Security Industry Monitor - Imperial Capital · Imperial Capital is a full-service investment bank o ering a uniquely integrated platform of ... March 2014 Security Industry Monitor

PLEASE SEE IMPORTANT DISCLOSURES ON LAST PAGE

Security Industry Monitor

March 2014

For additional information on our Security Team, please contact:

John E. Mack IIICo-head, Investment Banking GroupHead of Mergers and Acquisitions(310) [email protected]

Michael McManusManaging Director, Investment Banking Group(310) [email protected]

Imperial Capital is a full-service investment bank offering a uniquely integrated platform of comprehensive services to institutional investors and middle market companies. We offer sophisticated sales and trading services to institutional investors and a wide range of investment banking advisory, capital markets and restructuring services to middle market corporate clients. We also provide proprietary research across an issuer’s capital structure, including bank debt, debt securities, hybrid securities, preferred and common equity and special situations claims. Our comprehensive and integrated service platform, expertise across the full capital structure, and deep industry sector knowledge enable us to provide clients with superior advisory services, capital markets insight, investment ideas and trade execution. We are quick to identify opportunities under any market conditions and we have a proven track record of offering creative, proprietary solutions to our clients.

Imperial Capital’s expertise includes the following sectors: Aerospace, Defense & Government Services, Airlines & Transportation, Business Services, Consumer, Energy (Clean Energy and Traditional Energy), Financial Services, Gaming & Leisure, General Industrials, Healthcare, Homebuilding & Real Estate, Media & Telecommunications, Security & Homeland Security and Technology.

Imperial Capital has three principal businesses: Investment Banking, Institutional Sales & Trading and Institutional Research.

For additional information, please visit our Web site at www.imperialcapital.com.

About Imperial Capital, LLC

March 2014

Table of Contents Security Industry Monitor

3

Table of Contents

Section I Executive Summary ............................................................................................................ 5

Defining the Security Industry 7

Macroeconomic Overview 9

Equity Performance and Valuation 10

M&A Snapshot 13

Public Debt and Equity Offerings Snapshot 14

Registered Direct and Private Placement Snapshot 14

Bankruptcies Snapshot 15

Security Industry Transactions Outlook 15

Physical Solutions Overview 16

Identity Solutions Overview 16

Information Security Overview 17

Section II Physical Security Sector .................................................................................................. 19

Sector Outlook and Commentary 21

M&A Review and Outlook 42

Notable Middle Market Transactions 42


Public and 144A Debt and Equity Offering Snapshot 44

Bankruptcies 45

Section III Identity Solutions Sector ............................................................................................... 47





Public Debt and Equity Offering Snapshot 72

Bankruptcies 72

Section IV Information Security Sector .......................................................................................... 75





Public Debt and Equity Offering Snapshot 92

Bankruptcies 92

Section V Appendix ........................................................................................................................... 95

Comparable Companies 97

Valuations—Security Industry Companies 100

Disclosures ................................................................................................................................. Last Page

March 2014

4


[This page intentionally left blank.]

March 2014

Table of Contents Security Industry Monitor

5

Section I

Executive Summary

March 2014

6



March 2014

Table of Contents

7

Executive SummarySecurity Industry Monitor

Executive Summary

Defining the Security Industry

Our Security Industry Monitor primarily focuses on and discusses the dynamics affecting the industry’s major

sectors, as well as key developments and transaction trends.

According to the results of a recent study released by a leading industry trade organization, ASIS International

(its first major study in nearly a decade and the largest industry report since the Hallcrest report in 1990), and the

Institute of Finance and Management (IOFM), the U.S. security industry is a $350 billion market (versus our

estimate of a $280 billion market at the end user level). The majority of the market consists of private sector

spending ($282 billion) followed by federal government spending on homeland security ($69 billion). The major

reason for the difference in the ASIS report and our industry estimate (at the user level) is that ASIS fully accounts

for all homeland security (including Department of Defense (DoD)) spending, noted above, and we only provide

for $4 billion of products and services sold to homeland security-specific users. According to ASIS, over

400 security industry executives participated in the survey.

Within the physical security sector, we discuss the need for a more meaningful conversation at the highest levels

of clients’ organizational chart to communicate the security industry’s potential contribution toward efficiency,

cost, and business process improvements. We discuss the increasing global demand for security equipment and

the expansion of the security industry. Government agencies are increasingly leveraging communications

intelligence and investigative solutions to gather evidence and generate actionable intelligence, thus reflecting

the need to make sense of unstructured data from multiple sources. We expand our writing to discuss the

challenges facing the integrators, the state of the home automation (post Google-Nest acquisition), and

residential security monitoring industry, the convergence of access control and electronic locks, including the

potential use of Blutooth Low Energy and Near Field Communication (NFC). With new and innovative

technologies expanding the home services suite of offerings, users are able to see and hear their monitored

premises from a remote device. We highlight this fast moving industry, and look at the historical trading ranges

of select security companies based on Steady State Net Operating Cash Flow, along with why this metric is

widely used and valid. The public emergency response sector has received much attention from recent events

(e.g. Sandy Hook school shooting, Boston Marathon bombing), and we examine its various components, ranging

from “Safe City Programs” to Mass Notification Systems (MNS) to wireless infrastructure to Physical Security

Information Management (PSIM) systems. We complete this segment by discussing the security officer industry

and the trends within it.

Within the identity solutions sector, we highlight identity and access management in the cloud, and the

complexities which have risen. We discuss new developments in biometrics technology, particularly in fingerprint,

which may overcome many of the real world deployment challenges and could drive broader adoption by

commercial and institutional customers. Anti-counterfeiting and other relevant case studies are also highlighted.

Within the information security sector, we discuss the escalation in the volume and sophistication of attacks, which is

driving broad-based market demand for more effective security solutions beyond traditional, signature-based

defenses. The sector gained particular attention recently with one of the largest and most publicized data breaches in

history at national retailer Target in December 2013. This breach impacted a substantial portion of the American

public and made news headlines, elevating security from an “IT” problem to a strategic issue for the executive

leadership and boards of numerous consumer-facing organizations. This attack was a major topic at this year’s RSA

March 2014

8

Executive Summary


Conference in February 2014, one of the premier annual industry events, which saw strong expansion in attendance

to approximately 30,000 people, up from 24,000 in 2013. In this monitor, we highlight several of the key themes at the

conference, as well as emerging trends and challenges for the sector. We additionally discuss the details of the Target

breach, which demonstrated the security challenges facing large organizations with complex IT infrastructures—even

those with top-tier defenses. We also highlight increased prioritization of cybersecurity by the federal government

based on details of the President’s budget request for FY2015. We particularly note significant expansion of the

EINSTEIN3 and Continuous Diagnostics and Mitigation (CDM) programs which aim to provide ongoing situational

awareness to protect federal civilian agencies and “.gov” networks. We also discuss the strong momentum of industry

consolidation, with two major transactions since the beginning of the year. We anticipate further strategic acquisition

activity over the coming quarters, as larger technology companies and security vendors seek to integrate new security

technologies and to achieve early penetration of emerging categories.

Across the Security Industry, we cover three main sectors:

� Physical Security (integration, monitoring, video solutions, guards, and armored transport)

� Identity Solutions (ID management, biometrics, ID/video convergence)

� Information Security (Security-as-a-Service, encryption, attack mitigation, and endpoint)

Homeland Security spans all three sectors.

Figure 1: A Massive, Multi-Segment, and Fragmented Industry with $280+ Billion in End User Revenues

Sources: Imperial Capital, LLC.

March 2014

Table of Contents

9


Macroeconomic Overview

Real U.S. GDP grew for the eighteenth straight quarter, up 2.4% sequentially during the fourth quarter of 2013

and up 4.1% sequentially during the third quarter of 2013, according to the U.S. Bureau of Economic Analysis

(BEA). GDP growth was bolstered by exports and commercial equipment and software investment, which grew

9.4% and 10.6%, respectively, in the fourth quarter of 2013. Commercial construction also showed some signs of

strength, up 0.2% and 3.4% in the fourth and third quarters of 2013, respectively. Government consumption

expenditures and gross investment continued to lag in the fourth quarter of 2013, down 5.6% sequentially

versus 6.5% in the fourth quarter of 2012.

Figure 2: GDP Components, Annualized Quarterly Changes,

Fourth Quarter 2013 versus Fourth Quarter 2012

Sources: U.S. Bureau of Economic Analysis.

� Commercial equipment and software spending remained positive, while commercial construction

continued to recover from a major drop

Commercial construction strengthened a modest 0.2% in the fourth quarter of 2013 after recovering from a

25% drop in the first quarter of 2013. Commercial equipment and software investment was up 10.6% in the fourth

quarter of 2013, its largest sequential increase since a 14.6% increase in the fourth quarter of 2012. Exports surged

9.4% in the fourth quarter of 2013 while imports jumped by 1.5%. Federal spending again decreased, down

12.8%. State and local government spending saw a small 0.5% drop in the fourth quarter of 2013.

Pe

rso

na

l con

sum

ptio

n e

xpen

ditu

res

Pe

rso

na

l con

sum

ptio

n e

xpen

ditu

res

Com

me

rcia

l Co

nstr

uctio

n

Com

me

rcia

l Co

nstr

uctio

n

Eq

uip

me

nt a

nd s

oft

wa

re

Eq

uip

me

nt a

nd s

oft

wa

re

Re

sid

en

tia

l Co

nstr

uctio

n

Re

sid

entia

l Co

nstr

uction

Exp

ort

s

Exp

ort

s

Imp

ort

s

Imp

ort

s

Na

tio

nal d

efe

nse

Na

tio

na

l de

fen

se

No

nd

efe

nse

Non

de

fen

se

Sta

te a

nd

lo

cal

Sta

te a

nd

loca

l

-40%

-30%

-20%

-10%

0%

10%

20%

30%

40%

4Q12 4Q13

March 2014

10

Executive Summary


Figure 3: Business Investment and State and Local Government Spending Trends,

Annualized Quarterly Changes, Fourth Quarter 2011 to Fourth Quarter 2013

Sources: U.S. Bureau of Economic Analysis.

Equity Performance and Valuation

� The relative stock returns of the Security Industry comparable companies that we analyzed generally

fell behind S&P 500 during the fourth quarter of 2013 but outperformed the index for the year

From December 2004 through December 2009, the select group of Security Industry comparable companies

that we analyzed outperformed the S&P 500 (see the Appendix of this report for more detail on the composition

of the select group), but fell along with the overall market in 2008 partly due to an (ultimately erroneous)

expectation among many investors that residential monitoring would suffer in a poor housing environment.

Since the markets hit a 12-year low in March 2009, the select group of Security Industry comparable companies

that we have listed has generally exceeded the S&P 500’s return. Going forward, we continue to expect this

select group of security companies to perform favorably versus the S&P 500 due to: 1) the perceived need for

security in a more dangerous world, 2) the increasing ability of security to demonstrate return on investment

(ROI) to business executives and consumer value to residential customers, 3) the significant improvements in

service we expect due to the use and evolution of Internet Protocol (IP) and interactive technologies, and

4) a sustained robust M&A environment for the sector.

� Security Industry valuations have increased from 2012 with increases in Physical Security, Identity

Solutions as well as Information Security

Security Industry valuations, based on EV/LTM EBITDA at the end of the fourth quarter of 2013, were up by

16.8% compared to the prior year, driven by multiple increases in the Physical Security, Identity Solutions and

Information Security sectors, which increased 15.2%, 43.1% and 0.8%, respectively.

-30%

-25%

-20%

-15%

-10%

-5%

0%

5%

10%

15%

20%

4Q11 1Q12 2Q12 3Q12 4Q12 1Q13 2Q13 3Q13 4Q13

Commercial Construction Commercial Equipment and Software Investment State and local

March 2014

Table of Contents

11


Figure 4: Valuation Multiples, EV/LTM EBITDA, Fourth Quarter 2013 versus Fourth Quarter 2012

Notes: Measured relative to period ending 6/30/13; LTM EBITDA based on reported financial results as of the date of this report. Companies used

to generate these multiples are listed in the Appendix of this report.

Sources: Imperial Capital, LLC and Capital IQ.

� Public valuations in the Physical Security sector increased significantly in the fourth quarter of 2013

compared to the same period in 2012

The Physical Security sector tends to have steadier and more predictable cash flows versus other Security

segments as a result of its recurring revenue and relative maturity. Physical Security valuations hit a

historical low during the first quarter of 2009, but rebounded significantly in 2010 despite market volatility

earlier in that year. After several high-profile M&A transactions in the alarm monitoring space pushed

valuations up during the end of 2010 and the beginning of 2011, valuations declined during the second

half of 2011. During 2013, the sector’s average LTM EV/EBITDA multiple rebounded strongly to 11.3x from

9.6x during the same time in 2012, which is currently above the long-term average of 9.6x. This has been

driven by increased M&A, a rebound in installation activity, higher stock prices, low interest rates and a

long-term bull stock market.

Figure 5: Physical Security Sector Historical EBITDA Multiples, December 2008 to December 2013 (1)

(1) Companies used to generate these multiples are listed in the Appendix of this report.


Industry / Sectors December 31, 2012 December 31, 2013 Year-over-Year Change

Security Industry 9.0x 10.8x 20.0%

Physical Security Sector 8.8x 10.1x 15.2%

Identity Solutions Sector 8.0x 11.4x 43.1%

Information Security Sector 10.2x 10.9x 6.2%

6.0x

7.0x

8.0x

9.0x

10.0x

11.0x

12.0x

13.0xEV / LTM EBITDA

Last Twelve Months Mean Long Term Average

March 2014

12

Executive Summary


� Public valuations in the Identity Solutions sector strengthened significantly in the last two quarters

of 2013

The Identity Solutions companies that we analyzed traded at 11.4x LTM EBITDA on average in the fourth quarter of

2013, up from 8.0x during the same period a year earlier, driven partly by several marquee M&A deals. Identity

Solutions technology, from software to biometric equipment, is continuing to mature, as evidenced by its

increasing adoption by an array of government and defense programs in response to increased security threats,

international identification programs, as well as increased cloud-based hosted access and ID systems being

installed by integrators for both government and commercial sites. The increase in valuation was also helped by a

rising stock market and several M&A deals which stirred the sector.

Figure 6: Identity Solutions Sector Historical EBITDA Multiples,

December 2008 to December 2013 (1)



� Public valuations in the Information Security sector rose year over year in the fourth quarter of 2013.

Public valuations in the Information Security sector rose 6.2% from the comparable period in 2012 on an EV/LTM

EBITDA basis. Valuations steadily traded below their long-term historical averages for the entirety of 2013. In late 2010

and early 2011, several M&A transactions provided a short-term increase to valuations, which was not repeated in

2012. Unfortunately, the information security sector is really a tale of two separate valuation worlds. Broad-based

increases in budget outlays against cybercrime and M&A have been helped by strong performers such as Palo

Alto Networks, Qualys, Fortinet, Proofpoint, and Imperva. Unfortunately, cutbacks in government-related IT

programs have adversely affected or blunted valuation growth in larger index companies, such as Symantec,

IBM, Hewlett Packard, CA Technologies, and Juniper Networks.

5.0x

6.0x

7.0x

8.0x

9.0x

10.0x

11.0x

12.0x EV / LTM EBITDA


March 2014

Table of Contents

13


Figure 7: Information Security Sector Historical EBITDA Multiples,

December 2008 to December 2013 (1)



M&A Snapshot

� The Fourth quarter of 2013 saw an increase in the number of transactions compared to the third

quarter of 2013

There was a large increase in the number of transactions in the fourth quarter of 2013 from both the previous

quarter and the comparable quarter in 2012. The M&A market rebounded during 2013, largely due to lower interest

rates, a recovering economy and a bull market. Overall, the value of M&A deals in 2013 was approximately

$5.0 billion. The average value of a deal has increased from $120m in 2011 to $147 million in 2013.

Figure 8: Historical M&A Transactions in the Security Industry,

Fourth Quarter 2010 to FourthQuarter 2013


6.0x

8.0x

10.0x

12.0x

14.0x EV / LTM EBITDA


0

20

40

60

80

100

120

140

160

180

Q4 2010 Q1 2011 Q2 2011 Q3 2011 Q4 2011 Q1 2012 Q2 2012 Q3 2012 Q4 2012 Q1 2013 Q2 2013 Q3 2013 Q4 2013

Physical Security Sector Identity Solutions Sector Information Security Sector

March 2014

14

Executive Summary


Public Debt and Equity Offerings Snapshot

� Public offerings in the fourth quarter of 2013 increased quarter over quarter as well as year over year

The fourth quarter of 2013 saw an increase in public offerings after a sharp decrease in the first quarter. Public

offering activity has rebounded significantly due to robust capital markets in CY2013.

Figure 9: Public Offering Transactions in the Security Industry,

Fourth Quarter 2010 to Fourth Quarter 2013


Registered Direct and Private Placement Snapshot

� Registered direct offerings and private placements in the Security Industry increased to more historic

averages in the last two quarters of 2013

The fourth quarter 2013 saw the most registered direct and private placements compared to the previous four

quarters, continuing an upward trend.

Figure 10: Historical Registered Direct and Private Placement Transactions in the Security Industry,



31

38

43

55

3133

41

23 22

6

16

42

60

0

10

20

30

40

50

60

70

Q4 2010 Q1 2011 Q2 2011 Q3 2011 Q4 2011 Q1 2012 Q2 2012 Q3 2012 Q4 2012 Q1 2013 Q2 2013 Q3 2013 Q4 2013

130

159

140

163

7769

55 5359 59 63

133

155

0

20

40

60

80

100

120

140

160

180

200

Q4 2010 Q1 2011 Q2 2011 Q3 2011 Q4 2011 Q1 2012 Q2 2012 Q3 2012 Q4 2012 Q1 2013 Q2 2013 Q3 2013 Q4 2013

March 2014

Table of Contents

15


Bankruptcies Snapshot

� Bankruptcies have decreased significantly since their high in 2011, as the economic and market

recoveries have driven an improved operating environment and access to capital markets

During the second half of 2013, there were two bankruptcies in the industry.

Figure 11: Historical Bankruptcy Transactions in the Security Industry,

fourth Quarter 2010 to fourth Quarter 2013


Security Industry Transactions Outlook

Figure 12: Security Industry Transactions Outlook

*Arrows reflect what we view as current trends for each of these areas.


2

3

5

6

3

1

2

1 1

- -

1

2

0

1

2

3

4

5

6

7

Q4 2010 Q1 2011 Q2 2011 Q3 2011 Q4 2011 Q1 2012 Q2 2012 Q3 2012 Q4 2012 Q1 2013 Q2 2013 Q3 2013 Q4 2013

IPO

and S

econdar

y

Offe

rings

Strat

egic

and P

riva

te

Equity M

&A

Reg

iste

red D

irect a

nd

Priva

te P

lace

men

ts

Ban

kruptc

ies

Physical Security

Identity Solutions

Information

Security

March 2014

16

Executive Summary


Physical Solutions Overview

Physical Security Services M&A transactions were higher in the fourth quarter of 2013, compared to the fourth

quarter of 2012. There was one Initial Public Offering (IPO) and a low number of secondary offerings and

private placements.

� IPO and secondary offerings

There were numerous Physical Security equity and debt secondary offerings in the second half of 2013.

� Strategic and private equity M&A

Physical Security Services M&A transactions were higher in the fourth quarter of 2013.

� Registered direct and private placements

The market for private placements rebounded for the Physical Security Industry during the fourth quarter of

2013, up year over year.

� Bankruptcies

There were three bankruptcies in the Physical Security space in the second half of 2013.

Identity Solutions Overview

Activity in the Identity Solutions sector was driven primarily by M&A transactions. Both public offerings and private

placements increased from the comparable prior year period.

� IPO and secondary offerings

RX Safes, maker of fingerprint medical security storage solutions for consumers and healthcare professionals

filed its IPO in February 2014.


Identity Solutions M&A experienced an increase in volume in the fourth quarter 2013, compared to the first quarter.


The volume of transactions in the Identity Solutions sector increased in the fourth quarter of 2013, compared to

the fourth quarter of 2012.

� Bankruptcies

There were no significant Identity Solutions bankruptcies during the fourth quarter of 2013.

March 2014

Table of Contents

17


Information Security Overview

Transaction volumes increased in the fourth quarter of 2013 over the fourth quarter of 2012.

� Initial public offerings and secondary offerings

FireEye, Inc. raised $321 million in an initial public offering on September 20, 2013. The company subsequently

raised $442 million in a follow-on offering on March 7, 2014.

Barracuda Networks, Inc. raised $75 million in an initial public offering on November 12, 2013.

Varonis Systems, Inc. raised $95 million in an initial public offering on February 28, 2014.


M&A activity increased in the fourth quarter of 2013, compared to the fourth quarter of 2012.


Private Placement activity in the fourth quarter of 2013 increased significantly from the fourth quarter of 2012.

� Bankruptcies

There were no significant Information Security bankruptcies during the fourth quarter of 2013.

Security Industry MonitorPhysical Security Sector

March 2014

18


March 2014

Executive Summary

19

Consumer Industry Monitor

Section II

Physical Security Sector

Security Industry MonitorPhysical Security Sector

March 2014

20


March 2014


21



Sector Outlook and Commentary

Looking Back at 2013—A Decent Year—The Best Since 2008

In residential security, the industry experienced higher than expected “take” rates of base level wireless interactive

systems by residential users of monitoring systems. This had the effect of bolstering our case of a minimum

doubling in 6-7 years of the current 25 million homes using some form of security or home automation system. The

side issues arising from this acceleration in take rates include the fading value of POTS-line based security systems,

the generally higher costs to install cellular raising creation cost multiples initially, and the emerging value of “the

platform” rather than the device as prime center of value in the residential system.

In commercial/industrial/institutional we saw what we defined as the first multiple separation from the pack of

superior integrators who ask for, and price for full services value, rather than just installation and break-fix

service margins. While we have written about this trend for several years, before 2013 the ability to demand full

margins was usually the province of just one or two outliers. We now see several security integration companies

being recognized as trusted service partners by leading, sophisticated end users, who testify at meetings

featuring end users like the “Security 500” (New York) and “The Great Conversation” (Seattle).

In 2103, we witnessed steady gains (actually rather dramatic in the context of their history) even faster than

video—in development and acceptance of wireless, interactive, electronic lock and access control and identity

systems, with multiple types of form factors as credentials. Relative to its conservative nature, the changes in

access and locking technologies could even be deemed relatively more dramatic than video. While we have yet

to see what “killer” app will emerge as the winner, it is clear that the changes and flexibility for end users are

going to grow significantly based on the acceleration in 2013.

Last year we witnessed the first real national media articles around the migration of the fight against infosec

crime and terrorism into the physical realm, including identity solutions. The still undiscovered (by the media)

fight by the DoD and certain leading integrators to deal with billions of dollars of substandard, cloned, recycled

counterfeit parts in our critical military and commercial infrastructure. This has given rise in some cases grudging

acceptance of a new age marking and “provenance” technologies, such as DNA.

Looking Forward: We See Even More Acceleration in Physical Security Over the Next 12 Months

In the residential sector, we believe superior “platforms” for interactive home services will emerge that provide a

more personal, easy-use experience for the end user. We already have the “basic upgrade” that allows one to

turn on and turn off the system and perform other simple operations with their smart phone. Now, that 2013 has

provided high take rates in this area, we now need to see which layers of apps and at what cost end users are

willing to pay.

It will be a couple of years before we can prove out an attrition curve for the industry that proves out the thesis

for lower attrition and better internal rate of return (IRR). However, we will see the first end-of-contract statistics

coming in from companies like ADT and Vivint in late 2014 and into 2015.

Physical Security Sector Security Industry Monitor

March 2014

22

We will also witness the beginning of an entirely new technology upgrade in remote health and personal

emergency response devices and services as form factors become more compact and more integrated with

sensors that passively detect vital signs. Competition to gain contracts with payers and health care providers,

rather than the end user, will also heat up.

This year will also see the first major move by larger and better capitalized monitoring companies to upgrade

radios to 3G from 2G, a necessary cost that may mean leaving smaller dealers even further behind.

In the commercial/industrial segment there will be continued bifurcation between the best and the rest,

particularly by a few highly disciplined and focused integrators with superior “IT IQ”. They are in the best

position to increase their services as a percentage of revenues, and increase margins, while the majority of the

industry continues to experience falling profit margins.

We will continue to see an increase in the development of partnerships between video and access/locking/ID

companies from a product standpoint, well before the integrators are brought in to incorporate the various

offerings together.

We believe in 2014 there will be a breakout, separately, of several formerly strongly promoted technologies that

have been enduring a decade of slow acceptance and “false” starts. This includes:

� Gateways for both the home and small business that drive value from the underlying platform, to a more

“human” interface with a connected premises and the various devices that are part of the system. This

includes devices that “learn” the behavior of the end users and provide more automated responses when

things are as they should be, and warnings to the user (or to a monitoring center) when exception

incidents and environments develop. This coincides with broader trends outside the security industry

with the "internet of things" (IoT). IoT refers to the embedding of sensors in physical objects throughout

the home or office, and being able to identify them in a virtual format, often using the same internet

protocol which connects the internet. In this area Alarm.com is a notable leader.

� Radio frequency identification (RFID) in retail for asset tracking and inventory management, integrated

with existing anti-theft technologies, an area where Checkpoint Systems (CKP) stands out after years of

investments in this technology.

� “New-age” fingerprint technologies that have the ability to overcome virtually all the read problems of

older “ridge” technologies and which are virtually error proof, such as Lumidigm which was recently sold

to industry leader HID Global, a division of Assa Abloy.

� DNA anti-counterfeiting technology, in the retail, commercial, and government sectors, respectively, an

area where Authentix, OpSec Security, Hologram Industries Group and Applied DNA Sciences are leaders.

� Continuing development of wireless, remotely interrogated locks and access control systems, with

the developing question of what types of communications interfaces (i.e., NFC, Bluetooth Low

Energy) will be preferred by manufacturers, integrators and end users down the road; an area where

Brivo was an early pioneer.

We also believe that the leading independent “wholesale” alarm monitoring companies will continue to pick up

business from cable companies and telcos who need other than generic CSR’s providing response service. In

addition, the leading independent monitoring companies will benefit from the increasing business they are

getting from personal emergency response companies. According to Barnes Associates, the leading

independent wholesale alarm monitoring companies grew 19% in 2013, well beyond the market as a whole, and

the highest growth rate we have seen from this niche sector of the business.

March 2014


23


But Challenges Abound for The Above Predictions

The Security Industry has never been known to do things easy or fast. There are a lot of reasons for this, but the

main reason is an attempt to avoid errors when lives and valuable assets are at stake. In the past the industry was

committed to silo-like, proprietary, analog equipment installed in an almost customized manner by integrators

at the commercial level, and dealer/installers at the residential level. This has mostly (but not completely)

changed with the advent of IP networks, driving down product margins, but building up service margins when

the value proposition could be properly made to someone much higher than a security manager. This has led to

the fast expanding market for managed services business models for Security as a Service (SaaS.)

Another challenge, in the IT world, involves getting large and small end users to finally recognize that password use

is slowly dying, and that “next gen” authentication is critically needed to protect physical assets as well as IT assets.

We believe, based on our continuous checks with the industry channels, that too many manufacturers still do

not do enough work to combine standards that are being developed with partnerships to their channels. True,

this means giving up gross margin (i.e., standards), but it also means a larger market for all and more business for

those that do develop these relationships under standards. Having the “best” product, does not necessarily

mean that your company is collaborating enough externally to provide the best communication and solution to

the integrator—or to the end user. We continue to see companies not willing enough to give up some profit to

standards or to other partners who might add that extra value to put the proposal over the top. In other words,

too many manufacturers still want as much of the 100% of the share of the sale as they can get, when getting

30% or 50% of a similar or much larger sale or larger market may lead to a higher level of service revenue and a

longer, stickier customer life.

Another challenge will be for Video Surveillance as a Service (VSaaS) and other hosted, cloud-based solutions to

prove out solutions to both security and ROI concerns at scale to meet elevated expectations of what VSaaS can

bring to the value proposition, and create higher market share for companies trying to sell a cloud-based

solution, either hosted or premises based.

In residential security, there are a number of challenges that have developed with wireless interactive systems. We

do not believe that the top tier of the residential security companies are at risk of disintermediation by cable and

telecom companies, simply because we believe the market will be expanding rapidly enough to allow for future

growth within the residential security companies. Those price sensitive users who really just want to make their

overall home experience a little easier and who are not generally discriminating consumers will choose a lower

price telecom or cable service provider. We believe the majority of consumers or minority (users who value life

safety, service and response) will want to make sure they receive verified, high quality response, even if it means

paying a higher price.

Cable and telecom companies trying to add homeservices revenues to their existing “triple play” base, may also

face their own challenges. Google has already run very high speed fiber into three cities (Kansas City, Missouri,

Austin, Texas and Provo, Utah), and has targeted several dozen more for 2014. This cannot be good news for a

cable company that depends on its existing base of triple-play users to leverage advertising, lower upfront costs

and lower monthly costs against the incumbent security companies.


March 2014

24

There are already cost challenges to consider as residential moves increasingly toward interactive wireless

systems. It is 20-25% more expensive to install cellular compared to Plain Old Telephone Service (POTS)

systems, although that can be partially offset by less installation time. This can be overcome by simply selling

more apps and getting more recurring monthly revenue (RMR) upfront—not always the easiest thing to do

with Telco and Cable companies advertising at lower prices. This can be overcome by investing in technology

to lower even further the time and the labor involved in installing the new systems. Finally, we are seeing

lower creation cost multiples from residential companies who have very high percentages of their base

already installed with cellular systems.

Commercial/Industrial Sector Review: Key Conferences Discuss the Need for Integrating

Far More Than Security Devices. Reviews of “Securing New Ground” and “The Great

Conversation”

New technologies and secular trends for video products and video management, access control, identity

management, data management, and analytics are only a small part of what is transforming the “physical”

security sector into something more akin to “electronic” security. Indeed, even once prosaic door locks can now

be integrated with sophisticated access control technology and can “talk” with a company’s network. Along with

new standards, technology developments are increasingly driving the proliferation of innovative products and

interactive services. However, while these industry changes have the potential to substantially expand the

addressable market opportunity, they may also be outrunning many companies’ abilities to clearly install,

integrate, and then make the data easily accessible to and understood by the client. The ability to first have a

conversation with company executives, rather than physical security managers, and then to make the steps to

integrate with other corporate services (e.g., IT, human resources) is crucial to generating stickier, long-term,

recurring revenue streams at higher (35%-plus) gross margins over the long term. Bridging this chasm is

becoming critical, particularly given shrinking margins for traditional installations and products.

Securing New Ground: New York, November 3-5, 2013

We participated on a discussion panel regarding the security company valuations, at the 18th annual Securing

New Ground Conference, which was held at the Sheraton New York Times Square Hotel in New York City from

November 5, 2013 through November 6, 2013. Securing New Ground is one of the leading security industry

conferences (now owned and operated by the Security Industry Association, SIA) which includes select Security

industry executives. The key themes driving both commercial and residential security investment were the most

positive we have seen since 2006-2007.

� Themes at Securing New Ground Integral to Success of Security Companies

Based on the conversations we had and the presentations which we attended, we see five key elements which

could be integral for any Security company aiming to increase competitiveness: 1) using multiple services, with

high value content, as a key differentiator; 2) infusion of mobility, SaaS, and other “cloud” solutions within suites

of products and services, especially as it relates to access control, video, monitoring, data analytics for specific

vertical markets, and other key services; 3) becoming an “extension” of the customer and taking the customers

into an “environment” where they can participate in discussing “design” of their own security ecosystem;

4) taking the time to understand what the end user needs and expanding the circle of solutions; and 5) driving

the four previous points to ensure a business conversation with a potential end user at the “C-Level” or

IT-HR-Building Services level, and not at the lower margin security director level.

March 2014


25


The Great Conversation, Seattle, March 3-4, 2014

The Great Conversation, hosted annually by Aronson Security Group, a Seattle-based, rapidly growing “thought

leader” in the security integration community, is based on the reality that success in the commercial security

installation and integration industry requires a more meaningful conversation at the highest levels of a client’s

organizational chart. The industry has to show to institutional, commercial, and industrial end users that it

contributes to a more efficient, less expensive, and yes—a safer—operation. Security companies that can bridge

the gap from “insurance” and “compliance” cost center to what Microsoft calls a “Trusted Advisor” (or at the very

top of the value chain “Trusted Leader”), can, in our opinion, generate far higher margins and keep their clients

far longer. This is not easy, but we learned a lot about how to approach this at a recent annual conference of

security industry thought leaders, The Great Conversation.

� At the 2014 Great Conversation, we participated in a panel on the “State of the Industry” featuring:

Microsoft’s Senior Director of Technology & Investigations, Brian Tuskin, who oversees the Security

Technology, Investigations, and Communications for the Microsoft Global Security team

� Larry Trittschuh, Executive Director, Threat Management General Electric

� Francis D’Addario, Security Executive Council

All of these participants must deal with a wide range of partners to help ensure their networks, ensure safe travel

for employees, to securing and permitting access to facilities.

The Great Conversation, in our view, focuses not so much on the technology, but on what processes and people

are needed with the IT IQ who can talk to the “C-Suite” and potential clients. A group of security companies that

have adopted IT IQ have become the model for developing an environment where the interoperability of the

company’s “culture” with the end user’s own needs create recognition and high trust with the client. The trust

brings long-lived relationships and the potential for not just higher margins, but significant recurring revenues

(beyond break-fix and maintenance). While we have already observed this in residential, we are starting to see

this in the types of proposals and value propositions within those proposals to make over security into one of

the key business process improvement drivers.

For example, Microsoft has 180,000 employees, 90,000 independent contractors, and 700 facilities. Microsoft will

look at outside partners as those who, starting from the bottom, take care of 1) tactical activities, then 2) subject

matter expertise. Where the company appears to take the next step in terms of partnering comes at a higher

level of strategic thinking and a longer-lived relationship as a 3) “Trusted Advisor,” and finally 4) as a “Trusted

Leader.” This highest level is where we believe the relationship with companies likes Aronson has evolved.

Home Automation Overview

� Who will benefit and who will be challenged by the Google-Nest transaction?

In our January 2014 White Paper, “Home Automation: The Players in Post Google-Nest Environment,” we set out

to explain the implications of Google’s acquisition of Nest Labs for $3.2 billion signaled to us the value of

connecting many services and devices in the home that far exceeds that of the devices and applications. We

asked why Google has stressed that a fully connected home is a cornerstone in the developing IoT.


