S-1 1 w24360sv1.htm SOURCEFIRE, INC sv1
Table of Contents

As filed with the Securities and Exchange Commission on October 25, 2006
Registration No. 333-          
 
UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
 
 
 
 
FORM S-1
REGISTRATION STATEMENT UNDER THE SECURITIES ACT OF 1933
 
 
 
 
SOURCEFIRE, INC.
(Exact name of registrant as specified in its charter)
 
         
Delaware
  7375   52-2289365
(State or Other Jurisdiction of
Incorporation or Organization)
  (Primary Standard Industrial
Classification Code Number)
  (IRS Employer
Identification No.)
 
9770 Patuxent Woods Drive
Columbia, Maryland 21046
(410) 290-1616
(Address, including zip code, and telephone number, including area code, of registrant’s principal executive offices)
 
 
 
 
E. Wayne Jackson, III
Chief Executive Officer
Sourcefire, Inc.
9770 Patuxent Woods Drive
Columbia, Maryland 21046
(410) 290-1616
(Name, address, including zip code, and telephone number, including area code, of agent for service)
 
 
 
 
Copies to:
 
     
Thomas J. Knox, Esq.   Marc D. Jaffe, Esq.
Jeffrey S. Marcus, Esq. 
  Rachel W. Sheridan, Esq.
Morrison & Foerster LLP
  Latham & Watkins LLP
1650 Tysons Blvd, Suite 300
  885 Third Avenue, Suite 1000
McLean, VA 22102
  New York, NY 10022
(703) 760-7700
  (212) 906-1200
 
 
 
 
Approximate date of commencement of proposed sale to the public:  As soon as practicable after this Registration Statement becomes effective.
If any of the securities being registered on this Form are to be offered on a delayed or continuous basis pursuant to Rule 415 under the Securities Act of 1933 check the following box. o
If this Form is filed to register additional securities for an offering pursuant to Rule 462(b) under the Securities Act, check the following box and list the Securities Act registration statement number of the earlier effective registration statement for the same
offering. o _ _
If this Form is a post-effective amendment filed pursuant to Rule 462(c) under the Securities Act, check the following box and list the Securities Act registration statement number of the earlier effective registration statement for the same offering. o _ _
If this Form is a post-effective amendment filed pursuant to Rule 462(d) under the Securities Act, check the following box and list the Securities Act registration statement number of the earlier effective registration statement for the same offering. o _ _
 
 
CALCULATION OF REGISTRATION FEE
 
             
      Proposed Maximum
    Amount of
Title of each Class of Securities to be Registered     Aggregate Offering Price(a)(b)     Registration Fee
Common stock, $0.001 par value
    $75,000,000     $8,025.00
             
 
(a) Estimated solely for the purpose of calculating the registration fee in accordance with Rule 457(o) promulgated under the Securities Act of 1933.
 
(b) Including shares of common stock which may be purchased by the underwriters to cover over-allotments, if any.
 
The Registrant hereby amends this registration statement on such date or dates as may be necessary to delay its effective date until the Registrant shall file a further amendment which specifically states that this registration statement shall thereafter become effective in accordance with Section 8(a) of the Securities Act of 1933, or until the registration statement shall become effective on such date as the Commission, acting pursuant to said Section 8(a), may determine.


Table of Contents

The information contained in this prospectus is not complete and may be changed. We may not sell these securities until the registration statement filed with the Securities and Exchange Commission is effective. This prospectus is not an offer to sell these securities and we are not soliciting offers to buy these securities in any state where the offer or sale is not permitted.
 
PROSPECTUS (Subject to Completion)
Issued October 25, 2006
 
                     Shares
 
(SOURCE FIRE LOGO)
 
COMMON STOCK
 
 
 
 
Sourcefire, Inc. is offering           shares of its common stock and the selling stockholders are offering           shares. We will not receive any proceeds from the sale of shares by the selling stockholders. This is our initial public offering and no public market exists for our shares. We anticipate that the initial public offering price will be between $      and $      per share.
 
 
We have applied to list our common stock for quotation on the Nasdaq Global Market under the symbol “FIRE.”
 
 
Investing in our common stock involves risks.  See “Risk Factors” beginning on page 9.
 
 
PRICE $      A SHARE
 
 
                 
        Underwriting
       
        Discounts and
  Proceeds to
  Proceeds to
    Price to Public   Commissions   Sourcefire   Selling Stockholders
 
Per share
  $        $        $        $     
Total
  $             $             $             $          
 
We and the selling stockholders have granted the underwriters the right to purchase up to an additional           shares of common stock to cover over-allotments.
 
The Securities and Exchange Commission and state securities regulators have not approved or disapproved these securities, or determined if this prospectus is truthful or complete. Any representation to the contrary is a criminal offense.
 
Morgan Stanley & Co.  Incorporated expects to deliver the shares of common stock to purchasers on          , 2007.
 
 
MORGAN STANLEY LEHMAN BROTHERS
 
 
 
 
UBS INVESTMENT BANK JEFFERIES & COMPANY
 
                    , 2007


 

 
TABLE OF CONTENTS
 
         
    Page
 
  1
  9
  23
  25
  25
  26
  28
  30
  32
  49
  64
  75
  77
  79
  80
  82
  85
  88
  88
  88
  F-1
 EX-3.1
 EX-3.3
 EX-4.2
 EX-4.4
 EX-10.1
 EX-10.2
 EX-10.3
 EX-10.9
 EX-10.10
 EX-23.1
 
 
You should rely only on the information contained in this prospectus. We have not authorized anyone to provide you with information different from that contained in this prospectus. We are offering to sell, and seeking offers to buy, shares of common stock only in jurisdictions where offers and sales are permitted. The information contained in this prospectus is accurate only as of the date of this prospectus, regardless of the time of delivery of this prospectus or of any sale of shares of common stock.
 
Until and including          , 2007, 25 days after the commencement of this offering, all dealers that buy, sell or trade shares of our common stock, whether or not participating in this offering, may be required to deliver a prospectus. This delivery requirement is in addition to the dealers’ obligation to deliver a prospectus when acting as underwriters and with respect to their unsold allotments or subscriptions.
 
For investors outside the United States.  Neither we nor any of the underwriters have done anything that would permit this offering or possession or distribution of this prospectus in any jurisdiction where action for that purpose is required, other than in the United States. You are required to inform yourselves about, and to observe any restrictions relating to, this offering and the distribution of this prospectus.
 
 
 
 
We operate in an industry in which it is difficult to obtain precise industry and market information. Although we have obtained some industry data from outside sources that we believe to be reliable, in certain cases we have based certain statements contained in this prospectus regarding our industry and our position in the industry on our estimates concerning, among other things, our customers and competitors. These estimates are based on our experience in the industry, conversations with our principal suppliers and customers and our own investigations of market conditions. Unless otherwise noted, the statistical data contained in this prospectus regarding the network security software industry are based on data we obtained from Datamonitor, a business information company specializing in industry analysis, or International Data Corporation, or IDC, a provider of market intelligence for the information technology, telecommunications and consumer technology markets.
 
 
 
 
SOURCEFIRE®, SNORT®, the Sourcefire logo, the Snort and Pig logo, SECURITY FOR THE REAL WORLDtm, SOURCEFIRE DEFENSE CENTERtm, SOURCEFIRE 3Dtm, RNAtm and certain other trademarks and logos are trademarks or registered trademarks of Sourcefire, Inc. in the United States and other countries. This prospectus also refers to the products or services of other companies by the trademarks and trade names used and owned by those companies.


Table of Contents

 
PROSPECTUS SUMMARY
 
This summary highlights selected information contained elsewhere in this prospectus and does not contain all of the information you should consider in making your investment decision. You should read the following summary together with all of the more detailed information regarding us and our common stock being sold in the offering, including our financial statements and the related notes, appearing elsewhere in this prospectus. Unless we state otherwise, “Sourcefire,” the “Company,” “we,” “us,” and “our” refer to Sourcefire, Inc., a Delaware corporation, and its subsidiaries, taken as a whole.
 
SOURCEFIRE, INC.
 
Overview
 
We are a leading provider of intelligence driven, open source network security solutions that enable our customers to protect their computer networks in an effective, efficient and highly automated manner. We sell our security solutions to a diverse customer base that includes more than 25 of the Fortune 100 companies and over half of the 30 largest U.S. government agencies. We also manage one of the security industry’s leading open source initiatives, Snort.
 
Our family of network security products forms a comprehensive Discover, Determine and Defend, or 3D, approach to network security. Using this approach, our technology can automatically:
 
  •  Discover potential threats and points of vulnerability;
 
  •  Determine the potential impact of those observations to the network; and
 
  •  Defend the network through proactive enforcement of security policy.
 
Our Sourcefire 3D approach is comprised of three key components:
 
RNA.  At the heart of the Sourcefire 3D security solution is Real-time Network Awareness, or RNA, our network intelligence product that provides persistent visibility into the composition, behavior, topology (the relationship of network components) and risk profile of the network. This information provides a platform for the Defense Center’s automated decision-making and network policy compliance enforcement. The ability to continuously discover characteristics and vulnerabilities of network assets, or endpoint intelligence, enables our Intrusion Prevention products to more precisely identify and block threatening traffic and to more efficiently classify threatening and/or suspicious behavior than products lacking network intelligence.
 
Intrusion Sensors.  The Intrusion Sensors utilize open source Snort® and our proprietary technology to monitor network traffic. These sensors compare observed traffic to a set of “Rules”, or a set of anomolous network traffic characteristics, which can be indicative of malicious activity. Once the Intrusion Sensors match a Rule to the observed traffic, they block malicious traffic and/or send an alert to the Defense Center for further analysis, prioritization and possible action.
 
Defense Center.  The Defense Center aggregates, correlates and prioritizes network security events from RNA Sensors and Intrusion Sensors to synthesize multipoint event correlation and policy compliance analysis. The Defense Center’s policy and response subsystems are designed to leverage existing IT infrastructure such as firewalls, routers, trouble ticketing and patch management systems for virtually any task, including alerting, blocking and initiating corrective measures.
 
The traffic inspection engine used in our intrusion prevention products is the open source technology called Snort. Martin Roesch, our founder and Chief Technology Officer, created Snort in 1998. Our employees, including Mr. Roesch, have authored all major components of Snort, and we maintain control over the Snort project, including the principal Snort community forum, Snort.org. Snort, which has become a de facto industry standard, has been downloaded over 3 million times. We believe that a majority of the Fortune 100 companies and all of the 30 largest U.S. government agencies use Snort technology to monitor network traffic and that Snort is the most widely deployed intrusion prevention technology worldwide. The ubiquitous nature of the Snort user community


1


Table of Contents

represents a significant opportunity to sell our proprietary products to customers that require a complete enterprise solution.
 
For the year ended December 31, 2005, we generated approximately 83% of our revenue from customers in North America and 17% from international customers. We increased our revenue from $16.7 million in 2004 to $32.9 million in 2005, representing a growth rate of 97%. For the nine months ended September 30, 2006, our revenue was $28.9 million, compared to $21.2 million for the nine months ended September 30, 2005, representing a growth rate of 36%.
 
Our Industry
 
According to International Data Corporation, or IDC, the network security industry is estimated to be a $18.4 billion market in 2006 and is projected to grow to $26.9 billion in 2009, representing a compound annual growth rate of over 13%. Our addressable markets include intrusion prevention, vulnerability management and unified threat management, which are collectively projected to total $2.9 billion in 2006 and are expected to grow at a compound annual growth rate in excess of 21% to $5.2 billion in 2009, according to IDC. We expect that this growth should continue as organizations seek solutions to various growing and evolving security challenges, including:
 
Greater Sophistication, Severity and Frequency of Network Attacks.  The growing use of the Internet as a business tool has required organizations to increase the number of access points to their networks, which has made vast amounts of critical information more vulnerable to attack. Theft of sensitive information for financial gain motivates network attackers, who derive profit through identity theft, credit card fraud, money laundering, extortion, intellectual property theft and other illegal means. These profit-motivated attackers, in contrast to the hobbyist hackers of the past, are employing much more sophisticated tools and techniques to generate profits for themselves and their well-organized and well-financed sponsors.
 
Increasing Risks from Unknown Vulnerabilities.  Unknown vulnerabilities in computer software that are discovered by network attackers before they are discovered by security and software vendors represent a tremendous risk. These uncorrected flaws can leave networks largely defenseless and open to exploitation. According to Computer Emergency Response Team Coordination Center, or CERT-CC, the trends in the rate of vulnerability disclosure are particularly alarming, with approximately 3,780 disclosed in 2004 and more than 5,990 disclosed in 2005, representing a growth rate of approximately 58%.
 
Potential Degradation of Network Performance.  Many security products degrade network performance and are, therefore, disfavored by network administrators who generally prioritize network performance over incremental gains in network security. For example, the use of active scanners that probe networks for vulnerabilities often meets heavy resistance from administrators concerned about excessive network “noise,” clogged firewall logs and disruption of network assets that are critical to business operations.
 
