The security exit of choice these days has been acquisition. Take Sybari: the antivirus company sold out to Microsoft in January for an undisclosed amount. Sybari filed its S-1 to go public in mid-May of 2004, but never made it. In December 2004, TippingPoint, an intrusion-prevention company, signed up with 3Com for $430 million. Even if a company manages to go public, it doesn’t take long for a larger one to claim it. Netscreen had a wildly successful IPO in December 2001, raising $160 million with a valuation of $1.14 billion. By the end of the day, the public markets ran that up to $1.7 billion. But little more than two years later, Juniper stepped in and bought it out for $4 billion in stock, more than a 50 percent premium. Now, Netscreen co-founder Ken Xie is going for it again, with Fortinet. After raising $93 million in five rounds of venture capital, it looks like the company is ready to dip into the public markets with an IPO.

“Fortinet is going to be an amazing public company. I call it Netscreen on steroids,” says Alan Weinfeld of investment bank and frequent IPO underwriter Kaufman Brothers.

Founded in 2000, Fortinet makes network appliances for one-stop security shopping. The company, based in Sunnyvale, California, provides antivirus, anti-spam, content filtering, intrusion-detection and prevention, firewall, and virtual private network features. All this on one box that plugs into the network.

Appliances will play an important role in the future of security, says analyst firm IDC, which predicts that by 2007, 80 percent of all security solutions will be delivered via a dedicated appliance. And companies that can put several solutions on the same appliance should be sitting pretty. “The integrated solution market is where many enterprises need to be,” says Spire Security analyst Pete Lindstrom. “In the mid-market, people don’t have money to burn.”

A big part of Fortinet’s success has come from targeting cash-strapped small- and mid-sized businesses (SMBs) that need security, but don’t have the resources to install precautions themselves. “Security is still do-it-yourself rather than call the telephone company and come and have it installed,” says Mr. Xie.

Small Size, WideRange

Keeping it simple and inexpensive drove Fortinet’s sales to $56 million in 2004, up from $22 million in 2003. Research firm Gartner estimates that across the globe SMBs will spend $400 billion each year on IT.

Mr. Xie has poured much of his company’s early-stage funding from investors such as DEFTA Partners into developing a faster way of handling antivirus. Fortinet has built a programmable application specific integrated circuit, or ASIC, to accelerate the often-repetitive process of scanning for viruses. Fortinet hopes this distinction will make its products more attractive to companies that covet speed, like telecommunications carriers and ISPs.

Competitor ServGate of Milpitas, California, has taken a different approach. Founded in 1999, the firm outsourced the guts of its antivirus functionality to McAfee. The licensing partnership gives ServGate the advantage of McAfee’s rapid virus definition update program. It takes Fortinet hours to program its ASIC to accept a new virus definition, but ServGate’s protection can be updated in minutes through its agreement with McAfee. Although the company gives up a chunk of its revenue to pay for its licensing, ServGate has not had the high upfront costs associated with building an ASIC.

Despite large, upfront capital outlays to build a faster antivirus engine, Fortinet seems to be gaining market traction. IDC estimates that in the first half of 2004, Fortinet accounted for 22.6 percent of the market for what it calls “unified threat management,” or an effective all-you-can eat security device. ServGate reigns in 8.4 percent of the market and Juniper and Symantec combine for more than a third of the total.

Mr. Xie expects his company to turn a profit at some point this year, which will help it take a step closer to going public. “They’re going to be profit able when they go public,” says Mr. Weinfeld of Kaufman Brothers, who believes Fortinet could price its offering at least at four to five times its revenue. “It’s going to be a pretty strong offering and a pretty strong company afterwards,” says Mr. Weinfeld. “It’s going to be one of the fastest-growing companies in all of security.”

If Fortinet’s rapid growth continues, it could take in over $100 million this year, which would put its valuation at or around half a billion dollars. When the company raised its $50-million mezzanine round, it reported a $350-million post-money valuation. But the security market has been hot.

Gene Munster of investment banking firm Piper Jaffray estimates that Sybari’s potential IPO was as much as six times oversubscribed. But even in the face of so much investor interest, Microsoft swooped in and made Sybari an offer it couldn’t refuse.

“There’s an appetite for security IPOs from the buy side,” says Mr. Munster. “If Sybari’s able to be oversubscribed by six times, then Fortinet can go public.”

But Fortinet, for all its IPO potential, could go the way of Sybari. Cisco might be an obvious acquirer. CEO John Chambers committed the company to improving security at the annual RSA Security conference in February and has been putting his money where his mouth is. Cisco spent $65 million to buy Protego Networks in December 2004 to get a foothold in the security appliance space and $154 million in January 2003 for Okena, which makes endpoint security software.

Of course, with Fortinet’s 27 products, it could be a quick way for another networking company to make up ground in a hurry. As telecom companies work to incorporate intellectual property into their offerings, Fortinet could provide a much-needed piece of the puzzle to companies such as Nortel, Lucent, and Alcatel.

Now is the time to do an IPO in the security market. After all, consumers don’t want security products, but products that are secure.