Ivanti Software: A Compromised Platform

Welcome to the 190th Pari Passu newsletter.

Today, we are covering one of the most discussed restructuring and private equity deals. Ivanti Software is the product of a decade-long roll-up executed across four private equity sponsors and more than a dozen acquisitions. What began as LANDESK, a desktop management software business spun out of Intel in the early 2000s, was eventually acquired by Clearlake Capital and assembled into a sprawling enterprise IT platform. By 2021, the business had finished a period of rapid inorganic growth. However, as the platform expanded, so did the complexity of maintaining product quality, and the consequences began to emerge shortly after. 

In April 2025, Ivanti executed a comprehensive liability management transaction with unanimous lender support, raising $350mm of new super-senior money and extending all current facilities. What makes this transaction interesting is what it was not. In a market where aggressive LMEs have become the norm, and where Clearlake in particular has earned a reputation for extracting value from creditors, Ivanti represents a notable exception. 

In today's writeup, we will start by walking through Ivanti's three core product segments and why the company occupies a particular niche in the enterprise IT market. From there, we will cover its corporate history, including Thoma Bravo’s original acquisition, Clearlake's roll-up, TA's 2020 investment, and Charlesbank's 2021 entry. We will then trace the path to distress, which combines excessive leverage, a familiar SaaS transition, and catastrophic cybersecurity failures. Lastly, we will break down the April 2025 LME, analyze the negotiating dynamics at play, and discuss what lies ahead for Ivanti.

Every organization with more than a handful of employees faces the same IT problems: someone has to manage all the devices, keep the software updated, handle the help desk tickets, and make sure none of it gets hacked. For a small business, one IT manager with a spreadsheet might handle all these tasks. However, a Fortune 500 company with tens of thousands of laptops, phones, and servers spread across dozens of countries requires an entire enterprise software platform, which is what Ivanti provides. 

Ivanti is an enterprise software company headquartered in South Jordan, Utah. It provides a cloud-based IT platform spanning three business segments: IT Service Management, Unified Endpoint Management, and cybersecurity. The company serves over 34,000 customers globally, including 85 of the Fortune 100, with a particularly deep footprint in the US federal government. Roughly 90% of Ivanti's revenue is recurring, split between traditional maintenance contracts and a growing share of subscription and SaaS fees. To understand how Ivanti's business works and why it eventually ran into trouble, we need to walk through each of its three segments.

IT Service Management (ITSM):

If you’re a working professional or student and have ever submitted an IT help request ticket, you’ll understand ITSM.  ITSM is the operational backbone of a corporate IT department. When an employee's laptop crashes, when someone needs access to a new software application, or when a server goes down at 2 AM, the ITSM platform is what routes, tracks, and resolves those issues. Think of it as the operating system for the IT help desk, except that modern ITSM platforms do far more than just manage tickets. Ivanti’s programs also help automate routine workflows (like provisioning a new employee's accounts on day one), enforce approval chains for sensitive requests, and provide dashboards that help IT leaders understand where their resources are going.

Ivanti's ITSM offering is anchored by its Neurons platform, a cloud-native system that the company has been investing in as the successor to its legacy on-premise products, including the Cherwell ITSM software it acquired in 2021. In early 2026, Ivanti introduced what it calls "Agentic AI" capabilities within Neurons, essentially AI-powered bots that can autonomously resolve straightforward service desk requests using natural language processing without human intervention. The goal is to automate the highest-volume, lowest-complexity tickets that consume a disproportionate share of IT staff time [1].

The ITSM market is large and growing. The global cloud ITSM market is projected to roughly double from around $11 billion in 2025 to over $23 billion by 2031. However, it is also fiercely competitive. ServiceNow dominates the high end of the market with approximately 40% share, offering a comprehensive platform that large enterprises treat as a system of record for IT operations. Ivanti competes more effectively in the mid-market and among organizations with complex legacy environments that need a migration path to the cloud, rather than a greenfield deployment [1].

Unified Endpoint Management (UEM):

If ITSM is about managing the IT department's workflow, UEM is about managing the devices themselves. Every laptop, smartphone, tablet, and server in a corporate environment needs to be configured, monitored, patched, and secured. UEM software provides a single console from which an IT team can see every device on the network, push software updates, enforce security policies, and remotely wipe a stolen phone. 

This matters more than it used to. The shift to remote and hybrid work after the pandemic dramatically expanded the number and variety of devices connecting to corporate networks, many of them personal devices operating outside the traditional office firewall. Ivanti's UEM platform, now branded as Autonomous Endpoint Management (AEM), is designed to handle this complexity at scale. The system uses AI to proactively detect and fix endpoint vulnerabilities before they cause problems, deploying patches in staged rollouts that prioritize the highest-risk devices first [1].

