Private Equity Roll-Up of Open Source Security Companies
Having noticed this, I thought to follow up on SourceFire, the poster child for these kinds of companies. You know, the ones who seek to be like Red Hat but for open source software targeting a specific computer security discipline. SourceFire, based in Columbia, MD, is another local company, and probably the biggest and most well known. This is likely due to the fact that they are now public.
For those who don't know, SourceFire backs Snort, the very well known and popular intrusion detection and prevention software originally written by Marty Roesch. SourceFire is the company that Roesch founded to provide support, service and consulting for the otherwise free Snort, and he's still CTO. SourceFire has been held up as a model for this type of company. I would imagine that Tenable Network Security and Zenoss probably modeled themselves on SourceFire to some degree. (Of course, I could be mistaken, as I'm not familiar with the founding history of either company.)
Tenable is also local to the Washington, DC metropolitan area. Tenable is the home of Nessus, the well known and popular open source vulnerability scanning tool. Tenable, like SourceFire, calls Columbia, MD home. I'm guessing that there may be a few other such companies in this region, some better known than others but focused on the same product market(s).
Now, does anyone else see the pattern here? Open source software. Security a strong theme, but an exclusive one. In any case, all of these tools are infrastructure oriented, being focused on managing systems and networks in an operational, production context. All 3 companies are a stone's throw from Washington, DC. All are small. While Tenable and Zenoss appear to be privately held, SourceFire has been public since 2007 and has a market capitalization of $648M. Both SourceFire and Zenoss have taken institutional venture funding, while Tenable appears to have been funded internally and then from cash flow. All of them make software which, independently, are components of a complete systems and network management infrastructure. To my eyes, each company's offerings are complementary to the other's.
So, thinking about this, it occurred to me...
How come some private equity shop hasn't thought of rolling up these 3 companies? Obviously there has to be a business case for doing so. However, the logic is clear. Complementary businesses. All 3 are geographically close to each other, which means easy to manage and keep your eyes on. Redundant functions such as HR, sales, and general administrative which could all be trimmed or eliminated. Consolidation of physical space into 1 or 2 locations, for more cost savings. More integration and cross-pollination of the software products themselves, even possibly bundling. Each company would widen their potential customer base, gaining access to the non-shared customers of the other firms. There really would be some synergy here, and that's before looking at the possible benefits of change in management. Of course, the investors in Zenoss would also see an exit, and in today's venture environment, liquidity events are to be prized. I'm not sure any of those investors are Tier 1 so any win they could get would be great for them in terms of mindshare, liquidity, and marketing.
SourceFire appears unlikely to go for such a deal, of course, considering that they turned down an acquisition offer when they were 1/3 of the size (in terms of market cap). However, there may be some other companies which could get rolled up with Zenoss and Tenable while the acquirer bides his time, waiting for the right moment to strike.
The other thing, which just popped into my weary mind, is that SourceFire could BE the acquirer. That could be useful. It appears that they have some degree of financial success. Some size might be helpful in some cases, such as allowing them to put more resources behind their open source projects and reduce costs/administrative overheard (the same benefits a PE shop would seek). Maybe this is in SourceFire's future? Who knows what they're planning now, but it seems almost absurd not to look at this.
Anyway, it would be funny to see the DC metro area and mid-Atlantic region become an open source software powerhouse through this maneuver. In the past, I've argued that the Federal Government sucks all of the air out of the room when it comes to innovation and entrepreneurialism in DC. However, this is exactly the kind of strategic move that is required to comfort entrepreneurs that they can:  build a successful and viable technology business in this region;  find the kind of investors willing to back them in this region; and  have a liquidity event, which inspires both other investors and entrepreneurs to pursue a startup. Finally, this shows the DC metro area as a hotbed of technology and innovation, instead of just the home to the Beltway Bandits and other companies feeding from the US Federal Government teet. THAT is something I believe to be desperately required for this region.
Anyway, now you see what kind of random thoughts I have when I'm bored. Have a good one, my peoples! I'm going to bed.