Pouring cold water on the latest Sourcefire rumor

Contact: Brenon Daly

At the tail end of last week, the market was buzzing that Sourcefire may be back in play. Of course, that’s not all that unusual for the Snort shop, which has seen two publicly disclosed acquisition offers in the past four years come to nothing. (Recall that Check Point Software failed to land Sourcefire because of vague and off-target ‘national security concerns’ in early 2006. And then, in mid-2008, Barracuda lobbed an opportunistic low-ball bid for Sourcefire. Talks between the two sides never really got going, according to at least one source.)

So who’s the new bidder? Rumor has it that IBM may be looking at Sourcefire now. While the pairing has been making the rounds, we have our doubts about whether Big Blue would actually reach for the security company. Its $1.3bn acquisition of Internet Security Systems in mid-2006 has never generated the returns that IBM had hoped. (The ISS business, which was centered on the company’s Proventia boxes, never really fit well inside IBM Global Services.) Having little to show for that purchase of an intrusion-prevention system (IPS) vendor, we doubt that Big Blue would double down on another IPS vendor, Sourcefire.

And while IBM could certainly afford it, Sourcefire has gotten a little pricey. Over the past year, shares have more than tripled, giving the security vendor a market capitalization of about $600m. Backing out the $100m in cash and short-term investments gives Sourcefire an enterprise value (EV) of $500m. Without a takeout premium, Sourcefire commands a valuation (on an EV basis) of five times trailing sales and four times projected sales. Paying a premium on top of Sourcefire’s trailing P/E that’s in the triple digits might be tough for IBM, which trades at a trailing P/E of just 12.