March 2014

26

� Imperial Capital Estimates on Size of Home Services Market 2013-2020

The SDM Magazine–a trade publication–and Barnes studies (published in February 2014) back up our contention

that a combination of a) better value proposition for end users, even though they pay more monthly, interactive

wireless and verifiable systems, b) the advertising and marketing from cable and telecom companies and

c) general “buzz” created by Google/Nest, new cool do-it-yourself systems in the news has already started to

generate increased awareness and acceptance of the better premises control systems available.

Between 1990 and 2007, penetration of U.S. homes from mainly security (and a few high end home automation

systems), increased from about 5% to nearly 20%. This was due mainly to a dramatic fall in equipment prices and

to the digital switch, which multiplied by a factor of 10x, then 50x the number of accounts that could be serviced

by the same monitoring personnel. The adoption of a business model in the early 90s that entailed the

subsidization of the upfront cost of a system by virtue of the customer signing a longer term service and

monitoring agreement additionally increased adoption rates.

However, since 2008, penetration in the U.S. by security systems has been flat. This is due to the lack of any

improvement in the value proposition of old, POTS-line based security systems, and to some extent, the

recession of 2008-2010.

Companies like Alarm.com and iControl changed this equation with software platforms that allowed a major

technology and functionality step-up. The data seen coming from the leading companies in the security industry, the

increase in marketing and awareness coming from the cable and telecom newcomers to home security, and the “buzz

factor” we mentioned above, back up our contention that the overall penetration of U.S. homes for some form of

wireless interactive home service is going to increase dramatically over the seven years, providing significant growth

for several sectors, and a huge challenge for for smaller, undercapitalized security companies.

As depicted below in Figure 13, Imperial Capital estimates that the market for homeservices, currently mainly

centered around security, is going to broaden in scope and in size over the next seven years. We estimate that

there are currently 25 million homes using some form of home services, nearly all security, including several

hundred thousand home automation systems, and several hundred thousand do-it-yourself (DIY) home

monitoring systems.

If we define home automation more broadly as a wireless connected service within the Security industry, then

our estimate of several hundred thousand home automation services would actually be closer to, and likely

above, 3 million customers.

Within the security, industry the Top 30 SDM residential companies currently represent about 12 million, or

48%, of the 25 million homes with systems. We note that there could also be several hundred thousand

non-monitored and self-monitored DIY systems, many of which may not really be in active use. The remaining

52% of homes use one of thousands of small, local security companies, most of them still selling nearly 100% of

their systems based on hard telephone lines, and focused solely on intrusion.

Over the next seven years we believe that the overall home services industry, meaning using some form of home

services, not necessarily security, will expand to 50 million to 51 million. That is about a 10.5% compound annual

growth rate (CAGR). That includes these changes from today’s $25 million home services “pie”.

March 2014


27


Cable and telecom companies grew from 1-2% (300,000 systems) to 43% of the market (22-25 million homes).

Admittedly this is a very aggressive number of a larger universe of users than several other consultants have

published (e.g., ABI Research projects, a smaller market in six years than we do(see figure 14) but also a smaller

percentage of the business going purely to cable and telco’s than we do. In addition, this number could be

impacted in many unpredictable ways by the entrance of Google (e.g. the acquisition of Nest Labs and the

emergence of fiber optics capabilities).

Top 30 residential security companies (including Vivint in this category) growing from 11-12 million to

16-17 million homes (4-6% CAGR), with certain companies growing faster, offsetting slower growth by ADT,

which due to its 6.4 million existing subs simply cannot grow net new subscribers that fast in percentage terms.

However, this does not mean that ADT would not make a significant contribution to the growth of the industry,

if they grow at a rate of 2-3%, simple because of their size relative to their direct competitors.

Home automation only and DIY device companies are growing from 500,000 homes to 3 million homes, a

30% CAGR.

The smaller security monitoring companies fell to 8 million from 13 million homes serviced. And in this sector,

we may be too optimistic, depending on the amount of consolidation, competition from new entrants, etc.

Figure 13: Home Services Market 2013—25 Million Homes


Figure 14: Home Services Market 2020E—50-51 Million Homes



March 2014

28

� The acquisition of Nest by Google signals some positives and some challenges for existing companies

throughout the residential device and services spectrum

In this Security Monitor, we seek to expand on the list of public and private companies who may benefit from

the broadening awareness through marketing, M&A, and technology “step-ups,” coming nearly every year.

We would also refer readers to our deep domain expertise in this sector, including the residential section on

another White Paper, “Securing the Smart Grid” section in our Security Industry Monitor published in August 2011,

as well as our White Paper, “Smart Grid Security Technology and Next Gen Premise Services,”, dated October

2011, to gain a more balanced view of how small and large companies connected with the smart grid are

restructuring their business to serve and protect grid data in an increasingly interconnected, networked—and

hacked—world.

Figure 15: Home Automation Capabilities

Sources: Alarm.com.

Home Services: Who Will Benefit and Who Will Be Challenged by the Google-Nest

Transaction?

Clearest Likely Beneficiaries

In this publication, we focus on the public and private companies who are most likely to benefit from

unavoidable acceleration in connected home services posed by the Google acquisition of Nest. Of the public

companies, we see Control4 as a potential beneficiary in interoperable home services. Echelon, Itron, and to a

lesser extent, Silver Spring Networks (a smaller part of their business) will be “connected home” energy

beneficiaries. Nexia is a DIY home automation system from Ingersoll Rand, which is built around a central control

module, and allows Zigbee-based hook ups with over 200 affiliated devices.

March 2014


29


Privately held Vivint is creating what we believe could be a new standard in vertically integrated,

subscription-based home automation services (“Vivint SkyControl”), with its own control interface, its own

platform, some of its own devices, and software development kit (SDK)’s for an increasing line-up of app

writers who want to take advantage of the company’s 700,000 subscribers.

Alarm.com and iControl Networks have been and remain from our past publications the best known companies

providing interactive wireless software platforms to the security and cable-telecom industries. However, several

lesser known companies, such as The Essence Group (Israel), SecureNet Technologies, and RSI/Videofied

(France/U.S.), also provide home automation platforms and/or devices that are integral parts of home services

platforms. These companies will bear increased responsibility and increased value as their security and

cable/telco clients ask for more and improved home services applications.

Service Companies That Will Benefit from the Emergence of New Home Automation Platforms

Among the leading security companies in this “would-be beneficiaries” category are ADT Corp. (ADT),

Securitas Direct in Europe (SECUB-SK, debt), Vivint, Ascent Capital Group (ASCMA), and Protection One

(private), and other leading regional alarm companies. We believe that with recent trade publication surveys

predicting 10-14% residential revenue growth for 2014, some of the turmoil and moving around in the real

estate market has calmed down and homeowners observe how they can make their homes more secure and

more in line with their lifestyles.

Among the leading cable, satellite and telecom competitors in the sector are AT&T (T), Comcast/xfinity (CMCSA),

Time Warner Cable (TWC), Cox Communications (private), Rogers Communications (RCI/B), Verizon

Communications (VZ), and DirecTV (DTV). We expect these companies, currently with about 400,000-500,000

home services subscribers, to gain another 20 million new subscribers using some form of home service system

by 2020. One caveat for the cable companies is the emergence of Google as a potential force in disrupting the

“triple play.” Google has laid fiber with very high throughput speeds in three cities so far—Austin, Texas, Provo,

Utah, and Kansas City, Missouri. Google has enumerated 35 more cities where it intends to lay fiber and compete

for Internet services.

In addition, we would include two home device manufactures that have new offerings in the market, but still very

large legacy production they must support: Honeywell (HON) (despite its late, but growing home services platform

business in “Total Connect,”), and Nortek’s (NTK) Linear equipment division, including its acquisition of 2GIG.

We would note that in December 2011, Tyco International acquired Visonic Ltd, an Israeli company that develops

cutting edge IP and cellular electronic security solutions. This includes, a) “PowerMax” connectivity options for

broadband and/or GSM/GPRS communications which enable uninterrupted data transfer (via frequency spread

spectrum technology) in the event of link interference or failure, and b) advanced personal emergency response

equipment and systems that are also used with the “PowerMax” communications technology.

� What are the criteria that we see for beneficiaries and those challenged in this future?

Legacy manufacturers of control components for the home are at risk. We have been noodling around with a

Nest thermostat, as well as a Canary DIY security system for a number of months, and have found that they are

easy to install, easy to use, even friendly in some ways, and provide feedback and future functioning based on

past use patterns. These new devices will surely disintermediate older, harder-to-use home devices, even though

they may function just as well as the newcomers.


March 2014

30

However, there is still a life-safety response, monitoring and service requirements that we see in both police and

medical response that goes beyond current capabilities of friendly, smart products and a trust factor behind the

use of those services with regard to security and medical needs that still makes the internet a very uncertain

place to be. We disagree with media articles and market surveys that overlook the importance of verifiable

professional response for the premises.

With that, we provide our current list of potential beneficiaries and those that are challenged in this environment.

This list is ever evolving, as new products, services and technologies are both introduced and put to sleep.

� Cable and Telco Marketing in Wireless Interactive Homeservices is Creating an “Awareness Wave”

In our opinion, the attitude of the larger residential “RMR” companies was quite upbeat relative to their current

competitive position for wireless interactive lifesafety-fire-personal emergency response services for residential

users. We believe these leading residential alarm companies are not living in an being overly optimistic. News of

personnel moves in the security divisions of cable companies, the recent “unbundling” of lifesafety services from

core home services packages by large cable and telcos from the core of the package to an option, and the

dedicated security industry’s better-than-expected growth (8% as noted in a presentation by the editor of SDM

Magazine) all underscore to use the sustainability of the dedicated business for those largest companies. We

continue to believe the many small, undercapitalized alarm dealers, who make up 80% of the companies (though

less than 25% of the revenues), remain at severe risk to disintermediation by cable and telco competition.

We continue to estimate that dedicated security monitoring companies will garner 6-7 million of the

25-32 million new home systems estimated to be installed over the next 6-7 years.

Home Automation and Energy Control Companies

Companies that provide software and equipment that make it easier for the residential end user to monitor and

control their premises, similar to Nest, will have an easier time convincing investors of their ability to move

rapidly with changes in the market. In particular, we believe technologies that manage home energy

consumption will be in the spotlight.

� Publicly-Held Companies Providing Home Services

In the integrated home, there are already companies pushing easier-to-use technology in smart grid lighting

and electricity, as well as overall home services. Vivint developed its own gateway, platform, and critical devices

(platform will accommodate outside devices) that could potentially generate very high monthly average

revenue per user (ARPU). Control4 systems, sold by a network of integrator/dealers developed the control

architectures and hardware technology that bring smart capabilities to a range of products, from audio-visual

systems to kitchen technology.

� Control4 Corp (CTRL)

The company is the market leader and the first pure play publicly traded home automation company in the U.S.

with a fully integrated offering. Its intent is to deliver an affordable way to control and automate lighting, music,

video, security, and energy, in a single room or throughout the home or business. CTRL has installed more than

135,000 homes and boosts a dealer base of over 3,000 in more than 80 countries. CTRL’s model provides an

advantage over its competitors who typically use an approach that is less customized for the client, and is much

harder to turn into a long-term relationship. A key to Control4’s integration capabilities and its attraction to

March 2014


31


dealers is its “Simple Device Discovery Protocol” (SDDP) in which leading consumer electronic brands integrate

Control4 SDDP into projectors, Blu-ray players, flat panel TVs, audio/video receivers, and a variety of other wired

and wireless devices.

Dealers add these devices to a Control4 system and the controller automatically recognizes them. If the dealer

chooses to include the device, then the correct driver is automatically added to the project and the device is

installed. The company is, as of now, one of the few outside partners with Nest, due to its integration capabilities,

among other factors. Control4’s stock is up by about 43% since the Google-Nest announcement on January 1, 2014.

Figure 16: Control4 Panel

Sources: centralintegration.net.

Nexia Home Intelligence

Nexia remained with Ingersoll Rand and was not part of the spin-off with Allegion. Nexia’s home automation

offering is based around its “Nexia Bridge,” which services as the home automation controller. It actually looks

like a router and works like one, too. The system uses the Z-Wave communications protocol. It is just a matter of

plugging into a home network, telling it which compatible devices you want it to communicate with over the

wireless network, and then use Nexia's Web site and smartphone app to control them however you see fit. There

are nearly 300 Nexia-compatible devices currently available for purchase form a variety of manufacturers,

including, not surprisingly, Ingersoll Rand and Allegion. This also includes: Schlage locks and cameras, Trane

thermostats, light dimmers, and motion detectors.

The most impressive aspect of the Nexia system is its Website, which functions as a true home automation

power station. The site is very sophisticated, given its simplicity to use and the scope of its capabilities with

hundreds of devices. The devices can all be purchased on the website.

The issue with many users and reviewers of the Nexia Home Intelligence systems is that for what is essentially a

self-monitored DIY system, in addition to the cost of the Nexia Bridge, there is a $10 monthly fee. There is no

independent monitoring option for the system, which we always prefer, and for which there should be a charge.

This is one of the conundrums that nearly all home automation systems, whether truly automated and

integrated like Control4 or via a Z-Wave “router” like Nexia, face. There is a segment of the population who want

a verified security aspect to their system, which they are willing to pay a monthly fee for; however, incorporating

a monthly fee into a system that is essentially sold, is an issue that will continue to appear in the future.


March 2014

32

Digimarc Corporation (DMRC) based in Beaverton, OR, provides media identification and management

solutions to commercial entities and government customers. It develops and patents intellectual property to

differentiate products and technologies, mitigate infringement risk, and develop opportunities for licensing. The

company’s patents relate to various methods for embedding and detecting digital information in video, audio,

images, and printed materials, whether the content is rendered in analog or digital formats. Imperceptible to

human senses, Digimarc’s digital watermarking technology allows users to embed digital information into audio,

images, video and printed materials in a way that is persistent, imperceptible and easily detected by computers

and digital devices.

We are particularly interested in Digimarc’s “Discover” application, where smartphones can instantly see, hear

and engage with all forms of media while connecting users to interactive experiences via a smart phone from

home. Digimarc® Discover uses multiple content identification technologies–digital watermarking for print and

audio plus QR code and barcode detection–to give mobile devices the ability to see, hear and engage with all

forms of media.

How “Discover” works: One points a mobile device at a Digimarc-enabled advertisement, article, package, retail

sign, television or radio commercial to trigger brand-defined mobile experiences. “Discover” offers a new means

of visual and audio search, delivering a broad swath of media experiences and capabilities on the computing

devices we carry with us 24/7–our smartphones.

� Napco Security Technologies

About one year ago, NAPCO Security Technologies, Inc. (NSSC-7), security equipment provider to midsize and

smaller commercial and residential dealers (with about $70 million in revenues), launched iBridge Connected

Home solutions. This SaaS-based system of products enable consumers to remotely control and schedule:

� Security

� Thermostats

� Lighting

� Small appliances

� Motion/occupancy sensing

� Video cameras and recorders

� Door locks

Additionally, text, email and video notifications are sent to users and notify them of any important status

conditions or events. All of this utility is controlled by the consumer using free NAPCO proprietary apps, via a

smartphone, tablet or an internet-connected PC. New activations of the iBridge Connected Home have, from a

small base, grown sequentially 62% and 45% for the three months ended September 30, 2013 and

December 31, 2013, respectively.

� Energy Management Companies

As we have stated in our previously noted publications, smart grid companies including Silver Spring Networks

(SSNI), and private companies such as Sensus and CEIVA Energy are likely to see rising interest in the capabilities

of their technology to communicate into the home, which should start unlocking the potential of smart grid. In

2009, Silver Spring acquired GreenBox Technologies, a home-energy management-and-automation company, in

order to bolster its information software capabilities in the home.

March 2014


33


NIST seeks increased funding for securing cyber-physical systems in “Smart Homes”

As we noted in our January 2014 white paper, “Home Automation: The Players in Post Google-Nest

Environment,” a new generation of smart systems that network with previously stand-alone devices

(e.g. thermostat, refrigerator, or smart meter) also bring the potential for new cyber attacks.

In newly released details of the agency's budget proposal for the coming year, published on March 17, 2014 by

“Fierce Government,” NIST says it needs $18.8 million to study "cyber-physical systems," with $5 million of that

dedicated to improving their security.

Recent security improvements to purely digital systems haven't been widely adopted in the physical systems

world, for want of perceived threats and because of the degradation in performance things such as default

encryption causes.

NIST says it intends to develop lightweight encryption and trustworthy networking and distributed control

networking protocols that could be implemented on an industrial scale.

Cyber-physical systems "have the potential to change every aspect of life," NIST says, pointing to likely

applications such as the smart electricity grid, intelligent buildings and highway systems studded with sensors

for managing traffic.

In all, NIST is requesting $928.3 million in discretionary spending, $693.7 million for scientific and technical research

and services, $174.5 million for industrial technology services, and $60 million for research facility construction.

Privately Held Companies Best Positioned for Home Automation in the Security Industry

Vivint’s New Home Automation System: Vertically integrated, “Warm & Fuzzy,”—And All its Own

Vivint has been playing it low key lately, and for a good reason—they may be taking home subscription-based home

automation to a new level. The company this year will introduce a new vertically integrated gateway, and what we can

only define as a true home automation system with its own “warm, human” control box, into the cloud. The new Vivint

system (Vivint SkyControl), to be introduced during summer of 2014, will include a cloud-based package that learns

(like NEST) its users preferences and habits, only over an entire menu of sensors and apps. The bundle will include

Voice Over IP (VOIP), geolocation, as well as Siri-like voice interaction, if desired, so that in addition to a menu of

applications there will be greater “human” interaction with the apps as well.

Vivint will still support its 700,000 users on the Alarm.com platform, as well as its 2GiG panel users, but new

systems going forward will include the company’s own platform and controller. By becoming vertically

integrated, a risky move to some, yet opening up its system enough to provide SDK’s to developers, the

company hopes to create its own ecosystem and better control its own appearance and relationship with end

users. Vivint executives believe there is real value in designing a system from the sensor on up to the cloud. They

believe they will now have the flexibility to move into other premises functions beyond “home automation”

which could bring the company “closer” to its customers, further increase their base and the stickiness of the

base. The platform is scalable to millions of customers.

As we see it, the new Vivint systems will have unusual intelligence in being able to understand patterns of

occupancy, patterns of heating and heating, ventilation, and air conditioning (HVAC) use, via its own analytics.

The system will include its own digital video recorder (DVR) in the panel, and the panel will include some of the

anti-“smash & crash” prevention software that has made Alarm.com so desirable.


March 2014

34

Figure 17: Vivint Panel

Sources: Vivint, Inc.

Independent Homeservices Platform Leaders

Several companies provide the communications and functionality for interactive wireless solutions to both the

dedicated security monitoring industry as well as to cable and telecom companies. The most prominent of these

are Alarm.com, iControl Networks, and the Essence Group. These companies’ value to their end users

(monitoring companies to cable/telco’s) will only increase as their clients clamor to add more services and a

better value proposition.

� Alarm.com

Alarm.com, based in Vienna, VA, virtually created interactive wireless security and continue to impress with some

of the most advanced, first to market solutions. While security companies can debate how much value, relative

to the monitoring function itself, Alarm.com deserves out of each payment that providers receive from their

customers, there is no doubt many would not be in business today were it not for Alarm.com. As the value

proposition of connected devices in the home changes rapidly, security companies need a partner that can

move as fast as or faster than the market. Alarm.com’s litany of wireless services includes interactive security,

video monitoring, energy management, and home automation through a connected platform and accessed

through easy to use mobile apps.

Alarm.com is already well ensconced in connecting devices in what Google and others define as the IoT space.

The company effectively creates subscribers to the IoT space through its relationships with security companies

to the extent that we do not know of very many companies anywhere that help create the types of

interconnected clients that Google talks about with Nest. Alarm.com is not tied to, nor locked out of the DIY

market, so that if Canary Security (or Apple for that matter) needs to at least offer the option of enhanced

monitoring services to its young, hip users, it has a company in Alarm.com with the software to provide that.

March 2014


35


� iControl Networks

iControl, is similar in some ways to Alarm.com, but with some stark differences (the proprietary panel, the

communications protocols, the customer interface, and the client base of mainly cable and telecom companies,

along with ADT). The current formation of the company was created out of the merger of uControl, a primarily

ZigBee based home automation communication platform, with iControl (Z-wave). The company offers a wide

range of services in interactive home security (including remote video, touch screen, web/mobile access,

email/text alerts), energy management (smart meter demand response, real time monitoring, energy efficiency),

home health care (activity monitoring, heart rate, blood pressure, emergency aids, and medication schedules),

and other related offerings.

In November 2013, iControl introduced in Europe “iControl Touchstone,” a self-installable, self-managed, and

self-monitored smart home solution, for resale by broadband service providers.

� The Essence Group

Established in 1994, privately held Essence Group (based in Herzliya, Israel), is a leading provider of

wireless-based systems for residential & business applications with over 12 million devices deployed globally.

The company has its greatest strength in Europe, and includes being a key platform and device provider for the

“Verisure” system of Securitas Direct, the leading residential security services company in Europe. Essence also

provides systems to Gulfstream Security, the largest privatized security monitoring company in Russia. A close

Israeli competitor to Essence historically, particularly in its device and communications technologies has been

Visonic, now a subsidiary of Tyco International.

The Essence portfolio provides tools to access various market fields, among them:

� Security Monitoring

� Home & Family Monitoring

� Healthcare Monitoring

� Home Energy Management (HEM)

Similar to Alarm.com, iControl offers a long menu of services up to its dealer and multiple-system operator

(MSO) clients. A difference between Essence and iControl, and Alarm.com, apart from communication protocols,

and with whom they go to market, is that both Essence and iControl manufacture devices (from panels to

sensors) for their clients, while Alarm.com is primarily a software company and is currently hardware agnostic.

Other Selected Home Service Providers

� RSI/Videofied

RSI, based out of Strasbourg, France, has been specializing in wireless video applications for 20 years and has

over one million installations of its products. For the last eight years, our focus of interest in this company has

been its Videofied offering in the U.S., based in suburban Minneapolis, Minnesota. Videofied is a complete video

alarm system that sends a short video clip with the alarm notification to the central station for immediate review.

Videofied links the video with the central station, DIY self-surveillance does not. A monitored video alarm

delivers quicker police dispatch. Videofied includes an interactive smartphone app that provides remote

arming/disarming and Look-in request.


March 2014

36

Videofied panels always transmit to a professionally staffed 24-hour monitoring center to provide customers

with full-time security, not self-protected security without any response. Customers are notified only when

human activity has been confirmed and not on non-emergency.

� SecureNet Technologies

SecureNet, based in central Florida, has been successful in combining life-safety security intrusion monitoring

with many levels of video from very simple to high-end, and for both home and business at a reasonable cost.

The company’s best home surveillance systems feature a DVRfeature, so one can save surveillance footage

(highly unusual for this price level) which can serve as a deterrent and make it easier to identify and prosecute a

suspect. For small-and-medium businesses, SecureNet also integrates specialty cameras, such as infrared, all

types of monitors, including liquid crystal display (LCD), flat panel, and touch-screen, which can be viewed on a

web browser at home, to SecureNet’s professional monitoring station.

Security Dealer Revenues Accelerate for First Time since 2008

There is a great deal of scrutiny focused on subscriber growth and RMR/revenue growth in the monitored

security industry. Much of this can be attributed to articles, analyst reports, and public relations announcements

from cable and telco companies, that this is where the threat of disintermediation for security, fire and personal

emergency response will begin. Almost nowhere do we see such articles and analyst reports on the quality of

training, systems, and 10-30 second response in the monitoring station by “five diamond” and UL-certified

personnel and systems that save people’s lives (and create very loyal and long customer lives).

After five years of essentially flat revenues for the entire channel, both commercial and residential, along with no

increase in U.S. homeowner penetration by the residential channel in particular, it was a relatively easy

conclusion to make from the outside that future growth in the sector will be generated by the larger cable and

telco providers, as well as “new age” self-monitored devices, like the much strongly promoted Canary Security

offering. Investors or reporters outside the security industry may not realize that an RSI/Videofied unit can do

just about anything that a Canary unit can do, except that it is also used for verifying images and sensor trips for

the monitoring station and the police, not just for observation by the end user on a smart phone.

The Security dealer channel actually exceeded internal industry expectations for just one or two percent revenue

growth in 2013, with the SDM Subscriber Market Forecast Study showing 9.9% growth for respondents for 2013

to about $47.9 billion.

Total dealer industry channel revenue is defined as total revenue from the sale, lease, installation, service and

monitoring of security systems. It includes both commercial and residential revenues. (Under a new SDM

methodology, 2013 is going being reclassified at $59.9 billion). The forecast for 2014 is for 12% increase in

industry revenues to $67.1 billion.

In 2013 about:

� 51% of industry revenues were related to commercial activities

� 31% of revenues were residential

� 18% divided among various services and maintenance (not specified)

March 2014


37


It is not surprising that in the commercial security monitoring area, the SDM subscriber base expects the

Educational Institutional area as its greatest rate of revenue growth in 2014, moving from 11% in 2013 to 21% in

2014, far outpacing Commercial office space which falls from 26% to 16%.

In the residential security market, even though 47% (consistent with previous years) believe that “middle

income” home will be the largest market, it is noteworthy that “new construction” showed the greatest

movement, either way with 18%, expecting it to be the largest market, compared with 13% a year ago,

according to the 2014 SDM Magazine survey of security executives.

The SDM Forecast Study attributes part of the new-found growth to the amount of advertising and marketing

being done by newer entrants, such as Comcast and AT&T.

� Barnes Associates Survey Results

The Barnes Associates Survey, presented at the Barnes Buchanan Conference in February 2014, came up with

slightly different industry numbers, though they were based on some of the information generated by SDM. We

would note that the estimate of the size of the un-surveyed companies by Barnes was 49% of the market, which

he estimated to be growing at 9%.

According to Barnes, total security industry revenues of surveyed companies rose 5% year over year to

$45.8 billion (the un-surveyed companies rose an estimated 9%).

� The SDM 100 (top 100 companies) grew 7%, as larger companies were able to increase wireless

interactive service revenues faster

� Monitoring & service revenue up 9% to $21.2 billion. Monitoring & service rose to 46.3%, of total revenue

from 44.5% in 2012.

� Sales and installation grew 2% to $24.5 billion in 2013, the first increase since 2008.

� Independent (“wholesale”) monitoring services grew 19%, helped by contracts from personal emergency

response companies and telco and cable companies (source: Security Systems News and CSAA Contract

Monitoring Council).

Non-monitoring services as a percentage of total RMR, down 10pb year over year, as monitoring pricing

increases margin on monitoring & service, down 6bp to 54.1%, the result of a surge in cellular hookups, which

currently carry lower margins, as well as new video, personal emergency response, new cloud and managed

services, are all added to what had been a simple mix of basic monitoring and service agreements.

The current size of the all-combined telco and cable accounts is estimated by Barnes to be about

400,000-500,000 accounts, and an estimated $8-20 million of RMR. Based on this data, the market percentage is

something between 1-2%. Most of those gains have come from existing cable/telco customers, and from small,

POTS-line based local security companies.

The cable and telco’s end of year rate gross additions are estimated to be about 15,000-30,000 accounts per

month, which would add about $600,000-$1.2 million of RMR per month.

The gross attrition rate decreased 10bp to 11.8%, but this number is deceptive. Although the top 10 providers with

national or super-regional basis (some not in the Barnes survey) all increased due to an increase in movers, the

movers constitute 45% of gross attrition, up from 43% in 2012, while financial reasons dropped to 28% from 31% as

the reason for attrition. This shift to “movers” in attrition is unprecedented, and highly unlikely to be sustained.


March 2014

38

The 2013 creation multiple rose to 29.2% from 28.5%, mainly due to the increase in more costly interactive

cellular systems. It was noted that the creation multiple had stopped going up for a select group of companies

whose percentage of accounts using wireless interactive accounts had surpassed 60-70%.

The net internal RMR growth rate rose to 9% in 2013 from 8% growth in 2012.

Figure 18: 2013 Transaction RMR Multiples for Companies in the Above RMR Ranges


Historical Trading Range Based on Steady State Cash Flow

Engaging in the “good fight” for metrics that properly describe the efficacy and value of a residential alarm

monitoring company trading in the public markets has not been easy. In our previous discussions, we have

described key performance indicators (KPIs) that have been used over the last 15 years by senior lenders and

private equity firms to value security services companies built around recurring revenue. While there are serious

“real world” and “forward growth” flaws in using only steady state net operating cash flow (SSNOCF) as the only

metric in judging the value of a public or private alarm monitoring company, many believe it is one of the best

indicators of quality and margin in a security monitoring company’s primary business: monitoring and service.

We also use three key performance metrics against the peer group, and EV/RMR as a “sanity check”. The quality

of the monitoring and service business is usually a good indicator of how the rest of the company—the creation

side—pans out.

After years of education and use by lenders and private equity firms, operating executives as well as private

equity financial owners have turned to SSNOCF, along with IRRs (levered and unlevered), as the best predictable

measure of a company’s valuation, and relegating the older metrics, such as simple RMR, or the very unreliable

EBITDA variants to secondary status. There simply is a much tighter bell curve for SSNOCF valuations for quality

transactions, indicating that buyers and their advisors are now solving for that metric first. This is underlined by

the fact that senior lenders generally look at the recurring monitoring revenue as an asset (not as simple cash

flow), and are willing to lend against that asset.

For example, while RMR valuations for selected transactions from 2003-2012 have ranged from 25-70x, and

EBITDA valuations for these transactions have also been spread out 6.3–13.5x, SSNOCF values for the same

transactions have typically remained in a much tighter 10–14x valuation range. In addition, private equity buyers

have guided toward a mid-teens hurdle rate for unlevered IRRs in their investment considerations for these

recurring revenue security companies.

Less than $50,000 35.1x $50K-$100K 38.4x $100K-$500K 39.7x Over $500,000 47.1x

March 2014


39


The Emergence of Smart Locks (Part II)

(See Part 1 in our September 2013 Monitor)

Mobile Security and School Tragedies Driving Growth in Commercial/Institutional Wireless Locks that Connect to

Network and Access Control

In our September 2013 Security Monitor, we profiled Assa Abloy’s Hi-O, Aperio, and Seos wireless systems. In this

edition, we profile Allegion’s “aptiQ” two-way interactive system for connecting cards, readers and locking devices.

The locking and access business is misleadingly perceived as a very sleepy, but steady business made up almost

entirely of mechanical and sometimes electro-mechanical locks. This business is changing rapidly and Imperial

Capital estimates (see our September 2013 Security Monitor) that electro-mechanical, electronic and wireless

access and locking devices will take over 50% of new sales by 2016. Allegion is at the forefront of this technology

change. Perhaps the most underrated area of growth in security that we have seen at security trade shows and

seminars in 2013 has been what we consider to be the replacement of legacy mechanical and

electro-mechanical locks, and the movement toward networked locks that can allow encrypted card access,

allow privileges inside, can be shut down for emergencies almost immediately, and which can provide the

overused phrase to “actionable intelligence” to those who are in charge of a premises, not just the security

personnel. At the heart of these new smart, electronic locking systems, is a short distance encrypted wireless

communication protocol linked to an online electronic access control system, such as Assa Abloy’s HID Global, or

Tyco’s Software House. In many cases, these locks look almost identical to the commercial/industrial locks they

are replacing, and again, in many case, may be the very same brand.

We believe that the market for “smart locks” that are either wireless or hardwired to an enterprise’s or

institution’s network will be able to increase overall organic growth in the lock area by 1-2% over the next two

years, through both remodeling of existing facilities, and/or new construction. These functions range with

working with the access control system, including smart cards and prospectively, NFC and low blue

tooth-enabled phones to assist with premises entry, permissions within the building, and internal access, once

the permissions level of the authentication are encoded into the card or key. Access and permission levels can

be remotely given and revoked, and remotely changed via the system. One of the hurdles that wireless locks

have had to overcome is the conservation of battery power, and making the locks smarter to “wake up” instantly,

but only when signaled. This has been a big industry move ahead.

It is critical to be able to “wake up” an electronic lock to do something (lock or unlock) in a very short period of

time. Ingersoll Rand, which is spinning off its $2 billion Security business, Allegion PLC, includes the well-known

Schlage brand of locks and other access control products. Allegion’s and Schlage’s single biggest growth area

and its biggest single market for interactive, wireless locks is in the educational institution market, currently

nearly a third of Allegion sales.

Allegion’s “aptiQ” (pronounced: ap-teeck) contactless smart card credentials provide a two–way dialog between

the card and reader instead of just reading a proximity card serial number. The cards are used in conjunction

with an entire ecosystem of Allegion and partner products, which provide on-line, real time lock controls that

can be changed or upgraded without replacing the entire lock—as we were shown at the show.

Other brands in the Allegion portfolio include most notably Von Duprin, CISA, LCN, Von Duprin, Interflex, Briton,

Bricard, BOCOM Systems, Dexter, Kryptonite, Falcon, and Fusion Hardware Group.


March 2014

40

aptiQ: Allegion’s Platform for Connecting Wireless Systems

aptiQ is a group of Allegion technologies (mainly readers right now) built around a short-distance, wireless

communication protocol, designed to link with an online electronic access system with apitQ-enabled locks and

devices. aptiQ allows for online access control and management, increasing both security and controllability.

aptiQ is able to integrate with most wireless units and systems, regardless of the manufacturer, because it has

been developed around an open standard. Each of these readers handle all applicable ISO standards (14443A,

14443B, 15693), are FIPS 201-1 compliant (for government agency and GSA listing) and are versatile enough to

read 125 kHZ proximity and 13.56 MHz contactless smart cards. They are not yet FIPS 2011-2 compliant, which is

the latest standard in government access control technology, but we expect them to be soon.

The aptiQ Alliance Program is a group of leading companies coming together in tandem with Allegion to create

an ecosystem of applications that support aptiQ smart card technology. The Alliance consists of global

companies that are using an open architecture smart card technology which extends the use of an access

control card or near field communications (NFC) enabled smart phone credential to an increasing number of

applications. These global companies’ end users will learn how they can better leverage smart credentials to

build out an increasing number of solutions available to them.

Such partners as Matrix Systems (a leading physical access control provider), Access Smart (cyber

authentication and network access), Gemalto (leading dual technology credentials), BadgePass (badge

printing and smart cards), CBORD (cashless payment), Heartland Campus Solutions (one of many college

campus providers using aptiQ cashless payment), Mobile Security Solutions, Nedap (RFID and long-range ID),

TagMaster (standards-based long-range identification), XID (biometric facial readers), all create an ecosystem

of adjacent solutions. While just a small slice of the aptiQ Alliance, all these companies provide vertical market

product suites or manufacture ancillary products that can be bundled as part of an overall smart solution.

aptiQ field devices report to a wireless receiver, called a hub. The hub is mounted in the ceiling or on the wall,

and handles all control functions for the door.

aptiQ appears to be the major platform for Allegion to migrate its installed base from wired to networked and

wireless. The technology is fully compatible with RFID and other contactless credential technologies, so, in most

cases, there is no need to change a user’s credentials–the user can just use an existing card. Doors and locking

systems do not need to be changed out, only upgraded with aptiQ-enabled products.

