We are a leading provider of intelligent cybersecurity solutions for information technology, or IT, environments of commercial enterprises, including healthcare, financial services, manufacturing, energy, education, retail and telecommunications companies, and federal, state and local government organizations worldwide. Our solutions are comprised of multiple hardware and software product and service offerings, enabling a comprehensive, intelligent approach to network security. Our security solutions provide customers with an efficient and effective network security defense of assets and applications before, during and after an attack.
Since our founding in 2001, we have garnered a reputation in the network security industry of being a staunch advocate for open source solutions. Over the years, this has developed into a key competitive distinction for Sourcefire as we now manage two of the security industry’s leading open source initiatives, Snort® and ClamAV®. First published in 1998 by Sourcefire founder and Chief Technology Officer, Martin Roesch, open source Snort has rapidly become the de facto standard for intrusion detection and prevention. With over 270,000 registered users, an increase of more than 20% in 2009, nearly 4 million downloads, and embraced by more than 100 network security providers, more organizations use Snort than any other intrusion prevention system, or IPS, engine in the world. Because of its wide availability, Snort is also the standard intrusion technology used in colleges and universities worldwide to teach network security.
Sourcefire embraces open source security as a foundation, but extends that foundation by adding enterprise-class features, manageability, scalability, and performance. Many Sourcefire customers, for example, start out using open source Snort, but upgrade to Sourcefire’s commercial offerings to gain more efficient and effective network security capabilities. By incorporating open source security as a foundation in Sourcefire’s commercial product offerings, Sourcefire can:
seed the market with high-quality, low-cost network security solutions while providing a migration path for customers that require enterprise-class features, manageability, scalability and performance; ensure product quality with the help of the open source community as well as Sourcefire’s internal developers to inspect the open code base that forms the foundation for Sourcefire commercial product offerings; maximize protection, as Snort rules are provided by Sourcefire and a variety of third-party sources, allowing customers to create their own custom rules and signatures; and embrace a “community” of open source evangelists willing to contribute time and effort in inspecting, evaluating, and ultimately using Sourcefire’s open source security solutions.
Sourcefire sells its network security solutions to a diverse customer base that includes Global 2000 companies, global enterprises, U.S. and international government agencies and small and mid-size businesses. For the years ended December 31, 2009, 2008 and 2007, we generated approximately 77%, 76% and 75% of our revenue from customers in the United States and 23%, 24% and 25% from customers outside of the United States, respectively. We have expanded our international and indirect distribution channels and, in the future, we expect to increase sales outside of the United States and to generate an increasing portion of product revenues through resellers, distributors and other partners. We increased our total revenue from $75.7 million in 2008 to $103.5 million in 2009, representing an annual growth rate of 37%. For the year ended December 31, 2009, product revenue and services revenue represented 60% and 40% of our total revenue, respectively. We manage our operations on a consolidated basis for purposes of assessing performance and making operating decisions. Accordingly, we do not have reportable segments of our business.
According to Gartner, Inc., an independent IT market research firm, the enterprise security infrastructure market is forecasted to generate $20.0 billion in 2010. Gartner also estimates that the core intrusion prevention market was approximately $1.2 billion in 2009 and is projected to grow to $1.9 billion in 2012, representing a compound annual growth rate of approximately 17%. We expect that demand for security solutions will continue to rise as organizations seek to address various growing and evolving security challenges, including:
Greater Sophistication, Severity and Frequency of Network Attacks. The growing use of the Internet as a business tool has required organizations to increase the number of access points to their networks, which has made vast amounts of critical information more vulnerable to attack. Theft of sensitive information for financial gain motivates network attackers, who derive profit through identity theft, credit card fraud, money laundering, extortion, intellectual property theft and other illegal means. These profit-motivated attackers, in contrast to the hobbyist hackers of the past, are employing much more sophisticated tools and techniques to generate profits for themselves and their well-organized and well-financed sponsors. Their attacks are increasingly difficult to detect and their tools often establish footholds on compromised network assets with little or no discernible effect, facilitating future access to the assets and the networks on which they reside.
