Access Management , Digital Identity , Governance & Risk Management

Identity Firm SailPoint to Be Bought by Thoma Bravo: $6.9B

The 6th-Largest Deal in Security History Will Expand Thoma Bravo Cyber Footprint
Identity Firm SailPoint to Be Bought by Thoma Bravo: $6.9B

Private equity giant Thoma Bravo has agreed to purchase enterprise identity security powerhouse SailPoint for $6.9 billion in the sixth-biggest cybersecurity acquisition of all time.

See Also: Maximize Risk Reduction with an Identity Security Approach

The Austin-based company said the proposed acquisition will give SailPoint the flexibility needed to support its customers, expand its markets and accelerate innovation. SailPoint also expects to benefit from San Francisco-based Thoma Bravo's operating capabilities, capital support and deep software expertise. The deal is expected to close in the second half of 2022.

"Identity security is core to cyber security and businesses have realized that to fuel business growth and success, they must start with identity as the foundation for secure business transformation," SailPoint CEO Mark McClain says in a statement. "We've experienced rapid growth and see a tremendous opportunity ahead of us to continue to set the pace in the identity security market as category leader."

Under the terms of the deal, SailPoint shareholders will receive $66.25 per share in cash, representing a 48% premium over the company's 90-day volume-weighted average price. The company's stock is up $14.87, or 29.99%, to $64.46 per share in premarket trading Monday. That's the highest SailPoint's stock has traded since the company first went public in November 2017.

The transaction includes a "go-shop" period expiring at 11:59 p.m. EDT May 16, allowing SailPoint's board to terminate the proposed acquisition by Thoma Bravo and enter a better proposal from another suitor should an offer materialize. Wedbush Securities analyst Dan Ives says the deal is a "smart strategic move" for Thoma Bravo given the importance of cybersecurity and continued presence of remote work.

"SailPoint is ideally positioned to capitalize on the large and growing demand from modern enterprises for robust identity security solutions that secure their business," managing partner Seth Boro says in the statement from Thoma Bravo. "Their market-leading identity security platform provides the autonomous and intelligent approach that the market requires today, especially among larger enterprises."

The 6th-Largest Deal in Security History

This is the sixth-biggest cybersecurity deal of all time, behind Advent and Permira's $14 billion buy of McAfee in March 2022, Thoma Bravo's $12.3 billion purchase of Proofpoint in August 2021, Broadcom’s $10.7 billion acquisition of Symantec's enterprise business in November 2019, NortonLifeLock's $8.6 billion buy of Avast proposed in August 2021 and Intel's $7.6 billion buy of McAfee in February 2011.

SailPoint's revenue surged to $439 million in 2021, up 20% from $365.3 million the year prior. The company's net loss increased to $61.6 million, or $0.67 per share, 473% worse than the net loss of $10.8 million, or $0.12 per share, SailPoint recorded in 2020. Thoma Bravo executives weren't immediately available for additional comment, while SailPoint didn't immediately respond to a request for comment.

The company has expanded aggressively in recent years via acquisition. SailPoint in March 2021 bought ERP Maestro for $28.1 million to help clients identify potential insider conflicts for critical applications such as SAP. A month earlier, the company bought startup Intello for $42.9 million to help customers discover, manage and secure SaaS applications that are currently outside the IT organization's purview.

In October 2019, SailPoint bought emerging vendors Orkus and OverWatchID for $37.5 million to detect potential anomalies in the cloud, enforce access policies across all users and maintain compliance across all enterprise infrastructures. The company's first acquisition came in July 2015, when SailPoint purchased Whitebox Security to reduce security risk by identifying where sensitive data resides.

"SailPoint is the clear leader in providing trusted identity security to the most well-respected global brands," Thoma Bravo Partner Andrew Almeida says in the statement. "As digital transformation becomes imperative for enterprises of all sizes to remain competitive, SailPoint's innovative products provide the foundation for a robust security infrastructure that keeps employees and sensitive information safe."

The top institutional investors in SailPoint currently are BlackRock, which owns 12.4% of outstanding shares; HMI Capital Management and Vanguard, which each own 9.7% of outstanding shares; and SoMa Equity Partners, which owns 5.6% of outstanding shares, according to filings with the Securities and Exchange Commission. McClain, who co-founded SailPoint in 2005, owns 1.4% of outstanding shares.

Thoma Bravo's Cybersecurity Tear

Thoma Bravo had been very active in the cybersecurity space in recent years, buying Barracuda Networks for $1.6 billion in February 2018, SIEM vendor LogRhythm in July 2018, application and data protection vendor Imperva for $2.1 billion in October 2018, SMB platform security stalwart Sophos for $3.82 billion in October 2019 and email security vendor Proofpoint for $12.3 billion in August 2021.

The private equity firm last month sold a majority stake in Veracode to TA Associates in a deal valuing the application security vendor at $2.5 billion. Thoma Bravo first bought Veracode in November 2018 for $950 million following Broadcom's purchase of CA Technologies, which at the time owned the firm.

Thoma Bravo bought a controlling stake in identity management vendor Centrify in July 2018, and three months later unveiled plans to spin the company’s Identity-as-a-Service business into a stand-alone operation called Idaptive. Thoma Bravo sold Idaptive to Centrify rival CyberArk in May 2020 for $70 million and sold Centrify to TPG in January, where the company merged with Thycotic to form Delinea.


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.