For example, the aptiQ multi-technology reader, which reads both proximity and smart credentials, now also

reads magnetic stripe cards to provide users with a simple migration path to increased credential security levels,

including various forms of proximity contactless card industry standards (MIFARE Classic, and MIFARE DESFire

EV1, which opens up global standards for both air interface and cryptographic methods). The readers are also

Near Field Communications.

March 2014


41


Allegion plc Settles into Life as An Independent Public Company

Allegion plc, formerly a business within the Ingersoll Rand Security Technologies Group, was spun-out as a

public company in December 2013. As part of the locking, access control industry, and with a presence in the

Identity Solutions market, Allegion competes in multiple product areas.

Allegion is a market leader in door exit devices in North America, where it competes with Stanley Black & Decker,

Assa Abloy, Spectrum Brands, Fortune Brands, and DORMA. In Germany, where Allegion has the second largest

market share in the workforce management category, KABA Holding and Primion are the main competitors.

Within systems integration video analytics in Asia, where Allegion has the third largest market share, it competes

with CSST and China Telecom.

U.S. Lock Market

Within the U.S. lock market, Assa Abloy and Allegion hold the number one and number two market shares,

respectively. Between these two competitors, Allegion has the higher operating margins. Allegion also faces less

competitive pressure within the door openers and closers business. Stanley Black & Decker and Assa Abloy have

stronger competitive positions in doors than does Allegion, which has developed a patented geometrically

flexible (in its locking points) door, where fixed points are no longer needed, a significant advantage for

servicing doors even after years of building and door entrance shift. Allegion expects that its most intense

competition will be in locks.

Within Europe, where Allegion competes with Assa Abloy and Kaba Holding, Allegion’s position based on

revenue from its security products is ranked first in Italy, second in France, and third in the U.K. In Europe, where

Allegion’s operating margins are very low, improving under-absorbed capacity, competing in geographic

sectors where it can win, acquisitions, rationalization in weak areas, and changing a culture to where the brands

cooperate more on “Allegion” projects are all important milestones for the company.

Allegion is growing its acquisition pipeline and management has already completed two small transactions and

future acquisitions will be logical bolt-ons, including locks, exits, closers, and doors.


March 2014

42

M&A Review and Outlook

� M&A activity in the Physical Security Product sector was relatively strong during the second half of

2013. With both Physical Security Service and Products sector experiencing year over year rebounds.

With the convergence of IT and Physical Security and the intersection of defense and security continuing to drive

value in the Physical Security sector, deal volume trended upward through 2011. The M&A activity in 2012

moderated in the physical security sector, which corresponds to the overall slowdown in M&A activity resulting

from the European Credit Crisis and the Fiscal Cliff in the U.S. The first half of 2013 saw slow M&A activity

because the valuations went up, but buyers became much more active in the second portion of the year.

Figure 19: M&A Transactions in the Physical Security Sector,



Notable Middle Market Transactions

The market for M&As in the fourth quarter of 2013 was again strong like the preceding quarter and year

over period.

� ADT announced the acquisition of Devcon Security Services, Corp.

On July 30, 2013, The ADT Corporation entered into a definitive agreement to acquire Devcon Security Systems

from Golden Gate Capital for approximately $150 million in cash. The deal was completed on August 2, 2013 and

gave Decon Security Services, Corp. an implied enterprise value of $148.5 million.

Imperial Capital acted as the financial advisor for Devcon on the deal.

� Securadyne Systems, LLC agreed to acquire Advanced Control Concepts, Inc.

On September 4, 2013, Securadyne Systems announced the acquisition of Advanced Control Concepts, an

integration firm that offers managed electronic security solutions with risk mitigation and business process

improvement services. Details of the transaction have not yet been disclosed.

0

5

10

15

20

25

30

35

40

45

50

Q4 2010 Q1 2011 Q2 2011 Q3 2011 Q4 2011 Q1 2012 Q2 2012 Q3 2012 Q4 2012 Q1 2013 Q2 2013 Q3 2013 Q4 2013

Physical Security Services Physical Security Products

March 2014


43


� Assurant Specialty Property acquired Field Asset Services

On September 30, 2013 Assurant, Inc acquired Field Asset Services, a provider of property preservation and REO

asset management services for $55 million.

� Assa Abloy agreed to buy U.S. fence maker Ameristar Fence

On October 1, 2013 Assa Abloy, the Swedish company that is the world's biggest lock maker by sales, agreed to

buy Ameristar Fence for an undisclosed amount.

� Securitas AB bought South African companies Rentsec and Vamsa for $9 million

On October 21, 2013, Securitas AB announced that it acquired the security solutions companies Rentsec and

Vamsa in South Africa. The two companies, having the same owners, work closely together focusing on remote

video surveillance as well as a range of advanced security technology applications specifically suited for the

South African and the regional market.

� Atkins agreed to acquire US based nuclear business Nuclear Safety Associates

On November 19, 2013, WS Atkins plc announced it acquired the 130 person engineering and technical services

firm, Nuclear Safety Associates. The target focuses on nuclear safety, design engineering, and professional

security services.

� Kastle Systems International bought business segments from The ADT Corp.

On November 22, 2013, Kastle Systems International added 4,000 customer sites and a new, highly specialized

UL-listed Five Diamond central station in New York City with the November 21, 2013 acquisition of Mutual

Central Alarm Services and Stat-Land Security Systems from ADT.

Imperial Capital acted as the financial advisor to ADT on the deal.

� Convergint Technologies announced it bought Acme Future Security Controls

On December 9, 2013 Convergint Technologies, a systems integrator backed by KRG Capital Partners, said it acquired

Acme Future Security Controls Inc., a provider of physical security systems and services in Eastern Canada.

� InnovAntennas acquired Force 12 on December 30, 2013

On December 30, 2013 InnovAntennas acquired the legendary Force 12 antenna company and product line and

has moved the Force 12 factory from Bridgeport, Texas, to Grand Junction, Colorado.

� Universal Protection Service Acquired International Security Management Group, Inc.

On February 11, 2014, Universal Protection Service, a division of Universal Services of America and one of the

largest providers of security services in the U.S. announced it acquired International Security Management

Group, a risk management and physical security services company in the US.


March 2014

44

� Barrette Outdoor Living Acquired Alumi-Guard Inc. on February 12, 2014

On February 12, 2014 Barrette Outdoor Living, Inc. (BOL) announced the acquisition of Alumi-Guard, Inc., a

leading manufacturer in the aluminum fence and rail industry.

� Carlyle agreed to buy Tyco South Korea unit for $1.93 billion

On March 3, 2014 Carlyle (CG) Group LP agreed to buy Tyco International Ltd. (TYC)’s fire and security business

in South Korea for $1.93 billion, the country’s largest private equity buyout deal in U.S. dollar value in more

than five years.


The market for private placements significantly strengthened in the fourth quarter of 2013, compared to

the fourth quarter of 2012.

� Offsite Vision Holdings raised $10 million in private placement of convertible notes

On October 6, 2013, Offsite Vision Holdings, Inc., provider of remote video surveillance solutions for commercial

and residential customers announced that it will receive $10,000,000 through the issuance of convertible debt

securities along with option, warrant or other right to acquire another security.

� Guardian 8 Holdings raised $2 million in equity capital

On November 21, 2013 Guardian 8 Holdings announced the final closing on a $1,984,500 private placement of

its securities.

� Micro Technologies (India) Ltd. raised $40.35 million

On December 27, 2013 Micro Technologies (India) Limited, which develops and markets transformational security

devices, services and technologies in India and internationally, raised $40.35 million in a private placement.

� Northeast Automotive Holdings placed $2 million in equity securities for acquisition financing

On December 31, 2013 Northeast Automotive Holdings sold an aggregate of 7,142,857 newly issued shares of

common stock at $0.28 per share, for aggregate gross proceeds of approximately $2.0 million.

Public and 144A Debt and Equity Offering Snapshot

The Physical Security sector experienced an increase in the fourth quarter of 2013 from the fourth quarter of 2012.

� Control4 Corporation completed its IPO on August 1, 2013

Control4 Corporation, provider of automation and control solutions for the connected home, completed its IPO

on August 1, 2013, raising $64 million. Control4 Corporation intends to use a portion of the net proceeds to pay

off the remaining amounts owed under a litigation settlement agreement.

March 2014


45


� Monitronics International, Inc refinanced existing senior notes with $175 million of unregistered

9.125% Senior Secured Notes

On November 4, 2013, Monitorinics International, provider of security alarm monitoring and related services

to residential and business subscribers in the United States and parts of Canada offered to exchange up to

$175 million of registered 9.125% Senior Notes due 2020 for a like principal amount of unregistered

9.125% Senior Notes due 2020.

� Stanely Black & Decker, Inc. offered $400 million Fixed-to-Floating Rate Junior Subordinated Debentures

due 2053 concurrently with 3 million equity units

On November 25, 2013, Stanley Black & Decker, Inc. provider of power and hand tools, mechanical access solutions,

and electronic security and monitoring systems for various industrial applications offered $400 million aggregate

principal amount of a new series of fixed-to-floating rate junior subordinated debentures due 2053. Stanley

concurrently offered 3,000,000 Equity Units. The Company expects the Equity Units will initially consist of $300 million

aggregate principal amount of junior subordinated notes due 2018 and contracts obligating the investors to

purchase, for an aggregate of $300 million, shares of common stock. The Company intends to use the net proceeds

from the offering for general corporate purposes, including repayment of short term borrowings.

� Securitas AB issued $473 million 2.625% notes due 2021

On November 15, 2013 Securitas AB, provider of security services in North America, Europe, Latin America, the

Middle East, Asia, and Africa, issued 350 million euro notes yielding 2.625% due 2021.

Bankruptcies

There were three physical security bankruptcy in the second half of 2013.

� IPC International filed for Chapter 11 bankruptcy

On August 9, 2013, IPC International Corporation, provider of security services for people and facilities filed for

Chapter 11 bankruptcy.

� Kranem Corporation filed for Chapter 11 bankruptcy

On November 11, 2013, Kranem Corporation, provider of digital security, data analytics, visualization, and

surveillance solutions for law enforcement, homeland security, and intelligence markets worldwide, filed for

Chapter 11 bankruptcy protection.

� Evergreen Defense & Security services filed petition to liquidate under Chapter 7 Bankruptcy code

On December 31, 2013, Evergreen Defense & Security Services, Inc., a private military contractor that offers

defense and security services to government, military, and NGOs filed for Chapter 7 bankruptcy.


March 2014

46

Notable Transactions

Figure 20: Select M&A Transactions in the Physical Security Sector, Second Half of 2013 and YTD 2014

Sources: Capital IQ and Imperial Capital, LLC.

Announced

/ Filing

Date

Closed Date Target Business Description Buyer

Target

Implied TEV

($mm)

TEV /

Revenue

TEV /

EBITDA

3/2/2014 NATyco Fire & Security Services

Korea Co., Ltd.

Tyco Fire & Security Services Korea Co., Ltd., through its

subsidiaries, provides security solutions in Korea.The Carlyle Group LP $2,388.6 3.5x 17.5x

2/12/2014 02/12/2014 Alumi-Guard, Inc.Alumi-Guard, Inc. engages in the design and manufacture of pow der

coated aluminum fences, matching gates, and arbors.

Barrette Outdoor Living,

Inc.NA NA NA

2/11/2014 02/11/2014International Security

Management Group, Inc.

International Security Management Group, Inc. provides security and

risk management services to companies, corporations, and properties

in the United States.

Universal Services of

America, Inc.NA NA NA

12/30/2013 12/30/2013 Force 12 IncForce 12 Inc. designs, manufactures, and markets antennas for

amateur, commercial, military, and security markets.InnovAntennas Limited NA NA NA

12/9/2013 12/09/2013Acme Future Security Controls

Inc.

Acme Future Security Controls Inc. provides security management

solutions.

Convergint Technologies

LLCNA NA NA

11/21/2013 11/21/2013

Mutual Central Alarm Services

and Stat-Land Security

Systems

Mutual Central Alarm Services and Stat-Land Security Systems

designs commercial intrusion, fire, video, and access control systems

for f inancial service, jew elers and retail stores in the New York City

area.

Kastle Systems

International, LLCNA NA NA

11/19/2013 NANuclear Safety Associates,

Inc.

Nuclear Safety Associates, Inc. provides safety, security, and

engineering services to the nuclear markets.WS Atkins plc NA NA NA

10/21/2013 10/21/2013

Rentsec Equipment (Pty) Ltd

and Video Alarming Monitoring

SA

Rentsec Equipment (Pty) Ltd and Video Alarming Monitoring SA

represent the combined operations of Rentsec Equipment (Pty) Ltd

and Video Alarming Monitoring SA in their sale to Securitas AB.

Securitas AB NA NA NA

10/1/2013 NAAmeristar Fence Products,

Inc.

Ameristar Fence Products, Inc. manufactures ornamental and

decorative metal fences and gates.Assa Abloy AB NA NA NA

9/30/2013 09/30/2013 Field Asset Services, Inc.Field Asset Services, Inc. provides property preservation and REO

asset management services.Assurant Inc. $55.0 NA NA

09/04/2013 09/04/2013Advanced Control Concepts

Inc.

Advanced Control Concepts is an integration f irm based in Pensacola,

FL that offers managed electronic security solutions w ith risk

mitigation and business process improvement services.

Securadyne Systems,

LLCNA NA NA

8/29/2013 08/29/2013The Budd Group, Inc., Security

Division

As of August 29, 2013, Security Division of The Budd Group, Inc.

w as acquired by Universal Services of America, Inc. Security

Division of The Budd Group, Inc. provides guard and security

services.

Universal Services of

America, Inc.NA NA NA

08/28/2013 08/28/2013 X7X7 is a Washington DC-based systems integrator that provides

comprehensive security management systems.SDI NA NA NA

08/23/2013 08/23/2013Shenzhen Probuck

Technolgies Co. Ltd.

Shenzhen Produck Technologies Co. Ltd. specializes in electronic

door lock soltions w ith biometric identif ication, based on ow n

f ingerprint technology, as w ell as time and attenance terminals

Kaba Group NA NA NA

8/20/2013 08/20/2013 Industry Retail Group, Inc.

Industry Retail Group, Inc. provides broadband-based applications

and services to largest apparel and specialty stores, quick-serve

restaurants, seasonal and pop-up stores, insurance companies, real

estate f irms, medical facilities, and other franchises in the United

States.

Vector Security, Inc. NA NA NA

8/20/2013 08/20/2013 VisibleRisk Inc.

As of August 20, 2013, VisibleRisk Inc. w as acquired by Click

Security, Inc. VisibleRisk Inc., an information security analytics

company, provides solutions to support enterprise visibility and

advanced security analytics efforts.

Click Security, Inc. NA NA NA

8/20/2013 08/20/2013 Sentinel Security Systems

As of August 20, 2013, Sentinel Security Systems w as acquired by

American Alarm & Communications, Inc. Sentinel Security Systems

provides security services to homes and businesses.

American Alarm &

Communications, Inc.NA NA NA

8/14/2013 Announced

Agero, Inc., Connected

Vehicle Services Division

(nka:Sirius XM Connected

Vehicle Services Inc.)

Sirius XM Connected Vehicle Services Inc. provides telematics

services.

SIRIUS XM Radio Inc.

(nka:Sirius XM Holdings

Inc.)

$525.4 NA NA

8/12/2013 08/12/2013

DigitalOptics Corporation East,

Certain Micro-Optics Business

Assets in Charlotte

Tessera Technologies Inc., Micro-Optics Business Based in Charlotte,

North Carolina produces and markets diffractive optical elements,

refractive optical elements, and integrated micro-optic sub-

assemblies.

FLIR Systems, Inc. NA NA NA

7/30/2013 08/02/2013Devcon Security Services,

Corp.Devcon Security Services, Crop. The ADT Corporation $148.5 NA NA

7/18/2013 07/18/2013Johnson Controls Inc.,

HomeLink Product Line

As of September 27, 2013, HomeLink Product Line of Johnson

Controls Inc. w as acquired by Gentex Corp. Johnson Controls Inc.,

HomeLink Product Line comprises a a vehicle-based radio-frequency

device that communicates w ith other radio-frequency devices

including garage door openers, estate gates, and home lighting.

Gentex Corp. $700.0 NA NA

7/10/2013 08/16/2013 Security Netw orks, LLC

Security Netw orks, LLC, a life safety solutions company, engages in

the sale, installation, maintenance, and monitoring of commercial and

residential burglar alarms, f ire alarms, medical alerts, access

controls, and CCTV systems.

Monitronics International,

Inc.$740.2 8.1x NA

March 2014

Executive Summary

47

Consumer Industry Monitor

Section III

Identity Solutions Sector

Security Industry MonitorInformation Security Sector

March 2014

48


March 2014

49





Industry Size: Fingerprint Continues to Lead as the Technology Improves

Biometrics has been covered in nearly every Security Monitor published. Most of what we have written about

involved lumpy government purchases of expensive Live-Scan equipment and growing international

acceptance for security, voting, and empowering “off-the-grid” citizenry. However, in the U.S., based on our

observations, there has mostly been frustration with the pace of adoption relative to the potential of the

technology—particularly in a commercial environment with a strong demand for biometrics, but which has also

had to deal with ROI and efficacy shortcomings. Each year, we interview integrators and potential end users

about the technology, and for the first time, we may see some light at the end of the tunnel due to improved

technology for the most common biometric of all—fingerprint. This is borne out by a scanning of the many

market surveys being done on biometrics (it may be the most market-researched ID technology in history),

which have begun to get more bullish and more specific regarding increasing acceptance outside of

government use. If we were to take the mean of 12 separate reports, it would be fair to deduce that at least the

market survey world believes that the worldwide biometric industry will grow about 15-25% annually through

2018 to about $18-20 billion, and that by far the largest modality will remain fingerprint, with potential

industry-wide growth to about $10-11 billion. Below we note the reasons why this might be the case after many

years of lumpy, unpredictable growth.

A biometric is unique, and with the right technology, copies can almost always be detected and prevented.

Contrast this to the current industry standards of passwords and RFID badges, all of which can be much more

easily replicated and used by sophisticated electronic programs to gain access to invaluable personal

information and confidential enterprise assets.

On a yearly basis for over a decade, we have interviewed several leading integrators and non-government end

users regarding their potential use of biometrics. It has been a long road. The shortcomings of certain fingerprint

technologies have led biometric system integrators and developers to push end users toward very expensive

multi-model installations (usually iris or face, or both), which dramatically reduces ROI, and raises privacy issues,

particularly in “passive” and even less accurate facial recognition. What is clearly needed is a solution to those

issues affecting the most convenient, inexpensive, and familiar biometric, which is fingerprint.

Because of its ease of use and familiarity, fingerprint biometrics is once again gaining momentum and scale as

governments and corporations around the world are adopting practices to better safeguard their key

information and assets. Fingerprint has, and will continue to be, a key factor when single or multi-modal

biometrics is used. Typical (of the many reports we aggregated above) would be RNCOS Industry Research

Solutions' latest forecast, in which the global biometric market is expected to expand at a CAGR of 21% from

2012 to 2014. Although fingerprint biometrics have traditionally stemmed from government applications, the

technology is being increasingly accepted and adopted in various external and internal commercial applications,

including physical access control, logical access controls (such as ATMs), point of sale or delivery, and time and

attendance. Pricing and interoperability of “multi-modal” biometric systems, or iris, simply remain too costly or

complicated, and facial remains too inaccurate at the price points for a mass market.

Security Industry MonitorIdentity Solutions Sector

March 2014

50

This is unfortunate, because we believe whatever the government-civil biometric market is, our discussions with

participants in the commercial/industrial/institutional markets indicate a potential market more than double the

government market—only if and when security, durability, cost, and ease of operation issues are solved. The

immediate markets that could be secured with biometrics (versus passwords, keys, or RFID cards) include:

� Physical access and logical access—border control, amusement parks, commercial/institutional buildings,

driver recognition, fleet management, medical dispensing, point-of-sale, single-sign on, civil ID,

e-Prescribing, and process control

� Self-service kiosks—ATMS, medical dispensing, financial services

� Time and attendance

� Mobile/hand-held—public (deliver goods), civil (verify citizens), secure financial services

Fingerprint technology is the most established and widespread form of biometrics and will likely dominate the

residential and commercial security product marketplace. Biometric Research Group, in a report published in

September 2012, projected that fingerprint technology will represent $3 billion of revenue within the residential

and commercial security product marketplace by 2017. While that seems like large growth from a little over

$1 billion today, it still represents only 15% of the total biometric market estimated by Biometric Research

Group. As we have noted, we believe the commercial market by itself should be larger than the government

market as key issues are solved.

We believe new, advanced fingerprint technologies will drive this ultimately significant growth in commercial

and residential biometrics.

The main advantages of fingerprint technology is that it is the most economical biometric technology and its

small storage space, reduced power requirements, and resistive nature to temperature and background lighting

make it an ideal technology to be deployed in a range of logical and physical access environments.

Targeted market environments that will exceedingly benefit will include home-based and small to mid-sized

businesses. To be sure, there are still challenges that remain for the overall fingerprint biometric industry.

Frost & Sullivan’s 2011 publication, Best Practices Guide to Fingerprint Biometrics, found that the most concerning

and prevalent issues holding back the industry were accuracy, fraud (“spoof” or “liveness”) detection,

environmental, and physiological usability and throughput speed.

Accuracy remains the most important factor in the equation. False rejections can cause the user significant

inconvenience and interfere with timely processing and access. Even more problematic are false acceptances,

instances in which a non-approved user gains access to sensitive information or valuable assets. Finally, some of

the fingerprint technologies have tried to overcome what limitations or inaccuracies they have, but it comes at a

cost, which puts the majority out of immediate consideration by specifiers, integrators, and end users.

The most common fingerprint technology used today (includes most of the largest providers, such as Safran,

NEC, and Cross Match) have been sensors that use arrays of photodiode or phototransistor detectors to convert

the energy in light on the detector into an electrical charge. The sensor package usually includes a

light-emitting-diode (LED) to illuminate the finger. Total internal reflectance (TIR) biometric sensors are the most

common of these sensors. TIR sensors collect images based on the difference between air and material in

contact with the sensor. Among the capture methods used in fingerprint technologies, TIR sensors rely on the

image generated by the material in contact with the sensor. Therefore, any material placed on a sensor that has

the same ability as expected can be used to generate a fingerprint. As a result, spoof fingerprints and “less than

March 2014

51



optimal” environments are an issue with TIR sensors, particularly in unattended applications. TIR sensors can be

affected by a number of real life factors such as stray light, surface contamination, or even prior fingerprint

impressions present on the sensor surface. Hence, it is essential to clean the fingerprint reader glass on a regular

basis for optimal performance. In truth, some TIR sensors can now detect a real fingerprint from a fake

fingerprint using “spoof” or “live finger” detection, but that increases cost.

In real world applications, the user's hands may not always been clean and dry. The same concept applies to

outdoor sensors that are subject to the wind and rain. Dust, pollen, chalk, and chemicals may often dirty a user's

prints, which will decrease a TIR sensor's ability to detect and collect the full print. This sometimes leads to false

negatives, user frustration, and a backlog in throughput. The government can get around this with maintenance,

expensive multi-finger “swipe” and “static finger” readers, or by going “multi-modal” with several biometrics.

However, this is not acceptable for the potentially much larger commercial/industrial/institutional market where

throughput, cost, ROI, and total cost of ownership are important considerations.

Capacitive Sensors—Thin, (Sometimes) Inexpensive, and Small—Still Many Drawbacks

The most widely used fingerprint technology outside of optical (i.e., AuthenTec, acquired by Apple) use electric

current to sense a fingerprint and capture the image. As sensors apply a small voltage to the finger, a real

fingerprint is required rather than a visual impression of it. This technique makes the fingerprint reader more

reliable as it becomes harder to fake enrollment. Another benefit of capacitive sensing fingerprint readers is that

they are more compact and thus easy to install. However, there are reasons why capacitive sensors have done

well in small form factors but have not broadened their base in the market, particularly into enterprise use, and

the list is not short: 1) The thinner silicon chips are inherently fragile and susceptible to damage by hard external

impact and scratches, and are susceptible to damage by electrostatic discharge, 2) their thin form factor also

exposes them to more corrosion from everyday handling and exposure, resulting in greater replacement,

maintenance, and downtime costs, and 3) capacitive sensors usually only offer a smaller imaging area, image

size, and resolution. This is due to greater cost of manufacturing larger, high quality chips, but is an area that we

believe is being improved over time.

Is Multi-Spectral Imaging the Silver Bullet?

Vastly improved technologies are being developed for fingerprint at the commercial/ industrial/institutional

level, most notably, multispectral imaging (MSI), which has already been on the market for several years. A MSI

sensor captures multiple images of the finger under varied conditions such as different wavelengths, different

illumination orientations, and different polarization conditions. This data is processed to obtain a composite

fingerprint image. The advantage of a multi-spectral fingerprint reader over others is that the functioning is not

affected by external factors such as contaminants or improper contact or bright ambient lights. MSI is also able

to identify whether the fingerprint is genuine or a spoof. This process thus captures data on both the surface and

subsurface features of the skin, as opposed to TIR sensors, which cannot retrieve subsurface features, and also

produces inferior surface images. This same MSI concept of collecting data under different conditions has been

successfully tested in harsh environments as well.

Unlike TIR sensors, MSI technology also allows for the imaging of a fingerprint without direct contact with the

sensor. An MSI sensor will always acquire a fingerprint image whether or not there is direct contact with the

sensor or an appropriate amount of pressure is applied to the sensor.


March 2014

52

We believe that as MSI technology continues to gain traction as being a convenient, robust, and secure

authentication tool, then the superior ROI/TCO (return on investment/total cost of ownership) and integration

capability (with other security technologies), could create the fast growing market in

commercial/industrial/institutional markets that we have been predicting. The markets for this technology

already include banking and healthcare. Lumidigm, Inc. is currently the only company that is offering MSI

technology in its sensors. To the best of our knowledge, Lumidigm's spoof detection technology provides spoof

performance that exceeds that of any other fingerprint sensor currently on the market.

Other Major Fingerprint Technologies Include:

Thermal Sensors. A fingerprint image is created by the skin-temperature ridges and the ambient temperature

measure for valleys. The biggest drawback of this technique is that the temperature change is dynamic and it

only takes about a tenth of a second for the sensor surface touching ridges and valleys to come to the same

temperature, erasing the fingerprint image.

Pressure Sensors. Pressure sensing scanners (including micro electro-mechanical, or MEMS), can be made very

thin and are often used in electronic devices. Pressure sensing scanners are just now moving beyond having to

make a tradeoff between durability and quality because any protective layer on the detector surface would

diminish the contrast of the impression.

RF Sensors. A low radio frequency (RF) signal is applied to the user’s finger and then read by the detector array,

with each pixel operating like a tiny antenna. The advantage of this detector is that it reads the fingerprint from

the dermal layer underneath the surface making it less susceptible to damaged or dry fingertips. However, it is

more expensive.

Ultrasonic Sensors. Ultrasonic scanners have an advantage of being able to see beneath the skin. This provides

not only verification of a live finger; it also provides more information as a biometric measure. However, this

technology is slower, expensive, bulky, and too data intensive for many access control applications. Ultrascan is

the leading provider of this technology.

NIST Protocol from May 2013 Beginning to Become Reality for an Easy-to-Use,

Standardized Biometric Communication with the Web

In May 2013, researchers at the National Institute of Standards and Technology (NIST) developed and published

a new protocol for communicating with biometric sensors over wired and wireless networks using some of the

same technologies that underpin the web—and now they are demonstrating it.

The protocol, called WS-Biometric Devices (WS-BD), allows desktops, laptops, tablets, and smartphones to access

sensors that capture biometric data such as fingerprints, iris images, and face images using web services. Web

services themselves are not new; for example, video-on-demand services use web services to stream videos to

mobile devices and televisions. We were recently shown a demo of this protocol and believe it could be a

significant step in making biometrics easier to use interoperable between not just government agencies, but

also between sites in a large, commercial multi-store enterprise.

March 2014

53



The WS-Biometric Devices protocol could greatly simplify setting up and maintaining secure biometric systems

for verifying identity because such biometric systems will be easier to assemble with interoperable components

compared to current biometrics systems that generally have proprietary device-specific drivers and cables.

WS-BD enables interoperability by adding a device-independent web-services layer in the communication

protocol between biometric devices and systems.

In other words, any type of web device—a phone, a laptop, or a tablet can talk to any type of biometric scanner

(finger, face, iris, etc.). The operator does not have to learn anything new; no new drivers are required, no

proprietary knowledge about the scanner, making life a lot easier for the end user.

With the pushback that came with interoperable ID credentialing, NIST recognized this need several years ago

and developed a solution with the support of the Department of Homeland Security Science and Technology

Directorate, the Federal Bureau of Investigation’s Biometric Center of Excellence and NIST’s Comprehensive

National Cybersecurity Initiative. However, NIST also is now working with industry through the Small Business

Innovation Research Program to help bring these plug-and-play biometric devices to market, and take them out

of the demo stage.

Identity and Access Management’s Increase Use of Biometrics: Growth of Secure and

Underpenetrated Market

We view the competitive and consolidation environment in Identity and Access Management as robust from the

physical, logical, and converged perspectives. Adoption of biometric systems appears to be a strategic and

secure direction for companies, countries, and even academic institutions that deal and interact with access

control, identification, verification, and secure payment needs.

The Need. The current method to identity and properly document a citizen, or access a secure document are

not able to meet the growing demand for enhanced security, thus giving high growth opportunity to the use of

biometric technology.

Types and Uses of Technologies. Biometrics systems are used to measure physiological and behavioral

characteristics to identify people, grant them access to secure items (e.g., files, doors), and perform transactions (e.g.,

pay for lunch, online payments via two-factor authentication). Physiological characteristics include Vascular

Recognition, iris, face, and fingerprints. Behavioral characteristics include a dynamic signature and voice recognition.

As more countries use biometrics to combat terrorism, enhance airport security, adopt a national ID or driver’s license,

or even a passport, the market availability will become larger. India, Mexico, and Russia are increasing their use of

biometric systems, while China recently began using a biometric national ID program. Commercial, government, and

consumer-based data security concerns have given rise to biometric based two-factor authentication devices, and the

companies that are able to create a sustainable competitive advantage via product quality, enhanced features,

usability, and brand awareness will garner a greater portion of this new and accelerating market.

Market Size. We believe that biometric systems may not just replace, but enhance the way in which we perform and

interact with certain processes (e.g., pay for items, state/national ID, passwords). If we were to take the mean of

12 separate market research reports, we believe it would be fair to deduce that at least the market survey world

believes that the global biometric industry will grow about 15-25% annually through 2018 to about $18-20 billion,

and that by far the largest modality will remain fingerprint, with potential industry-wide growth to about

$10-11 billion. Transparency Marker Research notes that the facial, iris, veins, and voice recognition together

constitute the second largest segment, estimated at $1.4 billion in 2010 and expected to reach $3.5 billion by 2015.


March 2014

54

Concerns. Many of the concerns regarding the use of biometric systems for physical security purposes seem to stem

from the lack of awareness and understanding about improvements in cost and efficacy technology. We believe that

the use of biometric systems, in the right places, greatly enhance security and efficiency to the end user.

The Opportunity. Each year, more biometric functionality is being added to mobile devices, and the proliferation

of unique apps is allowing consumers to control their home security systems, enter premises, deposit checks, and

remotely log into their work computers (e.g., GoToMyPC). Consider the recent acquisition by Apple of AuthenTec,

Intel’s venture capital business investing in Validity Sensors, Inc. (creator of fingerprint sensors), or Microsoft

working towards biometric sensors which it can incorporate in its Xbox game console. The gaming and mobile

markets are not the only places in which we will see the infusion of biometric technology. Schools, universities,

banking industry (e.g., ATM, credit cards), state and national governments (e.g., IDs), hospitals are and will see an

increase in the use of biometric systems as a way to increase security and combat fraud.

Biometrics Update: Companies Are Forging Forward With This Technology Even While

There Are Some Who May Fear It

Types of Notable Biometric Technologies

There are two main purposes of biometric systems: authenticate and identify. An individual could use their

finger to be able to access a door, or to be able to pay for lunch at school. Both physical (i.e., fingerprint, iris) and

physiological (i.e., handwriting) characteristics are examined to identify a person and to produce one of three

types of biometric data: raw images, encrypted images, and encrypted partial data.

Raw images consist of recognizable images (i.e., face), while encrypted images store data which can be used to

create an image, and encrypted partial data stores partial data from an image which is encrypted and cannot be

used to recreate the complete original image.

Fingerprint Recognition

Figure 21: Fingerprint Characteristics

Sources: www.biometrics.gov.

Fingerprint technology is the most established and widespread form of biometrics and will likely dominate the

residential and commercial security product marketplace. Biometric Research Group, in a report published in

September 2012, projected that fingerprint technology will represent $3 billion of revenue within the residential and

commercial security product marketplace by 2017. While that seems like large growth from a little over $1 billion

today, it still represents only 15% of the total biometric market estimated by Biometric Research Group.

March 2014

55



The main advantages of fingerprint technology is that it is the most economical biometric technology and its

small storage space, reduced power requirements, and resistive nature to temperature and background lighting

make it an ideal technology to be deployed in a range of logical and physical access environments.

Facial Recognition

Figure 22: Elastic Bunch Map Graphing


Facial recognition continues to become more refined as it evolves from the early days of using simple geometric

models to morphing into something which takes many images of the face to extract uniquely identifiable facial

features, while accounting for the distances from-to-and between the eyes, nose, ears, mouth, etc. Facial

recognition is now used to prevent passport fraud, support law enforcement, access control, etc.

Hand Geometry Recognition

Figure 23: Distance Measurement


Hand geometry recognition entails looking for unique features on the structure of the hand. The length, width,

thickness, and distances between joints joints are all distinguishing characteristics that are noted when taking a

3D image of the hand. We note that the human hand does not contain as many uniquely identifiable

characteristics as the other biometric-based identifiers.


March 2014

56

Iris Recognition

Figure 24: Iris Recognition


Iris recognition is the process via which the iris is analyzed for distinct and random patterns. The iris is a thin,

circular structure in the eye responsible for controlling the diameter and size of the pupil and thus the amount of

light reaching the retina. It is the colored part of the eye.