Increasing Risks from Unknown Vulnerabilities. Vulnerabilities in computer software that are discovered by network attackers before they are discovered by security and software vendors represent a tremendous risk. These uncorrected flaws can leave networks largely defenseless and open to exploitation. According to the Computer Emergency Response Team Coordination Center, or CERT-CC, the trends in the rate of vulnerability disclosure are particularly alarming, with the National Vulnerability Database showing a Common Vulnerabilities and Exposures, or CVE, count of over 40,000 in early 2010.
Diverse Demands on Security Administrators. The proliferation of targeted security solutions such as firewalls, intrusion prevention systems, URL filters, spam filters and anti-spyware solutions, while critical to enhancing network security, create significant administrative burdens on personnel who must manage numerous disparate technologies that are seldom integrated and often difficult to use. Most network security products require manual, labor-intensive incident response and investigation by security administrators, especially when “false positive” results are generated. Compounding these resource constraint issues, many organizations are increasingly challenged by the loss of key personnel as the demand for security experts has risen dramatically in traditional corporate settings, government agencies and a growing number of start-up security companies.
Heightened Government and Industry Regulation. Rapidly growing government regulation mandates compliance with increased requirements for network security, escalating demand for security solutions that both meet compliance requirements and reduce the burden of compliance reporting and enforcement. These regulations include the Payment Card Industry Data Security Standard, or PCI DSS, the Health Insurance Portability and Accountability Act of 1996, or HIPAA, California’s SB1386 and the Gramm-Leach-Bliley Act, or GLBA, each of which protects personal data, as well as the Sarbanes-Oxley Act of 2002 for risk management and the Federal Information Security Management Act, or FISMA, which is designed to protect national defense initiatives. Ensuring continuous compliance across multiple regulatory standards can be overwhelming and very costly for organizations.
Increasing Visibility of Negligence Lawsuits. Faced with an ever-growing list of laws and regulations, organizations can no longer “plead ignorance” when defending corporate negligence lawsuits resulting from internal and external security breaches. Today’s enterprises must comply with a series of government and industry regulations defining best practices for network security. Achieving compliance with all manner of regulations is a complex and costly issue for nearly every organization.
Sourcefire’s commercial hardware and software products are marketed and sold as components of a comprehensive Intrusion Detection and Prevention System:
Sourcefire Defense Center® — The Defense Center unifies critical network security functions including event monitoring, correlation, and prioritization with network and user intelligence for forensic analysis, trends analysis, reporting and alerting. Defense Center is highly extensible, providing application programming interfaces, or APIs, to interoperate with a variety of third-party systems, such as firewalls, routers, log management, Security Information Event Management, or SIEMs, trouble ticketing, patch management systems and other technologies. Using Defense Center, customers can control multiple Sourcefire 3D Sensors from a single management console while aggregating and analyzing security and compliance events from across the organization.
Sourcefire Intrusion Detection and Prevention Sensors — With processing speeds ranging from 5 megabytes per second, or Mbps, to 10 gigabytes per second, or Gbps, Sourcefire Sensors are highly scalable, fault-tolerant appliances responsible for detecting, blocking and analyzing network traffic. The Sensors are available with a variety of copper and fiber interfaces to meet the connectivity needs of virtually any organization.
Sourcefire IPS® (Intrusion Prevention System) — Built on the foundation of Snort, Sourcefire IPS uses a rules-based language — a powerful combination of signature-, protocol-, and vulnerability-based inspection methods — to examine network packets for threats. Sourcefire IPS allows users to create, edit, and view detection rules, and full packet payloads are logged for every event so users can see exactly what threatening traffic has been detected. Sourcefire Sensors equipped with Sourcefire IPS software can be placed in passive intrusion detection, or IDS, mode to notify users of network traffic or in inline IPS mode to block threats.
Sourcefire RNAtm (Real-time Network Awareness) — At the heart of Sourcefire’s IPS is our network intelligence capability that provides persistent visibility into the composition, behavior, topology (the relationship of network components) and risk profile of the network. Network intelligence feeds the Defense Center’s automated decision-making and network policy enforcement. The ability to continuously discover characteristics and vulnerabilities of virtually any computing device communicating on a network enables Sourcefire IPS to more precisely identify and block threatening traffic and to more efficiently classify threatening and/or suspicious behavior.