News Stay informed about the latest enterprise technology news and product updates.

Sourcefire hits a rough patch

Bill BrennerLast year, it seemed as though Sourcefire could do no wrong.

The company behind the popular Snort IDS tool had received a mostly positive response from industry experts for its move to go public, and Chief Technology Officer Martin Roesch started talking about acquiring other technologies. The vendor got more positive reviews when it announced it was acquiring ClamAV.

But yesterday brought word that Sourcefire’s recent path wasn’t producing the expected financial results. The company announced that E. Wayne Jackson, the vendor’s CEO and chairman, was stepping down. Security Blog Log

News of Jackson’s sudden departure came Wednesday, the same day the company announced a net loss of $6.5 million for fiscal 2007.

In a conference call with investors Wednesday, Jackson said he was proud of having taken Sourcefire from its beginnings as a small start-up to its current status as a large, public company. “Having successfully completed this important phase of Sourcefire’s history as well as its IPO, I indicated to the board that now is the appropriate time to transition to new leadership that will take the company to the next level as I take on new opportunities and challenges. I look forward to continuing to work with my colleagues at Sourcefire to ensure a smooth transition,” he said.

In addition to the 2007 loss, Sourcefire said it expects to post a larger loss in the first quarter of 2008 than analysts had been expecting.

As expected, the news has generated some buzz in the blogosphere.

StillSecure Chief Strategy Officer Alan Shimel wrote in his blog that Jackson has done a great job of taking Sourcefire from a good open source project to a public company. As much as Roesch is the lightening bolt and thought leader over there, he wrote, Jackson brought a steady hand and sense of maturity to the company.

“With a new CEO search underway, I would imagine they are going to look for someone with public company CEO experience to help guide Sourcefire through a rocky market and make up for a history of missing street expectations,” Shimel wrote. Of Sourcefire’s losses, he said, “Tough luck for a company that actually is executing. I think it has more to do with setting the right expectations with the street than it does with the companies market share and such.”

Mike Rothman, president and principal analyst of Security Incite, wrote in his blog that after missing the first two quarters since being public and just eeking out greatly reduced expectations since then, one must wonder if Jackson was “tossed out of the car at a high rate of speed.”

Ultimately, he wrote, there needs to be a reassessment of the entire IPS market to determine “if there is any there there.”

“Rumors abound of another dedicated IPS company getting out of the hardware business and with TippingPoint being spun out at some point from 3Com, you have to wonder whether any of these dogs will hunt over the mid-term. The answer is a resounding no,” he wrote. “Mr. Market is speaking and stand-alone is not on the menu. They all seem to want combination platters, which is yet another sign of the maturity of the network security business.”

Rothman makes a good point. A lot of the market consolidation we’ve seen in the last couple years is a result of consumers demanding those combination platters, especially when security is being baked into the larger IT infrastructure products.

The latest Sourcefire news may indeed be another sign that standalone security vendors are in danger of going the way of the dinosaur, but I wouldn’t count this company out just yet.

Sourcefire produces technology many big operations have come to rely on, including the U.S. Defense Department. Remember, the national security implications of Snort going under new ownership derailed plans for Sourcefire to be acquired by Check Point Software Technologies Inc.

Snort fans want this company to stay independent. Hopefully, the vendor will navigate its way out of this latest rough patch.

About Security Blog Log: Senior News Writer Bill Brenner peruses security blogs each day to see what’s got the information security community buzzing. In this column he lists the weekly highlights. If you’d like to comment on the column or bring new security blogs to his attention, contact him at

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.