Though the color of the eye may be genetically linked, the patterns are unique and developed during the

prenatal growth.

Voice Recognition

Figure 25: Voice Sample


Voice recognition (not to be confused with speech recognition) is the process by which the unique patterns of

an individual’s voice are analyzed. The physiological component of the voice recognition is related to the

physical shape of an individual’s vocal tract, and the voice/speaker recognition software analyzes the frequency

content of the speech and compares the quality, duration, intensity, dynamics, and pitch of the signal.

March 2014

57



Vascular Recognition

Vascular recognition (or Vein Pattern Recognition) may likely be the newest addition to the suite of available

biometrics technologies. Much like the way retina recognition is done; vascular recognition looks for unique

patterns within the blood vessels. The uniqueness of this arises since this process does not involve any contact

with the actual examination machine, but is done via the use of infrared light.

Signature Recognition

Signature recognition analyzes the way in which a person signs his/her name. The pressure applied to the

object, timing, and speed of signing something are all examined to identify a person with their handwriting. We

note that “signature recognition” is not limited to a person’s signature, but encompasses the full breadth of the

way a person writes.

Biometrics in Schools and Colleges: Is It A Comfort or Concern?

We have seen an increase in the number of companies that are innovating products which could make it safer,

easier, and faster for kids to not only safely pay for their school lunches, but be able to access doors to which

they have granted permission, and to be able to easily identify themselves. In order to be able to introduce a

biometric system within a school or college, we believe that two key elements need to take place: consent by

both students and parents (when appropriate), and a legitimate interest of the school or college.

Universities. Universities across the nation (and very likely in other parts of the world) are routinely introducing

new and more secure technologies, and it appears to us that they are starting to consider biometrics as a form to

identify the students and to also use this technology as a way to pay for certain items in the same way in which

the students would be able to pay with their student card (e.g. food, books). Access control (e.g., door locks)

companies such as Assa Abloy (ASAZY), Brivo Systems, or Honeywell International (HON) have long had a

presence on college campuses, but the use of biometrics to pay for items and as a means of identification is now

gaining popularity.

What Has Been Holding Back Biometrics?

We believe that students, parents, and administrators have not been properly informed about the benefits and

risks associated with the use of biometric systems. Apple’s acquisition of AuthenTec in October 2012 sparked

market observations that the maker of the iPhone and iPad could integrate fingerprint identification into future

devices. With the introduction of the iPhone 5S on September 10, 2013, that possibility became reality. We

believe that Apple's evident validation of this technology may force other manufacturers of mobile devices to

provide a similar option. Whereas biometrics have generally been focused on government and enterprise

applications, we believe Apple’s adoption could be the “tipping point” for mainstream adoption that may create

entirely new ecosystems for mobile payment, e-wallets, and e-commerce.

In our view, the administrators may be far more concerned than the current students are. Whereas the students

at younger and younger ages are being introduced to these systems and growing up with some form of

technology, the older generation may not be as comfortable with the use of it and may be more reluctant to

adopt it. We believe that properly-integrated biometrics have the potential to dramatically increase the security

of point-of-sale and online transactions made through mobile devices.


March 2014

58

We recognize that spoofing (e.g., using fake fingerprints), and accuracy are two of the primary concerns for both

the end users and the administrators. False rejections can cause the user significant inconvenience and interfere

with timely processing and access. Even more problematic are false acceptances, instances in which a

non-approved user gains access to sensitive information or valuable assets.

The most common fingerprint technology used today (includes most of the largest providers, such as Safran,

NEC, and Cross Match) have been sensors that use arrays of photodiode or phototransistor detectors to convert

the energy in light on the detector into an electrical charge. The sensor package usually includes a

light-emitting-diode (LED) to illuminate the finger. Total internal reflectance (TIR) biometric sensors are the most

common of these sensors. TIR sensors collect images based on the difference between air and material in

contact with the sensor. Among the capture methods used in fingerprint technologies, TIR sensors rely on the

image generated by the material in contact with the sensor. Therefore, any material placed on a sensor that has

the same ability as expected can be used to generate a fingerprint. As a result, spoof fingerprints and “less than

optimal” environments are an issue with TIR sensors, particularly in unattended applications.

Solutions to the Biometric Backlog.

Multispectral Imaging. Vastly improved technologies are being developed for fingerprint at the commercial/

industrial/institutional level, most notably, multispectral imaging (MSI), which has already been on the market for

several years. A MSI sensor captures multiple images of the finger under varied conditions such as different

wavelengths, different illumination orientations, and different polarization conditions. This data is processed to

obtain a composite fingerprint image. The advantage of a multi-spectral fingerprint reader over others is that the

functioning is not affected by external factors such as contaminants, improper contact, or bright ambient lights.

MSI is also able to identify whether the fingerprint is genuine or a fake. This process thus captures data on both the

surface and subsurface features of the skin, as opposed to TIR sensors, which cannot retrieve subsurface features,

and also produces inferior surface images. Unlike TIR sensors, MSI technology also allows for the imaging of a

fingerprint without direct contact with the sensor. An MSI sensor will always acquire a fingerprint image whether or

not there is direct contact with the sensor or an appropriate amount of pressure is applied to the sensor.

Two-Factor Authentication. We have seen instances in which biometric information is stored on an ID token so

the user can be authenticated and identified, but the data stored on the card cannot be copied. The way this

works is fairly straightforward: the cardholder swipes the card in the system to be authenticated, and then a live

scan of the cardholder’s finger is taken and compared against the sample on file. Two-factor (or multi-factor)

authentication can also be used with online transactions, where the user inputs their credit card information or

username and password, but will then have to enter a PIN number (i.e., located on a key fob or cellphone) that

continuously changes.

Increasing the number of authentication factors has a direct impact on the accuracy and thus the overall security

(albeit at a slightly reduced speed). As credit card and identify fraud continues to haunt the consumers, it will

likely make way for biometric systems (and likely multi-factor authentication) that are more secure.

March 2014

59



Figure 26: Multi-Factor vs. Layered Security

Sources: Wallstreet Journal. .

Biometric Data Not Being Stored. Based on our observations, parents of students, and maybe the students, are

reluctant to try this new and more secure (in our opinion) technology because they believe that the scanning

systems will store their biometrics. We want to put this issue to rest and explain that these biometric systems are

not storing images of a fingerprint, iris, or other body part, but instead are creating mathematical representations

(templates) with the true image never being stored in the system. When a person enrolls into a biometric system,

the algorithm selects several points and transfers that into a mathematical representation. The data is generally

encrypted, the template is smaller in size and makes it easier to store biometric information on a smart card or

other memory restricted system, and it safeguards the actual image from being reverse engineered.

Biometrics Uses in Different Verticals

� Healthcare and Biometrics

We believe that the healthcare biometric vertical will go through a great deal of growth in mitigating healthcare

fraud, while providing increased and improved patient care and document privacy. Our recent discussions with

healthcare professionals has indicated to us that document duplication is an issue which needs to be resolved,

and we believe that biometric technology can be a viable and efficient solution. Many times a patient will go to a

doctor’s office and check in with his legal/official name; for instance, the patient’s legal name is Robert J. Smith,

but at times, the patient may use the shortened version of his name, which, in our example, is Rob J. Smith. If the

system is unable to decipher if the two are in fact the same, therein lies the issue of document duplication,

misplaced documents, etc. The use of biometric will aid in making sure that the person signing in as “Robert” or

“Rob” are in fact the same person and aid towards better managing patient documents, and thus better and

more efficient treatment.

� A View Into the RSA Conference, Held in San Francisco on February 24-28; Review of Select Companies

At the recent RSA Conference, which was held at The Moscone Center in San Francisco, California from

February 24 through February 28, 2014, we spoke with several security companies that are finding ways to

merge physical and IT security. The RSA Conference is one of the leading security industry conferences which

includes select security executives as well as leading and emerging IT security companies. Attendees have the

opportunity to learn and converse about some of the most important issues facing the security industry.


March 2014

60

Select List of Exhibitors

� Entrust

Based in Dallas, Texas, Entrust is a leading provider of identity-based security solutions, authentication,

credentialing, physical and logical access, mobile security, digital certificates, single socket layer (SSL-protocols

for providing secure communications over the internet), and public key infrastructure (PKI).

During the conference, we spoke with Entrust about its recently announced collaboration with 3M Cogent to

integrate biometric fingerprint authentication into Entrust IdentityGuard software. The partnership will allow

organizations to leverage fingerprint biometrics to authenticate users for logical access to workstations. We find

that there is a need for second factor authentication to protect sensitive data, and this partnership will help users

streamline secure access to both cloud and internal systems.

In addition to our conversations at RSA, Entrust previously pointed out a long-standing obstacle to converged

credentials between logical and physical access: divergent budgets and goals that result as a function of logical and

physical groups often being siloed within the enterprise. The relatively early state of smartphone enabled ID

technologies, such as NFC or Bluetooth Low Energy, deployment in mobile devices is an additional limiting factor,

yet is expected to play an important role in smart card credential spawning. Entrust has previously noted that in the

U.S., mobile operators and manufacturers have control over NFC capabilities, so agreements between consumers

and their chosen application providers must materialize for NFC to integrate into the corporate environment.

� HID (part of Assa Abloy)

Assa Abloy is, by a factor of three, the largest lock and access control company, and recently exhibited at RSA

from February 24 to 28, 2014 at the Moscone Center in San Francisco, California. The lock business is undergoing

a steady shift from mechanical to electro-mechanical and electronic locks that “think” for themselves. The

company is also a leader in wireless locking infrastructure, and through its HID division, the leader in contactless

card access control systems, several smartphone enabled credentials, such as near-field communications (NFC)

systems. Assa Abloy’s leading competitor is the security division of Ingersoll Rand, which is being spun off under

the name of Allegion later this year.

Earlier, at the Securing New Ground Conference in November 2013, management noted the three catalysts which

could lead to smartphone enabled platform devices taking a larger piece of the Security market: 1) the business

model of how mobile devices live within the Security industry, 2) privacy, which is a major issue which the industry

is currently facing, and 3) security, as it relates to where the identity will reside (in the device, cloud, or elsewhere).

The Threat of Counterfeit Electronics to the Industry. Also at the Securing New Ground Conference, both Don

Erickson (President of the Security Industry Association), and Denis Hebert (President and CEO of HID Global

Technologies, part of Assa Abloy) stated that counterfeiting of electronic and electro-mechanical items are the

most significant threats to the security industry. They also stated that billions of dollars are being shifted away

from the industry, which could be better deployed towards profitable growth. Assa Abloy/HID Global is actively

addressing the counterfeit issue; Mr. Hebert stated that most manufacturers do not pay enough attention to or

realize the impact of counterfeiting on the Security industry. We have already identified this issue as a key

problem and HID now has a staff of people that are dedicated to dealing with this matter.

March 2014

61



� NagraID

NagraID, a privately held company based out of Switzerland, produces contactless cards using a variety of

materials (i.e., PVC, PC, ABS Blends, Melinez, etc.), as well as tags, key fobs, and other similar security products

through the use of technology.

We were able to experience first-hand the single and multi-touch display cards. A single button display card

provides a simple and secure solution for remote access with strong authentication such as VPNs. The

multi-touch card (which looks identical to the dual-interface card displayed below) provides a 12-button keypad

and can provide features which include PIN activation, and challenge question.

The dual interface display card (below) gives the user the account balance, transactions history, reward points,

payment due dates, etc. This is one of the most advanced payment display cards with contact and contactless

communication which we have seen. The Dual one-time password (OTP) enables generation of two different

passcodes on a single device and protects two different services such as e-banking and e-commerce.

The standard Europay (EMV) chip technology is used to update the information every time the card is authorized

online. EMV is the global standard for interoperation of integrated circuit cards and point of sale terminals and

ATM’s for authenticating credit and debit card transactions. The cardholder swipes the card (same as before), the

terminal requests the payment authorization (same as before), the card issuer processes the request and replies

back with an approval (same as before), and the terminal at the store receives the approval code and executes

the EMV script to update the information on the cardholder’s display card.

Figure 27: Single Button vs. Dual Interface/Information Display Card

Sources: nidsecurity.com.

Acquisition of Fingerprint Technology Leader Opens Up Further Markets for HID Global

On 2/10/14, Assa Abloy announced that its $950 million HID Global division had acquired Lumidigm, a

global leader in authentication solutions that use multispectral imaging (MSI) technology, software, and biometric

fingerprint sensors to authenticate identities with a high degree of certainty—and cannot be spoofed. We believe

the acquisition significantly expands the addressable market for the company’s ID solutions capabilities.

Lumidigm’s fingerprint technology offers substantially improved speed and accuracy over traditional systems by

scanning under the skin rather than only the surface. We believe the commercial/industrial/institutional market

has a potential market of more than double the government market if and when security, durability, cost, and

ease of operation issues are solved. The immediate markets that could be secured with biometrics (versus,

passwords, keys, or RFID cards) include:


March 2014

62

� Physical access and logical access—border control, amusement parks, commercial/institutional

buildings, driver recognition, fleet management, medical dispensing, point-of-sale, single-sign on, civil

ID, e-Prescribing, and process control

� Self-service kiosks—ATMS, medical dispensing, financial services

� Time and attendance

� Mobile/hand-held—public (deliver goods), civil (verify citizens), secure financial services

Lumidigm’s advancements could enable numerous commercial and industrial applications, such as high

throughput physical access (e.g., theme parks), electronic medical records and pharmaceuticals access, ATM

authentication, automotive “push-to-start” systems, time and attendance solutions, and manufacturing systems

access. We believe biometrics will broaden far beyond traditional government identity programs, border control,

and criminal forensics and into these new applications over the next several years.

Is Lumidigm’s Multi-Spectral Imaging a Silver Bullet for Fingerprint?

Lumidigm, Inc. is currently the only company that is offering MSI technology in its sensors. The advantage of

Lumidgim’s multi-spectral (MSI) fingerprint reader over others is that it is not affected by external factors such as

harsh environments, contaminants or improper contact or bright ambient lights. For example, biometric

identification typically has not been used in areas of high throughput because confirmation was significantly

slower than visual inspection or PINs Contact fingerprint systems are particularly sensitive to less than ideal skin

conditions (e.g., too dirty, too sweaty, too dry, too worn, etc.). Importantly, Lumidigm’s MSI technology is also

uniquely able to identify whether the fingerprint is genuine or a spoof.

The Lumidigm acquisition comes on the heels of its 1/17/14 acquisition of IdenTrust, Inc., a provider of solutions

for globally interoperable digital identities that can authenticate, encrypt, and create electronic signatures for

virtually every type of transaction activity where proof of identity is essential. IdenTrust is the largest supplier of

digital identities for the Department of Defense’s External Certification Authority (ECA) program and General

Services Administration’s Access Certificates for Electronic Services (ACES) program. The company provides

identity management solutions in 175 countries for over 20 of the world’s largest financial institutions.

In our opinion, Assa Abloy has made a concerted effort to become the undisputed leader in higher technology

access control and identification solutions for not just enterprises and institutions, but for government as well—the

latter is an area in which it did not have a lot of traction until 2011. However, a series of acquisitions have turned the

company into the leader in this segment from a revenue perspective. This is unlike Safran (which purchased L-1 in

2010), which is primarily involved in registration and border identification. The challenge remains for Assa Abloy

and HID to integrate these acquired technologies and companies carefully, to let some of the more creative sectors

provide both competitive advantage to Assa Abloy, yet still remain the leading providers of software and identity

solutions to other companies in the industry as well. These acquisitions include:

2011—ActiveIdentity, a leader in authentication, credential management, security client services, and

authentication device products and technologies.

2012—Codebench, the leading provider of software for physical identity management credentialing systems,

particularly for federal standards-based verification systems for government agencies and projects. The

acquisition was highly complementary with ActiveIdentity in which both companies provided leading solutions

for “identity at the door” which could be monitored from servers inside the premises.

March 2014

63



2014—IdenTrust, a leading provider of solution for global/interoperable digital identities that can

authenticate, encrypt, and create electronic signatures for virtually any type of transaction activity where

proof of identity is essential.

2014—Lumidigm, the most advanced fingerprint biometric technology available—multi-spectral imaging,

which we believe creates “spoof-proof” fingerprint readings. Because this technology takes into account

subdermal distinctions, it extracts the correct identity regardless of the condition of the ridges on the finger,

contaminants, or the harsh environment in which some fingerprint readers must work.

With these acquisitions, we believe Assa Abloy now possesses networked, digital identity leadership for both

commercial/institutional and government programs and installations. These technologies include 1) cloud-based

employee authentication and identification; 2) mobile access solutions, including Near-Field Communications

(NFC); 3) the entire suite of software, services, and products needed to address every aspect of identification

solutions from cards, readers, and printers to an identification and authentication ecosystem in the cloud.

Companies with Well-Regarded Positions in the Physical-to-Logical Access Control Market

and Physical ID Solutions Market

AlertEnterprise, Inc. AlertEnterprise provisions both physical and logical access control across multiple card

access systems, video surveillance systems, and sensor networks.

Bridgepoint Systems. Bridgepoint Systems is a well-known provider of authentication solutions, primarily for

the federal government, based on public key infrastructure for physical access control.

Entrust Inc. Based in Dallas, Texas, Entrust is a leading provider of identity-based security solutions,

authentication, credentialing, physical and logical access, mobile security, digital certificates, single socket layer

(SSL-protocols for providing secure communications over the Internet), and public key infrastructure (PKI).

*HID Global. HID, a division of Assa Abloy, is the leading physical access card and reader company. Through its

acquisitions of ActivIdentity and LaserCard in early 2010, and Codebench in 2012, HID now can manage the

issuance and administration requirements of large scale smart card deployments and provide a suite of

GSA-listed PKI products and services. HID recently acquired Codebench, a small, but respected leader in software

and software kits that allow other software manufacturers to customize their applications to communicate with

PIV, TWIC, and CAC cards, speeding up the interoperability process. Through ActiveIdentity and Codebench, HID

has become the undisputed leader for being able to provide “Identity at the Door.” One area the company is

increasingly stretching into is the “government-to-citizen” identity solutions vertical, where it supports national

ID programs and electronic passports, for instance. The company is currently the prime contractor on the U.S.

government’s “Green Card” program.

Certipath. Certipath provides PKI-based high assurance credentials to industry participants for both physical

and logical access and control.

*Identive Group. Identive is a leading provider of ID card readers and software, chips, card firmware, RFID, and

tracking solutions. Identive has been a major supplier to the federal government and international ID programs.

NXT-ID (NXTD). NXT-ID develops products and solutions for consumers and commercial entities that are

seeking a biometric secure access control. The company is creating the next generation of advanced biometric

technology to facilitate secure transactions, identity management, and access control. NXT-ID has four Marquee

products: Wocket, Biocloud, Facematch, and Voicematch.


March 2014

64

Quantum Secure. Quantum Secure is the leading solution provider for managing and securing identities and

compliance across disparate physical security infrastructures. Quantum Secure has coined the acronym PIAMS,

for Physical Identity Access Management Services.

RightCrowd Software. Another company with a directive to bring Physical Security into the Enterprise is

RightCrowd, based in Australia. RightCrowd, originally spun out of, and staffed by the team that developed SAP’s

global physical security convergence strategy, provides software that is web-based, and tasked with

implementing automated workforce management solutions (HR, IT, Finance) to provide the glue between the

existing physical security system and the Enterprise systems. The main RightCrowd functions consist of range

from cardholder processes, through to implementing visitor management and occupational health & safety

solutions, to full integration with SAP or other Enterprise systems.

*Widepoint’s ORC division. The ORC division of Widepoint provides flexible integration of identity

management, authentication, authorization for access, and automating the ID workflow across devices such as

identity tokens, credit cards, cell phones, and personal computers.

*Publicly held or a division of a publicly-held company.

Anti-Counterfeiting Update

� More Agencies Asking for Broader Anti-Counterfeiting Coverage—Counterfeits in the DoD Supply

Chain May Be as Bad as Cyber Threats

We are getting very close to formalized rules and penalties and formalized ecosystems for DNA marking as a way to

secure the critical supply chain (and to avoid those penalties) regarding counterfeit, “cloned,” and grey market

parts to be used in critical military infrastructure and weapons programs. The combination of intolerable incursions

into our national defense infrastructure by counterfeit devices and the impending final report and codification of

penalties by the National Defense Authorization Act, Section 818 is in process Indeed, the DoD is hosting a public

meeting on March 27, 2014 to obtain the views of experts and interested parties in government and the private

sector regarding further implementation of the requirement for detection and avoidance of counterfeit electronic

parts, as required by a section of the National Defense Authorization Act for Fiscal Year 2012.

Since we published our Anti-Counterfeiting White Paper in February 2011, we have continued to provide

quarterly updates on a problem that is estimated at $650 billion to $1 trillion of economic losses annually. The

U.S. Chamber of Commerce estimates that nearly 10% of all goods and services are counterfeited, with examples

including 40% of all U.S. footwear being seized to 7-10% of pharmaceuticals. Our last update was extensive, and

can be found in the October 2013 Security Monitor.

� The Most Recent DoD Counterfeit Incident and the Impending Implementation of Section 818

On March 10, 2014, Reuters reported that two years after discovering China-made components in the F-35

fighter jet, a Pentagon investigation has now uncovered Chinese materials in other major U.S. weaponry, as well

as Boeing Co's B-1B bomber and certain Lockheed Martin Corp F-16 fighters, the U.S. Defense Department said.

Titanium mined in China may also have been used to build part of a new Standard Missile-3 IIA being developed

jointly by Raytheon Co and Japan, said a senior U.S. defense official, who said the incidents raised fresh concerns

about lax controls by U.S. contractors.

March 2014

65



U.S. law bans weapons makers from using raw materials from China and a number of other countries, amid

concerns that reliance on foreign suppliers could leave the U.S. military vulnerable in some future conflict.

Raytheon and Lockheed Martin had to obtain special waivers to avoid specified penalties for these violations.

The U.S. Government Accountability Office is expected to brief Congress in April on its comprehensive audit of

the issue of Chinese specialty metals on U.S. weapons systems.

A separate issue involving thermal sensors built for the F-35 by a Chinese subsidiary of Honeywell International

Inc. did not require a formal waiver because it involved a unit of a U.S. company, the official said. Honeywell now

builds that part in Michigan. However, Honeywell acknowledged in January that the U.S. Justice Department was

investigating import and export procedures at the company after the incident.

Officials at Lockheed, Northrop, Boeing and Raytheon referred all questions to the U.S. government. Without the

waivers noted above, the companies could have faced stiff penalties for violating U.S. laws; instead the Pentagon

is likely to seek compensation from the companies.

The defense official said temporary waivers were granted in each of these cases under the explicit expectation

that the companies would tighten up their buying procedures to reflect changes in procurement rules.

"It's not a 'get out of jail' free card. This is something we should be good at. We shouldn't be caught short on

these," said a Pentagon official in a Reuters article. "Hundreds of regulations change yearly and there's a whole

group of folks whose job it is to make sure that those (changes) are properly implemented in contracts.

On March 27, 2014, the Defense Department hosted a public meeting aimed at providing input for government

implementation of new anti-counterfeiting requirements for defense suppliers. Over two years ago, the DOD

proposed several rules meant to partially implement the strict anti-counterfeiting language in the National

Defense Authorization Act for Fiscal Year 2012 (NDAA FY12). The DOD says that the March 27 public hearing was

meant consider "in particular, the definition and implementation of trusted suppliers." At least one rule is very

close to coming online, an event which we believe will heavily impact defense suppliers of electronics with

regard to counterfeit and “cloned” electronics for the DoD supply chain. That rule was proposed under DFARS

Case 2012-D055. The DOD says that it is now preparing to publish the final rule under that case, meaning that for

the first time the new regulations will begin to take effect.

� So Where Are we On Regulating Counterfeit Technology in the Supply Chain?

Two years ago, Congress passed the The National Defense Authorization Act for Fiscal Year 2012: Section

818, Detection and Avoidance of Counterfeit Electronic Parts, provides new rules regarding counterfeit electronic

parts. This policy requires contractors to provide items that have been marked with organically-generated DNA

marking material produced by Applied DNA Sciences and any of its authorized licensees. Suppliers were notified of

the new requirement by special notices from the DLA Internet Bid Board System, the Supplier Information Resource

Center, and the Federal Business Opportunities websites.

The intent of the updated rule is to hold contractors responsible for detecting and avoiding the use or inclusion

of counterfeit electronic parts or suspect counterfeit electronic parts. Approximately 400 to 1,200 prime

contractors covered by the rule will have to change their existing purchasing systems—a mix of computer

applications and manual procedures required to do business with the government that document purchases

from a chain of suppliers.


March 2014

66

The rule was published by the Office of the Secretary of Defense (OSD) in September 2012 as an amendment to

the overall Defense Acquisition Regulations System, and reached partial implementation in March 2012. In July

2013, the OMB received comments from industry participants. Unless the date is pushed back (which is a

possibility), the OSD will consider these comments, and then write a rule that is expected to be finalized in March

2014. At that point, companies will be unreimbursed or fined for not complying with directives trying to drive

counterfeit parts out of critical defense systems.

In October 2013, in its Annual Industrial Capabilities Report to Congress, the Office of the Deputy Assistant

Secretary of Defense for Manufacturing and Industrial Base Policy came out with a damning statement on page

B-41, noting that “One of the worst trends to emerge in military systems spare parts involves counterfeit electronic

parts—those that appear genuine, but which actually are substandard, altogether different, or simply empty

packages. With Logistics Technology R&D investment (PE-0603712S), DLA demonstrated a capability to assure the

source of microcircuits, which will be a considerable step in defeating counterfeiters, and will be far less expensive

than the current approaches to guarantee the source of parts. Known as DNA marking, the technique uses custom

botanical DNA marks, tags, or codes that are applied to parts during normal business operations.”

As of March 11, 2014, the OSD had noted that its will continue to accept comments on Section 818, but only until April

of 2014. In other words, the extensions for comments keep getting shorter, and now there is only one more month.

This pressure by the DLA has increased the population of users. In December 2013, Applied DNA Sciences

introduced its “Counterfeit Prevention Authentication (CPA) Program.” In short, the program:

� Allows anyone procuring parts to have authenticity (if DNA mark is applied by the manufacturer) or

traceability on the part level (if DNA mark is applied further down the supply chain).

� Allows other agencies and defense contractors to leverage the DLA's effort by procuring DNA marked

parts from the current 29 DNA marking companies.

� Presents the opportunity for other agencies and defense contractors to flow down requirements (as DLA

did) to additional suppliers.

Twenty-six companies are currently licensed to mark parts with APDN’s SigNature DNA, including two primes, six

component manufacturers, and both authorized and independent distributors.

What has happened in the last several months not only reinforces our belief that the DoD will not back down

from its position of intolerance for counterfeit devices in critical infrastructure, but instead will actually expand

the definition of what it perceives to be at risk—using the same DNA technology it has already mandated.

Originally, counterfeiting was the main concern. Now, however, the government and Congress has moved beyond

simply stopping counterfeiting to what is termed Supply Chain Risk Management, or SCRM. SCRM is a broader term

encompassing separate items such as counterfeits (often engaged by economically motivated individuals, etc.) but

now also includes “Clones” ( new, qualifying items that are manufactured out of a foreign “fab” facility which

increasingly is being funded at a foreign nation state level and which make it into our military supply chains). These

clones may initially pass inspection, but their mean time between failure might be a tiny fraction of qualifying devices.

In our opinion, there is a compelling case for not underestimating the harm that supply chain sloppiness caused,

due the foreign facilities or devices not being produced according to certain standards. This leaves us both

physically and logically vulnerable to equipment failure and espionage. can cause the national interest when it

comes to military and infrastructure technology has just been made by Robert S. Metzger in Bloomberg’s Federal

Contracts Report (Spring 2014), who states that the line between national security, counterfeit parts in the DoD

supply chain, and cybersecurity had blurred.

March 2014

67



Mr. Metzger, a partner/shareholder in the law firm of Joseph O’Donnell, P.C., is considered the leading advisor on

government contract and compliance challenges. He represents and advises prominent U.S. and international

firms in aerospace, defense, electronics, information technology, infrastructure, professional services, software,

and telecommunications. Mr. Metzger’s message is essentially that foreign counterfeit parts coming into critical

U.S. infrastructure and military programs are becoming just as significant of a cybersecurity problem as they are

a mean-time failure problem. In addition, Mr. Metzger notes in his fourth article in Federal Contracts Reports,

published in the spring 2014 issue, that since enactment of Section 818 in late 2011, the federal government’s

perception of the threat has changed and so too has the emphasis of policy and regulatory initiatives being

taken in response. He believes that the increasing emphasis of DoD and other federal agencies (including the

GSA) will be on protection against those counterfeits that present cyber risks.

Mr. Metzger is concerned that evidence is piling up that “marked” counterfeit items from abroad go

hand-in-hand with cybersecurity breaches and that the government is already directing special attention to

avoidance of parts which harbor malicious code and which, if installed in military equipment, in a secure

network, or in a key system used for information processing or telecommunications, for example, could have

disabling effects upon such ‘‘trusted systems and networks’’ and other ‘‘critical functions’’ of government. Parts

that carry a cyber threat are ‘‘counterfeit,’’ in the sense that they are not what they purport to be, and have been

modified or subjected to ‘‘tampering’’ without authorization.

He adds: “The nexus between counterfeit parts and cyber risk has recently been recognized in a Joint Report,

Improving Cybersecurity and Resilience through Acquisitions, issued by the Department of Defense and the General

Services Administration on January 23, 2014. This report implements Section 8(e) of Executive Order (EO) 13656.

The Joint Report observes that counterfeit components can be introduced during both initial acquisition and

sustainment, and that such nonconforming parts create vulnerabilities that include premature system failure

and latent security gaps that could be exploited by an adversary.”

When one combines security “sloppiness” of many logistics and channel players in the U.S. with the dire

warnings that cyber warfare is being fought just as much through “marked” counterfeit parts as phishing of

DDoS attacks over the Internet, this becomes worrisome and has dramatically hardened the DLA’s and Congress’

attitude toward those distributors who still complain about having to implement “costly new technology” or

that “they can’t afford” to DNA mark the items they receive for provenance and certification.

Our view of this article by Metzger lead us to believe that in his opinion, the national interest in achieving greater

supply chain and cyber security is so compelling that, the federal government will act irrespective of industry’s

doubts. The pace of implementation of supply chain and cyber actions is likely to accelerate this year and the

breadth of such actions likely will encompass most or all federal procurement functions. Companies that ignore

or resist these trends do so at the peril of their businesses.

The legislation (DFARS—Defense Acquisition Regulations Systems) in place appears to be at the same time

focusing on the joint counterfeit/cyber threat, and at the same time broadening in scope in response to the

above to put the onus on defense contractors to manage their own supply chains. This means that the

government will impose rework charges, but also much farther reaching penalties and fixes (some are

expensive), in theory reaching up to and including de-barring, although that would be a last resort, in our view.


March 2014

68

Other Counterfeit Breaches

Chinese Seizures in 2013

On March 11, 2014, an article in The Washington Post reported that in 2013, Chinese police seized almost

60,000 suspects involved in intellectual property infringement cases with a total estimated value of

173 billion yuan ($28 billion), citing the state media (Xinhua News Agency).

According to the report, more than 90 million tons of counterfeit and substandard goods were confiscated last

year, and 1,260 criminal networks “smashed,” the official Xinhua News Agency said, citing Ministry of Public

Security official Gao Feng. Gao also said that during a campaign against the sale of fake drugs online, police

seized a record 300 million pills worth 2.2 billion yuan ($360 million).

Aston Martin Sports Cars

A report published by Reuters on February 10, 2014, stated that Aston Martin put out a recall on to cover most of

its sports cars built since late 2007 after discovering a Chinese sub-supplier was using counterfeit plastic material

in a part supplied to the British luxury sports carmaker. Aston Martin said it would recall 17,590 cars, including all

of its left-hand drive models built since November 2007 and all right-hand drive models built since May 2012,

which affects about 75% of all vehicles built in that period, a spokeswoman said.

Outfit7 Entertainment

Outfit7, the entertainment company behind the global phenomenon Talking Tom and Friends, won a legal case

against Chinese app company, NanJing oooo3d Ltd. NanJing oooo3d has been ordered to pay compensation to

Outfit7 for the loss of goodwill and significant value suffered to the brand. In one of the first lawsuits filed in the

U.S. courts against mobile app IP infringement, NanJing oooo3d was found guilty of copying the Talking Tom

virtual character as well as the look and feel of the globally successful Talking Tom mobile apps.

French Wines

According to the Atlantic Monthly, China is one of the world's biggest wine consumers, importing nearly

$1 billion worth of wine (67.9 million gallons) from the European Union last year and that its growing appetite

for wine has brought with it a booming counterfeit market. The magazine noted that one sales director told

Reuters that most wine counterfeiting happens "in secondary or third-tier cities where they don't have much

wine knowledge." Expensive European wine, particularly French varieties, are popular with counterfeiters.

Spirits companies are eager to crack down on the frauds. Some companies have begun to use tamper-proof caps

and authentication technologies; others even established bottle buyback programs, and some have begun

testing an advanced DNA marker; some can even provide provenances for the wine. Some winemakers have

their bottles smashed after tastings to prevent them from being illegally refilled. Wine counterfeits may increase

even more now that China has announced it will investigate wine imports from the EU, threatening

anti-dumping tariffs or import curbs in response to Europe's anti-dumping duties on Chinese solar panels.

March 2014

69



Busted: Fake Health and Beauty Supplies Ring Biggest Known Counterfeiting Enterprise in U.S.

Acccording to a CNN report on March 9, 2014, the largest known counterfeit enterprise in the U.S. has been

broken up. A pair of New York men were booked on charges of running a multimillion-dollar ring that peddled

fake products that were distributed throughout the East Coast, including everyday health and beauty items such

as ChapStick, Johnson's Baby Oil, Vaseline, and Always sanitary pads. Authorities seized more than $2 million

worth of products and were looking at bank accounts to determine the size of the enterprise. Law enforcement

authorities seized four tractor-trailers filled with knockoff health products from five locations on Long Island on

March 6, 2014. Brothers Pardeep Malik, 59, and Hamant Mullick, 60, are accused of running an enterprise whose

products also turned up in Pennsylvania and Florida, according to the Nassau County District Attorney's Office.

A manufacturer described the operation as the biggest known counterfeit enterprise in the U.S., while another

company called it the only known such manufacturing operation in the country for its products, prosecutors said.

Malik and Mullick, both charged with felony trademark counterfeiting, were being held on bond of $100,000 each, the

district attorney's office said.