Diverse Demands on Security Administrators.  The proliferation of targeted security solutions such as firewalls, intrusion prevention systems, URL filters, spam filters and anti-spyware solutions, while critical to enhancing network security, create significant administrative burdens on personnel who must manage numerous disparate technologies that are seldom integrated and often difficult to use. Most network security products require manual, labor intensive incident response and investigation by security administrators, especially when “false positive” results are generated.
 
Heightened Government Regulation.  Rapidly growing government regulation is forcing compliance with increased requirements for network security, which has escalated demand for security solutions that meet both compliance requirements and reduce the burdens of compliance, reporting and enforcement. Examples of these laws include The Health Insurance Portability and Accountability Act of 1996, or HIPAA, The Financial Services Modernization Act of 1999, commonly known as the Gramm-Leach-Bliley Act, The Sarbanes-Oxley Act of 2002 and The Federal Information Security Management Act.


2


Table of Contents

Our Competitive Strengths
 
We believe that our leading market position results from several key competitive strengths, including:
 
Real-Time Approach to Network Security.  Our solution is designed to support a continuum of network security functions that span pre-attack hardening of assets, high fidelity attack identification and disruption and real-time compromise detection and incident response. In addition, our ability to confidently classify and prioritize threats in network traffic and determine the composition, behavior and relationships of network endpoints allows us to reliably automate what are otherwise manual, time-intensive processes.
 
Comprehensive Network Intelligence.  Our innovative network security solution incorporates RNA, which provides persistent visibility into the composition, behavior, topology and risk profile of the network and serves as a platform for automated decision-making and network security policy enforcement. RNA performs passive, or non-disruptive, network discovery. This enables real-time compositional cataloging of network assets, including their configuration, thereby significantly increasing the network intelligence available to IT and security administrators. By integrating this contextual understanding of the network’s components and situational awareness of network events, our solution is effective across a broad range of security domains, especially in the area of threat identification and impact assessment.
 
The Snort Community.  The Snort user community, with over 100,000 registered users and over 3 million downloads to date, has enabled us to establish a market footprint unlike any other in the industry. We believe the Snort open source community provides us with significant benefits, including a broad threat awareness network, significant research and development leverage, and a large pool of security experts that are skilled in the use of our technology. We believe that Snort’s broad acceptance makes us one of the most trusted sources of intrusion prevention and related security solutions.
 
Leading-Edge Performance.  Our solutions have the ability to process multiple gigabits of traffic with latency as low as 100 microseconds. Our intrusion prevention technology incorporates advanced traffic processing functionality, including packet acquisition, protocol normalization and target-based traffic inspection, which yields increased inspection precision and efficiency and enables more granular inspection of network traffic. The Defense Center supports event loads as high as 1,300 events per second, which we believe meets or exceeds the requirements of the most demanding enterprise customers.
 
Significant Security Expertise.  We have a highly knowledgeable management team with extensive network security industry experience gained from past service in leading enterprises and government organizations including Symantec, McAfee, the Department of Defense and the National Security Agency. Our founder and CTO, Martin Roesch, invented Snort and our core RNA technology and is widely regarded as a network security visionary. Our senior management team averages 16 years of experience in the networking and security industries. In addition, our Vulnerability Research Team, or VRT, is comprised of highly experienced security experts who research new vulnerabilities and create innovative methods for preventing attempts to exploit them.
 
Broad Industry Recognition.  We have received numerous industry awards and certifications, including recognition by Gartner, Inc. as a “leader” in the network intrusion prevention systems market. RNA is one of only five network security products to receive the NSS Gold award, which is awarded by The NSS Group only to those products that are distinguished in terms of advanced or unique features, and which offer outstanding value. In addition, our technology has achieved Common Criteria Evaluation Assurance Level 2, or EAL2, which is an international evaluation standard for information technology security products sanctioned by, among others, the International Standards Organization, the National Security Agency and the National Institute for Standards and Technology.
 
Our Growth Strategy
 
We intend to become the preeminent provider of network security solutions on a global basis. The key elements of our growth strategy include:
 
Continue to Develop Innovative Network Security Technology.  We will continue to invest significantly in internal development and product enhancements and to hire additional network security experts to broaden our


3


Table of Contents

proprietary knowledge base. We believe our platform is capable of expanding into new markets such as unified threat management, security management and compliance and network management.
 
Grow our Customer Base.  With over 3 million downloads of Snort and over 100,000 registered users, we believe Snort is the most ubiquitous network intrusion detection and prevention technology. We seek to monetize the Snort installed base by targeting enterprises that implement Snort but have not yet purchased any of the components of our Sourcefire 3D security solution. We will continue to target large enterprises and government agencies that require advanced security technology and high levels of network availability and performance in sectors including finance, technology, healthcare, manufacturing and defense.
 
Further Penetrate our Existing Customer Base.  As of September 30, 2006, over 1,200 customers have purchased our Intrusion Sensors and Defense Center products. We intend to sell additional Intrusion Sensors to existing customers and expand our footprint in the networks of our customers to include branch offices, remote locations and data centers. In addition, we believe we have a significant opportunity to up-sell our higher margin RNA product to existing customers because of the significant incremental benefit that increased network intelligence can bring to their security systems.
 
Expand our OEM Alliances and Distribution Relationships.  As part of our ongoing effort to expand our OEM alliances, we recently entered into a relationship with Nokia whereby Nokia Enterprise Solutions will market to its enterprise customers network security solutions that utilize our proprietary software and technology. In addition, we seek to expand our strategic reseller agreements and increasingly use this channel to generate additional inbound customer prospects. We also intend to utilize our relationships with managed security service providers such as Verizon, VeriSign and Symantec, to derive incremental revenue. In 2005, we generated approximately 16% of our revenue from governmental organizations and, in the future, we believe we will generate an increasing amount of revenue from government suppliers such as Lockheed Martin, Northrop Grumman and Immix Technology.
 
Strengthen Our International Presence.  We believe the network security needs of many enterprises located outside of the United States are not being adequately served and represent a significant potential market opportunity. In 2005, we generated only approximately 17% of our revenue from international customers. We are expanding our sales in international markets by adding distribution relationships and expanding our direct sales force, with plans in the next year to double the number of personnel in Europe and to hire a country manager for Japan.
 
Selectively Pursue Acquisitions of Complementary Businesses and Technologies.  To accelerate our expected growth, enhance the capabilities of our existing products and broaden our product and service offerings, we intend to selectively pursue acquisitions of businesses, technologies and products that could complement our existing operations.
 
Certain Risk Factors
 
Investing in our common stock involves substantial risk. You should carefully consider all the information in this prospectus prior to investing in our common stock. These risks and uncertainties include, but are not limited to, the following:
 
  •  As we have had operating losses since our inception and we expect operating expenses to increase in the foreseeable future, we may never reach or maintain profitability.
 
  •  We face intense competition in our market, especially from larger, better-known companies, and we may lack sufficient financial or other resources to maintain or improve our competitive position.
 
  •  New competitors could emerge or our customers or distributors could internally develop alternatives to our products and either development could impair our sales.


4


Table of Contents

 
  •  Our quarterly operating results are likely to vary significantly and be unpredictable, in part because of the purchasing and budget practices of our customers, which could cause the trading price of our stock to decline.
 
  •  The market for network security products is rapidly evolving and the complex technology incorporated in our products makes them difficult to develop. If we do not accurately predict, prepare for and respond to technological and market developments and changing customer needs, our competitive position and prospects will be harmed.
 
  •  Claims that our products infringe the proprietary rights of others could harm our business and cause us to incur significant costs.
 
 
Our Corporate Information
 
We were incorporated as a Delaware corporation in December 2001. Our principal executive office is located at 9770 Patuxent Woods Drive, Columbia, Maryland 21046. Our telephone number at that location is (410) 290-1616. Our website address is www.sourcefire.com.  We also operate www.snort.org.  These are textual references only. We do not incorporate the information on, or accessible through, any of our websites into this prospectus, and you should not consider any information on, or that can be accessed through, our websites as part of this prospectus.


5


Table of Contents

THE OFFERING
 
Common stock offered by Sourcefire                 shares
 
Common stock offered by the selling stockholders
                shares
 
       Total
                shares
 
Over-allotment option to be offered by Sourcefire
                shares
 
Over-allotment option to be offered by the selling stockholders
                shares
 
       Total over-allotment option
                shares
 
Common stock to be outstanding after this offering
                shares
 
Use of proceeds We intend to use the net proceeds from this offering for working capital and other general corporate purposes. We may also use a portion of the net proceeds to repay our equipment facility or acquire other businesses, products or technologies. However, we do not have agreements or commitments for any specific repayments or acquisitions at this time. We will not receive any proceeds from the sale of common stock by the selling stockholders. See “Use of Proceeds.”
 
Proposed Nasdaq Global Market symbol
“FIRE”
 
The number of shares to be outstanding after this offering is based on 28,887,369 shares outstanding as of September 30, 2006, and excludes:
 
  •  4,457,866 shares that may be issued upon the exercise of options outstanding as of September 30, 2006 under our stock option plan;
 
  •  59,998 shares that may be issued upon the exercise of warrants outstanding as of September 30, 2006;
 
  •  1,044,194 shares that are reserved for issuance pursuant to our stock option plan; and
 
  •  45,000 shares which are subject to repurchase by us.
 
Unless we specifically state otherwise, all information in this prospectus assumes:
 
  •  an initial public offering price of $     ;
 
  •  the conversion of all outstanding shares of our preferred stock into shares of our common stock immediately prior to the completion of this offering; and
 
  •  the underwriters’ over-allotment option to purchase up to an additional           shares of common stock is not exercised.


6


Table of Contents

SUMMARY CONSOLIDATED FINANCIAL DATA
 
The table below summarizes our consolidated financial information for the periods indicated. The unaudited financial statements include all adjustments, consisting of normal recurring accruals, which Sourcefire considers necessary for a fair presentation of its financial position and the results of operations for these periods. Operating results for the nine months ended September 30, 2006 are not necessarily indicative of the results that may be expected for the entire year ending December 31, 2006 or for any other future period. You should read the following information together with the more detailed information contained in “Selected Consolidated Financial Data,” “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and our consolidated financial statements and the accompanying notes appearing elsewhere in this prospectus.
 
                                         
    Year ended December 31,     Nine months ended September 30,  
    2003     2004     2005     2005     2006  
                      (unaudited)  
    (in thousands, except share, per share and other operating data)  
 
Consolidated statement of operations data:
                                       
Revenue:
                                       
Products
  $ 8,153     $ 12,738     $ 23,589     $ 14,889     $ 18,390  
Services
    1,328       3,955       9,290       6,335       10,544  
                                         
Total revenue
    9,481       16,693       32,879       21,224       28,934  
Cost of revenue:
                                       
Products
    2,570       4,533       6,610       4,229       4,931  
Services
    436       872       1,453       981       2,016  
                                         
Total cost of revenue
    3,006       5,405       8,063       5,210       6,947  
                                         
Gross profit
    6,475       11,288       24,816       16,014       21,987  
Operating expenses:
                                       
Research and development
    3,751       5,706       6,831       4,934       6,334  
Sales and marketing
    9,002       12,585       17,135       12,131       14,512  
General and administrative
    2,141       2,905       5,120       3,123       3,587  
Depreciation and amortization
    441       752       1,103       846       912  
                                         
Total operating expenses
    15,335       21,948       30,189       21,034       25,345  
                                         
Income (loss) from operations
    (8,860 )     (10,660 )     (5,373 )     (5,020 )     (3,358 )
Other income (expense), net
    16       164       (85 )     (50 )     442  
                                         
Net loss
    (8,844 )     (10,496 )     (5,458 )     (5,070 )     (2,916 )
Accretion of preferred stock
    (1,262 )     (2,451 )     (2,668 )     (2,001 )     (2,687 )
                                         
Net loss attributable to common stockholders
  $ (10,106 )   $ (12,947 )   $ (8,126 )   $ (7,071 )   $ (5,603 )
                                         
Net loss attributable to common stockholders per common share:
                                       
Basic and diluted
  $ (2.89 )   $ (3.06 )   $ (1.56 )   $ (1.38 )   $ (1.03 )
Pro forma (unaudited)(1)
                    (0.22 )             (0.11 )
Shares used in per common share calculations:
                                       
Basic and diluted
    3,502,521       4,226,855       5,197,316       5,132,011       5,456,806  
Pro forma (unaudited)(1)
                    25,159,550               26,944,685  
Other operating data:
                                       
Number of sales in excess of $500,000
    2       5       9       4       6  
Number of new customers
    161       136       149       116       171  
Cumulative number of Fortune 100 customers at end of period
    10       17       24       22       27  
Number of full-time employees at end of period
    84       107       135       142       174  
 
(footnotes on following page)


7


Table of Contents

                     
          As of September 30,
          2006
                Pro forma
    Actual     Pro forma(2)     As Adjusted(3)
    (unaudited)
    (in thousands)
 
Consolidated balance sheet data:
                   
Cash and cash equivalents
  $ 25,137     $ 25,137     $
Held-to-maturity investments
    1,401       1,401      
Total assets
    43,854       43,854      
Long-term debt
    434       434      
Total liabilities
    18,515       18,515      
Total convertible preferred stock
    65,615            
Total stockholders’ equity (deficit)
    (40,276 )     25,339      
 
(1) Pro forma to give effect to the conversion of all outstanding shares of our preferred stock into shares of our common stock immediately prior to the completion of this offering.
(2) The pro forma balance sheet data reflect the conversion of all outstanding shares of our preferred stock into shares of our common stock immediately prior to the completion of this offering.
(3) The pro forma as adjusted balance sheet data reflect the conversion of all outstanding shares of our preferred stock into shares of our common stock immediately prior to the completion of this offering and our receipt of estimated net proceeds of $           from our sale of      shares of common stock that we are offering at an assumed public offering price of $      per share, after deducting estimated underwriting discounts and commissions and estimated offering expenses payable by us.


