(Editors' Note: This article covers a stock that is trading at less than $1 per share and/or has less than a $100 million market cap. Please be aware of the risks associated with these stocks.)
Commtouch: an obvious acquisition target
Commtouch (CTCH) is a small Israeli company which provides email security, virus protection, and URL filtering solutions. The company has been public since the late 1990's, originally providing Web-based email service, then moving on to email security in early 2000's, and finally to a full-suit security solution in last two years. Seeking Alpha's Helix Investment Research has already provided good coverage on Commtouch, explaining why next year revenue and net income should improve. I have no intention to repeat the analysis and valuation thesis with which I generally agree. Instead, I want to look at the value of this micro-cap company to much larger "cloud" players, who could buy Commtouch for pocket change, but realize tremendous value for their businesses. As an excellent acquisition target, it deserves a significant premium to its "intrinsic value." Having a small shareholder base with a strong insider control and low institutional ownership, I expect Commtouch to hold out for a truly premium price of at least 80% above its current trading price.
Commtouch has a unique "private label" business model (or "white label" in their lingo). Instead of marketing a "Commtouch" suite of products which would have to compete head-to-head with security giants such as Symantec (SYMC), they sell their services exclusively through third parties, many of which are anti-virus companies themselves (such as McAfee and WebSense). When one uses Google's (GOOG) Gmail, the email anti-virus is integrated with Commtouch Software Development Kit (SDK) - a set of software libraries which becomes integrated into Gmail software. Today, Commtouch estimates that 25% of all email vendors are using its products.
Commtouch is very relevant and valuable for two reasons: its strong intellectual property, protected by patents, and its "network effect" of being able to collect security threat information from a large installed base. It's important to be first to get information on ever-changing Internet Protocol addresses ((IPs)) used to send spam email or new URLs which may lead to malware.
According to Commtouch, its proprietary Recurring Pattern Detection algorithm is capable of very quickly identifying new email threats:
"RPD is based on identifying recurrent patterns of email-borne malware. The product operates by analyzing SMTP traffic in real-time, using massive amounts of data collected at different key points over the Internet to achieve a representative sample of worldwide traffic. This way, new email-borne malware outbreaks can be detected as soon as they are distributed. RPD is content-agnostic and is focused on extracting and analyzing patterns in the message envelope during the SMTP session and in the message header and body. Thus, it can capture any type of attack that carries the characteristics of a massive outbreak, regardless of its payload, in any language, message format, and encoding type."
Other Internet security companies, such as McAfee and WebSense, are relying on Commtouch technology. Typically, Commtouch gets a 1-2% revenue cut for licensing its SDK.
There are three main lines of business:
Email Spam Detection (Source: Commtouch presentation):
(click to enlarge)
Anti-virus (Source: Commtouch presentation):
(click to enlarge)
"Bad" URL filtering (Source: Commtouch presentation):
(click to enlarge)
The most important feature, and Commtouch's competitive edge, is its ability to be the first to identify a virus outbreak via email. Commtouch extracts email header and other metadata to quickly assess based on heuristics which emails match a "virus pattern." For example, within hours of the Boston Marathon bombing, Commtouch was able to quarantine emails, which purported to have links to a Web site showing the bombing photos, when in reality the links led to a virus-infected site.
Commtouch strategy
The original Commtouch was a high-flying Web-based email provider in the late 90's, which not only failed to turn up a profit but even failed to generate any significant revenue. This didn't prevent its stock price from rising into the stratosphere, hitting $200 a share at one point in 2000.
While Commtouch did change its focus after the dot.com crash from providing email to providing email security, it was floundering by 2005, needing a $3 million private investment by Aviv Raiz to maintain its NASDAQ listing. Today, Raiz is the largest, and essentially controlling, shareholder with over a 20% stake.
The equity price has been volatile but declined over past 3 years
(click to enlarge)
Eventually, Commtouch improved its product offerings, grew its revenue, and became quite profitable.
Revenue has been growing but earnings have declined
(click to enlarge)
Change in direction in 2010
After several years of steady revenue growth, Commtouch couldn't grow any more by providing only email security for PCs. It decided that it needed to broaden its product suite by also offering anti-virus software and by making its technology cloud-based in order to reach out to medium and small businesses who have multiple users on and off-site in addition to selling through large OEMs.
It made three critical but expensive acquisitions: the Command anti-virus division of Authentium in September 2010 for a total of about $8 million; the international anti-virus division of Iceland's FRISK Software for an undisclosed amount in August 2012; and, finally, Germany's Eleven GmbH, a Security-as-a-Service (SecaaS) email security solution provider for about $11.3 million. As if the acquisition of companies from three countries wasn't a challenge enough, the company also moved its headquarters from Israel to Virginia, replaced its management and restructured its labor force.
While the acquisition immediately contributed to revenue, it also saddled Commtouch with significant but temporary acquisition, integration, and restructuring costs. The company has not shown a GAAP profit since 2012 while its balance sheet took a hit.
It's very uncommon for a profitable public company to drastically change direction from being a slowly growing "cash-cow" to the fast growth but unprofitable firm without going private as it usually leads to a shareholder revolt. (The only example I can think of is Amazon (AMZN), where CEO Jeff Bezos controls the stock and the shareholders are euphoric). I can only speculate that the company's largest and, for all purposes, controlling shareholder, Aviv Raiz, approved or perhaps even engineered this move (he has yet to sell any significant amount of equity in 8 years). For last two years, Commtouch essentially was run as a levered-up firm taken private to restructure its business.
