog are mine and mine alone and not affiliated in any way with Inductive Capital LP, San Andreas Capital LLC, or any other company I am involved with. Nothing written in this blog should be considered investment, tax, legal,financial or any other kind of advice. These writings, misinformed as they may be, are just my personal opinions.