In the spirit of not trying to repeat what everyone else blogs, I'll keep this post on the Sourcefire IPO brief. The must-read post belongs to Mike Rothman -- great work Mike.
I'm excited by this development. I'll probably even buy some Sourcefire stock, just so I can attend the shareholders meeting. I've never owned stock in a friend's company, so this would be novel enough to justify the purchase.
However, in the long term I expect Sourcefire to be acquired anyway. I stand by my ideas that all network security functions will collapse to the switch, something Richard Stiennon called Secure Network Fabric. This means Sourcefire either needs to sell switches that compete with Cisco (unlikely) or be bought by Cisco (possibly) or a Cisco competitor (probably).
Customers are growing increasingly disillusioned with buying more and more point products. If they simply perceive that existing equipment (switches and routers) can be upgraded to implement new security features, they'll pursue that path. Alternatively, they'll include the new functionality in the next switch/router technology refresh. At the most I see a "switch plus one" model, where no more than one stand-alone security device will support the core switch/router infrastructure. Everything that a switch/router cannot perform, security-wise, will be expected of the "firewall," which Marcus Ranum originally defined as a security system and not simply a product.
At some point a majority of hosts will be virtualized, and many network and host security measures will be performed by the hypervisor anyway.