A Review of the Rules That Will Govern the DoD Supply Chain

The National Defense Authorization Act for Fiscal Year 2012: Section 818, Detection and Avoidance of Counterfeit

Electronic Parts, provided new rules regarding counterfeit electronic parts. This policy requires contractors to

provide items that have been marked with organically-generated DNA marking material produced by Applied

DNA Sciences and any of its authorized licensees. Suppliers were notified of the new requirement by special

notices from the DLA Internet Bid Board System, the Supplier Information Resource Center, and the Federal

Business Opportunities websites. The rule was published by the Office of the Secretary of Defense (OSD) in

September 2012, as an amendment to the overall Defense Acquisition Regulations System, and reached partial

implementation in March 2012. In July 2013, the OMB received comments from industry participants. Unless the

date is pushed back (which is a possibility), the OSD will consider these comments, and then write a rule that is

expected to be finalized in April 2014. At that point, companies will be unreimbursed or fined for not complying

with directives trying to drive counterfeit parts out of critical defense systems.

The intent of the updated rule is to hold contractors responsible for detecting and avoiding the use or inclusion

of counterfeit electronic parts or suspect counterfeit electronic parts. Approximately 400 to 1,200 prime

contractors covered by the rule will have to change their existing purchasing system—a mix of computer

applications and manual procedures required to do business with the government that document purchases

from a chain of suppliers. Most, but not all, of the prime contractors (some of the largest ones claim they will be

in compliance), agree with the intent of the mandate, but want more time to comply with what they deem to be

not enough clarity on the rules coming out of the Pentagon.

Separate from the National Defense Authorization Act, the Defense Logistics Agency (DLA), on August 1, 2012,

the DoD’s Defense Logistics Agency (DLA) began requiring the use of DNA authentication marking for future

procurements of items falling within Federal Supply Class 5962, Electronic Microcircuits. The requirement only

applies to procurements associated with the DLA. In an effort to enhance existing safeguards to prevent

counterfeit parts from entering the DLA supply chain, the DLA introduced this new marking requirement for the

electronic microcircuits supply class. The contractors covered under the rule have been in most cases

distributors. However, certain prime contractors and manufacturers also supply 5962 parts to the DLA and are

covered under the rule.


March 2014

70


� Identity Solutions product and service companies experienced a significant improvement in M&A

activity in the second half of 2013 compared to the first half of 2013

The third and fourth quarters of 2013 saw significant improvement in ID security M&A activity with more than

40 transactions taking place.

Figure 28: M&A Transactions in the Identity Solutions Sector,




� Symantec bought PasswordBank on July 23, 2013

On July 23, 2013, Symantec bought enterprise-focused authentication software start-up PasswordBank in a

move aimed at beefing up its enterprise security software roster.

� Assurant Expands Global Mobile Services by Acquiring Lifestyle Services Group from Phones 4u

Finance plc

On September 5, 2013, Assurant, INC. announced an agreement to purchase Lifestyle Services Group, a mobile

phone insurance provider, for up to $160 million (£107 million) in cash from Phones 4u Finance plc.

� F5 Networks, Inc. announced that it agreed to acquire Versafe Ltd for $92 million

On September 19, 2013, F5 Networks, Inc. (NASDAQ: FFIV) announced that it has agreed to acquire Versafe Ltd.,

an Israeli provider of web anti-fraud, anti-phishing, and anti-malware solutions.

� Experian purchased 41st Parameter, Inc for $324 million

On October 1, 2013, Experian plc announced that it had signed a definitive agreement to acquire 41st

Parameter, Inc, a leading provider of fraud detection services based in the U.S., for $324 million.

0

2

4

6

8

10

12

14

16

18

20

Q4 2010 Q1 2011 Q2 2011 Q3 2011 Q4 2011 Q1 2012 Q2 2012 Q3 2012 Q4 2012 Q1 2013 Q2 2013 Q3 2013 Q4 2013

Identity Solutions Services Identity Solutions Products

March 2014

71



� CACI announced intent to acquire Six3 Systems, Inc for $820 million

On October 9, 2013, CACI International Inc announced that it had signed a definitive agreement to acquire Six3

Systems, Inc., a provider of highly specialized support to the national security community in the areas of cyber

and signals intelligence; intelligence, surveillance, and reconnaissance; and intelligence operations, from private

equity firm GTCR for $820 million.

� Synaptics closes acquisition of Validity Sensors for $255 million

On November 7, 2013, Synaptics Inc. announced it had completed its acquisition of Validity Sensors, Inc.,

designer and developer of biometric fingerprint sensors for information, communication, and entertainment

devices, for $255 million.

� First American Financial announced agreement to acquire Interthinx, Inc for $155 million

On February 7, 2014, First American Financial Corporation announced the signing of an agreement with Verisk

Analytics, Inc. to acquire Interthinx, Inc., provider of fraud-prevention solutions and decision-support tools for

the mortgage industry, for $155 million.

� HID Global Acquires Biometric Leader Lumidigm in February 2014

On February 10, 2014, HID Global, announced the acquisition of Lumidigm, a global leader in authentication

solutions that use multispectral imaging technology, software, and biometric fingerprint sensors to authenticate

identities with a high degree of certainty.

Imperial Capital served as the sole financial advisor to Lumidigm on the transaction.


The fourth quarter of 2013 experienced an improvement over the first quarter of 2013.

� Applied DNA Sciences, Inc. announced a private placement of 5,500 series B convertible preferred

shares, 10,695,187 common shares, and 10,695,187 series A warrants for gross proceeds of $7.5 million

On July 19, 2013, Applied DNA Sciences, Inc. issued $7.5 million dollars worth of convertible preferred stock,

common shares, and Series A, B, and C warrants. The preferred stock is convertible into common shares at a fixed

conversion price of $0.187. Applied DNA Sciences, Inc. provides botanical-DNA based security and

authentication solutions in Europe and the U.S.

� Payfone, Inc. announced that it will receive $10 million in an equity round of funding

On October 7, 2013, the company announced that it will receive $10 million in an equity round of funding from

one investor under Reg D. Payfone, Inc. a provider of mobile authentication services.


March 2014

72

� i-Sprint Innovations Pte. Ltd. executed a private placement of its common shares to raise $10 million

On January 28, 2014, the company announced that it will issue 118,973,914 common shares at

HKD 0.6458 ($0.08) per share to new investor, Peregrine Greater China Capital Appreciation Fund, L.P., a

fund managed by Bull Capital Partners Limited for gross proceeds of HKD 76,833,073 ($10 million). The

investor will acquire 41.67% stake in the company through this transaction. i-Sprint Innovations Pte. Ltd.

provides credential and access management solutions for banking and financial, government, and telecom

sectors in Singapore and internationally.

� Xceedium Inc announced that it will receive $6.5 million in funding

On February 20, 2014, Xceedium Inc, developer of privileged access management solutions, announced that it

will receive $6.5 million in funding through a convertible debt transaction.

Public Debt and Equity Offering Snapshot

There were two notable public offerings YTD 2014, an improvement from the previous two quarters.

� Fingerprint Cards AB executed a follow-on offering of its Class B Shares

On January 22, 2014, Fingerprint Cards AB executed a follow-on offering of its Class B Shares for total gross

proceeds of $21.3 million.

� RX Safes, Inc. announced IPO on February 6, 2014

RX Safes, Inc. is a maker of fingerprint medical security storage solutions for consumers and healthcare

professionals. It focuses on identity-based security utilizing biometric fingerprint recognition technology. The

company offers medication lock boxes for consumers to address the problem of unauthorized access to

prescription pain and other dangerous medications stored in the home.

Bankruptcies

There were no significant Identity Solutions bankruptcies through the second quarter of 2013.

March 2014

73



Notable Transactions

Figure 29: Select M&A Transactions in the Identity Solutions Sector, 2013 and YTD 2014

Sources: Capital IQ and Imperial Capital, LLC.

Announced

/ Filing

Date

Closed

DateTarget Business Description Buyer

Target

Implied TEV

($mm)

TEV /

Revenue

TEV /

EBITDA

2/10/2014 02/10/2014 Lumidigm, Inc.Lumidigm, Inc. designs and develops biometric identity

management and authentication solutions.HID Global Corporation NA NA NA

2/5/2014 NA Interthinx, Inc.Interthinx, Inc. provides fraud-prevention solutions and

decision-support tools for the mortgage industry.

First American Financial

Corporation$155 NA NA

10/9/2013 11/07/2013 Validity Sensors, Inc.

Validity Sensors, Inc. designs and develops biometric

f ingerprint sensors for information, communication, and

entertainment devices.

Synaptics Inc. $255 NA NA

10/8/2013 11/15/2013 Six3 Systems Inc.

Six3 Systems Inc. designs and develops intelligence, defense,

and civilian solutions for government agencies in the United

States.

CACI International Inc. $820 1.8x 13.5x

10/1/2013 10/01/2013The 41st Parameter

Inc.

The 41st Parameter Inc., a fraud detection softw are company,

provides fraud detection and intervention solutions.Experian plc $324 NA NA

9/17/2013 09/17/2013 Versafe Ltd.Versafe Ltd. develops security applications for identity theft

and online fraud prevention applications.F5 Netw orks, Inc. $88 NA NA

9/5/2013 10/25/2013Lifestyle Services

Group Limited

Lifestyle Services Group Limited provides mobile device

protection solutions, packaged account products, and bespoke

services to the retail banking and telecommunications sectors.

Assurant Inc. $107 0.9x NA

7/18/2013 07/18/2013Passw ordBank

Technologies, S.L.

Passw ordBank Technologies, S.L. operates as an information

and communications technology f irm.Symantec Corporation $19 NA NA

6/12/2013 06/28/2013LPI Level Platforms

Inc.

LPI Level Platforms Inc. provides remote monitoring,

management, and automation softw are for information

technology (IT) solution providers.

Avg Netherlands B.V.;

AVG Technologies

Canada Inc.

NA NA NA

5/14/2013 05/14/2013 PrivacyChoice LLC PrivacyChoice LLC provides online privacy scanning solutions. AVG Technologies N.V. NA NA NA

5/14/2013 05/14/2013Sense Security

Technologies Inc.

Sense Technologies Inc. engages in the design, development,

manufacture, and marketing of biometric identif ication products

and systems for time and attendance, and homeland security

markets.

Homeland Security

CorporationNA NA NA

4/3/2013 04/03/2013

RSA Security, Inc.,

Know ledge Based

Authentication

Know ledge Based Authentication of RSA Know ledge Based

Authentication of RSA Security, Inc. comprises the consumer

Know ledge Based Authentication (KBA) technology, w hich

utilizes know ledge-based authentication to validate user

identities in real-time.

LexisNexis Risk

Solutions, Inc.NA NA NA

4/1/2013 04/01/2013Infoglide Softw are

Corporation

Infoglide Softw are Corporation develops and markets identity

resolution softw are for government, f inancial services,

healthcare, insurance, retail, and telecommunications markets.

Fair Isaac Corporation $7 NA NA

2/25/2013 03/15/2013Angel.com

Incorporated

Angel.com Incorporated offers cloud-based customer

experience management (CEM) solutions.

Genesys

Telecommunications

Laboratories, Inc.

$111 3.8x NA

01/07/2013 01/07/2013 Codebench, Inc.Codebench, Inc. develops physical security and identity

management sof tw are solutions.HID Global Corporation NA NA NA


March 2014

74


March 2014

75


Information Security Sector

Section IV



March 2014

76


March 2014

77





Information security gained significant attention recently with the well-publicized data breach at national

retailer Target in December 2013. This breach, one of the largest in history, resulted in the exposure of 40 million

credit card and debit card numbers and the personal information of 70 million people. The attack impacted a

substantial portion of the American public and continues to make news headlines, elevating security from an

“IT” problem to a strategic issue for the executive leadership and boards of a numerous consumer-facing

organizations. In this monitor, we discuss the details of this breach, which was notable for the initial execution of

the attack though a third-party vendor. It also highlighted the security challenges facing large organizations

with complex IT infrastructures—even those with top-tier defenses. This attack was a major topic at this year’s

RSA Conference, one of the premier annual industry events, which saw strong expansion in attendance to

approximately 30,000 people, from 24,000 in 2013. The escalation in the volume and sophistication of attacks

continues to drive broadening market demand for more effective security solutions beyond traditional,

signature-based defenses.

This year’s event generated considerable controversy due to a reported payment to RSA (a division of EMC and

host of the conference) from the National Security Agency (NSA) to weaken the default algorithm used in many

of RSA’s toolkits. Rebuilding trust will be a major focus within the security industry and between the industry and

government in 2014 and beyond. Other key themes at the conference included the increasing skills shortage in

IT security, intelligence-driven security, the security of hybrid cloud environments, the evolution of mobile

security toward data and application management, shared threat intelligence, and incident response. We also

highlight increased prioritization of cybersecurity by the federal government based on details of President

Obama’s budget request for FY15. The recent budget deal represents a breakthrough on the funding of key

cybersecurity programs, following multi-year political gridlock. This includes significant expansion of the

EINSTEIN and Continuous Diagnostics and Mitigation (CDM) programs which aim to provide ongoing situational

awareness to protect federal civilian agencies and “.gov” networks.

In addition, industry consolidation has been gaining strong momentum in recent months, with two major

transactions since the beginning of the year. We highlight FireEye’s acquisition of privately-held Mandiant, a

leading provider of incident response services, for approximately $1 billion in cash and stock. We also note

VMware’s acquisition of privately-held AirWatch, an early leader in the Enterprise Mobility Management (EMM)

sector, for approximately $1.5 billion. We expect further strategic acquisition activity over the coming quarters,

as larger technology companies and security vendors seek to integrate new security technologies and achieve

early penetration of emerging market categories. Until the cost of breaches is raised for attackers, there will likely

be continued high-profile attacks, driving a healthy demand environment for new security solutions. Market

researcher and vendor HP Security Research reported a 20% increase in threats and breaches in 2013, with

breach-associated damages rising 30%.


March 2014

78

Federal Cybersecurity Gaining Higher Prioritization in FY 2015

Cybersecurity remains a critical priority across the federal government, with continued attacks by highly-resourced and

sophisticated attackers, including adversarial nation-states. The president’s budget request for FY15 calls for overall

information technology (IT) spending of $43.655 billion for the major civilian agencies, essentially flat with the previous

fiscal year. In contrast, the proposal for the Department of Defense (DoD) is 6% lower at $35.370 billion, driving the overall

federal IT proposal down 2.9% to $79.025 billion compared with the enacted budget for FY14. Notwithstanding this

reduction, partially from data center consolidation savings, DoD indicated plans to substantially increase spending for

cybersecurity to $5.1 billion in FY 2015, up from $4.7 billion in the prior fiscal year. Although the definition of what

constitutes “cybersecurity” related spending is not consistent in the federal sector, we believe there is a significant overall

uptrend for initiatives associated with U.S. Cyber Command, as well as spending by the various military services and

specific areas such as encryption, information assurance, as well as research and development for cyber attack and cyber

defense. For example, Secretary of Defense Chuck Hagel indicated plans to substantially expand U.S. Cyber Command to

4,900 personnel by year-end 2016, up from 900 last year. This relatively new command will build both offensive and

defensive capabilities, and will address a comprehensive array of cyber contingencies.

The president’s request calls for a discretionary budget of $38.2 billion for the Department of Homeland Security

(DHS), representing a 2.5% decline from the enacted budget for FY14. However, cybersecurity was allocated

$1.25 billion, up substantially from $792 million approved in the current fiscal year, according to DHS Secretary Jeh

Johnson. One of the key priorities is Network Security Deployment which was budgeted for $377.7 million, with

expanded implementation of the EINSTEIN3 Accelerated (E3A) program, a core cybersecurity initiative. This program is

focused on detecting malicious traffic coming into the networks of federal civilian agencies, as well as preventing any

adverse impact. Another major priority is the Continuous Diagnostics and Mitigation (CDM) program, which was

budgeted for $143.5 million. This program is managed by DHS and aims to “defend federal IT networks from

cybersecurity threats by providing continuous monitoring sensors, diagnosis, mitigation tools, and CMaaS

(Continuous Monitoring-as-a-Service) to strengthen the security posture of government networks.” A third key priority

is cyber and cyber-related investigations, such as identity theft, economic cybercrime, export-controlled data theft,

and child exploitation, which was budgeted for $173.5 million. Other priorities included cybersecurity/information

analysis research and development ($67.5 million), the Homeland Secure Data Network ($28 million), enhanced

cybersecurity services supporting the president’s cybersecurity executive order 13636 ($8.5 million), and U.S. Secret

Service Cybersecurity Presidential Protection Measures ($3.9 million).

Figure 30: Federal IT Budget, FY01 to FY15(1)

(1) President’s Budget Request.

Sources: U.S. Government.

0.0

10.0

20.0

30.0

40.0

50.0

60.0

70.0

80.0

90.0

2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015*

Major Civilian Agencies Dept of Defense Total for Major Agencies

(in $ billions)

March 2014

79



EINSTEIN Program Evolving to Next Major Phase

The EINSTEIN program initially involved the deployment of a detection system at the Internet access points of

participating federal agencies, spurred by the rapid escalation of attacks against federal civilian agencies in early 2000s.

EINSTEIN is a multi-phase program that has evolved significantly since 2004 and is now on its third iteration. The first

version of EINSTEIN was intended to provide real-time detection of incoming network traffic anomalies by analyzing

network flow records, which were then passed on to US-CERT (United States Computer Emergency Readiness Team).

One of the early challenges was real-time information sharing because, at that time, agencies had thousands of

connections to the Internet and the program was voluntary, resulting in limited agency participation. The program

subsequently evolved into EINSTEIN 2 in 2008, which provided monitoring of both incoming and outgoing network

traffic and would alert US-CERT if there was a match with any signatures. EINSTEIN 2 utilized passive intrusion detection

systems with custom signatures. By the end of FY13, about 70% of executive branch agencies had deployed EINSTEIN 2.

The latest iteration of the program, called EINSTEIN 3, represents a major advancement, as it additionally

incorporates intrusion prevention systems (IPS) to keep malicious traffic from impacting agencies’ networks.

EINSTEIN 3 was launched in July 2013 and utilizes deep packet inspection tools to analyze content and block

suspicious traffic. Critically, EINSTEIN 3 is capable of analyzing electronic content (e.g., emails), which has raised

privacy concerns because it can collect personally identifiable information (PII). DHS issued a privacy impact

assessment on 4/19/13, which indicates procedures to “minimize (i.e., overwrite, redact, or replace) PII data that

is not necessary to understand the cyber threat.” Of particular note, E3A is delivered by federal agencies’ Internet

Service Providers (ISPs) as a managed security service under the DHS, which allows monitoring of “.gov” traffic

entering and leaving federal civilian executive branch agency networks.

Threat indicators (based on traffic metadata such as IP addresses and packet payload) developed by DHS’ Office

of Cybersecurity and Communications are provided to ISPs to enable them to automatically block both

incoming and outgoing malicious traffic. These indicators are focused on specific types of traffic and DHS

intends to maintain the privacy of legitimate traffic by avoiding overly broad data collection. ISPs are also

required to segregate “.gov” traffic. According to a report by the U.S. General Accountability Office in February

2013, EINSTEIN has improved situational awareness, but needs to significantly develop its predictive analysis and

real-time information sharing capabilities. DHS responded to the inspector general report and indicated that it

does not expect the latter capability will be fully operational until FY18.

Continuous monitoring represents a significant evolution in the security of federal civilian agencies and the

Department of Defense, in our view. While this capability potentially offers rapid detection of threats, agencies have

discovered implementation challenges due to the massive quantity of network data and log files that need to be

analyzed. For example, according to the Commerce Department’s Chief Information Security Officer (CISO) Rod Turk, it

has proven difficult to discover malicious activity and generate actionable intelligence, given the agency’s substantial

volume of data and array of systems. Mr. Turk also highlighted the morphing of malicious activities, representing

another key challenge. He indicated that the Commerce Department, which has tens of thousands of active end-users,

is considering the implementation of various tools to recognize malicious patterns to improve security. This

methodology analyzes the entire lifecycle of threats, from initial entry to exfiltration. However, it creates significant

storage problems because it is necessary to keep this traffic data for a period of time. The United States Air Force

(USAF) stores this data for three months, though certain records are retained beyond this timeframe, according to the

USAF’s chief technology officer Frank Konieczny. USAF additionally aims to gain visibility on all its applications,

extending beyond the collection of network data. By tagging these applications, USAF can compare the actual flow

traffic of applications with their expected behavior to detect suspicious activity. An offline analytical cloud is currently

under development by USAF, in collaboration with the Defense Information Systems Agency (DISA), which will be

used to analyze this transaction data and it eventually could generate regional-level alerts.


March 2014

80

RSA Conference USA 2014 Highlights

We attended the RSA Conference USA 2014, which is one of the premier annual events for the information

security industry. The conference was held February 24–28, 2014 in San Francisco, California. There was record

attendance this year, which reached an estimated 30,000 people, up substantially from 24,000 people in 2013.

We attribute this strong expansion to the urgent need for more effective defenses due to the rapid escalation in

volume and sophistication of threats. We believe these threats could potentially impact all types of organization

across multiple vertical markets, driven by the increasing complexity of IT infrastructures. There were over

350 exhibitors at the conference, encompassing numerous security vendors offering solutions for a broad array

of problems. This year’s event sparked significant controversy in the security community due to reported

collaboration between RSA (a division of EMC and host of the conference) and the National Security Agency

(NSA), including a payment to weaken the default algorithm used in many of RSA’s toolkits. While several

prominent security experts boycotted the RSA Conference and instead held a rival conference called TrustyCon

at a nearby location, there was nominal overall impact this year.

Art Coviello, Executive Chairman of RSA, indirectly addressed the controversy in his opening keynote and

indicated that this algorithm was used because of RSA’s trust in key standards bodies (e.g., National Institute of

Standards and Technology [NIST]), which enabled RSA to meet government certification requirements. However,

he also expressed his support for separating the NSA’s roles of foreign intelligence collection and the

development of defenses for data security. Mr. Coviello’s comments were obliquely echoed by Richard Clarke,

former special advisor to the president on cybersecurity, who emphasized that security stakeholders should be

focused on fixing vulnerabilities in encryption software rather than exploiting them. We believe rebuilding trust

within the security industry and between the industry and government will likely remain a major focus of the

security industry far beyond the RSA Conference, as participants pursue a more optimal balance between

national security and privacy rights.

Key Themes at RSA

� Increasing Skills Shortage in IT Security

The escalation of threats in recent years has created a significant shortage of talent with strong IT security skills,

which is putting increasing pressure across the industry, including vendors, enterprises, academia, and

government agencies. In response to this skills shortage, vendors are making their products easier to use and

manage in order to help IT security teams become more efficient. Several vendors have emphasized improving

the graphical user interface (GUI) of their products, while others have focused on providing greater security

operations automation. Approximately 25% of enterprise and mid-market organizations (>250 employees)

reported that there is “problematic shortage” of IT security skills, according to market researcher ESG Research.

Many organizations are experiencing impact from staffing shortages, as well as security personnel without the

necessary set of skills.

ESG recommended organizations assess their IT team to identify gaps in the skills of the security staff and

examine their day-to-day activities to uncover inefficient processes. Organizations should also seek to leverage

third-party resources and outsource to service providers wherever possible, including areas such as email

security, web security, continuous monitoring, incident detection, and security investigations. Given the

shortage of IT security skills, it has also become increasingly critical for organizations to consider this factor when

contemplating new IT initiatives, not just when purchasing new security technologies. Organizations

significantly raise their risk exposure without sufficient security resources to support a new IT initiative. Also,

recruitment and retention of skilled security professionals is another key issue for many organizations. While

competitive compensation is important, organizations can offer other benefits, such as continuing education

March 2014

81



and training, greater opportunity for exposure to partners, and a career development path in IT security. Of

particular note, certain organizations have begun taking a proactive approach to the skills shortage, such as

offering scholarships and creating internship programs with leading universities.

� Intelligence-Driven Security

Beyond the NSA controversy, there was significant focus at the RSA Conference on the recent attack on Target

and other major retailers, which has gained C-level and Board-level attention at numerous consumer-facing

organizations. We believe the high-profile nature of this attack could spur accelerated spending for more

effective security solutions across the supply chain, particularly as traditional signature-based defenses are

generally ineffective against targeted attacks, zero day exploits, and advanced persistent threats (APTs).

One key approach highlighted by Mr. Coviello was intelligence-driven security, which involves the application of

“Big Data” analytics to generate timely and actionable information and the usage of predictive analytics and

pattern recognition to implement agile controls. This type of security system benefits from the sharing of

information, though it still requires skilled personnel and comprehensive risk assessment. The ultimate

objectives are rapid breach detection and response in order to avoid the loss of critical data.

� Cloud Security

While security spending remains primarily focused on perimeter-based technologies and prevention solutions,

these have proven inadequate against the rapid innovation of highly motivated and well-funded attackers.

Given the rising demand for cloud-based services, one topical theme was the shift by organizations toward

hybrid cloud environments, with many security vendors highlighting their cloud strategies and extending their

products to address this emerging opportunity. Organizations may increasingly focus their security resources on

protecting their most critical data, while leveraging public cloud providers for a larger part of their IT

infrastructure. However, technology solutions alone are not the answer to a comprehensive security program.

In his keynote, Art Gilliland, SVP and GM of Enterprise Security Products at HP, indicated the need for greater

investment in people and processes, given the perpetual arms race with attackers. He noted that information

security professionals place too much emphasis on deploying technology solutions, with approximately 86% of

security budgets focused on the infiltration stage. HP Security Research recently reported a 20% increase in

threats and breaches in 2013, with breach-associated damages rising 30%. Given these trends, he recommended

organizations focus on prioritizing their security based on core business needs, instead of attempting to protect

the entire enterprise against all risks. He additionally highlighted the transition to cloud and mobile, with

numerous companies rewriting applications to minimize coding weaknesses. HP identified security

vulnerabilities and/or encryption problems with substantially most of 2,000 applications in the enterprise

application stores of Fortune 1000 companies.

� Mobile Security

Mobile devices in the enterprise remained a core theme at this year’s conference, with ongoing focus on the

Bring-Your-Own-Device (BYOD) trend. Enterprises are gradually looking to enable personal mobile devices to

interact with applications needed for specific business lines, in addition to email, calendar, and contacts. While

past years at the RSA Conference emphasized the implementation of mobile device management (MDM) tools

to control devices, there was greater emphasis this year on data and application management, though it is

increasingly challenging to effectively “blacklist” or “whitelist” mobile applications due to their short popularity,

sometimes within six months. The rapid escalation of mobile malware was a particular concern at the

conference, with demonstrations on “touchlogging” of Android and iOS devices, which is malware that allows

the observation of logs on where the screen was touched by the user.


March 2014

82

� Threat Intelligence

Another major theme was the need to leverage threat intelligence, which was highlighted by several speakers

and vendors at the conference. This was a core focus of the keynote by James Comey, the new FBI Director, who

emphasized the need for collaboration between the commercial information security community and law

enforcement agencies. He called for public-private partnerships to share threat intelligence to develop more

comprehensive security visibility. Highlighting the urgency, he indicated that cybersecurity was the number one

domestic security priority, ahead of terrorism and weapons of mass destruction. Notwithstanding, he

acknowledged the challenges of sharing threat intelligence, citing mistrust in the government and reluctance of

companies to provide information that could potentially impact their competitive advantage or privacy rights.

He also noted the absence of any unilateral threat reporting infrastructure and lack of verified threat intelligence.

One possible solution is the implementation of incentives to foster collaboration and ensure government

agencies address the business concerns of enterprises. He envisioned a national registry of cyber criminals based

on patterns and behaviors derived from the combined intelligence of a multitude of sources, which could be

shared instantly with all stakeholders—a core requirement due to the scale and speed of attacks. Art Gilliland

similarly highlighted the need for the industry to share actionable, real-time threat intelligence, which he

advocated could be achieved through automated integration with different vendors based on open standards

such as STIX (Structured Threat Information Expression) and OTX (Open Threat Exchange).

� Incident Response

Incident response (IR) was another topical theme, following the Target attack and acquisition of industry leader

Mandiant by FireEye in January 2014. Most organizations discover that they have been comprised through

notification by third parties, and Mandiant previously reported the median number of days to detection was 243 days.

While certain vertical markets are more open to sharing threat intelligence to improve incident response, such as

financial services, others remain cautious despite the mutual benefit. However, organizations are increasingly sharing

data with third-party services, which “anonymize” this information. Given the need for faster IR to an attack,

automation represents a potential solution, though at this stage, it appears beneficial primarily as a tool to assist IR

professionals by speeding certain workflow steps rather than the replacement of experienced personnel.

March 2014

83



Analysis of the Target Data Breach

In December 2013, national retailer Target reported one of the largest and highest profile data breaches in

history, resulting in the exposure of 110 million records, including 40 million credit card and debit card numbers

and the personal information of 70 million people. The attackers did not initially penetrate Target itself, but

instead focused on a third-party vendor that was connected to Target’s network. The attack was initiated by a

“spearphishing” email sent to an employee of this vendor, a heating and refrigeration company. While this

message appeared legitimate to the employee, it actually possessed malware that enabled the attacker to steal

the network credentials of this vendor. This attack was launched almost two months prior to the theft of card

data from Target’s point-of-sales (POS) terminals. Industry sources suggest that the malware, called Citadel, is a

bot program that steals passwords. Investigators reportedly focused on this vendor’s inability to quickly detect

this email malware infection and discovered that the vendor relied primarily on the free version of Malwarebytes

Anti-Malware for its internal systems. This version was designed for individual users and does not provide

real-time protection as an “on demand” scanner.

This third party vendor was connected to Target’s network exclusively for functions such as billing, project

management, and contract submission. However, it is not publicly known how the attackers were able to move

laterally from one of these external systems to Target’s internal network and specifically the portions

encompassing its payment system (and POS terminals) and databases of customer information. Target may have

believed that it had properly segmented its network, and did not therefore mandate ancillary vendors to

implement more secure two-factor authentication for remote network access. This is usually required of vendors

with need for direct access to critical information, for whom Target would issue a one-time token or other

authentication solution. Industry sources believe the attackers could have bridged Target’s network

segmentation by escalating their Active Directory (AD) privileges. AD credentials are typically used by internal

administrators to access systems, perform maintenance, and provide login credential for vendors. It is not yet

clear if the vendor possessed any AD credentials; though it is likely the vendor had active access to the Target

server running external applications.

Target’s POS terminals in nearly every U.S store were confirmed to possess malware, which ultimately enabled

the attacker to extract customers’ payment card data. According to security vendor and market researcher

McAfee Labs (Intel), this was not a particularly advanced attack as the malware used in this attack was based on

the BlackPOS malware family, an “off-the-shelf” exploit kit. This kit can be purchased online and then modified

for a specific environment, even by attackers with limited programming skills. The attackers likely tested this

modification against common anti-malware applications to ensure they would not be detected, a standard

evasion practice. Indeed, attackers can readily purchase software that test the defenses of a specific

organization, as well as exploit kits that facilitate evasion. Ultimately, the attacker was successfully able to upload

this malware to Target’s POS terminals and capture payment card data using a method known as RAM (memory)

scraping. This type of POS malware emerged around 2009 and exploits the moment when a card is swiped at a

POS terminal and the data from the card’s magnetic stripe is briefly stored in plain-text format in the memory of

the system just prior to encryption. (Encryption of data in POS system memory is not a feasible solution because

the system needs to process data that is decrypted.)


March 2014

84

Stolen data was collected and stored on a compromised Target server and then sent outside the network to three

staging servers in the U.S. and then downloaded to a virtual private server in Russia. The stolen data was reportedly

sent from Target between the hours of 10:00 a.m. and 6:00 p.m. Central Standard Time in order to mask it with

other legitimate traffic during normal business hours. After successful exfiltration, the attackers soon began selling

the stolen data such as credit card numbers on various online “carding” marketplaces, typically in large batches of

1-4 million numbers. The largest online black markets have become well established and highly organized, with

buyers typically paying with anonymous virtual currencies (e.g., Bitcoin). According to Chief Financial Officer John

Mulligan, Target invests “hundreds of millions of dollars” in various security technologies, such as firewalls, intrusion

detection, and malware detection, but its defenses were inadequate against this attack. Mr. Mulligan also indicated

that Target performs ongoing assessments and penetration testing by third parties to benchmark the company

and assess compliance with Target’s processes and control standards.

Recent industry reports suggested that Target actually received early warning of the attack with its FireEye

malware detection system, which detected the uploading of exfiltration malware. However, this alert was

ignored by Target’s security team. It is possible that the team did not fully interpret or evaluate this activity

without the benefit of hindsight, according to a response from Target. Effective security requires organizations

to combine technology with processes and policies, given the substantial volume of alerts on a daily basis

(including numerous false positives) from different parts of their security systems. To better prioritize and

respond to these alerts, Target likely needs to improve its security escalation procedures, including incident

ownership, incident hand-off, and incident closure. Security is especially challenging for large organizations with

complex IT infrastructures and Target may not have had a sufficient number of security specialists to adequately

review and respond to these alerts. Target recently announced that it was in the process of hiring a new chief

information officer (CIO) and chief information security officer (CISO), a newly-created position.

In addition to Target, several other major retailers were impacted by similar POS attacks in 2013, including

Neiman Marcus, Michaels Stores, Harbor Freight Tools, White Lodging, ‘witchcraft, and Easton-Bell Sports. While

these retailers were compliant with PCI-DSS (Payment Card Industry Data Security Standard) and Target itself

was certified as recently as September 2013, POS RAM scraper malware is able to circumvent PCI-DSS (which

requires the encryption of payment data when stored on media or transmitted). Target is already taking steps to

strengthen its payment security, including accelerated adoption of the EMV (Europay, MasterCard, Visa) standard

by January 2015. However, we note EMV would not have prevented this specific attack which exploited the

system memory of Target’s POS terminals (not the cards directly).

EMV cards (also known as “chip and pin” cards) have embedded chips with encrypted data and cardholders must

enter a PIN (personal identification number) to authenticate transactions at a POS terminal. While the EMV

standard is embraced globally, there has been nominal adoption in the US, as the entire payment ecosystem

remains primarily tied to PCI-DSS. Also, EMV cards offer no advantage for securing online or phone (i.e., “card not

present”) transactions. One possible solution, though not announced by Target, would be the implementation of

tokens for authentication. An alternative solution could monitor for changes on POS terminals even if custom

POS malware is able successfully evade detection from other security systems.

March 2014

85



Figure 31: EMV Card and POS Terminal

Sources: Marvin Technology and Shoreline Solutions.