The key event for the company has happened this month: it launched a cloud-based platform, which moved Commtouch from supplying SDK to be integrated by email providers to a product easily configurable on-line without any integration hassle. It has finally integrated all its acquisitions in one suite of products.
The company believes that this is a watershed moment as it will allow it to sell its products to small and medium size businesses which may have multiple "virtual" offices as well as employees working from home. A properly configured laptop or mobile device will be protected at all times from malware and "trojans" ensuring that a virus cannot be downloaded at home only to be spread to the corporate network.
New Model (Source: Commtouch presentation):
(click to enlarge)
The new model should allow Commtouch to capture new business very quickly as it requires no software-level integration. It also makes it an incredibly attractive acquisition to larger software companies as they can use Commtouch service blue-chip user-base to upsell or bundle other products.
Commtouch is not unique in providing a security cloud service; anti-virus giant Symantec also has a comprehensive cloud suite of products. However, with Commtouch already owning a leadership position in email security (25% market share, including Gmail), a new cloud product can be a real game-changer for such a small company.
Recent M & A in software security industry
While the software security industry is very acquisitive (including Commtouch), many companies are private, so the number of recent "comparables" is limited. I found two relatively recent acquisitions of similar companies in McAfee and Stonesoft as well as two examples of public companies taken private: WebSense and Blue Coat Systems.
The deals had a much higher premium than the 33.8% merger average (Source: Mergestat/FactSet):
(click to enlarge)
So why do security software companies command a much higher premium than other software companies in M&A transactions? The explanation is rather simple: security software is revenue-scalable. It has fixed R&D and maintenance costs, no manufacturing costs, and declining sales and marketing costs over a larger revenue, so the margins significantly increase when the revenue goes up. When a large company, such as Intel, buys a smaller company, it can justify a very high premium by immediate synergies of utilizing its already existing sales channels with little additional costs. Since Commtouch has one long-term shareholder, Aviv Raiz, holding over 20% of outstanding shares, it will take a much larger premium to force him to sell than it would for typical institutional shareholders, which hold only 10% and usually are happy to sell at a standard 30% premium.
Institutional holding is small and insiders control the board (Source: FactSet)
(click to enlarge)
It would be very difficult to handicap the exact premium over the market price Commtouch can ask to be acquired, but I would guess that the premium would be closer to that of Stonesoft rather than those of much larger comparables. If I were Commtouch, I would not sell for anything less than 80% current enterprise value premium (a rough midpoint between a small Stonesoft and its much larger comps).
Possible acquirers
Let's see what companies may be most interested in buying Commtouch.
Microsoft (MSFT):
Most computer viruses today are associated, perhaps unfairly, with Microsoft products. Being a dominant enterprise system which offers a full suite of cloud-based products - Office 365, Outlook/Hotmail, Dynamics CRM, SkyDrive, etc. - Microsoft can greatly benefit from bundling Commtouch solution with its enterprise offerings. This would allow keeping its customers faithful to Microsoft products instead of trying to pick the "best-of-breed."
Intel (INTC):
Intel has already purchased McAfee, which relies on Commtouch for its email security. While I am still questioning why a semiconductor company decided to get into the Internet security business, buying Commtouch would be a natural progression of its Internet security expansion, especially since its McAfee subsidiary is already relying on Commtouch technology.
Checkpoint (CHKP):
Checkpoint is one of the largest software security companies in the world. It has excellent VPN and network security products, but it's lagging its competitors Symantec and Trend Micro (OTCPK:TMICF) in email security and anti-virus solutions. Just like McAfee, Checkpoint is already relying on Commtouch products. Having bought Commtouch, Checkpoint would have to spend little effort to integrate it. Checkpoint is also very acquisitive having bought seven companies in last 10 years.
Cisco (CSCO):
Cisco's main business of selling routers and switches is slowing down. If I were Cisco, I wouldn't see Commtouch as a natural fit, but then again the company is known for making head-scratching acquisitions (Linksys, Flip) and has billions of cash to burn. It could also allow it to bundle software security solutions with its hardware.
IBM (IBM) and Hewlett-Packard (HPQ):
Both companies are trailing leaders Amazon and Google in cloud-computing. They work hard to promote private clouds or hybrid cloud solutions, which would allow them to sell their software and enterprise services as opposed to just selling its infrastructure. Commtouch is a private cloud Internet security solution with a large installed base which would help them to sell integrated cloud solutions.
Conclusion
Commtouch took an unorthodox path to taking the company to "the next level." Instead of going private, the company publicly restructured its profitable business, while incurring multi-year losses, to become a provider of a comprehensive suite of Internet security services. The new solutions have just been released, after a long period of beta-testing, and should start adding to the top and bottom line next year.
I believe that Commtouch is set up to be sold next year, probably at a hefty premium of at least 80%.
Disclosure: I am long CTCH. I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it (other than from Seeking Alpha). I have no business relationship with any company whose stock is mentioned in this article. (More...)
This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers.
Aucun commentaire:
Enregistrer un commentaire