IT Security IPOs On Tap

The upcoming public debuts of four companies is a sector positive, but maybe not yet for investors.
Author:
Publish date:

After a drought that lasted nearly three years, initial public offerings from the IT security sector are ready for their comeback.

This year, at least four private security companies are likely to go public, two of which --

Upek

and rival

AuthenTec

-- have already filed their registration statements with the

Securities and Exchange Commission

.

But these security companies, largely makers of niche products and each having revenue under $100 million, may not be attractive enough to investors who are looking for big bets, say some industry experts. Additionally, Upek and AuthenTec are not profitable.

Upek, which makes the kind of fingerprint sensors that are widely found in notebook computers, filed its S-1 in May to raise approximately $86 million; AuthenTec said in March that it will raise about $56 million.

Meanwhile, waiting in the wings are

Postini

, a spam-filtering and email archiving services company, and security management company

ArcSight

, both said to have hired investment bankers to take them public in the next few months.

"An IPO is no longer off-limits to IT security companies," says Nick Selby, senior analyst and director of the enterprise security practice at industry research organization, The 451 Group.

At the

"same time last year, we wouldn't be thinking of having this discussion," Selby says.

Another security company,

Sourcefire

(FIRE)

, may have helped kick off the IPO trend.

Sourcefire, which uses an open source-based technology called Snort to detect and prevent intrusions on corporate networks, saw its shares go up more than 7% on its Wall Street

debut in March.

But

the company's missteps have since led the stock down nearly 20% from its high of $18.83. Sourcefire was up 46 cents, or 3%, to $15.58 midday Thursday.

Still, Sourcefire's successful debut has likely planted a seed.

"The equity markets are doing well, and security continues to be a high-priority consideration among customers," says Frederick Ziegel, an analyst with Soleil Mackinac Research.

However, the current crop of IT security's public market debutants could disappoint investors looking for high-growth plays. The companies just don't have a broad enough portfolio of products to capture a large swath of the market.

"The reality is there is nothing truly groundbreaking and innovative in security-information protection out there," says Mike Rothman, founder of Security Incite, an independent research and consulting firm.

"Most of them are taking incremental steps forward, and the whole business is brutally competitive," Rothman says.

Taking off the luster is also the fact that the two biometric security companies clamoring for investor attention are not yet profitable.

Upek posted a loss of $20.72 million on revenue of $53.7 million in 2006, up from a loss of $8.56 million on revenue of $30.1 million the year before.

AuthenTec posted a loss of $9.8 million on revenue of $33.2 million in 2006, compared with a loss of $11.1 million on revenue of $19.2 million in 2005.

Compare that with another upcoming IPO,

VMware

, a spinoff from storage company

EMC

(EMC)

.

VMware's virtualization technology allows for multiple operating systems to run side-by-side on a single machine, which helps customers save on and use hardware more efficiently.

VMware posted net income of $87 million on revenue of $704 million in 2006.

"None of the upcoming offerings are the next VMware," says Rothman. "You are not likely to see 70% to 80% growth out of them."

But investors would do well to keep in mind that the biggest IT security plays today, such as

Symantec

(SYMC) - Get Report

and

McAfee

(MFE)

, started as small, focused companies and grew inorganically, says Selby.

"Companies like Postini and ArcSight are not as niche as they would seem at first blush," he says. "They may have started with one segment of the market, but they can extend themselves as they grow -- much like Symantec and McAfee did over the years."