As of yet, it is not publicly known if these retailer attacks originated from the same attacker, though off-the-shelf

malware was used to execute many of these attacks. While POS malware has existed for several years, the

frequency and scale of these recent data breaches have substantially raised the awareness of the risks by

consumer-facing organizations which could drive increased prioritization of IT security budgets. Many

organizations will likely enhance their security posture to more effectively address these types of attacks, and we

could see new compliance mandates in the near future. There is now a global infrastructure supporting the

cybercrime industry, from the sale of exploit kits to online black markets, which continues to expand due to the

escalating volumes of highly valuable data and attractive profit motive for attackers. Until this equation

becomes more balanced by raising the cost of attacks, it appears that future data breaches, both announced and

unannounced, will remain a regular occurrence.

Mobile Security Shifting Focus Toward Applications and Data

Perimeters continue to become more opaque with the rapid proliferation of mobile devices, which represents a

major security challenge for most enterprises and organizations. According to market researcher Gartner, the

global smartphone market grew 42.3% to 967.8 million units in 2013, compared with 680.1 million in 2012. Of

particular note, smartphones unit sales eclipsed the number of basic feature phones and constituted the

majority of the 1.8 billion global mobile phone market in 2013. Users are now broadly embracing smartphones

and tablets for personal and work applications, which offer compelling productivity and convenience benefits.

Mobile devices have become powerful tools that leverage high-speed wireless connectivity to enable users to

untether from their desktops and engage with customers, partners, colleagues, or other constituents anywhere.

Regardless of formal policies, users are increasingly employing their personal mobile devices for work purposes,

a trend commonly known as Bring-Your-Own-Device or BYOD. However, unlike corporate-owned devices, these

personal devices are typically outside the control of their organization’s IT department. Given the surge of

mobile malware and the urgent need to protect corporate data on these devices, organizations are widely

seeking to implement new mobile security capabilities. Although adoption is still relatively early stage,

organizations initially turned to mobile device management (MDM) tools which have since evolved into

enterprise mobility management (EMM) suites. According to market researcher Aberdeen Group, 75% of IT

organizations indicated having a BYOD program, but half of this group only nominally manages their mobile

environment—implying the substantial majority have not yet formalized a mobile security strategy.


March 2014

86

Figure 32: Worldwide Smartphone Sales to End Users by Operating System

Sources: Gartner.

MDM software manages, monitors, secures, and supports the mobile devices of an organization. It commonly

handles enrollment, device registration (typically over-the-air), device and application settings, authentication

and access, remote monitoring, blacklisting (or whitelisting) of applications, software distribution, and can

disable the device. It sets up a common configuration for every mobile device in the organization (such as

settings for email, Wi-Fi, VPM, etc.) and enforces policies. These policies can be stricter or more lenient

depending on the organization; policy examples include minimum password requirements and screen auto-lock

time. In order to secure these devices and protect corporate data, IT staff can use their MDM to lock out devices

or even wipe the entire device if it is no longer in the control of the user. MDM is particularly useful in managing

multiple mobile operating systems, which is typical of BYOD environments. Key issues for organizations include

deployment considerations, cost, and adaptability.

However, users are not universally accepting of the restrictive nature of MDM, which impedes the convenience and

flexibility of their mobile devices. As a result, organizations re-examined their security problems and broadly realized

that their key security priorities were not device security, but rather the protection of critical corporate applications

and their associated data. As a result, moving beyond MDM, a number of mobile security product categories emerged

to focus on this core problem. These categories are now broadly referred to as EMM. Initially, a number of vendors

(included MDM vendors) developed the mobile application management (MAM) category. Early MAM vendors

included companies such as Apperian, Good Technology, MobileIron (acquired AppCenter), and Zenprise (acquired

by Citrix). MAM can restrict the abilities of a mobile application by wrapping a security layer around it. Additional EMM

categories that have subsequently emerged include content management, network management, service

management, and device policy control. According to market researcher Radicati Group, the worldwide EMM market

is estimated to reach $3.1 billion in 2017, up from $838 million in 2013.

Figure 33: Worldwide EMM Revenue, 2013 to 2017

Sources: Radicati Group.

Operating System 2013 2013 2012 2012

(in thousands) Units Mkt Sh Units Mkt Sh

Android 758,719.9 78.4% 451,621.0 66.4%

iOS 150,785.9 15.6% 130,133.2 19.1%

Microsoft 30,842.9 3.2% 16,940.7 2.5%

BlackBerry 18,605.9 1.9% 34,210.3 5.0%

Other OS 8,821.2 0.9% 47,203.0 6.9%

Total 967,775.8 100.0% 680,108.2 100.0%

-

500

1,000

1,500

2,000

2,500

3,000

3,500

2013 2014 2015 2016 20170

in $ millions

March 2014

87



With MAM, users have the flexibility to keep personal content on their mobile device, while also having the

ability to securely use their corporate applications. Moreover, the IT department can distribute, manage, and

secure these applications through an enterprise application store, regardless of whether or not the mobile

device is user-owned (i.e., BYOD) or corporate-owned/personally-enabled (COPE). In order to protect corporate

data but segregate personal data, organizations can employ secure containers which are device agnostic and

managed by the IT department. If necessary, containers that are governed by corporate security policies can be

wiped. The key advantage is the delineation between personal and corporate data. However, this

“containerization” approach can be circumvented if an attacker gains root access to the mobile device, which

generally cannot be detected by the container. In addition, as an application must be linked to a container, it is

necessary during the development of the application that it uses a vendor’s application programming interface

(API) and software development kit (SDK). Market researcher Gartner notes container vendors include

companies such as AirWatch (acquired by VMware), Divide (formerly called Enterproid), Excitor, Fixmo, Good

Technology, LRW Technologies, MobileIron, NitroDesk, and Zenprise (Citrix).

As organizations continue to refine their requirements and supported business tasks, they will likely evaluate

different EMM vendors based on the feature set that most closely matches the organization’s use case, such as

support for certain mobile platforms. In addition, certain organizations may not need one or more EMM

categories, such as application management or content management. Other considerations include the mobile

environment (BYOD or COPE), international policy enforcement, non-employee devices (e.g., contractors,

partners, etc.), and device types. Organizations also need to plan for potential changes in the mobile market

beyond the most commonly supported mobile operating systems, iOS (Apple) and Android (Google). For

example, according to Gartner, unit sales of Microsoft Windows Phone devices achieved the highest growth of

all mobile operating systems, climbing 82% in 2013. Although Microsoft had only a 3.2% share of the global

smartphone market, we believe it, or other emerging operating systems, could see wider enterprise adoption

over the next several years.

EMM suites offer simpler deployment and management than using multiple point solutions

(i.e., “best-of-breed”), though organizations typically prioritize certain features based on their requirements.

The delivery and integration of these core features, such as a secure email client or containerization

technology, represent key considerations when organizations evaluate different EMM suites. In some cases,

vendors add new features through acquisitions or partnerships, which may not be as closely integrated as

natively developed capabilities. From a security perspective, it is preferable to deploy an integrated EMM

suite, though organizations can add a handful of products without materially impacting manageability or

security. For example, one notable vendor (Good Technology) has gained strong penetration into regulated

industries due to its secure mobile messaging capabilities; however, organizations may not necessarily

choose this same vendor for their EMM suites. Organizations will balance the benefits of using

“best-of-breed” tools with deploying an EMM suite from a major vendor (e.g., IBM, SAP), which can provide

enterprise support and other services. To reduce the burden on constrained IT teams, enterprises may

increasingly adopt cloud-based EMM services and managed service providers, given the potential benefits

of pricing flexibility, regular updates, and efficient delivery of key features (e.g., MAM). Ultimately, however,

the success of any EMM deployment will be determined by the quality of the user experience, evolving far

beyond from the constrained model of MDM.


March 2014

88

According to Gartner, the MDM market totaled $784 million in 2012, with market penetration of less than 30%.

However, the MDM market became crowded with approximately 125 vendors and Gartner has reported significant

pricing pressure. MDM has increasingly become a commodity because of its limited functionality and the shift away

from managing devices to managing application security. Pricing has fallen to below $30 per device, down from as

high as $60 to $150 per device in 2010. With the need to innovate, the early vendors of the MDM market, such as

AirWatch (VMware), Fiberlink (IBM), Good Technology, MobileIron, SAP, and Zenprise (Citrix), have either developed

“containerization” capabilities or partnered with MAM vendors. While customer organizations will continue to need

basic MDM functionality, albeit at lower prices, there is increasing demand for the ability to apply corporate security

policies to mobile devices, whether through application containers or other approaches such as application

shielding. One nascent technology is mobile device virtualization, which appears similar to containerization but

enables the use of multiple operating systems on the same hardware. Virtualization allows users to have two

separate environments for work and personal usage on their mobile device. However, the technology is still

immature and not yet device agnostic, with additional concerns about performance. Vendors also need to

collaborate with device OEMs (original equipment manufacturers) during the design process in order to use

hypervisors. Of particular note, Apple has not yet allowed mobile virtualization vendors to enable “dual persona”

iPhones or iPads, which could become a major hindrance to broad industry adoption.

Industry Consolidation

VMware Acquires Privately-Held AirWatch

On 1/22/14, virtualization provider VMware (VMW) announced the acquisition of privately-held AirWatch, a leading

provider of enterprise mobile management (EMM) and security solutions. VMW paid approximately $1.175 billion in

cash and $365 millionn of installment payments and assumed unvested equity. The boards of directors of both

companies approved the transaction.

We believe this acquisition could significantly expand VMW’s market position in mobile security and could

enable VMW to strongly capitalize on the BYOD opportunity.

Based in Atlanta, Georgia, AirWatch primarily serves enterprises and mid-sized organizations and it offers MDM,

MAM, and Mobile Content Management (MCM) solutions. These solutions enable enterprises to securely

manage the plethora of mobile devices used by their employees. AirWatch possesses over 10,000 customers

worldwide and has more than 1,600 employees. AirWatch is considered a top-tier vendor in the MDM software

market and was ranked in the “Leaders Quadrant” by Gartner (in a market report published May 2013). Other

notable market leaders in the report included MobileIron, Citrix, Good Technology, Fiberlink, and SAP.

We highlight the active strategic consolidation of the EMM market over the past year, most notably

IBM/Fiberlink (December 2013), Oracle/Blitzer Mobile (November 2013), and Citrix/Zenprise (1 year ago). We

think VMW’s acquisition of AirWatch could accelerate the pace of acquisitions in the sector and sets the

valuation bar at a new level. We believe the remaining EMM/MDM leaders, Good Technology and MobileIron,

and other smaller vendors are potential acquisition candidates.

At this stage of the market, we think MAM and MCM offer greater opportunity for technical differentiation than

MDM. Given the significant growth potential of the BYOD market, we see greater urgency to achieve faster

time-to-market through strategic acquisitions rather than internal development. We also highlight strong

opportunities for larger security and technology vendors to integrate new and innovative capabilities that can

leverage their expansive go-to-market resources and global distribution channels.

March 2014

89



FireEye Acquires Privately-Held Mandiant

On 1/2/14, threat detection innovator FireEye (FEYE) began the New Year by announcing the acquisition of

privately-held Mandiant for approximately $1 billion in cash and stock. Management hosted a conference call to

discuss the transaction, which closed on 12/30/13. FEYE paid approximately $106.5 million of net cash and

issued 21.5 million shares and options.

From a technology perspective, one of the key drivers for the acquisition was Mandiant’s endpoint-based threat

detection capabilities, with particular expertise around incident response and endpoint forensics. FireEye

indicated that it intends to combine its network-based virtual machine advanced threat detection capabilities

with Mandiant’s endpoint expertise to offer a comprehensive platform to detect, prevent, and respond/contain

advanced attacks, with potentially significantly reduced time to remediation.

We believe customer organizations widely possess limited visibility of their endpoints, save the first day of

issuance to the employee or end-user. As such, we believe there is substantial market need for real-time

endpoint forensic data capture and analysis tools for threat detection and response. According to Gartner,

specific vendors include companies such as Mandiant, Guidance Software (GUID), Bit9/Carbon Black (recently

merged), RSA (EMC), ManTech/HBGary (MANT), CounterTack, and Crowdstrike.

We anticipate the increasingly sophisticated threat environment and the escalating complexity of IT infrastructures

will continue to drive strong market demand for innovative security solutions, particularly on the endpoint. We believe

customer organizations remain highly vulnerable and have critical need to bolster their security posture.

Akamai Acquires Privately-Held Prolexic Technologies

On 12/2/13, Akamai announced a definitive agreement to acquire Prolexic Technologies, a privately-held provider of

cloud-based Distributed Denial of Service (DDoS) mitigation services, for approximately $370 million in cash.

Prolexic was founded in 2003 and possesses a customer base exceeding 400 enterprises worldwide across multiple

industries. While Akamai did not indicate Prolexic’s historic growth rate, we highlight Prolexic’s previously reported

achieving revenue growth of 63% in 2012, following 45% growth in 2011. Akamai estimates Prolexic will benefit its

organic growth rate by approximately 4 percentage points in the first year as a combined company.

Based on various industry sources, we believe DDoS attacks are escalating in frequency, size, and sophistication,

with measurable business impact from downtime and lost revenue and traffic. For example, we highlight the

recent DDoS attack on social website Meetup, which disrupted operations for several days and cost “hundreds of

thousands of dollars” according to CEO. Reportedly, the attacker demanded an initial ransom of $300, but the

company would not negotiate due to almost certain escalation in the final price without any assurances.


March 2014

90


� M&A activity in the Information Security sector remained constant in the second half of 2013 versus the

preceding three quarters and rose significantly year over year

Figure 34: M&A Transactions in the Information Security Sector,

Fourth Quarter 2010 to Second Fourth 2013



� Proofpoint, Inc. acquired Sendmail, Inc.

On October 1, 2013, Proofpoint announced that it acquired Silicon Valley based Sendmail, Inc., a leading

provider of solutions that simplify business messaging complexity and reduce IT infrastructure costs for

enterprises throughout the world.

� Cisco completed acquisition of Sourcefire for $2.7 billion

On October 7, 2013, Cisco announced it completed the acquisition of Sourcefire, a leader in intelligent

cybersecurity solutions, for $76 per share for a total of $2.7 billion.

� Oracle bought Bitzer Mobile

On November 15, 2013, Oracle recently announced the acquisition of enterprise mobile security startup Bitzer

Mobile, a provider of mobile applications management solutions designed to allow companies to provide

employees with access to corporate data and applications from their mobile devices.

� IBM closed its acquisition of Fiberlink Communications

On December 18, 2013, IBM announced it completed the acquisition of Fiberlink Communications, a privately

held mobile management and security company based in Blue Bell, Pennsylvania.

0

10

20

30

40

50

60

Q4 2010 Q1 2011 Q2 2011 Q3 2011 Q4 2011 Q1 2012 Q2 2012 Q3 2012 Q4 2012 Q1 2013 Q2 2013 Q3 2013 Q4 2013

IT Security Services IT Security Products

March 2014

91



� FireEye computer security firm acquired Mandiant

On December 30, 2013, FireEye, a provider of security software, acquired Mandiant, a company known for

emergency responses to computer network breaches for $826.5 million.

� Avigilon signed definitive agreement to acquire video analytics company VideoIQ

On December 31, 2013, Avigilon Corporation, a leader in high-definition (HD) surveillance solutions,

announced it signed a definitive agreement to acquire the video analytics company VideoIQ, Inc. for cash

consideration of $32 million.

� Google acquired IT security startup Imperium on January 15, 2014

On January 15, 2014, Google acquired Indian cyber security startup Imperium. Terms of the transaction were

not disclosed.

� VMware acquired mobile security firm AirWatch for $1.54 billion

On January 24, 2014, Under the terms of the deal, VMware purchased AirWatch, an Atlanta-based provider of

enterprise mobile management and security solutions, for approximately $1.175 billion in cash and around

$365 million in installment payments and assumed unvested equity.

� Akamai Technologies, Inc. bought Prolexic for $402 million

On February 18, 2014, Akamai Technologies announced it completed its acquisition of Prolexic Technologies,

Inc., a privately held company based in Hollywood, Florida that provides cloud-based security solutions for

protecting data centers and enterprise IP applications from distributed denial of service (DDoS) attacks.

� Synopsys entered software quality and security market with Coverity acquisition

On February 19, 2014, Synopsys acquired Coverity for $375 million. Coverity products reduce the risk of quality and

security defects, which can lead to the catastrophic failures that plague many of today's large software systems.

� Lockheed Martin announces its intent to acquire Industrial Defender

On March 12, 2014, Lockheed Martin entered into a definitive agreement to acquire Industrial Defender, a

leading provider of cyber security solutions for control systems in the oil and gas, utility and chemical industries.


Private Placement activity in the second quarter of 2013 declined from the second quarter of 2012.

� ClearDATA Networks, Inc raised $7.0 million in Series B funding

On August 6, 2013, ClearDATA Networks, Inc., provider of cloud computing and IT security services for health

care providers, announced $7.0 million in Series B financing to fund marketing and sales initiatives.


March 2014

92

� Cyvera announced it received €11 million in a round of funding on August 13, 2013

On August 13, 2013, Cyvera Ltd, developer and provider of cyber defense solutions that protect organizations

from targeted cyber-attacks and mass attacks, announced that it has received €11 million in its second round of

funding led by Battery Ventures IX, L.P.

� Taasera, Inc. announced that it will receive $10 million in a round of funding

On October 11, 2013, Taasera, Inc., developer of cloud based security solutions, announced that it will receive

$10 million in a round of funding. the company issued common shares and option, warrant or other right to

acquire another security to the investors.

� Bit9, Inc. announced that it will receive $38.2 million in equity funding on February 10, 2014

On February 10, 2014, Bit9, Inc. announced that it will receive $38,235,562 in equity funding on February

10, 2014. Bit9, Inc. provides threat protection solutions for endpoints and servers.

� Shape Security, Inc. announced that it will receive $40 million in funding

On February 21, 2014, Shape Security, developer of web defense products announced that it will receive

$40,000,163 in funding to nine investors.

Public Debt and Equity Offering Snapshot

The Information Security sector saw a decrease in the second quarter of 2013 over the second quarter of 2012.

� FireEye went public on September 20, 2013, raising $304 million

On September 20, 2013, FireEye priced its IPO at $20 per share raising $304 million. FireEye provides

companies with technology and services to protect against malware and cyber-attacks.

� Barracuda Networks raised $75 million November 12, 2013 in its initial public offering

On November 12, 2013, Barracuda Networks, Inc. priced its IPO at $18 per share raising $75 million. Barracuda

Networks provides an array of security and storage solutions primarily for mid-market customers.

� Varonis Systems, Inc. raised $95 million in an initial public offering on February 28, 2014

On February 28, 2013, Varonis Systems sold 4.8 million shares at an IPO price of $22, raising $95 million. Varonis

makes a software platform that large enterprises can use to manage their unstructured data, such as letters,

memos and emails

Bankruptcies

There were no major Information Security bankruptcies in the second half of 2013.

March 2014

93



Notable Transactions Figure 35: Select M&A Transactions in the Information Security Sector, 2013 and YTD 2014

Continued on next page.

Announce

d / Filing

Date

Closed


Target

Implied

TEV

($mm)

TEV /

Revenue

TEV /

EBITDA

3/12/2014 NA Industrial Defender, Inc.

Industrial Defender, Inc. provides defense-in-depth security, sustainable

compliance management, and policy and reporting solutions to monitor,

manage, and protect assets.

Lockheed Martin

CorporationNA NA NA

2/19/2014 03/25/2014 Coverity, Inc.Coverity, Inc. provides source code analysis tools for identifying software

defects and security vulnerabilities in the software development lifecycle.Synopsys Inc. $350.0 NA NA

1/21/2014 02/24/2014 AirWatch, LLCAirWatch, LLC develops mobile security and enterprise mobility

management solutions.VMware, Inc. $1,540.0 NA NA

1/15/2014 01/15/2014 Impermium Corporation

As of January 15, 2014, Impermium Corporation was acquired by Google

Inc. Impermium Corporation provides subscription-based social content

cleaning services for Web sites and social networks defending them

against social spam, fake registrations, racist and inappropriate language,

and other forms of abuse.

Google Inc. NA NA NA

12/31/2013 01/13/2014 VideoIQ, Inc. VideoIQ, Inc. manufactures and sells video surveillance systems. Avigilon Corporation $32.0 2.9x NA

12/30/2013 12/30/2013 Mandiant Corporation

Mandiant, LLC, an information security company, provides security

incident response management solutions to Fortune 500 companies,

financial institutions, government agencies, the U.S. and foreign police

departments, and law firms.

FireEye, Inc. $826.5 8.1x NM

12/2/2013 02/18/2014 Prolexic Technologies Inc.Prolexic Technologies Inc. provides managed distributed denial of service

(DDoS) detection and protection services.

Akamai Technologies,

Inc.$402.6 NA NA

11/13/2013 12/18/2013Fiberlink Communications

Corporation

Fiberlink Communications Corporation provides mobile computing

solutions.

International Business

Machines CorporationNA NA NA

11/15/2013 11/15/2013 Bitzer Mobile, Inc.As of November 15, 2013, Bitzer Mobile, Inc. was acquired by Oracle

Corporation.Oracle Corporation NA NA NA

7/22/2013 10/07/2013 Sourcefire, Inc. Sourcefire, Inc. provides intelligent cybersecurity technologies worldwide. Cisco Systems, Inc. $2,193.6 8.9x NM

10/1/2013 10/01/2013 Sendmail, Inc.

Sendmail, Inc. provides solutions for email connectivity, routing, and

message delivery between people, systems, and applications located on-

premises, in-cloud, an on mobile devices.

Proofpoint, Inc. $23.0 NA NA

6/25/2013 06/25/2013 Palisade Systems, Inc.Palisade Systems, Inc. provides enterprise content security and data

protection solutions.

Absolute Software

CorporationNA NA NA

6/20/2013 06/20/2013

Perlego Systems, Inc.

(nka:Fixmo Carrier

Services)

Fixmo Carrier Services provides Software-as-a-Service based solutions

for smartphones.Fixmo Inc. NA NA NA

6/20/2013 06/20/2013 ZeroVulnerabilityLabs, Inc.As of June 20, 2013, ZeroVulnerabilityLabs, Inc. was acquired by

Malwarebytes Corporation.

Malwarebytes

CorporationNA NA NA

6/10/2013 06/10/2013 Fox Technologies, Inc.

Fox Technologies, Inc. provides enterprise access management solutions

that centralize administration, enforcement, and auditing of granular

authentication and authorization policies for privileged and end users.

Parallax Capital Partners,

LLC; Parallax Capital

Fund, L.P.

NA NA NA

6/5/2013 06/05/2013

Latis Networks, Inc.,

Managed Security Services

Division

Managed Security Services Division of Latis Networks, Inc. offers

managed firewall, client-owned unified threat management (UTM), file

integrity monitoring, log management, managed high-speed intrusion

detection/prevention, vulnerability scanning, managed virtual private

network (VPN), managed Web application firewall, and managed Web

security.

SilverSky, Inc. NA NA NA

5/21/2013 05/31/2013 Solera Networks, Inc.Solera Networks, Inc. operates as a network forensics and security

analytics platform provider.Blue Coat Systems Inc. $225 18.8x NA

5/14/2013 05/14/2013 PrivacyChoice LLC PrivacyChoice LLC provides online privacy scanning solutions. AVG Technologies N.V. NA NA NA

5/19/2013 06/25/2013 Websense, Inc.

Websense, Inc. provides Web, email, and data security solutions to

protect an organization’s data and users from cyber-threats, malware

attacks, information leaks, legal liability, and productivity loss worldwide.

Vista Equity Partners;

Vista Equity Fund 4$971.1 2.7x 16.6x

5/14/2013 05/14/2013 FuGen Solutions, Inc.FuGen Solutions, Inc. provides cloud-based identity federation services for

governments, enterprises, service providers, and vendors.

8K Miles Software

Services Ltd$7.5 NA NA

5/13/2013 05/31/2013 Feedback Data plcFeedback Data plc designs and manufactures access control, and time

and attendance products.

Belgravium Technologies

PLC$0.6 0.3x NA


March 2014

94

Figure 36: Select M&A Transactions in the Information Security Sector, 2013 and YTD 2014, continued

Sources: Capital IQ, Imperial Capital, LLC.

Announce

d / Filing

Date

Closed


Target

Implied

TEV

($mm)

TEV /

Revenue

TEV /

EBITDA

5/9/2013 05/09/2013 Third Defense Inc.

As of May 9, 2013, Third Defense Inc. was acquired by Caliber Security

Partners LLC. Third Defense Inc. provides Security Program Management

(SPM) software, a suite of various Web applications that include risk

communicator, risk register, metrics manager, vuln tracker, and service

manager applications.

Caliber Security Partners

LLCNA NA NA

5/9/2013 05/09/2013Netronome Systems, Inc.,

SSL Appliance Product Line

As of May 9, 2013, SSL Appliance Product Line of Netronome Systems,

Inc. was acquired by Blue Coat Systems Inc. Netronome Systems, Inc.,

SSL Appliance Product Line comprises SSL inspection appliances that

allow SSL decryption in networks ranging from 100 Mbps to 10 Gbps full

duplex.

Blue Coat Systems Inc. NA NA NA

5/5/2013 07/10/2013 Stonesoft OyjStonesoft Corporation delivers software based information security

solutions to secure information flow and enhance security management.McAfee, Inc. $389.0 7.4x NA

4/26/2013 05/17/2013 Arkoon Network Security

Arkoon Network Security provides information technology security

solutions for protecting sensitive data and infrastructures to companies

and public entities in France and internationally.

Cassidian SAS $19 1.1x 7.7x

4/9/2013 04/09/2013 Mail Distiller LtdMail Distiller, Ltd. provides managed email filtering services to eradicate

viruses and abolish spam and time-wasting e-mail content.Proofpoint, Inc. NA NA NA

4/8/2013 04/08/2013 Shavlik Technologies, LLCShavlik Technologies, LLC provides cloud-based IT management

solutions for small and medium businesses.LANDesk Software, Inc. NA NA NA

4/3/2013 04/03/2013 3LM, Inc.3LM, Inc. provides android mobile application management solutions for

IT administrators to manage devices and mobilize their enterprise.BoxTone Inc. NA NA NA

09/13/2012 06/25/2013 Websense, Inc.

Websense, Inc. provides Web, email, and data security solutions to

protect an organization’s data and users from cyber-threats, malware

attacks, information leaks, legal liability, and productivity loss worldwide.

Vista Equity Partners;

Vista Equity Fund 4$971 2.7x 17.9x

09/13/2012 05/10/2013Earthwave Corporation Pty

Limited

Earthwave Corporation Pty Limited provides managed and in-cloud

security services.

Dimension Data Holdings

plcNA NA NA

09/13/2012 04/03/2013 SecureConnect Inc.SecureConnect Inc. provides Internet security and payment card industry

(PCI) compliance services to businesses in the United States.TrustWave Holdings, Inc. NA NA NA

1/29/2013 01/31/2013 Cognitive Security s.r.o. Cognitive Security s. Cisco Systems, Inc. NA NA NA

1/23/2013 01/23/2013BitSec Global Forensics,

Inc.

BitSec Global Forensics, Inc. provides computer forensics and information

security training services.Network Designs, Inc. NA NA NA

March 2014

Appendix

95


Section V

Appendix

Security Industry MonitorAppendix

March 2014

96


March 2014

97

AppendixSecurity Industry Monitor

Comparable Companies Figure 36: Select Security Industry Comparable Companies

Continued on next page.

Ticker Company Name Ticker Company Name

NASDAQNM:ACXM Acxiom Corporation NYSE:EMC EMC Corporation

TASE:AFHL AFCON Holdings Ltd. TSEC:5484 EverFocus Electronics Corporation

NasdaqGS:AKAM Akamai Technologies, Inc. LSE:EXPN Experian plc

TSX:AF AlarmForce Industries Inc. NASDAQGS:FFIV F5 Networks, Inc.

NYSE:ALLE Allegion Plc NYSE:FSS Federal Signal Corp.

NASDAQNM:ASEI American Science & Engineering Inc. NasdaqGS:FEYE FireEye, Inc.

NASDAQNM:ALOG Analogic Corporation NASDAQNM:FLIR FLIR Systems, Inc.

NYSE:AXE Anixter International Inc. NasdaqGS:FTNT Fortinet Inc.

OTCBB:ANVS ANV Security Group, Inc. NYSE:FBHS Fortune Brands Home & Security, Inc.

OTCPK:APDN Applied DNA Sciences Inc. LSE:GFS G4S plc

NasdaqGM:ARTX Arotech Corporation ENXTAM:GTO Gemalto NV

NASDAQGS:ARUN Aruba Networks, Inc. TSEC:3356 Geovision, Inc.

NASDAQGS:ASCM.A Ascent Capital Group, Inc. AMEX:GSB GlobalSCAPE, Inc.

OM:ASSA B Assa Abloy AB OTCPK:GRDH Guardian 8 Holdings

TSEC:8072 Av Tech Corporation NasdaqGM:GUID Guidance Software, Inc.

TSEC:3669 AVer Information Inc. OM:GUNN Gunnebo AB

NYSE:AVG AVG Technologies N.V. SZSE:002415 Hangzhou Hikvision Digital Technology Co., Ltd.

TSX:AVO Avigilon Corporation NYSE:HPQ Hewlett-Packard Company

OM:AXIS Axis AB (publ) NYSE:HON Honeywell International Inc.

NYSE:CUDA Barracuda Networks, Inc. NASDAQ:IDSY ID Systems Inc.

XTRA:BSL Basler AG NasdaqCM:INVE Identive Group, Inc.

NASDAQNM:CA CA Technologies NASDAQCM:ISNS Image Sensing Systems, Inc.

NASDAQGS:CAVM Cavium, Inc. OTCPK:IWSY ImageWare Systems Inc.

NASDAQNM:CHKP Check Point Software Technologies Ltd. NYSE:IMPV Imperva Inc.

NYSE:CKP Checkpoint Systems Inc. OTCPK:IMSC Implant Sciences Corp.

NYSE:CBR Ciber, Inc. AIM:IND IndigoVision Group plc

NasdaqGS:CSCO Cisco Systems, Inc. NYSE:BLOX Infoblox Inc.

AMEX:API Advanced Photonix Inc. NYSE:IR Ingersoll-Rand Plc

NasdaqGS:CTXS Citrix Systems, Inc. ENXTPA:INSD INSIDE Secure

AMEX:MOC Command Security Corp. NasdaqGS:INTC Intel Corporation

TSX:CSU Constellation Software Inc. NYSE:IBM International Business Machines Corporation

NasdaqGS:CTRL Control4 Corporation NASDAQNM:INTX Intersections Inc.

NYSE:CXW Corrections Corporation of America OTCBB:ISCI ISC8 Inc.

OTCPK:CSTI Costar Technologies, Inc AMEX:ITI Iteris, Inc.

NYSE:CTS CTS Corporation TASE:ITRN Ituran Location & Control Ltd.

NasdaqCM:CYRN CYREN Ltd. NASDAQGS:JDSU JDS Uniphase Corporation

NYSE:DHR Danaher Corp. NYSE:JCI Johnson Controls Inc.

NYSE:DBD Diebold, Incorporated GTSM:5251 JSW Pacific Corporation

NASDAQNM:DMRC Digimarc Corporation NYSE:JNPR Juniper Networks, Inc.

NasdaqCM:DGLY Digital Ally Inc. SWX:KABN Kaba Holding AG

GTSM:5489 DynaColor, Inc. NasdaqGS:KTOS Kratos Defense & Security Solutions, Inc.

XTRA:ELN Electronics Line 3000 Ltd. NYSE:LLL L-3 Communications Holdings Inc.

NASDAQNM:LOJN LoJack Corporation NYSE:SSNI Silver Spring Networks, Inc.

OM:LOOM B Loomis AB NASDAQGS:SWHC Smith & Wesson Holding Corporation

OTCPK:MACE Mace Security International Inc. LSE:SMIN Smiths Group plc

NASDAQNM:MAGS Magal Security Systems Ltd. NYSE:SWI SolarWinds, Inc.

XTRA:D7S Matica Technologies AG NasdaqGS:SPLK Splunk, Inc.

DB:MBQ Mobotix AG NYSE:SWK Stanley Black & Decker, Inc.

NYSE:MSI Motorola Solutions, Inc. OTCBB:SFOR StrikeForce Technologies, Inc.

NYSE:MSA MSA Safety Incorporated NasdaqGS:SYMC Symantec Corporation

NASDAQNM:NSSC Napco Security Technologies, Inc. TSEC:9925 Taiwan Shin Kong Security Co. Ltd.

TSE:6701 NEC Corporation NASDAQNM:TSYS TeleCommunication Systems Inc.

NASDAQNM:UEPS Net 1 Ueps Technologies Inc. SEHK:8051 TeleEye Holdings Ltd.

AIM:NWT Newmark Security plc NYSE:ADT The ADT Corporation

TASE:NICE NICE Systems Ltd. NYSE:BCO The Brink's Company

NASDAQGS:OVTI OmniVision Technologies, Inc. NYSE:GEO The GEO Group, Inc.

NASDAQNM:OTIV On Track Innovations Ltd. NasdaqGS:KEYW The KEYW Holding Corporation

TASE:ORAD Orad Ltd. NYSE:TMO Thermo Fisher Scientific, Inc.

NASDAQNM:OSIS OSI Systems, Inc. TSE:4704 Trend Micro Inc.

NYSE:PANW Palo Alto Networks, Inc. NASDAQNM:TRMB Trimble Navigation Limited

NASDAQ:PNTR Pointer Telocation Ltd. NYSE:TYC Tyco International Ltd.

OM:PREC Precise Biometrics AB NYSE:TYL Tyler Technologies, Inc.

NASDAQGS:PKT Procera Networks, Inc. NASDAQGS:UBNT Ubiquiti Networks, Inc.

NasdaqGM:PFPT Proofpoint, Inc. NYSE:UTX United Technologies Corp.

CATS:PSG Prosegur Compañía de Seguridad, S.A. NasdaqGS:VRNS Varonis Systems, Inc.

ASX:QTG Q Technology Group Limited NASDAQSC:VDSI VASCO Data Security International Inc.

LSE:QQ. QinetiQ Group Plc NASDAQGS:VRNT Verint Systems Inc.

NasdaqGS:QLYS Qualys, Inc. AMEX:VSR Versar Inc.

NasdaqGS:RDWR Radware Ltd. AMEX:VII Vicon Industries Inc.

AMEX:RWC RELM Wireless Corp. TSEC:3454 Vivotek Inc

NasdaqGS:RVBD Riverbed Technology, Inc. NYSE:VMW VMware, Inc.

NYSE:ROP Roper Industries Inc. NASDAQCM:WAVX Wave Systems Corp.

