Martin Roesch is one of the most successful entrepreneurs ever to build a company based on open source software. Roesch is the author of Snort, which he claims is the "most-widely deployed" intrusion detection software in the world, and the founder of Sourcefire, a network security services provider that uses Snort as the centerpiece of its operations. Last week, the Tech Council of Maryland named Roesch its Commercial IT Executive of the Year.
Roesch says he knew he had created a winning solution when he first released Snort, and wondered how he could translate success in the open source community into commercial business success. "I had an opportunity to do something a little different, so I thought I'd try to start a business around Snort. I had to try to figure out a model that would get people to pay for something that is free."
He decided to create a value-added company that could provide assistance to large companies who wanted to scale the power of Snort. "We took the core technology, we build a lot of value around that, and we sell the stuff to scale it up. Basically, you can download Snort and set it up yourself and put it out there -- it's not too hard with one sensor. But once you scale that up, it gets harder quickly."
Sourcefire provides commercial software addons to Snort, hardware appliances, training, and support. Roesch says its customers are some of the largest companies in the world, including banks. He says financial institutions are really catching on to the power and security of open source software. "We've been extremely successful in the financial services world. You can try to ban open source software all you want, but if you're buying your infrastructure from Cisco, you're actually employing a lot of Linux. Most security technologies run on top of Linux. You can only ban it so far. Even the people who actually build your equipment are using it."
Roesch says that in the beginning, it was really difficult to get the venture capitalists to sit up and take notice of Sourcefire. "One of the early challenges was getting people to take us seriously. We went out with this hybrid model of open source software and proprietary wrappers that nobody had really done before in the enterprise security market. And nobody took us seriously. I was told time and time again by Silicon Valley what a bad idea our business plan was. The customers took us seriously, though. They were already comfortable with Snort, so they understood how the technology worked and they knew it could be trusted and that it was world-class."
Roesch says he overcame the VC doubts just by letting the market run its course. "We executed. I had an idea for the business plan and I thought I knew how it should work. We implemented it and made it successful, picking up very large customers immediately after debuting our product. The proof was in the pudding, and it got everybody's attention very quickly. We ended up taking four rounds of VC for $55.65 million overall."
By the time Sourcefire scored investor dollars, Roesch was ready for some help running the company. "By training I'm an engineer. I'd never started a company before. I ran it as long as I could. We were up to 20 people, and the day-to-day stuff was becoming fairly daunting. I wanted somebody who understood the business side of things better than I. I asked the VC to help me find a CEO because I didn't want to limit my ability to be successful by virtue of my inexperience."
Roesch says the biggest advantage of building a company based on open source is efficiency. "We get tremendous efficiency in our development. The size of our research and development team is very small compared to our competitors'. We use a lot of open source tools, we interact with our community, and have people who are long-time open source users who work here. We use it consistently; it helps reduce costs and achieve a lot of economy. I can't imagine how expensive it would have been to build this company without the open source world. We wouldn't have had the community hungry for the solution when it finally came to market."