8


Table of Contents

 
RISK FACTORS
 
Investing in our common stock involves a high degree of risk. You should carefully consider the following risks and all other information contained in this prospectus, including our consolidated financial statements and the related notes, before investing in our common stock. The risks and uncertainties described below are not the only ones we face. Additional risks and uncertainties that we are unaware of, or that we currently believe are not material, also may become important factors that affect us. If any of the following risks materialize, our business, financial condition or results of operations could be materially harmed. In that case, the trading price of our common stock could decline, and you may lose some or all of your investment.
 
Risks Related to Our Business
 
We have had operating losses since our inception and we expect operating expenses to increase in the foreseeable future and we may never reach or maintain profitability.
 
We have incurred operating losses each year since our inception in 2001. Our net loss was approximately $10.5 million for the year ended December 31, 2004, $5.5 million for the year ended December 31, 2005 and $2.9 million for the nine months ended September 30, 2006. Our accumulated deficit as of September 30, 2006 is approximately $40.3 million. Becoming profitable will depend in large part on our ability to generate and sustain increased revenue levels in future periods. Although our revenue has generally been increasing and our losses have generally been decreasing when compared to prior periods, you should not assume that we will become profitable in the near future or at any other time. We may never achieve profitability and, even if we do, we may not be able to maintain or increase our level of profitability. We expect that our operating expenses will continue to increase in the foreseeable future as we seek to expand our customer base, increase our sales and marketing efforts, continue to invest in research and development of our technologies and product enhancements and incur significant new costs associated with becoming a public company. These efforts may be more costly than we expect and we may not be able to increase our revenue enough to offset our higher operating expenses. In addition, if our new products and product enhancements fail to achieve adequate market acceptance, our revenue will suffer. If we cannot increase our revenue at a greater rate than our expenses, we will not become and remain profitable.
 
We face intense competition in our market, especially from larger, better-known companies, and we may lack sufficient financial or other resources to maintain or improve our competitive position.
 
The market for network security monitoring, detection, prevention and response solutions is intensely competitive, and we expect competition to increase in the future. We may not compete successfully against our current or potential competitors, especially those with significantly greater financial resources or brand name recognition. Our chief competitors include large software companies, software or hardware network infrastructure companies, smaller software companies offering relatively limited applications for network and Internet security monitoring, detection, prevention or response and small and large companies offering point solutions that compete with components of our product offerings.
 
Mergers or consolidations among these competitors, or acquisitions of our competitors by large companies, present heightened competitive challenges to our business. For example, Symantec Corporation, Cisco Systems, Inc., McAfee, Inc., 3Com Corporation and Juniper Networks, Inc. have acquired during the past several years smaller companies, which have intrusion detection or prevention technologies and Internet Security Systems, Inc. has recently been acquired by IBM. These acquisitions will make these combined entities potentially more formidable competitors to us if such products and offerings are effectively integrated. Large companies may have advantages over us because of their longer operating histories, greater brand name recognition, larger customer bases or greater financial, technical and marketing resources. As a result, they may be able to adapt more quickly to new or emerging technologies and changes in customer requirements. They also have greater resources to devote to the promotion and sale of their products than we have. In addition, these companies have reduced and could continue to reduce, the price of their security monitoring, detection, prevention and response products and managed security services, which intensifies pricing pressures within our market.
 
Several companies currently sell software products (such as encryption, firewall, operating system security and virus detection software) that our customers and potential customers have broadly adopted. Some of these


9


Table of Contents

companies sell products that perform the same functions as some of our products. In addition, the vendors of operating system software or networking hardware may enhance their products to include functions similar to those that our products currently provide. The widespread inclusion of comparable features to our software in operating system software or networking hardware could render our products less competitive or obsolete, particularly if such features are of a high quality. Even if security functions integrated into operating system software or networking hardware are more limited than those of our products, a significant number of customers may accept more limited functionality to avoid purchasing additional products such as ours.
 
One of the characteristics of open source software is that anyone can offer new software products for free under an open source licensing model in order to gain rapid and widespread market acceptance. Such competition can develop without the degree of overhead and lead time required by traditional technology companies. It is possible for new competitors with greater resources than ours to develop their own open source security solutions, potentially reducing the demand for our solutions. We may not be able to compete successfully against current and future competitors. Competitive pressure and/or the availability of open source software may result in price reductions, reduced revenue, reduced operating margins and loss of market share, any one of which could seriously harm our business.
 
New competitors could emerge or our customers or distributors could internally develop alternatives to our products and either development could impair our sales.
 
We may face competition from emerging companies as well as established companies who have not previously entered the market for network security products. Established companies may not only develop their own network intrusion detection and prevention products, but they may also acquire or establish product integration, distribution or other cooperative relationships with our current competitors. Moreover, our large corporate customers and potential customers could develop network security software internally, which would reduce our potential revenue. New competitors or alliances among competitors may emerge and rapidly acquire significant market share due to factors such as greater brand name recognition, a larger installed customer base and significantly greater financial, technical, marketing and other resources and experience. For example, one of our competitors, Internet Security Systems, Inc., has recently been acquired by IBM and our relationship with IBM may be diminished by this transaction. If these new competitors are successful, we would lose market share and our revenue would likely decline.
 
Our quarterly operating results are likely to vary significantly and be unpredictable, in part because of the purchasing and budget practices of our customers, which could cause the trading price of our stock to decline.
 
Our operating results have historically varied significantly from period to period, and we expect that they will continue to do so as a result of a number of factors, most of which are outside of our control, including:
 
  •  the budgeting cycles, internal approval requirements and funding available to our existing and prospective customers for the purchase of network security products;
 
  •  the timing, size and contract terms of orders received, which have historically been highest in the fourth quarter (representing more than one-third of our total revenue in recent years), but may fluctuate seasonally in different ways;
 
  •  the level of perceived threats to network security, which may fluctuate from period to period;
 
  •  the level of demand for products sold by original equipment manufacturers, or OEMs, resellers and distributors that incorporate and resell our technologies;
 
  •  the market acceptance of open-source software solutions;
 
  •  the announcement or introduction of new product offerings by us or our competitors, and the levels of anticipation and market acceptance of those products;
 
  •  price competition;
 
  •  general economic conditions, both domestically and in our foreign markets;


10


Table of Contents

 
  •  the product mix of our sales; and
 
  •  the timing of revenue recognition for our sales.
 
In particular, the network security technology procurement practices of many of our customers have had a measurable influence on the historical variability of our operating performance. Our prospective customers usually exercise great care and invest substantial time in their network security technology purchasing decisions. Many of our customers have historically finalized purchase decisions in the last weeks or days of a quarter. A delay in even one large order beyond the end of a particular quarter can substantially diminish our anticipated revenue for that quarter. In addition, many of our expenses must be incurred before we generate revenue. As a result, the negative impact on our operating results would increase if our revenue fails to meet expectations in any period.
 
The cumulative effect of these factors will likely result in larger fluctuations and unpredictability in our quarterly operating results than in the operating results of many other software and technology companies. This variability and unpredictability could result in our failing to meet the revenue or operating results expectations of securities industry analysts or investors for any period. If we fail to meet or exceed such expectations for these or any other reasons, the market price of our shares could fall substantially and we could face costly securities class action suits. Therefore, you should not rely on our operating results in any quarter as being indicative of our operating results for any future period, nor should you rely on other expectations, predictions or projections of our future revenue or other aspects of our results of operations.
 
The market for network security products is rapidly evolving and the complex technology incorporated in our products makes them difficult to develop. If we do not accurately predict, prepare for and respond promptly to technological and market developments and changing customer needs, our competitive position and prospects will be harmed.
 
The market for network security products is relatively new and is expected to continue to evolve rapidly. Moreover, many customers operate in markets characterized by rapidly changing technologies and business plans, which require them to add numerous network access points and adapt increasingly complex enterprise networks, incorporating a variety of hardware, software applications, operating systems and networking protocols. In addition, computer hackers and others who try to attack networks employ increasingly sophisticated new techniques to gain access to and attack systems and networks. Customers look to our products to continue to protect their networks against these threats in this increasingly complex environment without sacrificing network efficiency or causing significant network downtime. The software in our products is especially complex because it needs to effectively identify and respond to new and increasingly sophisticated methods of attack, while not impeding the high network performance demanded by our customers. Although the market expects speedy introduction of software to respond to new threats, the development of these products is difficult and the timetable for commercial release of new products is uncertain. Therefore, we may in the future experience delays in the introduction of new products or new versions, modifications or enhancements of existing products. If we do not quickly respond to the rapidly changing and rigorous needs of our customers by developing and introducing on a timely basis new and effective products, upgrades and services that can respond adequately to new security threats, our competitive position and business prospects will be harmed.
 
If our new products and product enhancements do not achieve sufficient market acceptance, our results of operations and competitive position will suffer.
 
We spend substantial amounts of time and money to research and develop new products and enhanced versions of Snort, the Defense Center and our Intrusion Sensors and RNA products to incorporate additional features, improved functionality or other enhancements in order to meet our customers’ rapidly evolving demands for network security in our highly competitive industry. When we develop a new product or an advanced version of an existing product, we typically expend significant money and effort upfront to market, promote and sell the new offering. Therefore, when we develop and introduce new or enhanced products, they must achieve high levels of market acceptance in order to justify the amount of our investment in developing and bringing the products to market.


11


Table of Contents

Our new products or enhancements could fail to attain sufficient market acceptance for many reasons, including:
 
  •  delays in introducing new, enhanced or modified products;
 
  •  defects, errors or failures in any of our products;
 
  •  inability to operate effectively with the networks of our prospective customers;
 
  •  inability to protect against new types of attacks or techniques used by hackers;
 
  •  negative publicity about the performance or effectiveness of our intrusion prevention or other network security products;
 
  •  reluctance of customers to purchase products based on open source software; and
 
  •  disruptions or delays in the availability and delivery of our products, which problems are more likely due to our just-in-time manufacturing and inventory practices.
 
If our new products or enhancements (including, but not limited to, version 4.0 of RNA, which we plan to introduce in the next several months) do not achieve adequate acceptance in the market, our competitive position will be impaired, our revenue will be diminished and the effect on our operating results may be particularly acute because of the significant research, development, marketing, sales and other expenses we incurred in connection with the new product.
 
If existing customers do not make subsequent purchases from us or if our relationships with our largest customers are impaired, our revenue could decline.
 
In 2004, 2005 and the nine months ended September 30, 2006, existing customers that purchased additional products and services from us, whether for new locations or additional technology to protect existing networks and locations, generated a majority of our total revenue for each respective period. Part of our growth strategy is to sell additional products to our existing customers and, in particular, to up-sell our RNA products to customers that previously bought our Intrusion Sensor products. We may not be effective in executing this or any other aspect of our growth strategy. Our revenue could decline if our current customers do not continue to purchase additional products from us. In addition, as we deploy new versions of our existing Snort, Intrusion Sensors and RNA products or introduce new products, our current customers may not require the functionality of these products and may not purchase them. We also depend on our installed customer base for future service revenue from annual maintenance fees. If customers choose not to continue their maintenance service, our revenue may decline.
 
If we cannot attract sufficient government agency customers, our revenue and competitive position will suffer.
 