Appendix Security Industry Monitor

March 2014

98

Figure 36: Select Security Industry Comparable Companies continued


Figure 37: Physical Security Sector—Select Comparable Companies



ENXTPA:SAF Safran SA SZSE:002414 Wuhan Guide Infrared Co., Ltd.

ENXTPA:SU Schneider Electric S.A. NZSE:WYN Wynyard Group Limited

TSE:9735 Secom Co. Ltd. TSEC:6131 Yoko Technology Corp.

OM:SECU B Securitas AB NASDAQNM:ZBRA Zebra Technologies Corp.

LSE:SEPU Sepura PLC SZSE:002236 Zhejiang Dahua Technology Co.,Ltd.

SZSE:002528 Shenzhen Infinova Limited BSE:531404 Zicom Electronic Security Systems Limited

DB:SIE Siemens Aktiengesellschaft NasdaqGS:ZIXI Zix Corporation


AMEX:API Advanced Photonix Inc. NasdaqGS:KTOS Kratos Defense & Security Solutions, Inc.

TASE:AFHL AFCON Holdings Ltd. NYSE:LLL L-3 Communications Holdings Inc.

TSX:AF AlarmForce Industries Inc. NASDAQNM:LOJN LoJack Corporation

NYSE:ALLE Allegion Plc OM:LOOM B Loomis AB

NASDAQNM:ASEI American Science & Engineering Inc. OTCPK :MACE Mace Security International Inc.

NASDAQNM:ALOG Analogic Corporation NASDAQNM:MAGS Magal Security Systems Ltd.

NYSE:AXE Anixter International Inc. DB :MBQ Mobotix AG

OTCBB:ANVS ANV Security Group, Inc. NYS E :MS A MSA Safety Incorporated

NasdaqGM:ARTX Arotech Corporation NASDAQNM:NS S C Napco Security Technologies, Inc.

NASDAQGS:ASCM.A Ascent Capital Group, Inc. AIM:NWT Newmark Security plc

OM:ASSA B Assa Abloy AB TAS E :NICE NICE Systems Ltd.

TSEC:8072 Av Tech Corporation NASDAQGS :OVTI OmniVision Technologies, Inc.

TSEC:3669 AVer Information Inc. TAS E :OR AD Orad Ltd.

TSX:AVO Avigilon Corporation NASDAQNM:OS IS OSI Systems, Inc.

OM:AXIS Axis AB (publ) NASDAQ:PNTR Pointer Telocation Ltd.

XTRA:BSL Basler AG CATS :PS G Prosegur Compañía de Seguridad, S.A.

NYSE:CKP Checkpoint Systems Inc. AS X:QTG Q Technology Group Limited

AMEX:MOC Command Security Corp. LS E :QQ. QinetiQ Group Plc

TSX:CSU Constellation Software Inc. AME X:RWC RELM Wireless Corp.

NasdaqGS:CTRL Control4 Corporation NYS E :R OP Roper Industries Inc.

NYSE:CXW Corrections Corporation of America E NXTPA:S U Schneider Electric S.A.

OTCPK:CSTI Costar Technologies, Inc TS E :9735 Secom Co. Ltd.

NYS E :CTS CTS Corporation OM:S E CU B Securitas AB

NYS E :DHR Danaher Corp. LS E :S E PU Sepura PLC

NYSE:DBD Diebold, Incorporated S ZS E :002528 Shenzhen Infinova Limited

NasdaqCM:DGLY Digital Ally Inc. DB :S IE Siemens Aktiengesellschaft

GTSM:5489 DynaColor, Inc. NASDAQGS :SWHC Smith & Wesson Holding Corporation

XTRA:ELN Electronics Line 3000 Ltd. LS E :SMIN Smiths Group plc

TSEC:5484 EverFocus Electronics Corporation NYS E :SWK Stanley Black & Decker, Inc.

NYSE:FSS Federal Signal Corp. TS E C :9925 Taiwan Shin Kong Security Co. Ltd.

NASDAQNM:FLIR FLIR Systems, Inc. NASDAQNM:TS YS TeleCommunication Systems Inc.

NYSE:FBHS Fortune Brands Home & Security, Inc. S E HK :8051 TeleEye Holdings Ltd.

LSE:GFS G4S plc NYS E :ADT The ADT Corporation

TSEC:3356 Geovision, Inc. NYS E :BCO The Brink's Company

OTCPK:GRDH Guardian 8 Holdings NYS E :GEO The GEO Group, Inc.

OM:GUNN Gunnebo AB NYS E :TMO Thermo Fisher Scientific, Inc.

SZSE:002415 Hangzhou Hikvision Digital Technology Co., Ltd. NASDAQNM:TRMB Trimble Navigation Limited

NYSE:HON Honeywell International Inc. NYS E :TYC Tyco International Ltd.

NASDAQ:IDSY ID Systems Inc. NYS E :TYL Tyler Technologies, Inc.

NASDAQCM:ISNS Image Sensing Systems, Inc. NASDAQGS :UBNT Ubiquiti Networks, Inc.

OTCPK:IMSC Implant Sciences Corp. NYS E :UTX United Technologies Corp.

AIM:IND IndigoVision Group plc NASDAQGS :VR NT Verint Systems Inc.

NYSE:IR Ingersoll-Rand Plc AME X:VS R Versar Inc.

OTCBB:ISCI ISC8 Inc. AME X:VII Vicon Industries Inc.

AME X:IT I Iteris, Inc. TS E C :3454 Vivotek Inc

TASE:ITRN Ituran Location & Control Ltd. S ZS E :002414 Wuhan Guide Infrared Co., Ltd.

NYSE:JCI Johnson Controls Inc. TS E C :6131 Yoko Technology Corp.

GTSM:5251 JSW Pacific Corporation S ZS E :002236 Zhejiang Dahua Technology Co.,Ltd.

SWX:KABN Kaba Holding AG BS E :531404 Zicom Electronic Security Systems Limited

March 2014

99


Figure 38: Identity Solutions Sector—Select Comparable Companies


Figure 39: Information Security Sector—Select Comparable Companies



NASDAQNM:ACXM Acxiom Corporation ENXTPA:INSD INSIDE Secure

OTCPK:APDN Applied DNA Sciences Inc. NASDAQNM:INTX Intersections Inc.

TSX:AVO Avigilon Corporation XTRA:D7S Matica Technologies AG

NYSE:CKP Checkpoint Systems Inc. NASDAQNM:UEPS Net 1 Ueps Technologies Inc.

NASDAQNM:DMRC Digimarc Corporation NASDAQNM:OTIV On Track Innovations Ltd.

LSE:EXPN Experian plc OM:PREC Precise Biometrics AB

ENXTAM:GTO Gemalto NV ENXTPA:SAF Safran SA

NasdaqCM:INVE Identive Group, Inc. NASDAQSC:VDSI VASCO Data Security International Inc.

OTCPK:IWSY ImageWare Systems Inc. NASDAQNM:ZBRA Zebra Technologies Corp.


NasdaqGS:AKAM Akamai Technologies, Inc. OTCPK:ISCI ISC8 Inc.

NASDAQGS:ARUN Aruba Networks, Inc. NASDAQGS:JDSU JDS Uniphase Corporation

NYSE:AVG AVG Technologies N.V. NYSE:JNPR Juniper Networks, Inc.

NYSE:CUDA Barracuda Networks, Inc. NYSE:MSI Motorola Solutions, Inc.

NASDAQNM:CA CA Technologies TSE:6701 NEC Corporation

NASDAQGS:CAVM Cavium, Inc. NYSE:PANW Palo Alto Networks, Inc.

NASDAQNM:CHKP Check Point Software Technologies Ltd. NASDAQGS:PKT Procera Networks, Inc.

NYSE:CKP Checkpoint Systems Inc. NasdaqGM:PFPT Proofpoint, Inc.

NYSE:CBR Ciber, Inc. NasdaqGS:QLYS Qualys, Inc.

NasdaqGS:CSCO Cisco Systems, Inc. NasdaqGS:RDWR Radware Ltd.

NasdaqGS:CTXS Citrix Systems, Inc. NasdaqGS:RVBD Riverbed Technology, Inc.

NasdaqCM:CYRN CYREN Ltd. NYSE:SSNI Silver Spring Networks, Inc.

NYSE:EMC EMC Corporation NYSE:SWI SolarWinds, Inc.

NASDAQGS:FFIV F5 Networks, Inc. NasdaqGS:SPLK Splunk, Inc.

NasdaqGS:FEYE FireEye, Inc. OTCBB:SFOR StrikeForce Technologies, Inc.

NasdaqGS:FTNT Fortinet Inc. NasdaqGS:SYMC Symantec Corporation

AMEX:GSB GlobalSCAPE, Inc. NasdaqGS:KEYW The KEYW Holding Corporation

NasdaqGM:GUID Guidance Software, Inc. TSE:4704 Trend Micro Inc.

NYSE:HPQ Hewlett-Packard Company NasdaqGS:VRNS Varonis Systems, Inc.

NYSE:IMPV Imperva Inc. NYSE:VMW VMware, Inc.

NYSE:BLOX Infoblox Inc. NASDAQCM:WAVX Wave Systems Corp.

NasdaqGS:INTC Intel Corporation NZSE:WYN Wynyard Group Limited

NYSE:IBM International Business Machines Corporation NasdaqGS:ZIXI Zix Corporation

March 2014


Appendix

100

Valuations—Security Industry Companies

Physical Security Companies

Figure 40: Large Industrials

Enterprise Value is defined as market capitalization plus net debt, minority interest and preferred equity.

NA and NM values are excluded from mean and median calculations.

Any foreign securities are converted to USD for historical LTM figures as of the filing date, and for the equity price as of the most recent closing date.

Sources: Imperial Capital, LLC, Capital IQ, and Company SEC Filings.

($ in thousands except stock price)

Stock Price % of 52 Market Enterprise LTM LTM Gross LTM EBITDA EV / Sales EV / EBITDA P/E Net Debt / PEG

Ticker Company (3/17/2014) Week High Cap Value (EV) Revenue Margin % Margin % LTM CY2013 CY2014 LTM CY2013 CY2014 CY2013 LTM EBITDA CY2014

Physical Security - Large Industrials

SIE Siemens AG $130.34 92.5% $110,061.4 $122,454.1 $103,672.8 27.7% 10.3% 1.2x 1.6x 1.6x 11.5x 14.0x 11.1x 18.6x 1.1x 1.1

UTX United Technologies Corp. 114.24 96.5 104,552.3 121,638.3 62,626.0 28.0 17.8 1.9 1.9 1.9 10.9 11.1 10.1 18.5 1.4 1.4

HON Honeywell International Inc. 93.38 97.4 73,022.5 74,114.5 39,055.0 27.4 16.6 1.9 1.9 1.8 11.4 10.4 9.8 18.9 0.1 1.6

DHR Danaher Corp. 74.92 95.1 52,330.3 52,780.2 19,118.0 52.1 21.8 2.8 2.8 2.6 12.7 12.7 11.6 22.0 0.1 1.5

SU Schneider Electric SA 87.82 94.2 50,182.4 54,939.0 32,432.7 37.8 16.0 1.7 2.3 2.1 10.6 14.1 13.3 16.5 0.9 2.5

JCI Johnson Controls Inc. 46.35 88.3 30,777.7 37,612.7 43,216.0 16.0 9.0 0.9 0.9 0.9 9.7 9.4 9.4 16.3 1.7 0.9

TYC Tyco International Ltd. 43.32 98.2 19,940.6 21,076.6 10,694.0 36.7 14.2 2.0 2.0 1.9 13.9 12.9 12.2 22.7 0.7 1.4

ASSA B Assa Abloy AB 51.58 95.3 19,097.3 21,872.6 7,541.2 38.0 16.1 2.9 3.2 3.1 18.0 17.8 16.3 24.4 2.3 1.5

IR Ingersoll-Rand Co. Ltd. 57.87 80.7 16,090.5 17,736.9 12,350.5 29.9 12.0 1.4 1.4 1.4 12.0 11.3 10.2 22.1 1.1 1.3

ROP Roper Industries Inc. 136.46 95.7 13,584.3 15,589.5 3,238.1 58.1 32.0 4.8 4.8 4.4 15.1 14.7 13.3 24.4 1.9 1.6

SWK Stanley Black & Decker, Inc. 80.31 86.6 12,507.5 16,415.5 11,001.2 36.0 13.9 1.5 1.5 1.4 10.7 10.5 9.7 16.3 2.5 1.6

TRMB Trimble Navigation Limited 38.59 96.1 10,027.4 10,651.7 2,288.1 56.3 20.2 4.7 4.7 4.2 23.0 23.1 20.0 25.7 1.3 1.4

VRNT Verint Systems Inc. 46.56 95.0 2,488.9 2,765.0 880.5 68.3 20.1 3.1 3.1 2.7 15.6 12.6 9.8 16.6 1.5 1.6

Mean 93.2% 39.4% 16.9% 2.0x 2.2x 2.0x 12.4x 12.4x 11.0x 20.2x 1.3x 1.5

Median 95.1% 36.7% 16.1% 1.9x 2.0x 1.9x 11.8x 12.6x 10.2x 18.9x 1.3x 1.5

March 2014


101

Figure 41: Public Safety and Justice








Physical Security - Public Safety & Justice

CSU Constellation Software Inc. $233.81 95.3% $4,954.8 $5,353.2 $1,210.8 32.3% 12.8% 4.4x 4.5x 3.1x 34.6x 23.4x 15.8x 26.0x 2.6x 0.6

LLL L-3 Communications Holdings Inc. 116.39 98.2 9,991.8 13,211.8 12,629.0 10.2 11.9 1.0 1.1 1.1 8.8 9.1 8.9 13.9 2.1 5.4

CXW Corrections Corporation of America 32.96 79.6 3,821.8 4,948.9 1,694.3 28.0 21.9 2.9 2.9 3.0 13.3 13.3 12.5 16.2 3.0 2.6

TYL Tyler Technologies Inc. 90.93 84.2 2,993.9 2,915.0 416.6 46.4 18.9 7.0 7.0 6.2 37.0 33.5 27.2 N/M N/M 2.0

QQ. QinetiQ Group Plc 3.71 93.6 2,413.6 2,220.1 2,010.7 16.9 18.6 1.1 1.8 1.8 5.9 13.0 13.8 14.3 N/M 39.0

OSIS OSI Systems, Inc. 63.98 81.5 1,275.2 1,310.0 869.0 35.4 15.3 1.5 1.5 1.4 9.8 10.1 7.2 21.3 0.3 0.8

FSS Federal Signal Corp. 14.90 93.8 935.5 1,003.8 851.3 24.1 10.0 1.2 1.2 1.1 11.7 12.2 10.0 17.1 0.8 1.2

ASEI American Science & Engineering Inc. 66.94 89.6 521.1 372.0 167.0 41.6 13.9 2.2 2.2 2.2 16.1 16.1 16.5 N/M N/M 15.7

KTOS Kratos Defense & Security Solutions, Inc. 7.10 77.3 407.4 996.4 950.6 25.2 8.3 1.0 1.0 1.0 12.6 9.7 10.1 N/M 7.5 3.7

SEPU Sepura PLC 2.29 88.3 316.2 320.7 145.3 47.2 10.0 2.2 3.5 3.2 22.1 27.5 24.0 20.1 0.3 N/A

TSYS TeleCommunication Systems Inc. 2.15 67.0 128.1 213.7 362.3 38.4 5.9 0.6 0.6 0.6 10.0 6.1 6.0 N/M 4.0 1.4

ARTX Arotech Corp. 4.36 73.8 81.6 82.4 89.8 25.9 6.2 0.9 0.9 0.9 14.7 12.3 12.1 15.6 0.1 N/A

ITI Iteris, Inc. 2.15 86.0 70.5 50.0 66.5 38.5 5.7 0.8 0.8 0.7 13.2 15.4 9.1 N/M N/M 2.2

ORAD Orad Ltd. 0.51 99.1 21.5 41.2 43.5 29.4 12.2 0.9 N/A N/A 7.8 N/A N/A N/M 3.7 N/A

Mean 85.2% 31.4% 12.3% 1.4x 1.6x 1.7x 12.7x 13.5x 11.6x 18.1x 2.4x 6.8

Median 86.0% 30.8% 12.0% 1.1x 1.2x 1.3x 12.6x 12.7x 11.1x 17.3x 2.3x 2.2

March 2014


Appendix

102

Physical Security Companies, continued

Figure 42: Security Equipment

Continued on Next Page.




Physical Security - Security Equipment

IR Ingersoll-Rand Plc $57.87 80.7% $16,090.5 $17,736.9 $12,350.5 29.9% 12.0% 1.4x 1.4x 1.4x 12.0x 11.3x 10.2x 22.1x 1.1x 1.3

002415 Hangzhou Hikvision Digital Technology 3.39 73.5 13,605.2 12,861.4 1,774.1 100.0 28.0 7.2 1.2 0.9 25.9 4.6 2.3 24.4 N/M 0.5

SMIN Smiths Group plc 22.22 87.1 8,763.1 9,905.0 4,720.4 45.5 19.5 2.1 3.2 3.1 10.7 15.8 14.9 14.6 1.2 3.8

FBHS Fortune Brands Home & Security, Inc. 43.47 90.7 7,205.5 7,323.8 4,157.4 34.6 11.4 1.8 1.8 1.6 15.5 15.1 11.9 29.2 0.2 1.6

002236 Zhejiang Dahua Technology Co.,Ltd. 5.04 65.2 5,774.9 5,537.5 893.6 100.0 17.9 6.2 1.1 0.7 34.6 4.7 3.3 N/M N/M 0.5

ALLE Allegion Plc 53.63 96.1 5,174.7 6,322.3 2,093.5 41.2 19.7 3.0 3.0 2.9 15.3 14.6 14.6 27.2 2.7 N/A

FLIR FLIR Systems, Inc. 34.45 97.2 4,853.2 4,699.3 1,496.4 49.4 22.1 3.1 3.2 3.1 14.2 13.9 13.2 24.5 N/M 1.9

UBNT Ubiquiti Networks, Inc. 52.67 95.9 4,623.7 4,391.8 452.5 43.9 33.6 9.7 9.7 7.3 28.8 30.3 20.7 N/M N/M 0.8

AXE Anixter International Inc. 103.40 89.3 3,366.3 4,145.0 6,226.5 22.8 6.2 0.7 0.7 0.6 10.8 10.9 10.1 18.3 2.0 1.2

DBD Diebold, Incorporated 40.31 100.0 2,591.5 2,665.9 2,857.5 23.4 7.0 0.9 0.9 0.9 13.4 12.5 11.3 29.6 0.3 2.2

AXIS Axis AB (publ) 33.81 86.1 2,348.6 2,296.1 733.7 51.5 14.7 3.1 0.5 N/A 21.2 2.9 N/A N/M N/M N/A

MSA Mine Safety Appliances 53.61 96.8 1,994.8 2,176.2 1,112.1 44.7 15.5 2.0 1.9 1.8 12.6 12.7 11.1 23.2 1.0 1.1

002414 Wuhan Guide Infrared Co., Ltd. 3.17 73.6 1,902.3 1,863.6 58.8 100.0 14.0 31.7 N/A N/A N/M N/A N/A N/M N/M N/A

KABN Kaba Holding AG 485.00 95.2 1,843.7 1,836.9 1,109.8 68.5 14.7 1.7 1.8 1.8 11.3 11.1 10.6 19.2 N/M 1.8

AVO Avigilon Corporation 27.44 88.3 1,178.8 1,080.0 167.9 54.2 17.1 6.4 6.0 3.9 37.7 32.0 19.9 N/M N/M 0.7

002528 Infinova 2.94 81.0 1,040.3 937.3 158.7 100.0 7.1 5.9 N/A N/A N/M N/A N/A N/M N/M N/A

ALOG Analogic Corporation 80.00 80.0 993.1 882.1 543.5 41.2 11.3 1.6 1.6 1.5 14.4 10.9 9.9 22.7 N/M 0.9

OVTI OmniVision Technologies, Inc. 17.34 84.7 971.5 601.5 1,459.2 18.4 7.0 0.4 0.4 0.5 5.9 4.7 5.4 8.1 N/M 0.8

SWHC Smith & Wesson Holding Corporation 13.85 89.0 761.0 818.6 634.9 40.8 27.7 1.3 1.3 1.3 4.7 4.5 5.2 9.4 0.3 0.5

CTS CTS Corporation 20.89 97.9 704.4 655.7 409.5 30.1 11.5 1.6 1.2 1.5 13.9 12.0 10.4 26.4 N/M 1.4

CKP Checkpoint Systems Inc. 13.96 76.5 578.4 571.5 695.5 39.2 8.4 0.8 0.8 0.8 9.8 7.7 6.2 N/M N/M 0.6

CTRL Control4 Corporation 23.37 71.9 535.3 453.7 128.5 50.3 6.4 3.5 3.5 3.0 N/M 41.2 29.6 N/M N/M 1.5

3454 Vivotek Inc 6.37 90.0 449.2 416.3 136.7 46.2 24.1 3.0 N/A N/A 12.6 N/A N/A N/M N/M N/A

GUNN Gunnebo AB 5.65 86.6 429.0 545.7 819.8 30.6 7.3 0.7 0.7 0.7 9.1 8.9 8.0 22.5 1.9 0.3

3356 Geovision, Inc. 6.53 93.2 415.7 381.8 76.8 55.5 31.0 5.0 0.2 0.1 16.0 0.6 0.4 21.2 N/M 0.6

SEPU Sepura PLC 2.29 88.3 316.2 320.7 145.3 47.2 10.0 2.2 3.5 3.2 22.1 27.5 24.0 20.1 0.3 N/A

5489 DynaColor, Inc. 2.78 97.5 277.1 262.5 75.3 42.3 23.3 3.5 0.1 0.1 15.0 0.5 0.4 18.6 N/M 0.9

8072 Av Tech Corporation 2.77 88.1 276.5 165.5 94.9 37.9 27.6 1.7 N/A N/A 6.3 N/A N/A 12.6 N/M N/A

MBQ Mobotix AG 20.13 78.2 264.6 265.7 118.2 74.9 25.0 2.2 3.0 2.7 9.0 11.6 10.5 14.9 0.0 1.1

NSSC Napco Security Systems Inc. 6.65 86.4 129.1 138.8 74.6 30.9 8.7 1.9 N/A N/A 21.4 N/A N/A N/M 1.5 N/A

3669 AVer Information Inc. 0.90 95.5 87.2 58.2 55.2 52.7 6.0 1.1 N/A N/A 17.4 N/A N/A N/M N/M N/A

AFHL AFCON Holdings Ltd. 15.88 81.5 72.7 129.8 287.2 18.1 5.3 0.5 N/A N/A 8.5 N/A N/A N/M 3.8 N/A

IDSY ID Systems Inc. 5.76 84.2 70.2 59.9 39.9 44.8 N/M 1.5 1.5 1.2 N/M N/M 12.6 N/M N/M 48.0

MAGS Magal Security Systems Ltd. 3.94 78.1 63.7 28.0 60.8 43.0 3.8 0.5 N/A N/A 12.3 N/A N/A N/M N/M N/A

5251 JSW Pacific Corporation 2.36 78.0 60.0 46.9 43.4 29.8 17.0 1.1 N/A N/A 6.4 N/A N/A N/M N/M N/A

IMSC Implant Sciences Corp. 0.87 62.1 53.8 98.4 8.0 29.9 N/M 12.3 12.3 3.9 N/M N/M N/M N/M N/M NM

5484 EverFocus Electronics Corporation 0.46 96.2 53.4 46.7 74.9 29.2 N/M 0.6 N/A N/A N/M N/A N/A N/M N/M N/A

6131 Yoko Technology Corp. 0.55 98.8 53.3 43.4 32.9 18.2 N/M 1.3 0.0 0.1 N/M N/A N/A N/M N/M N/A

March 2014


103

Figure 43: Security Equipment, continued





Figure 43: Explosives Detection and Security Sensors








Physical Security - Security Equipment

IR Ingersoll-Rand Plc $57.87 80.7% $16,090.5 $17,736.9 $12,350.5 29.9% 12.0% 1.4x 1.4x 1.4x 12.0x 11.3x 10.2x 22.1x 1.1x 1.3IND

IndigoVision Group plc 7.15 97.7 53.8 50.9 56.4 57.7 7.9 0.9 1.5 0.9 11.4 17.7 11.3 16.7 N/M N/A

RWC RELM Wireless Corp. 3.33 81.4 45.4 37.4 27.0 43.5 7.6 1.4 N/A N/A 18.3 N/A N/A N/M N/M N/A

ISNS Image Sensing Systems, Inc. 5.49 66.3 27.3 21.1 26.3 62.4 N/M 0.8 0.8 0.7 N/M N/A N/A N/M N/M NM

MACE Mace Security International Inc. 0.36 61.0 21.2 19.2 12.3 36.0 N/M 1.6 N/A N/A N/M N/A N/A N/M N/M N/A

API Advanced Photonix Inc. 0.63 71.7 19.7 23.5 28.1 34.8 N/M 0.8 0.8 0.7 N/M N/M 18.3 N/M N/M N/A

DGLY Digital Ally Inc. 8.28 47.4 18.4 20.7 19.0 56.7 N/M 1.1 N/A N/A N/M N/A N/A N/M N/M N/A

GRDH Guardian 8 Corp Holdings 0.46 46.0 16.6 17.5 0.0 73.9 N/M N/M 33.2 4.1 N/M N/A N/A N/M N/M N/A

CSTI Costar Technologies, Inc 11.60 90.3 16.6 14.0 26.4 29.4 8.3 0.5 N/A N/A 6.4 N/A N/A N/M N/M N/A

531404 Zicom Electronic Security Systems Limited 0.94 61.3 16.6 69.2 134.0 23.2 12.4 0.5 N/A 0.0 4.2 N/A 0.1 N/M 3.2 N/A

NWT Newmark Security plc 0.03 92.8 13.5 10.9 30.5 39.8 19.9 0.4 0.6 0.6 1.8 3.7 4.0 4.8 N/M N/A

ELN Electronics Line 3000 0.73 55.9 10.0 7.7 16.1 38.8 6.0 0.5 0.7 0.6 8.0 4.6 5.1 3.8 N/M 0.2

QTG Q Technology Group Limited 0.02 67.9 3.3 5.2 20.7 17.6 N/M 0.3 N/A N/A N/M N/A N/A N/M N/M N/A

ANVS ANV Security Group, Inc. 0.01 10.0 0.6 0.5 0.4 93.9 N/M 1.5 N/A N/A N/M N/A N/A N/M N/M N/A

Mean 81.0% 46.8% 14.7% 2.0x 1.6x 1.5x 13.0x 9.8x 9.8x 18.7x 1.4x 3.2

Median 86.2% 42.7% 12.4% 1.5x 1.2x 1.2x 12.6x 10.9x 10.5x 19.6x 1.2x 0.9




Physical Security - Explosives Detection & Security Sensors

TMO Thermo Fisher Scientific, Inc. $123.12 96.5% $48,237.4 $52,899.4 $13,090.3 42.5% 21.3% 4.0x 4.1x 3.2x 19.0x 19.3x 13.1x 23.0x 1.7x 1.3

LLL L-3 Communications Holdings Inc. 116.39 98.2 9,991.8 13,211.8 12,629.0 10.2 11.9 1.0 1.1 1.1 8.8 9.1 8.9 13.9 2.1 5.4

SMIN Smiths Group plc 22.22 87.1 8,763.1 9,905.0 4,720.4 45.5 19.5 2.1 2.1 2.0 10.7 10.4 9.4 14.6 1.2 3.8

QQ. QinetiQ Group Plc 3.71 93.6 2,413.6 2,220.1 2,010.7 16.9 18.6 1.1 1.0 1.0 5.9 8.3 8.3 14.3 N/M 39.0

MSA Mine Safety Appliances Co. 53.61 96.8 1,994.8 2,176.2 1,112.1 44.7 15.5 2.0 1.9 1.8 12.6 12.7 11.1 23.2 1.0 1.1

OSIS OSI Systems, Inc. 63.49 80.9 1,265.5 1,300.3 869.0 35.4 15.3 1.5 1.5 1.4 9.8 10.0 7.1 21.2 0.3 0.8

ALOG Analogic Corporation 79.66 79.7 988.9 877.9 543.5 41.2 11.3 1.6 1.6 1.5 14.3 10.9 9.8 22.6 N/M 0.9

ASEI American Science & Engineering Inc. 66.80 89.4 520.0 370.9 167.0 41.6 13.9 2.2 2.2 2.2 16.0 16.0 16.5 N/M N/M 15.7

IMSC Implant Sciences Corp. 0.87 62.1 53.8 98.4 8.0 29.9 N/M 12.3 12.3 3.9 N/M N/M N/M N/M N/M NM

APC Advanced Power Components plc 0.89 76.9 51.9 50.3 33.5 30.3 2.5 1.5 2.2 1.9 N/M N/M 28.5 N/M N/M N/A

API Advanced Photonix Inc. 0.63 71.7 19.7 23.5 28.1 34.8 N/M 0.8 0.8 0.7 N/M N/M 18.3 N/M N/M N/A

QTG Q Technology Group 0.02 67.9 3.3 5.2 20.7 17.6 N/M 0.3 N/A N/A N/M N/A N/A N/M N/M N/A

Mean 83.4% 32.5% 14.4% 1.7x 1.9x 1.6x 12.0x 10.2x 11.4x 19.0x 1.2x 8.5

Median 84.0% 35.1% 15.3% 1.5x 1.8x 1.7x 11.7x 10.2x 9.8x 21.2x 1.2x 2.6

March 2014


Appendix

104

Physical Security Companies, continued

Figure 44: Alarm Monitoring





Figure 45: Guard Services / Cash-in-Transit








Physical Security - Alarm Monitoring

ADT The ADT Corporation $28.53 56.7% $5,228.9 $9,585.9 $3,339.0 58.0% 41.2% 2.9x 2.9x 2.8x 7.0x 5.6x 5.4x 15.6x 3.2x 1.6

PSG Prosegur Compania de Seguridad SA 5.93 82.7 3,398.8 4,452.9 5,088.7 23.4 12.4 0.9 1.1 1.0 7.1 8.6 7.8 15.7 1.7 1.4

ASCM.A Ascent Capital Group, Inc. 75.36 84.6 1,060.7 2,469.8 451.0 83.6 64.0 5.5 0.6 0.5 8.6 4.8 4.3 N/M 4.9 NM

AF AlarmForce Industries Inc. 9.78 87.9 116.7 103.9 45.1 76.5 28.8 2.3 2.1 1.9 8.0 5.2 5.6 22.2 N/M N/A

VII Vicon Industries Inc. 3.41 78.4 15.4 7.1 36.9 38.2 N/M 0.2 0.0 0.0 N/M 0.0 0.0 N/M N/M N/A

Mean 78.1% 55.9% 36.6% 2.3x 1.3x 1.2x 7.6x 4.9x 4.6x 17.8x 3.2x 1.5

Median 82.7% 58.0% 35.0% 2.3x 1.1x 1.0x 7.5x 5.2x 5.4x 15.7x 3.2x 1.5



Physical Security - Guard Services

9735 Secom Co. Ltd. $54.35 85.7% $11,862.2 $11,002.5 $7,731.2 33.6% 19.6% 1.4x 0.0x 0.0x 7.3x 0.1x 0.1x 18.5x N/M 1.6

GFS G4S plc 3.93 74.9 6,068.2 8,836.4 12,305.1 18.3 7.3 0.7 0.7 0.7 9.9 7.9 7.5 14.5 3.0 1.6

SECU B Securitas AB 11.34 96.6 4,141.5 5,671.5 10,219.6 17.4 6.5 0.6 0.6 0.6 8.5 9.0 8.5 14.4 2.3 1.1

PSG Prosegur Compania de Seguridad SA 5.93 82.7 3,398.8 4,452.9 5,088.7 23.4 12.4 0.9 1.1 1.0 7.1 8.6 7.8 15.7 1.7 1.4

NICE NICE Systems Ltd. 40.57 94.2 2,503.1 2,300.7 949.3 61.6 18.4 2.4 2.4 2.3 13.2 9.7 9.4 15.8 N/M 1.2

GEO The GEO Group, Inc. 31.99 81.3 2,305.9 3,839.0 1,522.1 26.1 18.4 2.5 2.5 2.4 13.7 13.2 12.1 19.8 5.5 2.1

LOOM B Loomis AB 24.18 92.8 1,817.7 2,157.7 1,767.7 23.2 16.3 1.2 0.2 0.2 7.5 1.2 1.1 15.6 1.2 2.0

BCO Brinks Co. 29.32 82.1 1,420.0 1,686.1 3,942.2 18.9 8.6 0.4 N/A 0.4 5.0 N/A N/A N/M 0.5 1.1

ITRN Ituran Location & Control Ltd. 24.08 96.4 505.0 467.9 170.2 52.5 31.9 2.7 0.8 0.7 8.6 N/A N/A 18.0 N/M N/A

LOJN LoJack Corporation 6.51 95.0 122.4 96.7 140.2 55.0 2.5 0.7 0.7 0.6 27.1 17.0 7.1 N/M N/M 2.4

PNTR Pointer Telocation Ltd. 9.88 74.7 76.0 99.4 97.9 32.3 10.7 1.0 N/A N/A 9.5 N/A N/A N/M 1.7 N/A

MOC Command Security Corp. 2.05 78.8 19.0 26.5 156.0 13.0 2.5 0.2 0.2 N/A 6.9 N/A N/A 15.5 1.9 N/A

Mean 86.3% 31.3% 12.9% 0.9x 0.6x 0.6x 8.8x 9.7x 8.1x 16.4x 2.2x 1.6

Median 84.2% 24.8% 11.6% 0.8x 0.7x 0.6x 8.5x 9.0x 7.8x 15.7x 1.8x 1.6

March 2014


105

Identity Solutions Companies

Figure 46: Intelligent Video








Identity Solutions - Intelligent Video

002415 Hangzhou HIKvision Digital Technology $3.37 73.5% $13,533.3 $12,789.5 $1,774.1 NA 28.0% 7.2x N/M N/M 25.8x N/M N/M 4.4x N/M 0.5

002236 Zhejiang Dahua Technology Co.,Ltd. 5.01 65.2 5,744.4 5,507.0 893.6 NA 17.9 6.2 1.0 0.7 34.4 4.7 3.3 5.0 N/M 0.5

FLIR FLIR Systems Inc. 34.34 96.9 4,837.8 4,683.8 1,496.4 49.4 22.1 3.1 3.2 3.1 14.1 13.9 13.1 28.1 N/M 1.9

NICE NICE Systems Ltd. 41.17 95.5 2,540.2 2,337.9 949.3 61.6 18.4 2.5 2.5 2.3 13.4 9.9 9.6 N/M N/M 1.2

