Interview With SourceFire's Marty Roesch

The CTO of Sourcefire and inventor of Snort talks about the power of open-source deployment, taking the company public and why Wall Street analysts are a scary lot.

May 11, 2007

3 Min Read
Network Computing logo

Marty Roesch

Sourcefire announced its first quarterly earnings as a public company this May. The stock went from $18 to around $12, a drop of 30 percent. What happened?

The expectations were a little higher than the performance, and you can't do that in the public market, so we definitely got a good-sized correction. Q1 was something of an anomaly. There was some slowness in the federal procurement cycle and a few other factors came together--we had a bit of a perfect storm.

When taking the company public, was it difficult to communicate how you could build a for-profit company on a technology that's essentially free?

That's always been a problem here. One of the reasons for our growth is the free technology. We have tens of thousands of people out there who think Snort is the right way to get the job done. They are the vanguard of Sourcefire customers. People who download Snort may someday come to the point where they need to scale it up more than they can do natively, and who's out there to do it for them? The ones who built Snort.Is there life after IPS/IDS for Sourcefire?

Sourcefire hasn't been a strictly IPS/IDS company since 2004, when we rolled out RNA [Real-time Network Awareness]. RNA is our passive network discovery technology. We can do network profiling, statistical anomaly detection to look for worms and anomalies in the network. A new feature coming to RNA is the ability to take in NetFlow records and integrate them into operational records.

But what happens when you don't have a Snort-like community for RNA and other initiatives?

I think the Venn diagram of people in network security and Snort users has a decent overlap, so I'm not tremendously worried. We hook them with Snort and pull them in with technology like RNA.

Sourcefire and Red Hat are two prominent open-source-based public companies. Will we see more?

You are going to see a lot more companies that leverage or develop open-source technologies. It allows you to compete without having massive resources. You can compete against Cisco without having to deploy engineering capabilities on the same scale.In 2001, Network Computing reviewed nine commercial IDSs and Snort. Snort came in third, when it was me working out of the spare bedroom of my house and the open-source community I built. It's ridiculous how powerful open-source development methodologies are.

Why does the term open source have marketing cachet?

Because we've seen so much success with Linux, and things like Ubuntu or RubyOnRails. You have a collaborative environment. Users are interested in being involved and having direct feedback to the organizations that produce the technologies.

I can see a lot of reasons why you want to be an open-source company, to be seen as a company that's innovative top to bottom. And if you can back it up with growth and revenue, so much the better.

Which is more intimidating--the Snort community or Wall Street analysts?[Laughs] Wall Street analysts, definitely. I have a reasonably close sense of attachment to [the Snort community]. Wall Street, on the other hand, is completely unknown to me. So it's intimidating for me because it's the fear of screwing up. But I think we'll get a few successful quarters under our belt and start showing what we can do.

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox
More Insights