Contracts with the U.S. federal and state and other national and state government agencies accounted for 17% of our total revenue for the year ended December 31, 2004, 16% for the year ended December 31, 2005 and 13% for the nine months ended September 30, 2006. We lost many government agency customers when a foreign company tried unsuccessfully to acquire us in late 2005 and early 2006. Since then, we have been attempting to regain government customers, which subjects us to a number of risks, including:
 
  •  Procurement.  Contracting with public sector customers is highly competitive and can be expensive and time-consuming, often requiring that we incur significant upfront time and expense without any assurance that we will win a contract;
 
  •  Budgetary Constraints and Cycles.  Demand and payment for our products and services are impacted by public sector budgetary cycles and funding availability, with funding reductions or delays adversely impacting public sector demand for our products;
 
  •  Modification or Cancellation of Contracts.  Public sector customers often have contractual or other legal rights to terminate current contracts for convenience or due to a default. If a contract is cancelled for convenience, which can occur if the customer’s product needs change, we may only be able to collect for products and services delivered prior to termination. If a contract is cancelled because of default, we may only be able to collect for products and alternative products and services delivered to the customer;
 


12


Table of Contents

 
  •  Governmental Audits.  National governments and other state and local agencies routinely investigate and audit government contractors’ administrative processes. They may audit our performance and pricing and review our compliance with applicable rules and regulations. If they find that we improperly allocated costs, they may require us to refund those costs or may refuse to pay us for outstanding balances related to the improper allocation. An unfavorable audit could result in a reduction of revenue, and may result in civil or criminal liability if the audit uncovers improper or illegal activities.
 
  •  Replacing Existing Products.  After we announced in October 2005 that we had agreed to be acquired by a foreign company, many government agencies were unwilling to buy products from us and instead purchased and installed products sold by our competitors. The proposed acquisition was abandoned in March 2006 following objections from the Committee on Foreign Investment in the United States. Since that time, we have been attempting to retain government agency customers. Many government agencies, however, already have installed network security products of our competitors. It can be very difficult to convince government agencies or other prospective customers to replace their existing network security solutions with our products, even if we can demonstrate the superiority of our products.
 
We are subject to risks of operating internationally that could impair our ability to grow our revenue abroad.
 
We market and sell our software in North America, South America, Europe and Asia and we plan to establish additional sales presence in these and other parts of the world. Therefore, we are subject to risks associated with having worldwide operations. Sales to customers located outside of North America accounted for approximately 16% of our total revenue in the year ended December 31, 2004, approximately 17% of our total revenue in the year ended December 31, 2005 and approximately 18% of our total revenue during the nine months ended September 30, 2006. The expansion of our existing operations and entry into additional worldwide markets will require significant management attention and financial resources. We are also subject to a number of risks customary for international operations, including:
 
  •  economic or political instability in foreign markets;
 
  •  greater difficulty in accounts receivable collection and longer collection periods;
 
  •  unexpected changes in regulatory requirements;
 
  •  difficulties and costs of staffing and managing foreign operations;
 
  •  import and export controls;
 
  •  the uncertainty of protection for intellectual property rights in some countries;
 
  •  costs of compliance with foreign laws and laws applicable to companies doing business in foreign jurisdictions;
 
  •  management communication and integration problems resulting from cultural differences and geographic dispersion;
 
  •  multiple and possibly overlapping tax structures; and
 
  •  foreign currency exchange rate fluctuations.
 
To date, a substantial portion of our sales have been denominated in U.S. dollars, and we have not used risk management techniques or “hedged” the risks associated with fluctuations in foreign currency exchange rates. In the future, if we do not engage in hedging transactions, our results of operations will be subject to losses from fluctuations in foreign currency exchange rates.
 
In the future, we may not be able to secure financing necessary to operate and grow our business as planned.
 
We expect that the net proceeds from this offering together with current cash, cash equivalents, borrowings under our credit facility and short-term investments should be sufficient to meet our anticipated cash needs for working capital and capital expenditures for at least the next 24 months. However, our business and operations may consume resources faster than we anticipate. In the future, we may need to raise additional funds to expand our sales and marketing and research and development efforts or to make acquisitions. Additional financing may not be


13


Table of Contents

available on favorable terms, if at all. If adequate funds are not available on acceptable terms, we may be unable to fund the expansion of our sales and marketing and research and development efforts or take advantage of acquisition or other opportunities, which could seriously harm our business and operating results. If we issue debt, the debt holders would have rights senior to common stockholders to make claims on our assets and the terms of any debt could restrict our operations, including our ability to pay dividends on our common stock. Furthermore, if we issue additional equity securities, stockholders will experience dilution, and the new equity securities could have rights senior to those of our common stock.
 
Our inability to acquire and integrate other businesses, products or technologies could seriously harm our competitive position.
 
In order to remain competitive, we intend to acquire additional businesses, products or technologies. If we identify an appropriate acquisition candidate, we may not be successful in negotiating the terms of the acquisition, financing the acquisition, or effectively integrating the acquired business, product or technology into our existing business and operations. Any acquisitions we are able to complete may not be accretive to earnings. Further, completing a potential acquisition and integrating an acquired business will significantly divert management time and resources.
 
If other parties claim commercial ownership rights to Snort, our reputation, customer relations and results of operations could be harmed.
 
While we created a majority of the current Snort code base, a portion of the current Snort code was created by the combined efforts of the Company and the open source software community and a portion was created solely by the open source community. We believe that the portions of the Snort code base created by anyone other than by us are required to be licensed by us pursuant to the GNU General Public License, or GPL, which is how we currently license Snort. There is a risk, however, that a third party could claim some ownership rights in Snort, and attempt to prevent us from commercially licensing Snort in the future (rather than pursuant to the GPL as it is currently licensed) and claim a right to licensing royalties. Any such claim, regardless of its merit or outcome, could be costly to defend, harm our reputation and customer relations and result in our having to pay substantial compensation to the party claiming ownership.
 
Our products contain third party open source software, and failure to comply with the terms of the underlying open source software licenses could restrict our ability to sell our products.
 
Our products are distributed with software programs licensed to us by third party authors under “open source” licenses, which may include the GPL, the GNU Lesser Public License, or LGPL, the BSD License, the Artistic License and the Apache License. These third party open source programs are typically licensed to us for a minimal fee or no fee at all, but the underlying license agreements may require us to make available to the open source user community the source code for the modifications or derivative works we create based on these third party open source software programs. If this were to occur, our competitors could use these developments and improvements created by us to produce competitive products, which would result in a loss of our product sales. Additionally, if we combine our proprietary software with third party open source software in a certain manner, we could, under the terms of certain of these open source license agreements, be required to release the source code of our proprietary software. This could also allow our competitors to create similar products, which would result in a loss of our product sales. Our ability to commercialize our products by incorporating third party open source software may be restricted because, among other reasons:
 
  •  the terms of open source license agreements may be unclear and subject to varying interpretations, which could result in unforeseen obligations regarding our proprietary products;
 
  •  it may be difficult to determine the developers of open source software and whether such licensed software infringes another party’s intellectual property rights;
 
  •  competitors will have greater access to information by obtaining these open source products, which may help them develop competitive products; and
 
  •  open source software potentially increases customer support costs because licensees can modify the software and potentially introduce errors.


14


Table of Contents

 
The software program Linux is included in our products and is licensed under the GPL. The GPL is the subject of litigation in the case of The SCO Group, Inc. v. International Business Machines Corp., pending in the United States District Court for the District of Utah. It is possible that the court could rule that the GPL is not enforceable in such litigation. Any ruling by the court that the GPL is not enforceable could have the effect of limiting or preventing us from using Linux as currently implemented.
 
Efforts to assert intellectual property ownership rights in our products could impact our standing in the open source community which could limit our product innovation capabilities.
 
When we undertake actions to protect and maintain ownership and control over our proprietary intellectual property, including patents, copyrights and trademark rights, our standing in the open source community could be diminished which could result in a limitation on our ability to continue to rely on this community as a resource to identify and defend against new viruses, threats and techniques to attack secure networks, explore new ideas and concepts and further our research and development efforts.
 
Our proprietary rights may be difficult to enforce, which could enable others to copy or use aspects of our products without compensating us.
 
We rely primarily on copyright, trademark, patent and trade secrets laws, confidentiality procedures and contractual provisions to protect our proprietary rights. As of the date hereof, we had 19 patent applications pending for examination in the U.S. and foreign jurisdictions. We also hold numerous registered United States and foreign trademarks and have a number of trademark applications pending in the United States and in foreign jurisdictions. Valid patents may not be issued from pending applications, and the claims allowed on any patents may not be sufficiently broad to protect our technology or products. Any issued patents may be challenged, invalidated or circumvented, and any rights granted under these patents may not actually provide adequate protection or competitive advantages to us. Despite our efforts to protect our proprietary rights, unauthorized parties may attempt to copy aspects of our products or to obtain and use information that we regard as proprietary. Policing unauthorized use of our technologies or products is difficult. Our products incorporate open source Snort software, which is readily available to the public. In addition, the laws of some foreign countries do not protect our proprietary rights to as great an extent as do the laws of the United States, and many foreign countries do not enforce these laws as diligently as U.S. government agencies and private parties. It is possible that we may have to resort to litigation to enforce and protect our copyrights, trademarks, patents and trade secrets, which litigation could be costly and a diversion of management resources. If we are unable to protect our proprietary rights to the totality of the features in our software and products (including aspects of our software and products protected other than by patent rights), we may find ourselves at a competitive disadvantage to others who need not incur the additional expense, time and effort required to create the innovative products that have enabled us to be successful to date.
 
We have placed, and in the future may place, source code for our software in escrow, other than the Snort source code which is publicly available. The source code may, under certain circumstances, be made available to certain of our customers and OEM partners. This may increase the likelihood of misappropriation or other misuse of our software.
 
Claims that our products infringe the proprietary rights of others could harm our business and cause us to incur significant costs.
 
Technology products such as ours, which interact with multiple components of complex networks, are increasingly subject to infringement claims as the functionality of products in different industry segments overlaps. In particular, our RNA technology is a new technology for which we have yet be issued a patent. It is possible that other companies have patents with respect to technology similar to our technology, including RNA. In addition, there is at least one company that has filed an application for a patent that, on its face, contains claims that may be construed to be within the scope of the same broad technology area as our RNA technology. Unless and until the U.S. Patent and Trademark Office, or PTO, issues a patent to an applicant, there can be no way to assess a potential patentee’s right to exclude. Depending on the timing and substance of these patents and patent applications, our products, including our RNA technology, may infringe the proprietary rights of others, and we may be subject to litigation with respect to any alleged infringement. The application of patent law to the software industry is particularly uncertain as the PTO has only recently begun to issue software patents in large numbers and there is a


15


Table of Contents

backlog of software related patent applications pending claiming inventions whose priority dates may pre-date development of our own proprietary software. Additionally, in our customer contracts we typically agree to indemnify our customers if they incur losses resulting from a third party claim that their use of our products infringes upon the intellectual property rights of a third party. Any potential intellectual property claims against us, with or without merit, could:
 
  •  be very expensive and time consuming to defend;
 
  •  require us to indemnify our customers for losses resulting from such claims;
 
  •  cause us to cease making, licensing or using software or products that incorporate the challenged intellectual property;
 
  •  cause product shipment and installation delays;
 
  •  require us to redesign our products, which may not be feasible;
 
  •  divert management’s attention and resources; or
 
  •  require us to enter into royalty or licensing agreements in order to obtain the right to use a necessary product or component.
 
Royalty or licensing agreements, if required, may not be available on acceptable terms, if at all. A successful claim of infringement against us and our failure or inability to license the infringed or similar technology could prevent us from distributing our products and cause us to incur great expense and delay in developing non-infringing products.
 
We have been sued by a company claiming that we misappropriated its proprietary rights and our defense of these claims is costly, diverts the attention of our management and may be unsuccessful.
 
On April 20, 2006, a lawsuit was filed against us, Martin F. Roesch, our Chief Technology Officer, Inflection Point Ventures, L.P., one of our stockholders, and certain general partners of Inflection Point Ventures, L.P. by PredatorWatch Inc. (now named NetClarity) in the Superior Court for Suffolk County, Massachusetts. The complaint alleges that the defendants: (i) misappropriated the plaintiff’s trade secrets; (ii) breached an oral agreement of confidentiality; (iii) breached a covenant of good faith and fair dealing owed to the plaintiff; (iv) were unjustly enriched; (v) misrepresented certain material facts to the plaintiff, upon which the plaintiff relied to its detriment; and (vi) engaged in unfair and deceptive acts in violation of Massachusetts state law. The plaintiff has sought to recover amounts to be ascertained and established, as well as double and treble damages and attorney’s fees.
 
Litigation is subject to inherent uncertainties, especially in cases like this where sophisticated factual issues must be assessed and complex technical issues must be resolved. In addition, these types of cases involve issues of law that are evolving, presenting further uncertainty. Our defense of this litigation, regardless of the merits of the complaint, has been, and will likely continue to be, time consuming, extremely costly and a diversion of time and attention for our technical and management personnel. Through September 30, 2006, we have spent approximately $174,000 in legal fees and expenses on this litigation and expect to incur substantial additional expenses even if we ultimately prevail. In addition, publicity related to this litigation has in the past, and could likely in the future, have a negative impact on sales of our RNA products.
 