Ivanti also maintains a specialized supply chain and warehouse division through its Wavelink business unit, which provides mobile device management tools and voice-enabled picking software for industrial environments. While a smaller part of the overall business, this vertical illustrates how deeply Ivanti's endpoint management technology can embed itself in a customer's operations, from the office laptop all the way to the warehouse scanner [1].

Cybersecurity: Connect Secure and Network Access:

The third pillar, which will become important to Ivanti’s story of distress, is the company’s cybersecurity business, centered around its Connect Secure VPN product. A Virtual Private Network, or VPN, creates an encrypted tunnel between a user's device and a corporate network, allowing employees to securely access internal systems from outside the office. For decades, VPNs were the standard way that organizations enabled remote access, and Connect Secure became something of an industry standard across the US government and corporate America. At its peak, the product's customer base included the US Air Force, Army, Navy, Department of State, the Federal Aviation Administration, the Federal Reserve, NASA, and thousands of private-sector organizations, including Wells Fargo and Deutsche Bank [2].

Ivanti inherited Connect Secure through its 2020 acquisition of Pulse Secure, a California-based VPN maker that Ivanti purchased from Siris Capital, a private equity firm. Pulse Secure's roots trace back even further to Juniper Networks, which had bundled its VPN software alongside its widely deployed networking hardware, helping the product become widespread in government applications [2]. 

However, at this time, the VPN market was already undergoing a major shift. Newer "zero-trust network access" technologies from companies like Zscaler and Palo Alto Networks were gaining traction, offering a fundamentally different security architecture. While traditional VPNs give authenticated users broad access to an entire network (meaning a single compromised account can expose everything), zero-trust systems grant access only to specific applications and data on a per-request basis, dramatically limiting the blast radius of a breach. Legacy VPN software like Connect Secure, often built on aging codebases, was increasingly viewed as a riskier approach to network security [2]. We will return to this dynamic in detail when we cover Ivanti's path to distress.

Across all three pillars, Ivanti occupies a particular niche. It is not the market leader in any single category, but it offers a breadth of coverage that few competitors match. ServiceNow is far larger in ITSM, Microsoft and CrowdStrike have stronger UEM offerings, and Zscaler and Palo Alto dominate the next-generation network access market. Instead, Ivanti's value proposition is the integration across these domains, offering a single platform that can manage the help desk, devices, and security simultaneously, particularly for mid-market and government customers with complex legacy environments who need a vendor that can bridge old and new infrastructure [1].

This integration, combined with high switching costs for deeply embedded enterprise customers, has resulted in a customer base that has historically been slow to churn. However, it also means that Ivanti's competitive moat depends heavily on continued product investment, because the integrated platform is only valuable if each component remains credible relative to best-of-breed alternatives. When investment in product quality falters, as we will see, this value proposition comes under pressure.

Ivanti's corporate history is a story of inorganic growth. The company we know today did not grow organically from a single product or founding vision. Instead, it was assembled over a decade of private equity roll-up acquisitions designed to create scale in the fragmented IT management software market. Understanding the ownership chain matters because each layer of the roll-up added complexity, integration risk, and most importantly, debt. 

The roots trace back to 1985, when LAN Systems was founded to build tools for managing early corporate computer networks. Intel acquired the company in 1991 and folded it into what became the LANDESK division, which pioneered the desktop management software category in the early 1990s. LANDESK was spun out as a standalone company in 2002, then acquired by Avocent, another IT infrastructure company, for $416mm in 2006. Private equity entered the picture in 2010, when Thoma Bravo bought LANDESK and ran it as a platform for consolidation in the IT management space [3].

Separately, Clearlake Capital was building its own IT software platform. In August 2014, Clearlake acquired Lumension, an endpoint security and patch management vendor based in Scottsdale, Arizona. Six months later, in February 2015, Clearlake bought FrontRange Solutions, a service management software provider, and merged the two companies to form HEAT Software. The combined entity had more than 450 employees and was Clearlake's first move in what would become a multi-year roll-up [4].

In January 2017, Clearlake acquired LANDESK from Thoma Bravo for a reported $1.1bn, immediately merged it with HEAT Software, and rebranded the combined entity as Ivanti. The new company had over 1,600 employees across 23 countries and more than 22,000 customers. The merger valued the combined entity at an estimated $1.44bn, or 8x pro forma EBITDA of $180mm [5]. 

Ivanti quickly continued to add capabilities through a series of bolt-on acquisitions, including Concorde Solutions (software asset management) and RES Software (workspace automation) in 2017 [6], [7]. These were the ninth and tenth acquisitions in five years across the predecessor entities, and they illustrated the roll-up thesis: buy specialized IT management tools, integrate them under a single platform umbrella, and cross-sell into the combined customer base. While this strategy is conceptually straightforward, executing it at scale can prove far more complex in practice.

In 2019, two years after the LANDESK acquisition, Clearlake ran a formal sale process for Ivanti through UBS Group, attracting first-round bids from Thoma Bravo, Golden Gate Capital, Veritas Capital, and TA Associates. Ultimately, the process did not produce a sale, as prospective buyers were reportedly less enthusiastic about the asset, including its existing management team [8].

