Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Sourcefire Fires Up for IPO

Open-source specialist will finally end the drought of security IPOs

Open-source security specialist Sourcefire is set to go public tomorrow and is expected to raise over $75 million.

A source with knowledge of the deal says that Sourcefire will IPO on Friday priced at $13 per share. According to a recent SEC filing, Sourcefire will trade under the symbol "FIRE", offering 5,770,000 shares priced at between $12 and $14.

At least one Wall Street analyst thinks the vendor is likely to top these figures in trading tomorrow. "I would not be surprised if it were higher than $13 per share," says John Fitzgibbon of IPO Scoop. "I have heard that it is over-subscribed."

Sourcefire is the latest in a string of technology firms to go public in recent months, although most of these have been in the storage space. (See Opnext IPO Has Lots of Bandwidth, Mellanox Exceeds IPO Hopes, VMware to Spin Out, and The Slings & Arrows of IPOs.)

Security sector IPOs are much less common, but Sourcefire has been eyeing a public offering since the fourth quarter of last year. (See Sourcefire Shapes Up for IPO.) Last year there was speculation that the vendor's legal battle with NetClarity could stall its IPO plans, although a flurry of S-1 filings this week proves that the public offering is well on track. (See A Public Snort and Sourcefire Lawsuit: An IPO Distraction?)

Sourcefire's flagship technology is its Snort Intrusion Detection system, which was at the heart of both the NetClarity dispute and a headline-grabbing acquisition attempt by Israeli vendor Check Point in 2005. (See Check Point Snaps Up Sourcefire and Check Point Buys Sourcefire.) Check Point eventually backed out of the deal amidst concerns in the U.S. about Snort's importance to the American defense and intelligence communities. (See Check Point, Sourcefire Team and US Checks Check Point.)

At least one analyst told Dark Reading that this experience may have led the firm to its IPO. "It just dragged on so long, maybe it left such a bad taste in their mouth," says Andrew Braunberg, senior analyst at Current Analysis. "There's no doubt that they could have found someone else to buy them."

Sourcefire clearly has close ties with the U.S. Government. Former U.S. Air Force Inspector General Steven Polk joined the Sourcefire board last September, and the firm's S-1 says the 30 largest U.S. government agencies are using Snort to monitor network traffic.

IDS and IPS systems, such as Snort, have been dismissed by some security experts as obsolete in today's constantly evolving threat landscape, although Sourcefire has gained plenty of customer traction during recent months. (See IDS/IPS: Too Many Holes?) The vendor, which claims deployments at more than a quarter of the Fortune 100, increased its annual revenues from $32.9 million in 2005 to $44.9 million in 2006.

Other security vendors will also be watching the progress of the Sourcefire IPO closely to see whether a public offering is now a valid exit strategy for similarly sized firms. Recent years have seen a slew of security M&A activity, as vendors like Cisco snap up specialist players, but S-1s have been relatively few and far between. (See Cisco: Net Net on Security, Cisco's Web Security Play, Cisco Buys IronPort , and Cisco Buys WLAN Security Smarts.)

With big-name vendors looking to build more and more security features into their technology, it is hardly surprising that startups have opted against IPOs, says Braunberg: "Being acquired has been a much better exit strategy for these companies, given the way that the market is consolidating."

The last couple of weeks have roiled Wall Street, as fears of an economic slowdown in China caused stocks to plummet across the world. (See Chinese Shockwaves.) That said, the Dow's recent confused state is unlikely to cause problems for Sourcefire, according to IPO Scoop analyst Fitzgibbon. Recent events were "a speed bump on the superhighway, that's all," he says. "There were days when the Dow Jones lost over 600 points in a single day."

Morgan Stanley is the lead underwriter for the Sourcefire IPO with Lehman Brothers, UBS Investment Bank, and Jeffries & Company also participating.

— James Rogers, Senior Editor Byte and Switch

  • Check Point Software Technologies Ltd. (Nasdaq: CHKP)
  • Current Analysis
  • Cisco Systems Inc. (Nasdaq: CSCO)
  • CommVault Systems Inc.
  • Isilon Systems Inc. (Nasdaq: ISLN)
  • Jefferies & Company Inc.
  • Lehman Brothers
  • Riverbed Technology Inc. (Nasdaq: RVBD)
  • Securities and Exchange Commission (SEC)
  • Sourcefire Inc. (Nasdaq: FIRE)
  • UBS Investment Bank


    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 7/6/2020
    Ripple20 Threatens Increasingly Connected Medical Devices
    Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
    DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
    Dark Reading Staff 6/30/2020
    Register for Dark Reading Newsletters
    White Papers
    Current Issue
    How Cybersecurity Incident Response Programs Work (and Why Some Don't)
    This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
    Flash Poll
    The Threat from the Internetand What Your Organization Can Do About It
    The Threat from the Internetand What Your Organization Can Do About It
    This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2020-07-06
    The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 mishandles memory allocation failures, which allows an attacker to cause a denial of service via a malformed crash file.
    PUBLISHED: 2020-07-06
    PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free in the PlayerGeneric destructor.
    PUBLISHED: 2020-07-06
    It's possible to inject JavaScript code via the html method.
    PUBLISHED: 2020-07-06
    It's possible to use <<script>script> in order to go over the filtering regex.
    PUBLISHED: 2020-07-06
    An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns (aka XML namespace) attribute of a HEAD element when an SVG element exists.