VRNT Verint Systems Inc. 46.19 94.3 2,469.1 2,745.2 880.5 68.3 20.1 3.1 3.0 2.6 15.5 12.5 9.8 N/M 1.5 1.6

AXIS Axis AB 33.88 85.8 2,353.6 2,301.1 733.7 51.5 14.7 3.1 3.7 3.0 21.3 23.7 18.1 4.9 N/M N/A

002414 Wuhan Guide Infrared Co., Ltd. 3.15 73.6 1,892.2 1,853.5 58.8 100.0 14.0 31.5 N/A N/A N/M N/A N/A N/M N/M N/A

AVO Avigilon Corporation 27.75 88.9 1,192.0 1,093.2 167.9 54.2 17.1 6.5 1.7 1.4 38.2 11.3 8.6 N/M N/M 0.7

002528 Infinova 2.93 81.0 1,034.8 931.8 158.7 100.0 7.1 5.9 8.5 7.0 N/M 31.3 25.5 14.6 N/M N/A

3454 Vivotek Inc 6.38 90.0 449.8 416.9 136.7 46.2 24.1 3.1 N/A N/A 12.6 N/A N/A 0.6 N/M N/A

3356 Geovision, Inc. 6.54 93.2 416.3 382.3 76.8 55.5 31.0 5.0 0.2 0.1 16.1 0.6 0.4 0.7 N/M 0.7

MBQ Mobotix AG 20.22 78.5 265.7 266.9 118.2 74.9 25.0 2.3 2.4 2.0 9.0 9.0 7.3 21.4 0.0 1.1

BSL Balsar AG 45.25 93.1 147.9 166.3 85.5 50.8 18.1 1.9 2.6 2.3 10.7 46.3 29.7 27.7 1.2 0.8

IND IndigoVision Group plc 7.11 97.2 53.6 50.6 56.4 57.7 7.9 0.9 1.5 0.9 11.3 14.1 9.0 25.0 N/M N/A

ISNS Image Sensing Systems 5.40 65.2 26.9 20.7 26.3 62.4 N/M 0.8 0.8 0.7 N/M 5.8 3.7 N/M N/M NM

DGLY Digital Ally Inc. 8.15 46.7 18.1 20.4 19.0 56.7 N/M 1.1 N/A N/A N/M N/A N/A N/M N/M N/A

CSTI Costar Technologies, Inc 11.50 89.5 16.4 13.8 26.4 29.4 8.3 0.5 N/A N/A 6.3 N/A N/A 8.2 N/M N/A

VII Vicon Industries Inc. 3.46 79.5 15.6 7.3 36.9 38.2 N/M 0.2 N/A N/A N/M N/M N/A N/M N/M N/A

Mean 82.6% 59.8% 18.3% 3.1x 2.2x 1.9x 15.0x 11.6x 9.2x 12.8x 0.9x 1.0

Median 87.4% 56.1% 18.1% 3.1x 2.5x 2.1x 13.8x 11.3x 9.0x 8.2x 1.2x 0.8

March 2014


Appendix

106

Identity Solutions Companies, continued

Figure 47: Chinese Video Companies






Stock Price % of 52 Market Enterprise LTM LTM EBITDA EV / Sales EV / EBITDA

Ticker Company (3/17/2014) Week High Cap Value (EV) Revenue Margin % LTM CY2013 CY2014 LTM CY2013 CY2014

Identity Solutions - Intelligent Video

002415 Hangzhou HIKvision Digital Technology $3.39 73.5% $13,605.2 $12,861.4 $1,774.1 28.0% 7.2x N/M N/M 25.9x N/M N/M

002236 Zhejiang Dahua Technology Co.,Ltd. 5.04 65.2 5,774.9 5,537.5 893.6 17.9 6.2 1.1 0.7 34.6 4.7 3.3

002414 Wuhan Guide Infrared Co., Ltd. 3.17 73.6 1,902.3 1,863.6 58.8 14.0 31.7 N/A N/A N/M N/A N/A

002528 Infinova 2.94 81.0 1,040.3 937.3 158.7 7.1 5.9 8.6 7.0 N/M 31.5 25.7

9925 Taiwan Shin Kong Security Co. Ltd. 1.38 95.4 519.5 399.1 245.3 19.2 1.6 N/A N/A 8.5 N/A N/A

5388 Sercomm 2.29 96.9 469.6 414.0 638.5 6.5 0.6 0.0 0.0 9.9 0.4 0.2

3454 Vivotek Inc 6.37 90.0 449.2 416.3 136.7 24.1 3.0 N/A N/A 12.6 N/A N/A

3356 Geovision, Inc. 6.53 93.2 415.7 381.8 76.8 31.0 5.0 0.2 0.1 16.0 0.6 0.4

5489 DynaColor, Inc. 2.78 97.5 277.1 262.5 75.3 23.3 3.5 0.1 0.1 15.0 0.5 0.4

8072 AV Tech Corporation 2.77 88.1 276.5 165.5 94.9 27.6 1.7 N/A N/A 6.3 N/A N/A

3669 AVer Information Inc. 0.90 95.5 87.2 58.2 55.2 6.0 1.1 N/A N/A 17.4 N/A N/A

5251 JSW Pacific Corporation 2.36 78.0 60.0 46.9 43.4 17.0 1.1 N/A N/A 6.4 N/A N/A

5484 EverFocus Electronics Corporation 0.46 96.2 53.4 46.7 74.9 N/M 0.6 N/A N/A N/M N/A N/A

6131 Yoko Technology Corp. 0.55 98.8 53.3 43.4 32.9 N/M 1.3 0.0 0.1 N/M N/A N/A

8051 TeleEye Holdings Ltd. 0.55 88.3 7.4 5.7 5.3 N/M 1.1 N/A N/A N/M N/A N/A

ANVS ANV Security Group, Inc. 0.01 10.0 0.6 0.5 0.4 N/M 1.5 N/A N/A N/M N/A N/A

Mean 82.2% 18.5% 2.8x 0.3x 0.2x 15.1x 1.5x 1.1x

Median 81.0% 18.5% 1.6x 0.1x 0.1x 15.0x 0.5x 0.4x

March 2014


107


Figure 48: Products








Identity Solutions - Products

MMM 3M Company $132.07 94.0% $87,521.7 $90,697.7 $30,871.0 47.8% 26.0% 2.9x 2.9x 2.8x 11.3x 11.3x 10.7x 19.6x 0.3x 1.6

ITW Illinois Tool Works 81.82 97.0 34,762.7 37,494.7 14,135.0 39.5 21.5 2.7 2.6 2.5 12.4 11.9 11.0 22.2 0.9 3.2

SAF Safran SA 66.51 87.6 27,698.5 30,372.9 20,265.8 47.2 13.9 1.5 2.1 1.9 10.7 12.2 11.6 18.0 0.9 1.2

ASSA B Assa Abloy AB 51.58 95.3 19,097.3 21,872.6 7,541.2 38.0 16.1 2.9 0.5 0.4 18.0 2.5 2.2 24.4 2.3 1.5

GTO Gemalto 113.86 89.8 9,823.4 9,211.4 3,289.4 38.9 15.7 2.8 3.8 3.5 17.8 22.0 18.4 26.3 N/M 1.2

ZBRA Zebra Technologies 69.25 95.2 3,488.1 3,074.8 1,038.2 48.5 18.7 3.0 3.0 2.7 15.8 15.7 12.4 26.0 N/M 2.0

BRC Brady Corp. 27.11 75.8 1,413.7 1,622.9 1,206.1 50.8 14.6 1.3 1.3 1.3 9.2 9.7 8.6 15.5 1.2 1.3

DLAR De La Rue 13.19 75.4 1,315.2 1,466.1 762.0 56.8 20.6 1.9 2.9 2.8 9.4 13.3 12.2 13.7 0.9 N/A

UEPS Net 1 Ueps Technologies 10.12 77.8 463.2 536.7 489.8 53.3 17.1 1.1 1.1 1.0 6.4 6.1 4.6 9.2 0.9 0.7

VDSI VASCO Data Security 8.05 89.0 315.5 216.9 155.0 64.4 10.6 1.4 1.4 1.3 13.2 13.2 9.3 N/M N/M N/A

DMRC Digimarc 31.23 84.6 232.1 202.5 35.0 73.3 N/M 5.8 N/A N/A N/M N/A N/A N/M N/M N/A

IWSY ImageWare Systems 2.25 78.9 190.8 187.4 5.3 79.2 N/M 35.4 36.6 15.9 N/M N/A N/A N/M N/M NM

IGP Intercede Group 3.19 100.0 155.4 143.4 12.7 99.7 N/M 11.3 17.3 12.7 N/M N/M N/M N/M N/M N/A

INSD INSIDE Secure 4.31 89.9 146.5 120.5 154.6 31.2 N/M 0.8 0.8 0.8 N/M 23.3 43.2 N/M N/M NM

HOL Hologram Industries 0.79 84.6 141.8 365.0 304.2 20.1 28.8 1.2 N/A N/A 4.2 N/A N/A N/M 2.5 N/A

APDN Applied DNA Sciences Inc. 0.14 49.3 109.5 105.3 2.3 100.0 N/M 45.5 44.3 23.8 N/M N/A N/A N/M N/M N/A

OTIV On Track Innovations 3.02 68.9 98.7 96.6 41.1 49.8 N/M 2.4 3.0 3.1 N/M N/M N/M N/M N/M N/A

PREC Precise Biometrics AB 0.26 31.3 88.1 72.4 5.4 54.3 N/M 13.3 1.9 1.2 N/M N/A N/M N/M N/M N/A

DSS Document Security Systems 1.61 65.4 79.3 80.4 0.6 NA N/M N/M N/A N/A N/M N/A N/A N/M N/M N/A

PREC Precia Société Anonyme 119.93 95.8 66.8 56.0 116.3 76.1 11.2 0.5 0.6 0.6 4.3 N/A N/A 12.0 N/M N/A

INVE Identive Group 0.90 58.0 66.7 65.7 97.5 40.0 N/M 0.7 N/A N/A N/M N/A N/A N/M N/M N/A

OSG OpSec Security Group 0.59 63.7 45.7 65.7 86.9 36.1 5.7 0.8 N/A N/A 13.2 N/A N/A N/M 4.0 N/A

D7S Matica Technologies AG 1.64 69.5 12.1 8.1 41.9 34.0 5.5 0.2 N/A N/A 3.5 N/A N/A N/M N/M N/A

Mean 81.3% 56.3% 17.9% 3.3x 3.0x 1.9x 10.4x 12.5x 11.0x 18.7x 1.2x 1.6

Median 86.1% 50.8% 16.6% 2.4x 2.1x 1.6x 10.7x 12.2x 11.0x 18.8x 0.9x 1.4

March 2014


Appendix

108


Figure 49: Location Technologies








Identity Solutions - Location & Tracking

GRMN Garmin Ltd. $53.46 97.1% $10,432.7 $9,103.7 $2,631.9 53.5% 24.8% 3.5x 3.5x 3.5x 13.9x 14.6x 14.0x 21.3x N/M 2.8

TRMB Trimble Navigation Ltd. 38.50 95.8 10,004.0 10,628.3 2,288.1 56.3 20.2 4.6 4.7 4.2 22.9 23.0 19.9 25.6 1.3 1.4

MANH Manhattan Associates, Inc. 40.33 100.0 3,083.1 2,950.1 414.5 56.3 25.8 7.1 7.2 6.5 27.5 25.7 23.0 N/M N/M N/A

TOM2 TomTom NV 6.41 73.8 1,424.7 1,310.9 1,326.8 54.1 12.5 1.0 1.4 1.4 7.9 9.0 10.3 18.6 N/M NM

CAMP CalAmp Corp. 32.70 93.8 1,128.5 1,099.8 224.4 33.1 10.7 4.9 4.9 4.1 45.8 41.1 28.3 N/M N/M 1.3

CKP Checkpoint Systems Inc. 13.96 76.5 578.4 571.5 695.5 39.2 8.4 0.8 0.8 0.8 9.8 7.7 6.2 N/M N/M 0.6

ITRN Ituran Location & Control Ltd. 24.08 96.4 505.0 467.9 170.2 52.5 31.9 2.7 0.8 0.7 8.6 N/A N/A 18.0 N/M N/A

ABT Absolute Software Corporation 6.43 88.0 278.3 222.2 86.4 77.1 20.3 2.6 2.5 2.2 12.7 17.2 14.1 N/M N/M N/A

DGII Digi International 9.99 78.4 258.5 160.7 195.7 50.4 8.6 0.8 0.8 0.8 9.6 10.1 8.0 N/M N/M 2.2

NMRX Numerex 12.77 79.9 241.4 217.3 77.8 41.3 4.9 2.8 2.8 2.3 N/M 29.0 19.1 N/M N/M 2.3

TSYS TeleCommunication Systems 2.16 67.3 128.7 214.3 362.3 38.4 5.9 0.6 0.6 0.6 10.0 6.1 6.1 N/M 4.0 1.4

LOJN LoJack Corp. 6.51 95.0 122.4 96.7 140.2 55.0 2.5 0.7 0.7 0.6 27.1 17.0 7.1 N/M N/M 2.4

GPS BSM Technologies 2.12 68.1 98.2 95.5 21.0 60.6 14.1 4.6 4.3 3.4 32.3 23.0 15.0 N/M N/M N/A

UBI Ubisense Group 4.20 90.2 96.8 96.8 37.6 36.4 N/M 2.6 3.5 2.7 N/M N/M 36.7 N/M N/M N/A

PNTR Pointer Telocation Ltd. 9.88 74.7 76.0 99.4 97.9 32.3 10.7 1.0 N/A N/A 9.5 N/A N/A N/M 1.7 N/A

USAT USA Technologies 2.04 76.7 72.5 73.3 39.4 37.5 15.7 1.9 1.9 1.6 11.8 11.0 8.1 N/M N/M 1.9

IDSY ID Systems 5.76 84.2 70.2 59.9 39.9 44.8 N/M 1.5 1.5 1.2 N/M N/M 12.6 N/M N/M 48.0

NVTL Novatel Wireless 2.00 45.2 68.4 51.5 335.1 20.4 N/M 0.2 0.2 0.2 N/M N/M N/M N/M N/M NM

ESYS Elecsys 13.80 79.1 52.7 55.1 29.3 37.3 14.3 1.9 N/A 1.8 13.2 N/A N/A N/M 0.6 1.4

LTRX Lantronix 2.22 67.1 32.5 26.5 45.1 47.5 N/M 0.6 0.6 0.6 N/M N/M 18.9 N/M N/M 2.7

IMP Intermap Technologies Corp. 0.28 56.4 25.7 23.7 27.9 21.6 17.2 0.8 N/A N/A 4.9 N/A N/A N/M N/M N/A

ACT Active Control Technology, Inc. 0.05 83.3 0.8 0.6 4.2 35.8 N/M 0.2 N/A N/A N/M N/A N/A N/M N/M N/A

Mean 79.5% 44.2% 14.0% 1.5x 1.7x 1.5x 14.2x 17.0x 14.2x 20.7x 1.9x 6.0

Median 79.1% 41.3% 13.3% 1.0x 1.4x 1.3x 10.9x 17.1x 14.1x 18.6x 1.5x 1.9

March 2014


109


Figure 50: Services








Identity Solutions - Services

EXPN Experian $17.50 81.6% $17,377.9 $20,691.9 $4,784.0 45.1% 34.2% 4.3x 4.3x 4.0x 12.7x 12.4x 11.6x 19.7x 2.0x 1.8

VRSN VeriSign 50.65 80.4 6,770.0 6,420.8 965.1 80.6 61.0 6.7 6.7 6.3 10.9 10.4 9.8 21.6 N/M 1.4

PAY VeriFone Systems 32.86 96.6 3,651.1 4,439.9 1,709.5 37.6 10.3 2.6 2.6 2.4 25.2 14.3 13.5 26.5 4.3 7.2

ACXM Acxiom Corporation 36.63 93.2 2,797.8 2,740.2 1,097.5 23.8 16.6 2.5 2.5 2.5 15.1 13.3 12.3 N/M N/M 3.8

FICO Fair Isaac Corporation 53.43 84.2 1,865.4 2,247.5 737.8 68.7 25.9 3.0 3.0 2.9 11.8 11.8 10.7 16.7 2.0 1.2

HPY Heartland Payment Systems 44.05 87.3 1,616.7 1,697.2 2,135.4 15.0 7.6 0.8 2.8 2.6 10.5 11.6 10.7 19.5 0.5 1.2

EGOV NIC 19.00 73.1 1,235.7 1,161.4 249.3 42.9 25.8 4.7 4.6 4.3 18.1 17.2 15.8 N/M N/M 1.5

WYY WidePoint 1.67 85.6 121.9 123.4 49.9 27.8 0.8 2.5 2.6 2.0 N/M N/M 30.4 N/M 4.0 2.6

INTX Intersections 6.45 58.1 116.7 97.8 324.0 66.5 8.2 0.3 N/A N/A 3.7 N/A N/A N/M N/M N/A

ADAT Authentidate Holding Corp. 1.03 54.8 39.5 36.2 6.1 31.8 N/M 5.9 2.8 2.1 N/M N/M 15.6 N/M N/M N/A

Mean 79.5% 44.0% 21.1% 3.3x 3.2x 2.9x 13.2x 12.7x 12.5x 20.8x 2.5x 2.6

Median 82.9% 40.3% 16.6% 2.8x 2.8x 2.6x 12.2x 12.4x 12.0x 19.7x 2.0x 1.7

March 2014


Appendix

110

Information Security Companies

Figure 51: Information Security Pure Plays








Information Security Pure Plays

SYMC Symantec $20.30 74.9% $14,038.5 $12,242.5 $6,799.0 83.6% 28.8% 1.8x 1.8x 1.8x 6.2x 5.9x 5.9x 10.7x N/M 1.4

CHKP Check Point Software 68.38 97.8 13,150.3 11,983.5 1,394.1 88.4 55.4 8.6 8.6 8.1 15.5 14.6 14.1 20.1 N/M 2.0

WYN Wynyard Group Limited 72.73 94.9 9,319.8 13,981.8 5,009.0 52.2 22.9 2.8 2.8 2.6 12.2 12.1 11.3 19.1 4.1 1.8

FFIV F5 Networks 109.94 94.2 8,294.2 7,716.0 1,522.3 82.6 30.8 5.1 5.1 4.4 16.4 13.1 11.4 23.5 N/M 1.3

PANW Palo Alto Networks 78.25 97.8 5,795.6 5,357.4 482.9 73.2 N/M 11.1 11.1 8.1 N/M N/M N/M N/M N/M 3.2

4704 Trend Micro 31.02 75.2 4,183.5 2,846.5 1,030.1 82.1 33.9 2.8 0.0 0.0 8.2 0.1 0.1 23.4 N/M 1.7

FTNT Fortinet 23.08 94.1 3,757.8 3,266.5 615.3 70.7 14.1 5.3 5.4 4.7 37.7 25.5 23.8 N/M N/M 2.7

RVBD Riverbed Technology 19.73 86.7 3,156.6 3,222.2 1,041.0 72.9 14.2 3.1 3.1 2.8 21.8 9.9 9.4 19.6 0.4 1.2

CAVM Cavium 43.10 94.5 2,266.6 2,174.0 304.0 62.3 10.9 7.2 7.2 6.1 N/M N/M 21.3 N/M N/M 1.1

ARUN Aruba Networks 19.44 75.3 2,075.6 1,797.4 637.5 69.9 1.7 2.8 1.5 1.4 N/M 4.5 4.1 N/M N/M 1.1

IMPV Imperva 61.10 91.0 1,594.1 1,476.4 137.8 78.4 N/M 10.7 10.8 8.3 N/M N/M N/M N/M N/M NM

PFPT Proofpoint 42.71 93.5 1,570.1 1,473.5 137.9 69.9 N/M 10.7 11.1 8.4 N/M N/M N/M N/M N/M NM

AVG AVG Technologies 20.84 78.5 1,134.6 1,122.2 407.1 83.1 33.2 2.8 2.8 2.9 8.3 7.9 8.6 10.2 N/M N/A

PKT Qualys 27.76 92.7 900.9 804.5 108.0 77.2 11.0 7.5 7.5 6.2 N/M 44.4 37.4 N/M N/M 4.5

SSNI Silver Spring Networks 17.00 50.3 811.8 667.5 326.9 35.3 N/M 2.0 2.0 1.8 N/M N/M 42.0 N/M N/M 8.3

RDWR Radware 17.46 89.7 782.6 647.7 193.0 81.0 14.2 3.4 3.4 3.0 23.6 22.3 15.8 25.5 N/M 1.1

GUID Guidance Software 10.60 93.0 307.4 287.8 110.5 66.1 N/M 2.6 2.6 2.5 N/M N/M 28.6 N/M N/M 26.3

ZIXI Zix 4.29 85.4 255.9 228.3 48.1 84.2 22.4 4.7 4.7 4.3 21.2 16.8 15.8 22.6 N/M 1.3

PKT Procera Networks 11.74 71.2 238.9 132.3 74.7 54.7 N/M 1.8 1.8 1.5 N/M N/M N/M N/M N/M 5.0

ARTX Arotech Corporation 4.36 73.1 81.6 82.4 89.8 25.9 6.2 0.9 0.9 0.9 14.7 12.3 12.1 15.6 0.1 N/A

GSB GlobalSCAPE 2.35 60.3 44.1 39.1 24.3 95.8 19.2 1.6 1.6 1.5 8.3 N/A N/A 14.7 N/M 1.2

VSR Versar Inc. 4.12 72.9 40.0 38.2 113.3 10.2 5.0 0.3 0.3 N/A 6.7 4.5 N/A N/M N/M N/A

WAVX Wave Systems 0.98 28.3 39.4 38.7 24.4 91.5 N/M 1.6 N/A N/A N/M N/A N/A N/M N/M N/A

BMC BMC Software 2.02 64.9 25.0 22.6 16.6 N/A 32.5 1.4 N/A N/A 4.2 N/A N/A N/M N/M N/A

FIRE Sourcefire 3.52 86.5 21.1 20.4 18.9 38.5 9.3 1.1 N/A N/A 11.6 N/M N/A N/M N/M N/A

ISCI ISC8 Inc. 0.03 22.6 6.1 12.1 0.5 66.3 N/M 24.1 N/A N/A N/M N/A N/A N/M N/M N/A

SFOR StrikeForce Technologies 0.00 2.4 0.7 7.0 0.5 96.9 N/M 13.1 N/A N/A N/M N/A N/A N/M N/M N/A

Mean 75.6% 69.0% 20.3% 3.2x 3.4x 3.2x 12.6x 11.3x 13.6x 18.6x 1.6x 3.8

Median 85.4% 73.1% 16.7% 2.8x 2.8x 2.8x 11.9x 12.1x 12.1x 19.6x 0.4x 1.7

March 2014


111

Information Security Companies, continued

Figure 52: Diversified Technology Leaders

Enterprise value is defined as market capitalization plus net debt, minority interest, and preferred equity.

Since the March 2011 Security Monitor, the following companies have been acquired: Novell Inc.

Italicized, NA, and NM values are excluded from mean and median calculations.


Sources: Imperial Capital, LLC, Capital IQ, and Company SEC filings.




Diversified Technology Leaders

IBM International Business Machines Corp. $185.37 85.9% $193,033.4 $221,835.4 $99,751.0 48.6% 25.1% 2.2x 2.2x 2.2x 8.9x 7.9x 8.0x 11.0x 1.1x 1.0

ORCL Oracle Corp. 38.33 96.2 172,385.7 160,055.7 37,552.0 81.6 43.4 4.3 4.3 4.1 9.8 8.7 8.2 13.7 N/M 1.2

CSCO Cisco Systems, Inc. 21.58 81.5 111,164.6 81,271.6 47,873.0 59.4 27.1 1.7 1.7 1.7 6.3 5.1 5.0 10.6 N/M 1.4

HPQ Hewlett-Packard Company 29.53 96.2 55,962.9 64,886.9 112,093.0 23.4 11.8 0.6 0.6 0.6 4.9 4.6 4.7 8.1 0.6 2.0

EMC EMC Corporation 27.49 99.3 55,691.9 53,671.9 23,222.0 62.3 24.2 2.3 2.3 2.2 9.6 7.9 7.2 15.3 N/M 1.2

MSI Motorola Inc. 64.71 95.6 16,427.6 15,691.6 8,696.0 49.1 18.1 1.8 1.8 1.8 10.0 9.0 8.6 13.8 N/M 3.0

CA CA Technologies 31.74 87.6 14,212.2 13,129.2 4,582.0 85.8 34.2 2.9 2.9 3.0 8.4 7.1 7.6 10.0 N/M 1.4

JNPR Juniper Networks, Inc. 25.28 87.9 12,668.3 10,821.7 4,669.1 63.2 17.0 2.3 2.3 2.2 13.6 10.0 8.6 20.6 N/M 1.1

6701 NEC Corp. 2.95 84.2 7,662.9 13,494.4 28,390.7 29.7 5.7 0.5 0.3 0.3 8.4 6.2 5.9 N/M 3.0 3.3

JDSU JDS Uniphase Corp. 14.27 85.9 3,332.0 2,822.9 1,703.2 46.2 8.8 1.7 1.7 1.5 18.8 13.3 10.6 25.9 N/M 1.5

CBR CIBER, Inc. 4.72 94.6 361.5 317.6 877.3 25.4 2.9 0.4 0.4 0.4 12.3 N/M 6.8 N/M N/M 1.1

Mean 90.4% 52.3% 19.8% 2.1x 2.1x 1.9x 10.1x 8.1x 7.6x 14.3x 1.6x 1.7

Median 87.9% 49.1% 18.1% 2.2x 2.2x 2.0x 9.7x 7.9x 7.8x 13.7x 1.1x 1.4

March 2014


Appendix

112

Government and Integration Services Companies

Figure 53: Government Services








Government Services

LMT Lockheed Martin Corporation $163.90 97.3% $52,326.6 $55,861.6 $45,358.0 10.1% 11.8% 1.2x 1.2x 1.2x 10.5x 9.9x 8.8x 17.3x 0.7 2.1

GD General Dynamics Corp 108.27 95.3 37,055.4 35,662.4 31,218.0 18.5 13.6 1.1 1.1 1.2 8.4 8.4 8.5 15.4 N/M 2.0

RTN Raytheon Corp 100.48 98.4 31,601.0 32,200.0 23,706.0 21.8 14.1 1.4 1.4 1.4 9.7 9.6 8.8 17.2 0.1 1.5

SAF Safran SA 66.55 87.6 27,713.0 30,387.4 20,265.8 47.2 13.9 1.5 2.1 1.9 10.8 12.2 11.6 18.0 0.9 1.2

NOC Northrop Grumman Corp 121.56 97.0 26,346.5 27,126.5 24,661.0 21.8 14.7 1.1 1.1 1.1 7.5 7.6 7.5 14.9 0.2 2.2

HRS Harris Corp 73.35 97.4 7,833.6 9,174.3 4,978.4 34.9 21.8 1.8 1.8 1.8 8.5 9.1 8.5 14.7 1.2 4.8

MMS MAXIMUS Inc 45.93 90.9 3,116.9 2,997.7 1,451.6 28.6 16.6 2.1 2.1 1.7 12.5 12.8 10.6 26.0 N/M 1.1

QQ. QinetiQ Group plc 3.71 93.6 2,413.6 2,220.1 2,010.7 16.9 18.6 1.1 1.0 1.0 5.9 8.3 8.3 14.3 N/M 39.0

CACI CACI International Inc 75.99 94.1 1,783.1 3,139.6 3,577.6 31.3 9.2 0.9 0.9 0.8 9.5 9.8 8.5 12.4 4.1 1.2

UIS Unisys Corp 30.10 83.5 1,330.1 1,186.6 3,456.5 24.5 7.7 0.3 0.3 0.3 4.5 3.4 3.0 11.6 N/M 0.8

MANT ManTech International Corp 29.51 94.9 1,093.1 1,024.1 2,310.1 13.6 7.4 0.4 0.4 0.5 6.0 6.2 7.4 14.6 N/M 3.0

ICFI ICF International Inc 40.98 92.4 810.3 841.3 949.3 37.7 9.0 0.9 0.9 0.8 9.9 9.7 8.3 20.7 0.4 1.3

KEYW The KEYW Holding Corporation 20.65 89.4 769.4 852.0 298.7 33.3 7.0 2.9 2.8 2.7 40.9 33.6 25.2 N/M 4.0 4.4

EGL Engility Holdings, Inc. 43.85 96.8 760.5 941.8 1,407.4 13.7 9.1 0.7 0.7 0.6 7.3 7.0 7.2 14.9 1.3 3.5

KTOS Kratos Defense & Security Solutions 7.10 77.3 407.4 996.4 950.6 25.2 8.3 1.0 1.0 1.0 12.6 9.7 10.1 N/M 7.5 3.7

NCIT NCI, Inc. 11.30 86.2 146.1 147.1 332.3 12.9 5.9 0.4 0.5 0.5 7.5 7.6 8.5 21.1 0.0 3.6

VSR Versar, Inc. 4.12 72.9 40.0 38.2 113.3 10.2 5.0 0.3 0.3 N/A 6.7 4.5 N/A N/M N/M N/A

Mean 92.0% 24.5% 11.8% 1.1x 1.1x 1.1x 8.7x 9.1x 8.8x 16.6x 1.9x 4.7

Median 93.9% 23.2% 10.5% 1.1x 1.1x 1.1x 8.5x 9.3x 8.5x 15.2x 0.9x 2.2

March 2014


113

Government and Integration Services Companies, continued

Figure 54: Security Systems Integration—Diversified





($ in thousands except s tock price)



Security Systems Integration - Divers ified

S IE S iemens AG $130.07 92.3% $109,832.3 $118,831.3 $75,282.0 27.7% 10.3% 1.6x 1.6x 1.5x 15.4x 13.6x 10.7x 18.6x 1.1x 1.1

UTX United Technologies Corp. 114.23 96.5 104,547.4 121,633.4 62,626.0 28.0 17.8 1.9 1.9 1.9 10.9 11.1 10.1 18.5 1.4 1.4

JC I Johnson Controls Inc. 46.26 88.1 30,718.0 37,553.0 43,216.0 16.0 9.0 0.9 0.9 0.9 9.7 9.4 9.4 16.3 1.7 0.9

TYC Tyco International Ltd. 43.36 98.3 19,960.1 21,096.1 10,694.0 36.7 14.2 2.0 2.0 1.9 13.9 12.9 12.2 22.7 0.7 1.4

SWK S tanley B lack & Decker, Inc. 80.30 86.6 12,505.9 16,413.9 11,001.2 36.0 13.9 1.5 1.5 1.4 10.7 10.4 9.7 16.3 2.5 1.6

TYL Tyler Technologies , Inc. 90.72 84.0 2,987.0 2,908.1 416.6 46.4 18.9 7.0 7.0 6.2 36.9 33.4 27.2 N/M N/M 2.0

DBD Diebold Inc. 40.22 100.0 2,585.7 2,660.1 2,857.5 23.4 7.0 0.9 0.9 0.9 13.4 12.4 11.3 29.5 0.3 2.2

KTOS Kratos Defense & S ecurity S olutions , Inc 7.14 77.8 410.0 999.0 950.6 25.2 8.3 1.1 1.0 1.0 12.6 9.8 10.1 N/M 7.5 3.7

CBR C IBE R , Inc. 4.72 94.6 361.5 317.6 877.3 25.4 2.9 0.4 0.4 0.4 12.3 13.1 6.8 N/M N/M 1.1

Mean 90.7% 29.6% 11.5% 1.2x 1.2x 1.2x 11.9x 11.3x 9.9x 20.7x 2.3x 1.8

Median 91.4% 26.7% 11.4% 1.1x 1.0x 1.0x 12.3x 11.1x 10.1x 18.5x 1.5x 1.5

Glossary of Terms SeSecurityndustry Monitor

March 2014

114


The information contained herein represents a summary of public information. Imperial Capital, LLC neither makes any projections with regard to outcome nor makes any recommendation with respect to investment in or transferability of the securities discussed herein. The information contained herein does not necessarily reflect the independent views of the research department of Imperial Capital, LLC, or any research analyst, which may have contrary views or opinions. This is a collaborative product of Imperial Capital, LLC and may reflect contributions from all departments within the Firm, including the Firm’s corporate finance, institutional research and sales and trading departments. This is not solely a product of the Firm’s institutional research department.

This summary is for information purposes only. Under no circumstances is it to be used or considered as an offer to sell, or a solicitation of an offer to buy any security. While the information contained in this report has been obtained from sources believed to be reliable, we do not represent or guarantee that the summary is accurate or complete, and it should not be relied upon as such. Any references or citations to, or excerpts from, third-party information or data sources (including, but not limited to, Bloomberg, Capital IQ and IBISWorld) do not and are not intended to provide financial or investment advice and are not to be relied upon by anyone as providing financial or investment advice. Based on information available to us, prices and opinions expressed in this report reflect judgments as of the date hereof and are subject to change without notice. The securities covered by or mentioned in this report involve substantial risk and should generally be purchased only by investors able to accept such risk. Any opinions expressed assume that this type of investment is suitable for the investor. While this is in circulation, Imperial Capital, LLC or its affiliates may, from time to time, make or quote a market in or make purchases or sales for their own accounts of securities of the issuers described herein. Imperial Capital, LLC or its affiliates may from time to time perform investment banking or other services for, or solicit investment banking or other business from, any company mentioned in this report, and therefore Imperial Capital, LLC may have a conflict of interest that could affect the objectivity of this monitor report.

© 2014 Imperial Capital, LLC

Important Disclosures

Copyright © 2014 Imperial Capital, LLCMember SIPC | Member FINRA | Registrant of the MSRB w w w . i m p e r i a l c a p i t a l . c o m

Imperial Capital Locations

Los Angeles

2000 Avenue of the Stars Los Angeles, CA 90067

Office: (310) 246-3700

New York

277 Park Avenue New York, NY 10172

Office: (212) 351-9700

London

Imperial Capital (International) LLP 4th Floor, Princes House 38 Jermyn Street London SW1Y6DN

Office: +44 0 207 650 5400

Boston

101 Arch Street Boston, MA 02110

Office: (617) 478-7600

Chicago

200 South Wacker Drive Chicago, IL 60606

Office: (312) 674-4713

Houston

1200 Smith Street Houston, TX 77002

Office: (713) 353-3923

Minneapolis

60 South Sixth Street Minneapolis, MN 55402

Office: (612) 692-6900

San Francisco

One California Street San Francisco, CA 94111

Office: (415) 615-4000

Documents

Security Industry Monitor - Imperial Capital · Imperial Capital is a full-service investment bank o ering a uniquely integrated platform of ... March 2014 Security Industry Monitor