Friday, October 27, 2006

Thoughts on Sourcefire IPO

In the spirit of not trying to repeat what everyone else blogs, I'll keep this post on the Sourcefire IPO brief. The must-read post belongs to Mike Rothman -- great work Mike.

I'm excited by this development. I'll probably even buy some Sourcefire stock, just so I can attend the shareholders meeting. I've never owned stock in a friend's company, so this would be novel enough to justify the purchase.

However, in the long term I expect Sourcefire to be acquired anyway. I stand by my ideas that all network security functions will collapse to the switch, something Richard Stiennon called Secure Network Fabric. This means Sourcefire either needs to sell switches that compete with Cisco (unlikely) or be bought by Cisco (possibly) or a Cisco competitor (probably).

Customers are growing increasingly disillusioned with buying more and more point products. If they simply perceive that existing equipment (switches and routers) can be upgraded to implement new security features, they'll pursue that path. Alternatively, they'll include the new functionality in the next switch/router technology refresh. At the most I see a "switch plus one" model, where no more than one stand-alone security device will support the core switch/router infrastructure. Everything that a switch/router cannot perform, security-wise, will be expected of the "firewall," which Marcus Ranum originally defined as a security system and not simply a product.

At some point a majority of hosts will be virtualized, and many network and host security measures will be performed by the hypervisor anyway.

5 comments:

Chris_B said...

Whereas I agree with you that many security functions will eventually go into the network fabric, I still dont think thats a good thing overall.

If we look at this 2003 data (http://www.securecomputing.com/pdf/METAFirewallMETAspectrum.pdf)
and consider Checkpoint, Cisco & Netscreen as the main enterprise firewall products, what do you want to bet that most secops management of those products ends up in the hands of network teams rather than dedicated secops teams? Consider that the goals of netops and secops are fundamentally opposed; one is concerned with allowing all traffic to flow, the other with denying certain traffic. Creating a "Secure Network Fabric" requires either that the two teams agree on managing one infrastructure, or most likely that the netops team subsumes secops. The second case always results in security being an afterthought at best.

Manohar Singh said...

Business always overcomes technology in every sphere of operation. As much as I personally agree to Chris' argument, the fact remains that the end decisions are made by the business management and not the CIO whose real metrics are TCO oriented.

There may be a few (30 odd %) businesses that truly understand security technology and put money where their mouth is, the rest just follow the bottomline!

Brian said...

Morgan Stanley didn't seem to know anything about the IPO. Could not get a prospectus.

Anonymous said...

They didn't IPO, they filed their S-1 which is a prerequisit to doing an IPO. They still need the SEC to approve the S-1 before they can IPO. Go look at the SEC EDGAR site for the S-1 filing.

Anonymous said...

UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549

FORM S-1
REGISTRATION STATEMENT UNDER THE SECURITIES ACT OF 1933


SOURCEFIRE, INC.
(Exact name of registrant as specified in its charter)

http://www.sec.gov/Archives/edgar/data/1168195/000095013306004558/w24360sv1.htm

We have been sued by a company claiming that we misappropriated its proprietary rights and our defense of these claims is costly, diverts the attention of our management and may be unsuccessful.

On April 20, 2006, a lawsuit was filed against us, Martin F. Roesch, our Chief Technology Officer, Inflection Point Ventures, L.P., one of our stockholders, and certain general partners of Inflection Point Ventures, L.P. by PredatorWatch Inc. (now named NetClarity) in the Superior Court for Suffolk County, Massachusetts. The complaint alleges that the defendants: (i) misappropriated the plaintiff’s trade secrets; (ii) breached an oral agreement of confidentiality; (iii) breached a covenant of good faith and fair dealing owed to the plaintiff; (iv) were unjustly enriched; (v) misrepresented certain material facts to the plaintiff, upon which the plaintiff relied to its detriment; and (vi) engaged in unfair and deceptive acts in violation of Massachusetts state law. The plaintiff has sought to recover amounts to be ascertained and established, as well as double and treble damages and attorney’s fees.

Litigation is subject to inherent uncertainties, especially in cases like this where sophisticated factual issues must be assessed and complex technical issues must be resolved. In addition, these types of cases involve issues of law that are evolving, presenting further uncertainty. Our defense of this litigation, regardless of the merits of the complaint, has been, and will likely continue to be, time consuming, extremely costly and a diversion of time and attention for our technical and management personnel. Through September 30, 2006, we have spent approximately $174,000 in legal fees and expenses on this litigation and expect to incur substantial additional expenses even if we ultimately prevail. In addition, publicity related to this litigation has in the past, and could likely in the future, have a negative impact on sales of our RNA products.

A failure to prevail in the litigation could result in one or more of the following:


• our paying substantial monetary damages, which could be tripled if any misappropriation is found to have been willful, and which may include paying an ongoing significant royalty to PredatorWatch or compensation for lost profits to PredatorWatch;

• our paying substantial punitive damages;

• our having to provide an accounting of all revenue received from selling RNA in its current form;

• the issuance of a preliminary or permanent injunction requiring us to stop selling RNA in its current form;


• our having to redesign RNA, which could be costly and time-consuming and could substantially delay RNA shipments, assuming that a redesign is feasible;

• our having to reimburse PredatorWatch for some or all of its attorneys’ fees and costs, which would be substantial;

• our having to obtain from PredatorWatch a license to use its technology, which might not be available on reasonable terms, if at all; or

• our having to indemnify our customers against any losses they may incur due to the alleged infringement.


Additionally, PredatorWatch has separately notified us that they believe that our RNA technology is covered by claims contained in a pending patent application. This pending patent application has not issued as a patent, but in the event it does issue, PredatorWatch could file an additional complaint to include a patent infringement claim against us.

If we are enjoined from selling RNA in its current form, we may be required to redesign RNA to avoid infringing on the intellectual property rights of others. If we are unable to efficiently redesign commercially acceptable products, our sales will decline substantially. This litigation is at a very early stage, so we cannot predict its course or its costs to us. We do, however, expect to continue to incur significant costs in defending against this litigation and these costs could increase substantially if this litigation approaches or enters a trial phase. It is possible that these costs could substantially exceed our expectations in future periods. For a more detailed description of this litigation, please see “Business — Legal Proceedings.”