Snort is going public: Sourcefire, maker of the popular open-source IDS/IPS tool, has filed for an initial public offering to raise $75 million.

It's been a busy week on the business side of the security industry. Sourcefire's IPO announcement comes on the heels of British Telecom's plans to purchase Counterpane Internet Security, a managed security services firm, likely in response to IBM's purchase of Internet Security Systems (ISS) in August. (See IBM Up-Ends Security Services Market.)

Sourcefire's IPO, however, is more about an IDS/IPS company that needed some breathing room after a failed acquisition by Check Point Software last spring. "It's hard to be a midrange player, but they had no choice but to raise money for an IPO or look for another home," says Andrew Braunberg, senior analyst with Current Analysis.

IDS and IPS technologies have been hard-pressed to keep up with the increasing number of targeted, application-specific exploits. IDS and IPS systems only catch "known" threats, which is why some security experts dismiss them as obsolete in today's threat landscape. (See IDS/IPS: Too Many Holes?)

"IDS makes sense as a check-box, perhaps only because it shows a company is trying to follow best practices, even if those best practices are out of date," says David Aitel, founder and CTO of Immunity. "Having a car alarm doesn't protect your car, but if you have one, it shows you put some money at least into security and care about your car."

Sourcefire could use its public offering to help it expand into the network access control (NAC) space, Current Analysis' Braunberg says. "We're seeing IDP [intrusion detection and prevention] move into the NAC market."

And going public also could help Sourcefire eventually make some acquisitions of its own, says Richard Stiennon, president of IT-Harvest. The company has been successful in carving out a market in providing free IDS tools for organizations that can't afford commercial patch management and vulnerability management tools, he says.

Meanwhile, Stiennon argues that recent acquisition activity in the security market isn't consolidation, but security becoming a key element in any large vendor's portfolio. "All big vendors have to have a security story," Stiennon says. "They are acquiring security companies" to get that.

BT's purchase of Counterpane illustrates that dynamic from the service provider's perspective, as it extends security from the WAN cloud to the enterprise. "You can't be a global network services company anymore without having a strong security capability," Braunberg says.

The timing of Sourcefire's IPO may be less than ideal. "I'm not sure how strong the market is going to be for a security IPO right now," Braunberg adds. "We'll have to wait and see."

— Kelly Jackson Higgins, Senior Editor, Dark Reading