Can Sourcefire monetize Snort?

Network intrusion detection company Sourcefire faces a number of challenges but one of its biggest may be making a buck from an open source security project dubbed Snort.

Sourcefire is expected to launch an initial public offering this week with shares priced between $12 and $14. The IPO will give a good indicator of demand for security companies. Sourcefire is the first pure play security company to go public since 2002. The company, which makes a family of network security products designed to discover threats in real-time, is offering nearly 5.8 million shares.

In fact, Snort, which in February had a security flaw, is mentioned as one of Sourcefire's competitive advantages right behind a real-time approach to network security and network intelligence.

"The Snort user community, with over 100,000 registered users and over 3 million downloads to date, has enabled us to establish a market footprint unlike any other in the industry. We believe the Snort open source community provides us with significant benefits, including a broad threat awareness network, significant research and development leverage, and a large pool of security experts that are skilled in the use of our technology. We believe that Snort’s broad acceptance makes us one of the most trusted sources of intrusion prevention and related security solutions."

That statement shouldn't be too surprising coming from Sourcefire. The company's founder and CTO Martin Roesch invented Snort. The challenge for Sourcefire is trying to find a way to make a buck from Snort. Here's the plan:

"We seek to monetize the Snort installed base by targeting enterprises that implement Snort but have not yet purchased any of the components of our Sourcefire 3D security solution. We will continue to target large enterprises and government agencies that require advanced security technology and high levels of network availability and performance in sectors including finance, technology, healthcare, manufacturing and defense."

So far Sourcefire hasn't turned Snort into profits. For 2006, the company had a net loss of $4.7 million on revenue of $44.9 million. Sourcefire's accumulated deficit is $38.9 million.

The big question is whether Sourcefire can leverage Snort and its products against much larger competitors including Cisco, Symantec, McAfee and IBM. Sourcefire acknowledges the potential problem:

"One of the characteristics of open source software is that anyone can offer new software products for free under an open source licensing model in order to gain rapid and widespread market acceptance. Such competition can develop without the degree of overhead and lead time required by traditional technology companies. It is possible for new competitors with greater resources than ours to develop their own open source security solutions, potentially reducing the demand for our solutions."

Reading between the lines of the Sourcefire IPO the goal seems to be to get enough capital to compete a bit and ultimately be acquired. In fact, Israel-based Check Point Software tried to acquire Sourcefire, but the U.S. government shot the deal down due to foreign ownership.

Among other challenges facing Sourcefire:

IBM is a reseller of Sourcefire's software. Why is that important? Big Blue recently bought Sourcefire rival Internet Security Systems. Sourcefire says in its IPO filing that IBM has said the purchase of ISS won't affect their reseller deal. If it does, Sourcefire will lose revenue.

Government customers are falling as a percentage of revenue since the failed Check Point acquisition attempt. For the year ended Dec. 31, 2004, Sourcefire got 17 percent of its total revenue from federal and state government agencies. For 2006, that percentage was 11 percent. "We lost many government agency customers when a foreign company tried unsuccessfully to acquire us in late 2005 and early 2006. Since then, we have been attempting to regain government customers," said Sourcefire.