A failure to prevail in the litigation could result in one or more of the following:
 
  •  our paying substantial monetary damages, which could be tripled if any misappropriation is found to have been willful, and which may include paying an ongoing significant royalty to PredatorWatch or compensation for lost profits to PredatorWatch;
 
  •  our paying substantial punitive damages;
 
  •  our having to provide an accounting of all revenue received from selling RNA in its current form;
 
  •  the issuance of a preliminary or permanent injunction requiring us to stop selling RNA in its current form;


16


Table of Contents

 
  •  our having to redesign RNA, which could be costly and time-consuming and could substantially delay RNA shipments, assuming that a redesign is feasible;
 
  •  our having to reimburse PredatorWatch for some or all of its attorneys’ fees and costs, which would be substantial;
 
  •  our having to obtain from PredatorWatch a license to use its technology, which might not be available on reasonable terms, if at all; or
 
  •  our having to indemnify our customers against any losses they may incur due to the alleged infringement.
 
Additionally, PredatorWatch has separately notified us that they believe that our RNA technology is covered by claims contained in a pending patent application. This pending patent application has not issued as a patent, but in the event it does issue, PredatorWatch could file an additional complaint to include a patent infringement claim against us.
 
If we are enjoined from selling RNA in its current form, we may be required to redesign RNA to avoid infringing on the intellectual property rights of others. If we are unable to efficiently redesign commercially acceptable products, our sales will decline substantially. This litigation is at a very early stage, so we cannot predict its course or its costs to us. We do, however, expect to continue to incur significant costs in defending against this litigation and these costs could increase substantially if this litigation approaches or enters a trial phase. It is possible that these costs could substantially exceed our expectations in future periods. For a more detailed description of this litigation, please see “Business — Legal Proceedings.”
 
We rely on software licensed from other parties, the loss of which could increase our costs and delay software shipments.
 
We integrate as components of our products various types of software licensed from unaffiliated parties. For example, some of our products incorporate MySQL, a licensed database. Our business would be disrupted if any of the software we license from others or functional equivalents of this software were either no longer available to us or no longer offered to us on commercially reasonable terms. In either case, we would be required to either redesign our products to function with software available from other parties or develop these components ourselves, which would result in increased costs and could result in delays in our product shipments and the release of new product offerings. Furthermore, we might be forced to limit the features available in our current or future products. If we fail to maintain or renegotiate any of these software licenses, we could face significant delays and diversion of resources in attempting to license and integrate a functional equivalent of the software.
 
Defects, errors or vulnerabilities in our software products would harm our reputation and divert resources.
 
Because our products are complex, they may contain defects, errors or vulnerabilities that are not detected until after our commercial release and installation by our customers. We may not be able to correct any errors or defects or address vulnerabilities promptly, or at all. Any defects, errors or vulnerabilities in our products could result in:
 
  •  expenditure of significant financial and product development resources in efforts to analyze, correct, eliminate or work-around errors or defects or to address and eliminate vulnerabilities;
 
  •  loss of existing or potential customers;
 
  •  delayed or lost revenue;
 
  •  delay or failure to attain market acceptance;
 
  •  increased service, warranty, product replacement and product liability insurance costs; and
 
  •  negative publicity, which will harm our reputation.
 
In addition, because our products and services provide and monitor network security and may protect valuable information, we could face claims for product liability, tort or breach of warranty. Anyone who circumvents our security measures could misappropriate the confidential information or other valuable property of customers using our products, or interrupt their operations. If that happens, affected customers or others may sue us. In addition, we


17


Table of Contents

may face liability for breaches of our product warranties, product failures or damages caused by faulty installation of our products. Provisions in our contracts relating to warranty disclaimers and liability limitations may be unenforceable. Some courts, for example, have found contractual limitations of liability in standard computer and software contracts to be unenforceable in some circumstances. Defending a lawsuit, regardless of its merit, could be costly and divert management attention. Our business liability insurance coverage may be inadequate or future coverage may be unavailable on acceptable terms or at all.
 
Our networks, products and services are vulnerable to, and may be targeted by, hackers.
 
Like other companies, our websites, networks, information systems, products and services may be targets for sabotage, disruption or misappropriation by hackers. As a leading network security solutions company, we are a high profile target and our networks, products and services may have vulnerabilities that may be targeted by hackers. Although we believe we have sufficient controls in place to prevent disruption and misappropriation, and to respond to such situations, we expect these efforts by hackers to continue. If these efforts are successful, our operations, reputation and sales could be adversely affected.
 
We utilize a just-in-time contract manufacturing and inventory process, which increases our vulnerability to supply disruption.
 
Our ability to meet our customers’ demand for certain of our products depends upon obtaining adequate hardware platforms on a timely basis, which must be integrated with our software. We purchase hardware platforms through our contract manufacturers from a limited number of suppliers on a just-in-time basis. In addition, these suppliers may extend lead times, limit the supply to our manufacturers or increase prices due to capacity constraints or other factors. Although we work closely with our manufacturers and suppliers to avoid shortages, we may encounter these problems in the future. Our results of operations would be adversely affected if we were unable to obtain adequate supplies of hardware platforms in a timely manner or if there were significant increases in the costs of hardware platforms or problems with the quality of those hardware platforms.
 
We depend on a single source to manufacture our enterprise class intrusion sensor product; if that sole source were to fail to satisfy our requirements, our sales revenue would decline and our reputation would be harmed.
 
We rely on one manufacturer, Bivio Networks, to build the hardware platform for two models of our intrusion sensor products that are used by our enterprise class customers. These enterprise class intrusion sensor products are purchased directly by customers for their internal use and are also utilized by third party managed security service providers to provide services to their customers. Revenue resulting from sales of these enterprise class intrusion sensor products accounted for approximately 3.8% of our product revenue in the year ended December 31, 2005 and approximately 18% of our product revenue during the nine months ended September 30, 2006. The unexpected termination of our relationship with Bivio Networks would be disruptive to our business and our reputation which could result in a decline in our revenue as well as shipment delays and possible increased costs as we seek and implement production with an alternate manufacturer.
 
Our inability to hire and retain key personnel would slow our growth.
 
Our business is dependent on our ability to hire, retain and motivate highly qualified personnel, including senior management, sales and technical professionals. In particular, we intend to expand the size of our direct sales force domestically and internationally and to hire additional customer support and professional services personnel. However, competition for qualified services personnel is intense, and if we are unable to attract, train or retain the number of highly qualified sales and services personnel that our business needs, our reputation, customer satisfaction and potential revenue growth could be seriously harmed. To the extent we hire personnel from competitors, we may be subject to allegations that they have been improperly solicited or divulged proprietary or other confidential information.
 
Our future success will depend to a significant extent on the continued services of Martin Roesch, our founder and Chief Technology Officer, and E. Wayne Jackson, III, our Chief Executive Officer. The loss of the services of


18


Table of Contents

either of these or other individuals could adversely affect our business and could divert other senior management time in searching for their replacements.
 
We depend on resellers and distributors for our sales; if they fail to perform as expected, our revenue will suffer.
 
Part of our business strategy involves entering into additional agreements with resellers and distributors that permit them to resell our products and service offerings. Revenue resulting from our resellers and distributors accounted for approximately 46% of our total revenue in the year ended December 31, 2004, approximately 48% of our total revenue in the year ended December 31, 2005 and approximately 48% of our total revenue during the nine months ended September 30, 2006. There is a risk that our pace of entering into such agreements may slow, or that our existing agreements may not produce as much business as we anticipate. There is also a risk that some or all of our resellers or distributors may be acquired, may change their business models or may go out of business, any of which could have an adverse effect on our business.
 
If we do not continue to establish and effectively manage our OEM relationships, our revenue could decline.
 
Our ability to sell our network security software products in new markets and to increase our share of existing markets will be impaired if we fail to expand our indirect distribution channels. Our sales strategy involves the establishment of multiple distribution channels domestically and internationally through strategic resellers, system integrators and OEMs. We have alliances with OEMs such as IBM and Nokia and we cannot predict the extent to which these companies will be successful in marketing or selling our software. These agreements could be terminated on short notice and they do not prevent our OEMs, systems integrators, strategic resellers or other distributors from selling the network security software of other companies, including our competitors. IBM and Nokia or any other OEM, system integrator, strategic reseller or distributor could give higher priority to other companies’ software or to their own software than they give to ours, which could cause our revenue to decline.
 
Our inability to effectively manage our expected headcount growth and expansion and our additional obligations as a public company could seriously harm our ability to effectively run our business.
 
Our historical growth has placed, and our intended future growth is likely to continue to place, a significant strain on our management, financial, personnel and other resources. We will likely not continue to grow at our historical pace due to limits on our resources. We have grown from 84 employees at December 31, 2003 to 174 employees at September 30, 2006. Since January 1, 2005, we have opened additional sales offices and have significantly expanded our operations. This rapid growth has strained our facilities and required us to lease additional space at our headquarters. In several recent quarters, we have not been able to hire sufficient personnel to keep pace with our growth. In addition to managing our expected growth, we will have substantial additional obligations and costs as a result of being a public company. These obligations include investor relations, preparing and filing periodic SEC reports, developing and maintaining internal controls over financial reporting and disclosure controls, compliance with corporate governance rules, Regulation FD and other requirements imposed on public companies by the SEC and the Nasdaq Global Market. Fulfilling these additional obligations will make it more difficult to operate a growing company. Any failure to effectively manage growth or fulfill our obligations as a public company could seriously harm our ability to respond to customers, the quality of our software and services and our operating results. To effectively manage growth and operate a public company, we will need to implement additional management information systems, improve our operating, administrative, financial and accounting systems and controls, train new employees and maintain close coordination among our executive, engineering, accounting, finance, marketing, sales and operations organizations.
 
Risks Related to Your Investment
 
The price of our common stock may be subject to wide fluctuations and may trade below the initial public offering price.
 
Before this offering, there has not been a public market for our common stock. The initial public offering price of our common stock will be determined by negotiations between us and representatives of the underwriters, based on numerous factors, including those that we discuss under “Underwriters.” This price may not be indicative of the market price of our common stock after this offering. We cannot assure you that an active public market for our common stock will develop or be sustained after this offering. The market price of our common stock also could be


19


Table of Contents

subject to significant fluctuations. As a result, you may not be able to sell your shares of our common stock quickly or at prices equal to or greater than the price you paid in this offering.
 
Among the factors that could affect our common stock price are the risks described in this “Risk Factors” section and other factors, including:
 
  •  quarterly variations in our operating results compared to market expectations;
 
  •  changes in expectations as to our future financial performance, including financial estimates or reports by securities analysts;
 
  •  changes in market valuations of similar companies;
 
  •  liquidity and activity in the market for our common stock;
 
  •  actual or expected sales of our common stock by our stockholders;
 
  •  strategic moves by us or our competitors, such as acquisitions or restructurings;
 
  •  general market conditions; and
 
  •  domestic and international economic, legal and regulatory factors unrelated to our performance.
 
Stock markets in general have experienced extreme volatility that has often been unrelated to the operating performance of a particular company. These broad market fluctuations may adversely affect the trading price of our common stock, regardless of our operating performance.
 
Sales of substantial amounts of our common stock in the public markets, or the perception that they might occur, could reduce the price that our common stock might otherwise attain and may dilute your voting power and your ownership interest in us.
 
After the completion of this offering, we will have          outstanding shares of common stock (            shares of common stock if the underwriters exercise in full their option to purchase additional shares). This number is comprised of all the shares of our common stock that we are selling in this offering, which may be resold immediately in the public market. Subject to certain exceptions described under the caption “Underwriters,” we and all of our directors and executive officers and certain of our stockholders and option holders have agreed not to offer, sell or agree to sell, directly or indirectly, any shares of common stock without the permission of the underwriters for a period of 180 days from the date of this prospectus. When this period expires we and our locked-up stockholders will be able to sell our shares in the public market. Sales of a substantial number of such shares upon expiration, or early release, of the lock-up (or the perception that such sales may occur) could cause our share price to fall.
 
Sales of substantial amounts of our common stock in the public market following our initial public offering, or the perception that such sales could occur, could adversely affect the market price of our common stock and may make it more difficult for you to sell your common stock at a time and price that you deem appropriate.
 
We also may issue our shares of common stock from time to time as consideration for future acquisitions and investments. If any such acquisition or investment is significant, the number of shares that we may issue may in turn be significant. In addition, we may also grant registration rights covering those shares in connection with any such acquisitions and investments.
 
Investors purchasing common stock in this offering will experience immediate and substantial dilution.
 
The assumed initial public offering price of our common stock is substantially higher than the net tangible book value per outstanding share of our common stock immediately after this offering. As a result, you will pay a price per share that substantially exceeds the book value of our tangible assets after subtracting our liabilities. Purchasers of our common stock in this offering will incur immediate and substantial dilution of $      per share in the net tangible book value of our common stock from the assumed initial public offering price of $      per share, which is the mid-point of the estimated range set forth on the cover of this prospectus. If the underwriters exercise in


20


Table of Contents

full their option to purchase additional shares, there will be an additional dilution of $      per share in the net tangible book value of our common stock, assuming the same public offering price.
 
As a result of becoming a public company, we will be obligated to develop and maintain proper and effective internal controls over financial reporting and will be subject to other requirements that will be burdensome and costly. We may not complete our analysis of our internal controls over financial reporting in a timely manner, or these internal controls may not be determined to be effective, which may adversely affect investor confidence in our company and, as a result, the value of our common stock.
 
We will be required, pursuant to Section 404 of the Sarbanes-Oxley Act of 2002 (Section 404), to furnish a report by management on, among other things, the effectiveness of our internal control over financial reporting for the first fiscal year beginning after the effective date of this offering. This assessment will need to include disclosure of any material weaknesses identified by our management in our internal control over financial reporting, as well as a statement that our auditors have issued an attestation report on our management’s assessment of our internal controls.
 
We are just beginning the costly and challenging process of compiling the system and processing documentation before we perform the evaluation needed to comply with Section 404. We may not be able to complete our evaluation, testing and any required remediation in a timely fashion. During the evaluation and testing process, if we identify one or more material weaknesses in our internal control over financial reporting, we will be unable to assert that our internal control is effective. If we are unable to assert that our internal control over financial reporting is effective, or if our auditors are unable to attest that our management’s report is fairly stated or they are unable to express an opinion on the effectiveness of our internal control, we could lose investor confidence in the accuracy and completeness of our financial reports, which would have a material adverse effect on the price of our common stock. Failure to comply with the new rules might make it more difficult for us to obtain certain types of insurance, including director and officer liability insurance, and we might be forced to accept reduced policy limits and coverage and/or incur substantially higher costs to obtain the same or similar coverage. The impact of these events could also make it more difficult for us to attract and retain qualified persons to serve on our board of directors, on committees of our board of directors, or as executive officers.
 
In addition, as a public company, we will incur significant additional legal, accounting and other expenses that we did not incur as a private company, and our administrative staff will be required to perform additional tasks. For example, in anticipation of becoming a public company, we will need to create or revise the roles and duties of our board committees, adopt disclosure controls and procedures, retain a transfer agent, adopt an insider trading policy and bear all of the internal and external costs of preparing and distributing periodic public reports in compliance with our obligations under the securities laws. In addition, changing laws, regulations and standards relating to corporate governance and public disclosure, and related regulations implemented by the Securities and Exchange Commission and the Nasdaq Global Market, are creating uncertainty for public companies, increasing legal and financial compliance costs and making some activities more time consuming. These laws, regulations and standards are subject to varying interpretations, in many cases due to their lack of specificity, and, as a result, their application in practice may evolve over time as new guidance is provided by regulatory and governing bodies. We intend to invest resources to comply with evolving laws, regulations and standards, and this investment may result in increased general and administrative expenses and a diversion of management’s time and attention from revenue-generating activities to compliance activities. If our efforts to comply with new laws, regulations and standards differ from the activities intended by regulatory or governing bodies due to ambiguities related to practice, regulatory authorities may initiate legal proceedings against us and our business may be harmed.


21


Table of Contents

Anti-takeover provisions in our charter documents and under Delaware law could make an acquisition of us, which may be beneficial to our stockholders, more difficult and may prevent attempts by our stockholders to replace or remove our current management.
 
We intend to amend and restate our certificate of incorporation and bylaws, both of which will become effective upon the completion of this offering, to add provisions that may delay or prevent an acquisition of us or a change in our management. These provisions include a classified board of directors, a prohibition on actions by written consent of our stockholders, and the ability of our board of directors to issue preferred stock without stockholder approval. In addition, because we are incorporated in Delaware, we are governed by the provisions of Section 203 of the Delaware General Corporation Law, which prohibits stockholders owning in excess of 15% of our outstanding voting stock from merging or combining with us. Although we believe these provisions collectively provide for an opportunity to receive higher bids by requiring potential acquirors to negotiate with our board of directors, they would apply even if the offer may be considered beneficial by some stockholders. In addition, these provisions may frustrate or prevent attempts by our stockholders to replace or remove our current management by making it more difficult for stockholders to replace members of our board of directors, which is responsible for appointing the members of our management.


22


Table of Contents

 
SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS
 
This prospectus contains both historical and forward-looking statements. All statements other than statements of historical fact are, or may be deemed to be, forward-looking statements. For example, statements concerning projections, predictions, expectations, estimates or forecasts and statements that describe our objectives, plans or goals are or may be forward-looking statements. These forward-looking statements reflect management’s current expectations concerning future results and events and generally can be identified by use of expressions such as “may,” “will,” “should,” “could,” “would,” “predict,” “potential,” “continue,” “expect,” “anticipate,” “future,” “intend,” “plan,” “foresee,” “believe,” “estimate,” and similar expressions, as well as statements in future tense. These forward-looking statements include, but are not limited to, the following:
 
  •  expected growth in the markets for network security products;
 
  •  our plans to continue to invest in and develop innovative technology and products for our existing markets and other network security markets;
 
  •  the timing of expected introductions of new or enhanced products;
 
  •  our expectation of growth in our customer base and increasing sales to existing customers;
 
  •  our plans to increase revenue through more relationships with original equipment manufacturers, resellers, distributors, government suppliers and co-marketers;
 
  •  our plans to grow international sales;
 
  •  our plans to acquire and integrate new businesses and technologies;
 
  •  our plans to hire more network security experts and broaden our knowledge base; and
 
  •  our plans to hire additional sales personnel and the additional revenue we expect them to generate.
 
The forward-looking statements included in this prospectus are made only as of the date of this prospectus. We expressly disclaim any intent or obligation to update any forward-looking statements to reflect subsequent events or circumstances.
 
Forward-looking statements involve known and unknown risks, uncertainties and other factors that may cause our actual results, performance or achievements to be different from any future results, performance and achievements expressed or implied by these statements. These risks and uncertainties include, but are not limited to, the following:
 
  •  the market for network security products is rapidly evolving and the complex technology incorporated in our products makes them difficult to develop, and if we do not accurately predict, prepare for and respond promptly to technological and market developments and changing customer needs, our competitive position and prospects will be harmed;
 
  •  defects, errors or vulnerabilities in our software products would harm our reputation and divert resources;
 
  •  in the future, we may not be able to secure financing necessary to operate and grow our business as planned;
 
  •  claims that our products infringe the proprietary rights of others could harm our business and cause us to incur significant costs;
 
  •  we face intense competition in our market, especially from larger, better-known companies, and we may lack sufficient financial or other resources to maintain or improve our competitive position;
 
  •  new competitors could emerge or our customers or distributors could internally develop alternatives to our products and either development could impair our sales;
 
  •  if our new products and product enhancements do not achieve sufficient market acceptance, our results of operations and competitive position will suffer;
 
  •  if existing customers do not make subsequent purchases from us or if our relationships with our largest customers are impaired, our revenue could decline;


23


Table of Contents

 
  •  if we cannot attract sufficient government agency customers, our revenue and competitive position will suffer;
 
  •  if we do not continue to establish and effectively manage our OEM relationships, our revenue could decline;
 
  •  we are subject to risks of operating internationally that could impair our ability to grow our revenue abroad;
 
  •  our inability to acquire and integrate other businesses, products or technologies could seriously harm our competitive position;
 
  •  our inability to hire and retain key personnel would slow our growth; and
 
  •  our inability to effectively manage our headcount growth and expansion could seriously harm our ability to effectively run our business.


24


Table of Contents

 
USE OF PROCEEDS
 
Assuming an initial public offering price of $      per share, we estimate that we will receive net proceeds from this offering of approximately $      million, after deducting underwriting discounts and commissions and other estimated expenses of $      million payable by us. If the underwriters’ option to purchase additional shares in this offering is exercised in full we estimate that our net proceeds will be approximately $     million. We will not receive any proceeds from the sale of shares of our common stock by the selling stockholders.
 
We intend to use the net proceeds to us from this offering for working capital and other general corporate purposes, including financing our growth, developing new products and funding capital expenditures. In addition, we may choose to repay our credit facility with Silicon Valley Bank or expand our current business through acquisitions of other businesses, products or technologies. However, we do not have agreements or commitments for any specific repayments or acquisitions at this time.
 
Pending any use, as described above, we plan to invest the net proceeds in short-term, interest-bearing investment grade securities.
 
A $1.00 increase (decrease) in the assumed initial public offering price of $      per share would increase (decrease) the net proceeds to us from this offering by $     , assuming the number of shares offered by us, as set forth on the cover page of this prospectus, remains the same and after deducting the estimated underwriting discounts and commissions and estimated expenses payable by us.
 
DIVIDEND POLICY
 
We intend to retain all future earnings, if any, for use in the operation of our business and to fund future growth. We have never declared or paid any dividend on our capital stock and do not anticipate paying any dividends for the foreseeable future and the loan and security agreement governing our working capital line of credit restricts our ability to pay dividends or other distributions on our capital stock. The decision whether to pay dividends will be made by our board of directors in light of conditions then existing, including factors such as our results of operations, financial condition and requirements, business conditions and covenants under any applicable contractual arrangements.


25


Table of Contents

 
CAPITALIZATION
 
The following table sets forth our cash and cash equivalents and our capitalization as of September 30, 2006:
 
  •  on an actual basis;
 
  •  on a pro forma basis, giving effect to the conversion of all of the outstanding shares of our preferred stock into 23,226,683 shares of our common stock immediately prior to the completion of this offering; and
 
  •  on a pro forma as adjusted basis, giving effect to the conversion of all of the outstanding shares of our preferred stock into 23,226,683 shares of our common stock immediately prior to the completion of this offering and our sale of           shares of common stock in this offering, assuming an initial public offering price of $          , the midpoint of the estimated price range set forth on the cover of this prospectus, after deducting the estimated underwriting discounts and commissions and estimated offering expenses payable by us.
 
The numbers of shares of common stock shown as issued and outstanding exclude:
 
  •  4,457,866 shares that may be issued upon the exercise of options outstanding as of September 30, 2006;
 
  •  59,998 shares that may be issued upon the exercise of warrants outstanding as of September 30, 2006;
 
  •  1,044,194 shares that are reserved for issuance pursuant to our stock option plan as of September 30, 2006; and
 
  •  45,000 shares which are subject to repurchase by us.
 
You should read this table in conjunction with the consolidated financial statements and the related notes, “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” and “Description of Capital Stock” included elsewhere in this prospectus.


26


Table of Contents

                         
    As of September 30, 2006  
                Pro forma
 
    Actual     Pro forma     as adjusted  
    (unaudited)
 
    (dollars in thousands)  
 
Cash and cash equivalents
  $ 25,137     $ 25,137     $         
                         
Long-term debt
  $ 434     $ 434     $  
                         
Series A Convertible Preferred Stock, par value $.001 per share: 2,495,410 shares authorized, 2,475,410 shares issued and outstanding, actual; no shares authorized, no shares issued and outstanding, pro forma and pro forma as adjusted
    10,130              
Series B Convertible Preferred Stock, par value $.001 per share: 7,132,205 shares authorized, 7,132,205 shares issued and outstanding, actual; no shares authorized, no shares issued and outstanding, pro forma and pro forma as adjusted
    14,028              
Series C Convertible Preferred Stock, par value $.001 per share: 5,404,043 shares authorized, 5,404,043 shares issued and outstanding, actual; no shares authorized, no shares issued and outstanding, pro forma and pro forma as adjusted
    17,969              
Series D Convertible Preferred Stock, par value $.001 per share: 3,264,449 shares authorized, 3,264,449 shares issued and outstanding, actual; no shares authorized, no shares issued and outstanding, pro forma and pro forma as adjusted
    23,463              
Warrants to purchase Series A Convertible Preferred Stock
    25              
                         
Total convertible preferred stock and warrants
    65,615       —           —    
                         
Stockholders’ equity (deficit):
                       
Common Stock, par value $.001 per share: 36,500,000 authorized, 5,660,686 issued and outstanding, actual;          shares authorized, 28,886,807 shares issued and outstanding, pro forma;           shares authorized,           shares issued and outstanding, pro forma as adjusted
    6       29          
Preferred Stock, par value $.001 per share: no shares authorized, no shares issued and outstanding, actual and pro forma;           shares authorized, no shares issued and outstanding, pro forma as adjusted
                 
Unearned compensation
    (5 )     (5 )        
Additional paid-in capital
          65,592          
Accumulated deficit
    (40,277 )     (40,277 )        
                         
Total stockholders’ equity (deficit)
    (40,276 )     25,339          
                         
Total capitalization (including long-term debt)
  $ 25,773     $ 25,773     $  
                         


27


Table of Contents

 
DILUTION
 
Dilution is the amount by which the offering price paid by the purchasers of the common stock sold in the offering exceeds the net tangible book value per share of common stock after the offering. Net tangible book value per share is determined at any date by subtracting our total liabilities from the total book value of our tangible assets and dividing the difference by the number of shares of common stock deemed to be outstanding at that date.
 
