Barracuda Tries to Gobble-Up SourceFire

by Mark on June 3, 2008

BarracudaOver the last few years there has been a lot of fanfare around open source companies and their liquidation events. Most of the news has been around Sun’s billion dollar acquisition of MySQL or the Citrix acquisition of Xen and even Yahoo’s acquisition of Zimbra. In contrast there was little attention paid to the SourceFire. Actually if you ask most open source users about SourceFire they would probably answer “SourceWho?” If you ask open source users if they have heard of ClamAV or Snort they probably would be able to tell you that they are the leading open source software for virus protection and intrusion detection respectively. Recently, SourceFire has been in the news a bit lately as Barracuda Networks has made a bid for their open source competitor.

Founded in 2001 SourceFire (NASDAQ: FIRE) went public in May 2007. The IPO gave Sourcefire a market capitalization of $347 million. In October 2005 the Justice Department blocked the sale of SourceFire to Israeli owned Checkpoint Software for $225 million. Now Barracuda Networks is making an offer for SourceFire for $188 million. Sourcefire’s revenue for the first quarter of 2008 was 13.6 million and they lost 29 cents per share. Despite this negative trend I still think SourceFire can turn around their backslide by leveraging some under-utilized assets.

Here’s what stuck me as I started poking around, theoretically a Google search will return the most relevant results for a search. For example when I search for intrusion detection the first two results are Wikipedia entries (both which mention Snort) and number three is the home page. SourceFire doesn’t show up in the first 50 search results for intrusion detection.
intrusion detection - Google Search

What this tells me is that the Snort brand is considerably stronger than the SourceFire brand. In fact as the page says Snort is the de facto standard for intrusion detection/prevention.

I am a strong believer that if you make open source software you lead with your software and follow with your services. What I mean is that you invest in your open source software community, build loyal users, make the software successful then you capitalize in a way that benefits both your users and your company. I don’t see evidence that Sourcefire has done that to greatest degree.

Most open source companies benefit by sharing the goodwill they created with their software by sharing their names (i.e. MySQL, Red Hat in the pre-Fedora days, Zimbra, SugarCRM). I also have seen some companies fail to capitalize on their brand (Remember when Novell renamed SUSE to Novell Linux Desktop, a big flop). I am surprised that SourceFire does so little to capitalize on their strong security brand. For example, why not name the company Snort Networks.

I also like to check out user forums in open source projects as a sign of health of a project. I was surprised that I wasn’t even allowed to read the forums without registering in detail. Even after I registered I was unable to login and received a must have cookies enabled message (My browser was set to accept cookies but that’s not the point.) The barrier to participation was rather high especially for an open source project. On top of that having your content indexed by Google is a huge help in search results. I was shocked that an open source project was so closed to participation.

ClamAV LogoAnother asset is new to the SourceForge Sourcefire family ClamAV. In my opinion the acquisition of ClamAV should have helped them build their brand. ClamAV has been downloaded over 13 million times according to and distributed various other ways for many years. The ClamAV mailing lists show a fairly good volume of email and show the signs of a vital open source community. The thing that was puzzling to me is that ClamAV website is almost devoid of mentions of the SourceFire sponsorship. I don’t think they need to wallpaper the site with the SourceFire logo but surely they should get even some minimum benefit from being a sponsor.

Now why do I focus on the marketing aspect of open source? After taking a look at the SourceFire 2007 Annual report I see some interesting things. According to their financials for last year they had revenue of 42.7 million dollars and sales and marketing costs of 25.8 million. That is 60% of revenue spent adding new customers. In contrast their cost of R&D is 34% of revenue. So controlling costs or at least helping leverage what they are spending should have the biggest impact on their profitability.

As I look at the Barracuda Networks offer, it seems like their play is to take a competitor off the market and convert SourceFire customers to their products. And given what others had been willing to pay for SourceFire in the past they probably would be doing so at a bargain price. I believe that SourceFire needs to take a gutcheck and realize that they have been successful because they simply executed a good software strategy typical of a proprietary software company. They made a good product, they offered a good value, and they had good results. However, there is a lot of competition in enterprise software and I think they have never fully leveraged their open source brand. When times get tough you need to tighten your belt and squeeze out every bit of efficiency. Open source offers a lot of efficiency in distribution, marketing, product management powered by a huge community. Figuring out how to better leverage that community is their best opportunity to reverse their fortunes.

[Disclosure: Michele Perry SourceFire's Chief Marketing Officer is an advisor to my company, Zenoss, though she may not appreciate my commentary on their marketing plan ;) ]

[Barracuda Photo Courtesy of Festeban CC non-commercial license]

Technorati Tags: , , , , , , , ,

{ 2 trackbacks }

451 CAOS Theory » 451 CAOS Links - 2008.06.03
June 3, 2008 at 1:19 pm
5 Reasons Why JBoss Founder Marc Fleury is My Hero | Server Tales - Ungureanu Ioan
June 4, 2008 at 10:10 am

{ 3 comments… read them below or add one }

Tanner Lovelace June 3, 2008 at 10:48 am

I was shocked that an open source project was so closed to participation.

So, hey, how about that OpenID WordPress plugin? Doesn’t that apply to open source blogs as well as projects? :-)

Another asset is new to the SourceForge family ClamAV.

Shouldn’t that be “SourceFire” not “SourceForge”?

Mark June 3, 2008 at 1:46 pm

@Tanner it is shocking to me too. I will work on the OpenID integration. Do you have any suggestions on which WP OpenID plugin to use?

Tanner Lovelace June 4, 2008 at 10:06 am

I’m using the WP-OpenID plugin to allow people to log in to my website.

You can also, btw, use your own website as an OpenID provider (sort of) by delegating it to a different OpenID provider using the WP-Yadis plugin. Basically, that would allow you to use your website as your OpenID url but then it would redirect it to the OpenId provider of your choice (i.e. ClaimID, Livejournal, AOL, etc..) to do the actual authentication.

So, the second plugin is nice for you, but the first one is the one you’re asking about. They’re both pretty straightforward to use, but if you have any questions, shoot me an e-mail.

Previous post:

Next post: