McAfee to Sell Enterprise Business to Equity Firm STG for $4B

Industry pioneer McAfee's incessant attempts to reinvent itself as a cybersecurity vendor took new shape today when it announced plans to sell its enterprise business to a consortium led by Symphony Technology Group (STG) for $4 billion.

Several security analysts viewed the latest development as unsurprising but also unlikely to do much for either the company's consumer business or for its enterprise customers, which includes 87% of Fortune 500 companies. "This is more shuffling of the chairs on the deck of the Titanic," says Richard Stiennon, chief research analyst at IT-Harvest. "McAfee keeps getting passed around even while its valuation diminishes."

If the planned all-cash transaction announced today passes regulatory muster, McAfee will basically revert to its roots as a purely consumer-focused cybersecurity company, while the enterprise unit will likely operate as a standalone business under STG. That business represented $1.3 billion of the $2.9 billion that McAfee reported in total revenue last year.

In a statement, McAfee president and CEO Peter Leav described STG as the "right partner" for strengthening the company enterprise business. "This transaction will allow McAfee to singularly focus on our consumer business and to accelerate our strategy to be a leader in personal security for consumers," he said.

Once the transaction is approved, McAfee will, among other things, use proceedings from the sale to pay off approximately $1 billion of its outstanding debt, issue a special dividend of $4.50 per common share, and pay off taxes and expenses related to the sale.

McAfee's decision to divest its enterprise business comes just four months after it filed for an initial public offering (IPO). That IPO was actually its second appearance in the market after a nearly 10-year gap. The latest move continues a long list of mergers, acquisitions, divestitures, and other major changes that have marked McAfee's history since it launched as McAfee Associates in 1987. The biggest among these changes was chipmaker Intel's $7.6 billion acquisition of McAfee in 2011 and its subsequent decision to sell a majority stake in the company just six years later to TPG Capital. Intel still currently holds a 49% stake in McAfee while TPG and Thoma Bravo hold the rest.

Eric Parizo, an analyst with Omdia, says McAfee's decision to sell off its enterprise business at this point isn't very surprising. "There were many signs that the endgame for McAfee's key stakeholders was an acquisition, either in whole or in part, regardless of whether the company went public," he says.

As one example, he points to the decision by McAfee's board to replace former McAfee CEO Chris Young with Leav early last year. Parizo credits Young with doing everything he could to revive McAfee after its years as an Intel business. "But I believe TPG and Thoma Bravo vastly underestimated the extent to which nearly every aspect of McAfee’s business — from its technology and strategy to its basic operational capabilities in areas like IT and accounting — had badly atrophied under Intel's ownership," he says. Leav was subsequently brought in to orchestrate the fastest and most lucrative exit possible for TPG and Thoma Bravo, Parizo says.

Tough Road Ahead
Symphony also purchased RSA last year, so there is a small chance that RSA and McAfee's enterprise business could be merged into a single company, Parizo notes. What's more likely, however, is that the enterprise business will be further broken. "There are a number of buyers that would love the chance to get their hands on some of McAfee's more desirable assets, such as the MVISION Cloud — former Skyhigh technology — as well as its still-lucrative IPS business."

Stiennon views McAfee as essentially having stagnated in the enterprise space and having missed the boat when endpoint detection and response technologies became the new way to protect enterprise endpoint devices. He, too, blames Intel and TPG for not having a strategy for growing McAfee's business.

"It was valued at $7.7 billion by Intel when they inexplicably swallowed the pitch that a desktop antivirus company would be a good mix with a silicon chip manufacturer," he says. The $4 billion for which McAfee's enterprise business is now being sold represents only a 3X multiple on revenue from the unit, which is quite low compared with some cybersecurity companies, such as CrowdStrike, that are valued at 80 times their revenue. So, by that measure, Intel does not appear to be getting a proportionate payout, Stiennon says.

Parizo and other analysts described McAfee's move to get rid of its enterprise business as similar to Symantec's decision to sell off its enterprise assets to Broadcom in 2019.

"Symantec tried combining authentication, encryption, AV, firewalls [and other technologies] and found it didn't work together as the markets, core competencies, and channels [were] very different," says John Pescatore, director of emerging security trends at the SANS Institute. In the past few years, McAfee also tried to go too broad by going after security information and event management and other areas instead of focusing on its core endpoint and related markets, and it mostly failed. "The Intel acquisition of McAfee badly wounded McAfee since Intel was not a software company, not a security company, and really had no idea what to do with McAfee," he says.

Pescatore points to STG's ownership of RSA and says he hopes the former, too, will not use the McAfee acquisition to position itself as a security "department store" with one of every security product. "[The approach] gets tried every few years and fails every few years," he says. "So, unless Symphony takes the security holding company approach like Thoma Bravo has largely done, for enterprises using McAfee today, I don't [see] this is positive."