Our pro forma net tangible book value as of September 30, 2006 was $25.3 million, or $0.88 per share, which gives effect to the conversion of all outstanding shares of our preferred stock into 23,226,683 shares of our common stock immediately prior to the completion of this offering. After giving effect to the receipt and our intended use of approximately $        million of estimated net proceeds from our sale of           shares of common stock in this offering at an assumed offering price of $        per share, our pro forma as adjusted net tangible book value as of September 30, 2006 would have been approximately $        million, or $        per share. This represents an immediate increase in pro forma net tangible book value of $        per share to existing stockholders and an immediate dilution of $        per share to new investors purchasing shares of common stock in the offering. The following table illustrates this substantial and immediate per share dilution to new investors:
 
                 
Assumed initial public offering price per share
          $       
Pro forma net tangible book value per share before this offering
  $ 0.88          
Increase per share attributable to investors in this offering
               
                 
As adjusted pro forma net tangible book value per share after this offering
               
                 
Dilution per share to new investors
          $    
                 
 
A $1.00 increase (decrease) in the assumed initial public offering price of $      per share would increase (decrease) our pro forma net tangible book value per share before this offering, by $     , the as adjusted pro forma net tangible book value per share after this offering by $      and the dilution per share to new investors in this offering by $     , assuming the number of shares offered by us, as set forth on the cover page of this prospectus, remains the same and after deducting the estimated underwriting discounts and commissions and estimated offering expenses payable by us.
 
The following table summarizes on an as adjusted pro forma basis as of September 30, 2006.
 
  •  the total number of shares of common stock purchased from us by our existing stockholders and by new investors purchasing shares in this offering;
 
  •  the total consideration paid to us by our existing stockholders and by new investors purchasing shares in this offering, assuming an initial public offering price of $      per share (before deducting the estimated underwriting discounts and commissions and estimated offering expenses payable by us in connection with this offering); and
 
  •  the average price per share paid by existing stockholders and by new investors purchasing shares in this offering:
 
                                         
    Shares purchased     Total consideration     Average price
 
    Number     Percent     Amount     Percent     per share  
 
Existing stockholders
    28,932,369             %   $ 56,874,105             %   $ 1.97  
Investors in the offering
                                      $    
                                         
Total
            100 %   $               100 %        
                                         


28


Table of Contents

A $1.00 increase (decrease) in the assumed initial public offering price of $      per share would increase (decrease) total consideration paid by new investors and the average price per share by $      and $     , respectively, assuming the number of shares offered by us, as set forth on the cover page of this prospectus, remains the same, and without deducting the estimated underwriting discounts and commissions and estimated expenses payable by us.
 
The tables and calculations above assume no exercise of:
 
  •  stock options outstanding as of September 30, 2006 to purchase 4,457,866 shares of common stock at a weighted average exercise price of $1.06 per share; or
 
  •  the underwriters’ over-allotment option.
 
To the extent any of these options are exercised, there will be further dilution to new investors.


29


Table of Contents

 
SELECTED CONSOLIDATED FINANCIAL DATA
 
The consolidated statement of operations data for the five years ended December 31, 2005 and the consolidated balance sheet data as of December 31, 2001, 2002, 2003, 2004 and 2005 have been derived from our audited consolidated financial statements. The statement of operations data for the nine months ended September 30, 2005 and 2006 and the balance sheet data as of September 30, 2006 were derived from our unaudited consolidated financial statements and related notes, which are included in this prospectus. The unaudited interim consolidated financial statements include, in the opinion of management, all adjustments that management considers necessary for the fair presentation of the financial information set forth in those statements. The selected consolidated financial data set forth below should be read in conjunction with “Management’s Discussion and Analysis of Financial Condition and Results of Operations” set forth below and our consolidated financial statements and related notes included elsewhere in this prospectus. The historical results are not necessarily indicative of the results to be expected in any future period and the results for the nine months ended September 30, 2006 should not be considered indicative of results expected for the full year.
 
                                                                 
    Year ended December 31,     Nine months ended September 30,        
    2001(1)     2002     2003     2004     2005     2005     2006        
                                  (unaudited)        
    (in thousands, except share, per share and other operating data)        
 
Consolidated statement of operations data:
                                                               
Revenue:
                                                               
Products
  $ 134     $ 1,704     $ 8,153     $ 12,738     $ 23,589     $ 14,889     $ 18,390          
Services
    25       197       1,328       3,955       9,290       6,335       10,544          
                                                                 
Total revenue
    159       1,901       9,481       16,693       32,879       21,224       28,934          
Cost of revenue:
                                                               
Products
    32       448       2,570       4,533       6,610       4,229       4,931          
Services
    12       155       436       872       1,453       981       2,016          
                                                                 
Total cost of revenue
    44       603       3,006       5,405       8,063       5,210       6,947          
Gross profit
    115       1,298       6,475       11,288       24,816       16,014       21,987          
Operating expenses
Research and development
    84       1,261       3,751       5,706       6,831       4,934       6,334          
Sales and marketing
    40       3,179       9,002       12,585       17,135       12,131       14,512          
General and administrative
    76       1,234       2,141       2,905       5,120       3,123       3,587          
Depreciation and amortization
    3       153       441       752       1,103       846       912          
                                                                 
Total operating expenses
    203       5,827       15,335       21,948       30,189       21,034       25,345          
                                                                 
Operating loss
    (88 )     (4,529 )     (8,860 )     (10,660 )     (5,373 )     (5,020 )     (3,358 )        
Other income (expense), net
    (12 )     22       16       164       (85 )     (50 )     442          
                                                                 
Net loss
    (100 )     (4,507 )     (8,844 )     (10,496 )     (5,458 )     (5,070 )     (2,916 )        
Accretion of preferred stock
          (356 )     (1,262 )     (2,451 )     (2,668 )     (2,001 )     (2,687 )        
                                                                 
Net loss attributable to common stockholders
  $ (100 )   $ (4,863 )   $ (10,106 )   $ (12,947 )   $ (8,126 )   $ (7,071 )   $ (5,603 )        
                                                                 
Net loss per common share:
                                                               
Basic and diluted
  $ (.03 )   $ (1.61 )   $ (2.89 )   $ (3.06 )   $ (1.56 )   $ (1.38 )   $ (1.03 )        
                                                                 
Pro forma (unaudited)(2)
                                  $ (0.22 )   $       $ (0.11 )        
                                                                 
Shares used in per common share calculations:
                                                               
Basic and diluted
    3,000,000       3,029,837       3,502,521       4,226,855       5,197,316       5,132,011       5,456,806          
Pro forma (unaudited)(2)
                                    25,159,550               26,944,685          
                                                                 
Other operating data:
                                                               
Number of sales in excess of $500,000
          1       2       5       9       4       6          
Number of new customers
                    161       136       149       116       171          
Cumulative number of Fortune 100 customers at end of period
          3       10       17       24       22       27          
Number of full-time employees at end of period
    4       46       84       107       135       142       174          
 


30


Table of Contents

                                                         
        As of
   
    As of December 31,   September 30,    
    2001   2002   2003   2004   2005   2006    
 
Consolidated balance sheet data:
                                                       
Cash and cash equivalents
  $ 132     $ 2,991     $ 5,315     $ 3,563     $ 1,106     $ 25,137          
Held-to-maturity investments
                      5,751       2,005       1,401          
Total assets
    188       4,928       10,316       20,016       21,250       43,854          
Long-term debt
          336       110       181       476       434          
Total liabilities
    180       2,031       5,166       10,177       16,340       18,515          
Total convertible preferred stock
          7,716       19,958       37,339       40,007       65,615          
Total stockholders’ equity (deficit)
    8       (4,819 )     (14,808 )     (27,500 )     (35,097 )     (40,276 )        
Dividends declared per share
                                           
 
(1) For the period January 22, 2001 (inception) to December 31, 2001.
 
(2) On a pro forma basis, giving effect to the conversion of all of the outstanding shares of our preferred stock into shares of our common stock immediately prior to the completion of this offering.

31


Table of Contents

 
MANAGEMENT’S DISCUSSION AND ANALYSIS OF
FINANCIAL CONDITION AND RESULTS OF OPERATIONS
 
The following discussion and analysis of our financial condition and results of operations should be read in conjunction with our consolidated financial statements and related notes that appear elsewhere in this prospectus. In addition to historical consolidated financial information, the following discussion contains forward-looking statements that reflect our plans, estimates and beliefs. Our actual results could differ materially from those discussed in the forward-looking statements. Factors that could cause or contribute to these differences include those discussed below and elsewhere in this prospectus, particularly in “Risk Factors.”
 
Overview
 
Sourcefire is a leading provider of intelligence driven, open source network security solutions that enable our customers to protect their computer networks in an effective, efficient and highly automated manner. We apply a comprehensive Discover, Determine and Defend, or 3D, approach to network security through which we: 1) discover potential threats and vulnerabilities, 2) determine the potential impact of those observations to the network and 3) defend the network through aggressive enforcement of security policies. We sell our security solutions to a diverse customer base that includes over 25 of the Fortune 100 companies and over half of the 30 largest U.S. government agencies. We also manage one of the security industry’s leading open source initiatives, Snort.
 
Our Sourcefire 3D approach is comprised of three key components:
 
RNA.  At the heart of the Sourcefire 3D security solution is Real-time Network Awareness, or RNA, our network intelligence product that provides persistent visibility into the composition, behavior, topology (the relationship of network components) and risk profile of the network. This information provides a platform for the Defense Center’s automated decision-making and network policy compliance enforcement. The ability to continuously discover characteristics and vulnerabilities of network assets, or endpoint intelligence, enables our Intrusion Prevention products to more precisely identify and block threatening traffic and to more efficiently classify threatening and/or suspicious behavior than products lacking network intelligence.
 
Intrusion Sensors.  The Intrusion Sensors utilize open source Snort® and our proprietary technology to monitor network traffic. These sensors compare observed traffic to a set of “Rules”, or a set of network traffic characteristics, which can be indicative of malicious activity. Once the Intrusion Sensors match a Rule to the observed traffic, they block malicious traffic and/or send an alert to the Defense Center for further analysis, prioritization and possible action.
 
Defense Center.  The Defense Center aggregates, correlates and prioritizes network security events from RNA Sensors and Intrusion Sensors to synthesize multipoint event correlation and policy compliance analysis. The Defense Center’s policy and response subsystems are designed to leverage existing IT infrastructure such as firewalls, routers, trouble ticketing, and patch management systems for virtually any task, including alerting, blocking and initiating corrective measures.
 
Historical Development of our Business
 
We were organized as a Delaware corporation and began operations in January 2001, and we sold our first commercial product, a Sourcefire Intrusion Sensor, in the summer of 2001. In 2002, we released the first version of the Defense Center product, closed our first round of institutional financing, raising approximately $7.5 million from the sale of Series A convertible preferred stock, and hired senior executives including our CEO, COO, VP of Sales and VP of Business Development. In 2003, we closed our second round of institutional financing, raising $11 million from the sale of Series B convertible preferred stock, released our RNA product and hired our CFO and VP of Engineering. In 2004, we completed our third round of institutional financing, raising $15 million from the sale of Series C convertible preferred stock, exceeded 100 total employees, hired our chief marketing officer and introduced the Sourcefire 3D suite of products. In 2005, we leased approximately 40,000 square feet of office space for our corporate headquarters including a 4,000 square foot state-of-the-art security lab, received NSS gold certification for our intrusion detection product, released our enterprise class intrusion sensor product and entered


32


Table of Contents

into a definitive merger agreement to be acquired by Check Point Software Technologies Ltd. for $225 million. In 2006, we mutually terminated the merger agreement with Check Point, closed our fourth round of institutional financing, raising $23 million from the sale of Series D convertible preferred stock, and achieved our first quarter of cash flow positive results.
 
Key Financial Metrics and Trends
 
Pricing and Discounts
 
We maintain a standard price list for all our products and we have not changed our list pricing during the past. Additionally, we have a corporate policy that governs the level of discounting our sales organization may offer on our products based on factors such as transaction size, volume of products, federal or state programs, reseller or distributor involvement and the level of technical support commitment. Our total product revenue and the resulting cost of revenue and gross profit percentage are directly affected by our ability to manage our product pricing policy. Although we have not experienced pressure to reduce our prices, competition is increasing and, in the future, we may be forced to reduce our prices to remain competitive.
 
Revenue
 
We currently derive revenue from product sales and services. Product revenue is principally derived from the sale of our network security solutions. Our network security solutions include a perpetual software license bundled with a third-party hardware platform. Services revenue is principally derived from technical support and professional services. We typically sell technical support to complement our network security solutions. Technical support entitles a customer to product updates, new Rules releases and both telephone and web assistance for using our products. Our professional services revenue includes optional on-site network security deployment consulting, and classroom and online training for managing a network security solution.
 