Following the failed sale process, TA Associates entered the picture, making a strategic growth investment in Ivanti in August 2020, valuing the company at approximately $2bn, or roughly 10x LTM EBITDA of approximately $200mm. As part of the deal, both Clearlake and TA became equal shareholders with shared governance. TA saw the opportunity to grow Ivanti from roughly $450mm in revenue to $1.5bn over five years through further acquisitions, and brought in Jim Schaper as Chairman and CEO. Schaper was a well-known figure in enterprise software, having co-founded and led Infor, a company he scaled from $40mm to over $2bn in revenue before selling it to Koch Industries for $13bn in 2020 [8].

Shortly after the TA investment, Clearlake closed on a single-asset secondaries deal, one of the most in-demand of its kind in 2020. The transaction, facilitated by Evercore and Credit Suisse, allowed Clearlake to move Ivanti from its older funds (Funds II, III, and IV) into a new continuation vehicle with a five-year term and two one-year extensions. LPs in the older funds could either cash out or roll their exposure into the continuation fund. The deal was led by Goldman Sachs, Intermediate Capital Group, and Landmark Partners, with Blackstone and AlpInvest also participating. The total deal value reached approximately $1.25 billion [9]. Fascinatingly, subsequent disclosures listed Ivanti among realized investments with a gross MOIC of more than 3x, meaning Clearlake crystallized a highly attractive return for its earlier vintage fund investors through the continuation deal [17]. This will become important context as we move forward. 

With TA's capital and Schaper behind the wheel, Ivanti embarked on its most ambitious acquisition spree yet. In September 2020, the company announced two simultaneous deals: the purchase of MobileIron, a publicly traded mobile device management company, for $872mm in cash (a 27% premium to the unaffected stock price), and the acquisition of Pulse Secure from Siris Capital for an undisclosed sum that was later reported as over $500mm [10], [2]. Both deals closed on December 1, 2020. To finance the acquisitions and refinance Ivanti's existing debt, the company raised a $1.8bn first lien term loan, a $545mm second lien term loan, and a $175mm revolving credit facility. The first lien maturities were set at December 2027 and the second lien at December 2028, with the revolver expiring in December 2025.

The Pulse Secure acquisition deserves particular attention. Pulse Secure manufactured virtual private network (VPN) software that had become an industry standard across the US government and major corporations. The product's lineage ran through Juniper Networks, which had built a massive customer base by bundling its VPN software with widely deployed networking hardware. When activist investors pushed Juniper to divest the VPN business in 2014, Siris Capital acquired it for $250mm. Under Siris, the product's security engineering team remained small relative to the overall engineering staff. Pulse Secure's sales had doubled to roughly $300mm in 2020, driven by the pandemic-era surge in remote work demand, making the timing look ideal for a sale [2].

However, warning signs existed before the ink dried. Ivanti's own chief security officer at the time assessed Pulse Secure prior to closing and flagged that Microsoft and US government agencies had previously issued warnings about Chinese hackers targeting Pulse VPN products. He believed it was likely that undetected security issues existed in the codebase, but the deal proceeded anyway [2].

Ivanti continued its bolt-on strategy into 2021, acquiring Cherwell Software (ITSM) in January and RiskSense (vulnerability management) in August to further deepen its ITSM and security offerings [1]. To finance the purchases, Ivanti returned to market in February 2021 with a $465mm non-fungible incremental 1L term loan, bringing total first lien term loan debt to approximately $2.2bn.

In March 2021, Charlesbank Capital Partners joined as a third equity co-investor alongside Clearlake and TA Associates, pushing Ivanti's implied valuation to approximately $4bn, or an estimated 15x LTM EBITDA of $266mm. This represented an approximate doubling of Ivanti’s valuation in less than 12 months. The result was a layered ownership structure made up of three private equity sponsors and a continuation fund full of secondary investors supporting a platform stitched together through more than a dozen acquisitions in under seven years.

By the end of 2021, Ivanti had roughly $2.8bn of debt on its balance sheet, over 50,000 customers, and a product portfolio spanning ITSM, UEM, and cybersecurity. Clearlake and its co-investors had built a diversified IT platform at scale, with a massive recurring revenue base and plenty of runway before the nearest debt maturities. By the time Charlesbank joined in March 2021, Ivanti was generating approximately $266mm of EBITDA on a run-rate basis, up from roughly $190mm at the time of the 2017 HEAT/LANDESK merger. Sponsor-adjusted figures, including projected synergies, ran higher, in the $400mm range. The gap between reported and adjusted EBITDA is typical in software LBOs, where aggressive add-backs are standard. It is also a gap that matters enormously when a business underperforms, because leverage ratios computed against adjusted EBITDA can look comfortable even when leverage against actual EBITDA is already stretched.