Over the last few years there has been a lot of fanfare around open source companies and their liquidation events. Most of the news has been around Sun’s billion dollar acquisition of MySQL or the Citrix acquisition of Xen and even Yahoo’s acquisition of Zimbra. In contrast there was little attention paid to the SourceFire. Actually if you ask most open source users about SourceFire they would probably answer “SourceWho?” If you ask open source users if they have heard of ClamAV or Snort they probably would be able to tell you that they are the leading open source software for virus protection and intrusion detection respectively. Recently, SourceFire has been in the news a bit lately as Barracuda Networks has made a bid for their open source competitor.
Founded in 2001 SourceFire (NASDAQ: FIRE) went public in May 2007. The IPO gave Sourcefire a market capitalization of $347 million. In October 2005 the Justice Department blocked the sale of SourceFire to Israeli owned Checkpoint Software for $225 million. Now Barracuda Networks is making an offer for SourceFire for $188 million. Sourcefire’s revenue for the first quarter of 2008 was 13.6 million and they lost 29 cents per share. Despite this negative trend I still think SourceFire can turn around their backslide by leveraging some under-utilized assets.
Here’s what stuck me as I started poking around, theoretically a Google search will return the most relevant results for a search. For example when I search for intrusion detection the first two results are Wikipedia entries (both which mention Snort) and number three is the Snort.org home page. SourceFire doesn’t show up in the first 50 search results for intrusion detection.
What this tells me is that the Snort brand is considerably stronger than the SourceFire brand. In fact as the page says Snort is the de facto standard for intrusion detection/prevention.
I am a strong believer that if you make open source software you lead with your software and follow with your services. What I mean is that you invest in your open source software community, build loyal users, make the software successful then you capitalize in a way that benefits both your users and your company. I don’t see evidence that Sourcefire has done that to greatest degree.
Most open source companies benefit by sharing the goodwill they created with their software by sharing their names (i.e. MySQL, Red Hat in the pre-Fedora days, Zimbra, SugarCRM). I also have seen some companies fail to capitalize on their brand (Remember when Novell renamed SUSE to Novell Linux Desktop, a big flop). I am surprised that SourceFire does so little to capitalize on their strong security brand. For example, why not name the company Snort Networks.
I also like to check out user forums in open source projects as a sign of health of a project. I was surprised that I wasn’t even allowed to read the forums without registering in detail. Even after I registered I was unable to login and received a must have cookies enabled message (My browser was set to accept cookies but that’s not the point.) The barrier to participation was rather high especially for an open source project. On top of that having your content indexed by Google is a huge help in search results. I was shocked that an open source project was so closed to participation.
Another asset is new to the SourceForge Sourcefire family ClamAV. In my opinion the acquisition of ClamAV should have helped them build their brand. ClamAV has been downloaded over 13 million times according to SourceForge.net and distributed various other ways for many years. The ClamAV mailing lists show a fairly good volume of email and show the signs of a vital open source community. The thing that was puzzling to me is that ClamAV website is almost devoid of mentions of the SourceFire sponsorship. I don’t think they need to wallpaper the site with the SourceFire logo but surely they should get even some minimum benefit from being a sponsor.
Now why do I focus on the marketing aspect of open source? After taking a look at the SourceFire 2007 Annual report I see some interesting things. According to their financials for last year they had revenue of 42.7 million dollars and sales and marketing costs of 25.8 million. That is 60% of revenue spent adding new customers. In contrast their cost of R&D is 34% of revenue. So controlling costs or at least helping leverage what they are spending should have the biggest impact on their profitability.
As I look at the Barracuda Networks offer, it seems like their play is to take a competitor off the market and convert SourceFire customers to their products. And given what others had been willing to pay for SourceFire in the past they probably would be doing so at a bargain price. I believe that SourceFire needs to take a gutcheck and realize that they have been successful because they simply executed a good software strategy typical of a proprietary software company. They made a good product, they offered a good value, and they had good results. However, there is a lot of competition in enterprise software and I think they have never fully leveraged their open source brand. When times get tough you need to tighten your belt and squeeze out every bit of efficiency. Open source offers a lot of efficiency in distribution, marketing, product management powered by a huge community. Figuring out how to better leverage that community is their best opportunity to reverse their fortunes.
[Disclosure: Michele Perry SourceFire’s Chief Marketing Officer is an advisor to my company, Zenoss, though she may not appreciate my commentary on their marketing plan ]
[Barracuda Photo Courtesy of Festeban CC non-commercial license http://www.flickr.com/photos/festeban/9777900/]