Product sales are typically recognized as revenue at shipment of the product to the customer, whether sold directly or through resellers. For sales made through distributors and original equipment manufacturers, or OEMs, we do not recognize revenue until we receive the monthly sales report which indicates the sell-through volume to end user customers. Revenue from services is recognized when the services are performed. For technical support services, revenue is recognized ratably over the term of the support arrangement, which is usually a 12-month agreement providing for payment in advance and automatic renewals.
 
We sell our network security solutions globally. However, over 80% of our revenue for was generated by sales to U.S.-based customers. We expect that our revenue from customers based outside of the United States will increase in amount and as a percentage of total revenue as we execute our strategy to strengthen our international presence. We also expect that our revenue from sales through OEMs and distributors will increase in amount and as a percentage of total revenue as we execute our strategy to expand such relationships. We manage our operations on a consolidated basis for purposes of assessing performance and making operating decisions. Accordingly, our business does not have reportable segments.
 
Revenue from product sales has been highly seasonal, with more than one-third of our total product revenue in recent fiscal years generated in the fourth quarter. The timing of our year-end shipments could materially affect our fourth quarter product revenue in any fiscal year and sequential quarterly comparisons. Revenue from our government customers has occasionally been influenced by the September 30th fiscal year-end of the U.S. federal government, which has historically resulted in our revenue from government customers being highest in the third quarter. Although we do not expect these general seasonal patterns to change substantially in the future, our revenue within a particular quarter is often affected significantly by the unpredictable procurement patterns of our customers. Our prospective customers usually spend a long time evaluating and making purchase decisions for network security solutions. Historically, many of our customers have not finalized their purchasing decisions until the final weeks or days of a quarter. We expect these purchasing patterns to continue in the future. Therefore, a delay in even one large order beyond the end of the quarter could materially reduce our anticipated revenue for a quarter. Because many of our expenses must be incurred before we expect to generate revenue, delayed orders could negatively impact our results of operations for the period and cause us to fail to meet the financial performance expectations of securities industry research analysts or investors.


33


Table of Contents

Cost of Revenue
 
Cost of product revenue includes the cost of the hardware platform bundled into our network security solution, royalties for third-party software included in our network security solution, materials and labor that go into the quality assurance of our products, logistics, warranty, shipping and handling costs and depreciation and amortization. For the nine months ended September 30, 2006 and for the year ended December 31, 2005, cost of product revenue was 27% and 28% of total product revenue, respectively. Hardware costs, which are our most significant cost items, generally have not fluctuated materially as a percentage of revenue in recent years because competition among hardware platform suppliers has remained strong and, therefore, our hardware cost has remained consistent. Because of the competition among hardware suppliers and our outsourcing of the manufacture of our products to four separate domestic contract manufacturers, we currently have no reason to expect that our cost of product revenue as a percentage of total product revenue will change significantly in the foreseeable future due to hardware pricing increases. However, hardware or other costs of manufacturing may increase in the future. We incur labor and associated overhead expenses, such as occupancy costs and fringe benefits costs, as part of managing the manufacturing process. These costs are included as a component of our cost of product revenue, but they have not been material.
 
Cost of service revenue includes the direct labor costs of professionals and outside consultants engaged to furnish those services, as well as their travel and associated direct material costs. Additionally, we include in cost of service revenue an allocation of overhead expenses such as occupancy costs, fringe benefits and supplies. For the nine months ended September 30, 2006 and for the year ended December 31, 2005, cost of service revenue was 19% and 16% of total service revenue, respectively, and, although we anticipate incurring additional costs in the future for increased personnel to support and service our growing customer base, we do not expect the cost of service revenue as a percentage of service revenue to change materially in the future.
 
Gross Profit
 
Our gross profit is affected by a variety of factors, including competition, the mix and average selling prices of our products, our pricing policy, technical support and professional services, new product introductions, the cost of hardware platforms, the cost of labor to generate such revenue and the mix of distribution channels through which our products are sold. Although we have not had to reduce the prices of our products or vary our pricing policy in recent years, our gross profit would be adversely affected by price declines if we are unable to reduce costs on existing products and to continue to introduce new products with higher margins. Currently, product sales typically have a lower gross profit as a percentage of revenue than our services due to the cost of the hardware platform. Our gross profit for any particular quarter could be adversely affected if we do not complete sales of higher margin products by the end of the quarter. As discussed above, many of our customers do not finalize purchasing decisions until the final weeks or days of a quarter, so a delay in even one large order of a higher-margin product could reduce our total gross profit percentage for that quarter. For the nine months ended September 30, 2006 and for the year ended December 31, 2005, gross profit was 76% and 75% of total revenue, respectively. Based on current market conditions, we do not expect these percentages to change significantly in the foreseeable future, although unexpected pricing pressures or an increase in hardware or other costs would cause our gross profit percentage to decline.
 
Operating Expenses
 
Research and Development.  Research and development expenses consist primarily of payroll, benefits and related costs for our engineers, occupancy costs and other overhead, costs for sophisticated components used in product and prototype development and costs of test equipment used during product development.
 
We have significantly expanded our research and development capabilities and expect to continue to expand these capabilities in the future. All of our research and development is performed in the United States. We are committed to increasing the level of innovative design and development of new products as we strive to enhance our ability to serve our existing commercial and federal government markets as well as new markets for security solutions. To meet the changing requirements of our customers, we will need to fund investments in several development projects in parallel. Accordingly, we anticipate that our research and development expenses will


34


Table of Contents

continue to increase in absolute dollars for the foreseeable future, but should decline moderately as a percentage of total revenue as we expect to grow our sales more rapidly than our research and development expenditures. For the nine months ended September 30, 2006, and for the year ended December 31, 2005, research and development expense was $6.3 million and $6.8 million, or 22% and 21% of total revenue, respectively.
 
Sales and Marketing.  Sales and marketing expenses consist primarily of salaries, incentive compensation, benefits and related costs for: sales and marketing personnel; trade show, advertising, marketing and other brand-building costs; marketing consultants and other professional services; training, seminars and conferences; travel and related costs; and occupancy and other overhead costs.
 
As we focus on increasing our market penetration, expanding internationally and continuing to build brand awareness, we anticipate that selling and marketing expenses will continue to increase in absolute dollars, but decrease as a percentage of our revenue, in the future.
 
For the nine months ended September 30, 2006, and for the year ended December 31, 2005, sales and marketing expense was $14.5 million and $17.1 million, or 50% and 52% of total revenue, respectively.
 
General and Administrative.  General and administrative expenses consist primarily of: salaries, incentive compensation, benefits and related costs for executive, finance, information system and administrative personnel; legal, accounting and tax preparation and advisory fees; travel and related costs; information systems and infrastructure costs; and occupancy and other overhead costs.
 
We expect our general and administrative expenses to increase due to our preparations to become and to operate as a public company, including costs associated with compliance with Section 404 of the Sarbanes-Oxley Act, directors’ and officers’ liability insurance, increased professional services and a new investor relations function.
 
For the nine months ended September 30, 2006, and for the year ended December 31, 2005, general and administrative expense was $3.6 million and $5.1 million, or 13% and 16% of total revenue, respectively.
 
Stock-Based Compensation.  Prior to January 1, 2006, our stock-based compensation expense consisted primarily of the amortization of unearned compensation related to grants of restricted shares of our common stock to certain officers and employees in 2002 and 2003, as well as the modification of certain fixed stock option awards subsequent to their grant date. Total stock-based compensation expenses recorded in our statements of operations for 2003, 2004 and 2005 were $72,000, $177,000 and $470,000, respectively.
 
Effective January 1, 2006, the Company adopted the fair value recognition provisions of the Financial Accounting Standards Board’s SFAS No. 123(R), “Share-Based Payment,” using the prospective transition method, which requires the Company to apply its provisions only to awards granted, modified, repurchased or cancelled after the effective date. Under this transition method, stock-based compensation expense recognized beginning January 1, 2006 is based on the grant date fair value of stock awards granted or modified after January 1, 2006.
 
As a result of adopting SFAS No. 123(R) on January 1, 2006, based on the estimated grant-date fair value of employee stock options subsequently granted or modified, the Company recognized aggregate stock-based compensation expense of $239,000 for the nine months ended September 30, 2006. The Company uses the Black-Scholes option pricing model to estimate the calculated value of granted stock options. The use of option valuation models requires the input of highly subjective assumptions, including the expected term and the expected stock price volatility.
 
The grant date fair value of options not yet recognized as expense as of September 30, 2006 aggregated approximately $761,000, net of estimated forfeitures, which will be recognized over a weighted-average period of approximately four years. We expect to record aggregate amortization of stock-based compensation of approximately $98,000 in the fourth quarter of 2006 from these outstanding awards, subject to continued vesting. In addition, we expect to record aggregate amortization of stock-based compensation of approximately $308,000, $217,000, $128,000, and $10,000 during fiscal years 2007, 2008, 2009 and 2010, respectively, from these outstanding awards, subject to continued vesting.


35


Table of Contents

Critical Accounting Policies and Estimates
 
Our consolidated financial statements are prepared in accordance with accounting principles generally accepted in the United States of America. The preparation of these consolidated financial statements requires us to make estimates and assumptions that affect the reported amounts of assets, liabilities, revenue, costs and expenses and related disclosures. We evaluate our estimates and assumptions on an ongoing basis. Our actual results may differ from these estimates.
 
We believe that, of our significant accounting policies, which are described in Note 2 to the notes to our consolidated financial statements, the following accounting policies involve a greater degree of judgment and complexity. Accordingly, we believe that the following accounting policies are the most critical to aid in fully understanding and evaluating our consolidated financial condition and results of operations.
 
Revenue Recognition.  The Company recognizes substantially all of its revenue in accordance with Statement of Position No. 97-2, “Software Revenue Recognition,” or SOP 97-2, as amended by SOP 98-4 and SOP 98-9. We establish persuasive evidence of an arrangement for each type of revenue transaction based on:
 
  •  in the case of direct sales or indirect sales through some resellers or distributors, either a signed contract with the end user customer or a click-wrap contract embedded in the product, whereby the end user customer agrees to our standard terms and conditions,
 
  •  in the case of indirect sales through OEMs or some resellers or distributors, a signed distribution contract with OEMs and other resellers; or
 
  •  in the case of services, including support, training and other professional services, through the execution of a separate services arrangement.
 
For each arrangement, we defer revenue recognition until all of the following criteria have been met:
 
  •  persuasive evidence of an arrangement exists (e.g., a signed contract);
 
  •  delivery of the product has occurred and there are no remaining obligations or substantive customer acceptance provisions;
 
  •  the fee is fixed or determinable; and
 
  •  collection of the fee is probable.
 
We allocate the total value of the arrangement among each deliverable based on its fair value as determined by vendor-specific objective evidence, such as standard product discount levels, daily service rates and consistent support level renewal pricing. If vendor-specific objective evidence of fair value does not exist for each of the deliverables, all revenue from the arrangement is further deferred until the earlier of the point at which sufficient vendor-specific objective evidence of fair value can be determined or all elements of the arrangement have been delivered. However, if the only undelivered elements are technical support and/or professional services, elements for which we currently have established vendor specific objective evidence of fair value, we recognize revenue for the delivered elements using the residual method. Changes in judgments and estimates about these assumptions could materially impact the timing of revenue recognition.
 
Accounting for Stock-Based Compensation.  Prior to January 1, 2006, the Company accounted for stock-based compensation using the intrinsic value method prescribed in Accounting Principles Board Opinion No. 25, “Accounting for Stock Issued to Employees,” or APB No. 25, and related interpretations. Accordingly, compensation cost for stock options generally was measured as the excess, if any, of the estimated fair value of the Company’s common stock over the amount an employee must pay to acquire the common stock on the date that both the exercise price and the number of shares to be acquired pursuant to the option are fixed. The Company had adopted the disclosure-only provisions of SFAS No. 123, “Accounting for Stock-Based Compensation,” and SFAS No. 148, “Accounting for Stock-Based Compensation — Transition and Disclosure,” which was released in December 2002 as an amendment to SFAS No. 123, and used the minimum value method of valuing stock options as allowed for non-public companies.


36


Table of Contents

In December 2004, the Financial Accounting Standards Board issued SFAS No. 123(R), “Share-Based Payment,” which revised SFAS No. 123 and supersedes APB No. 25. SFAS 123(R) focuses primarily on transactions in which an entity obtains employee services in exchange for share-based payments. Under SFAS 123(R), an entity is generally required to measure the cost of employee services received in exchange for an award of equity instruments based on the grant-date fair value of the award, with such cost recognized over the applicable requisite service period. In addition, SFAS 123(R) requires an entity to provide certain disclosures in order to assist in understanding the nature of share-based payment transactions and the effects of those transactions on the financial statements. The provisions of SFAS No. 123(R) are required to be applied as of the beginning of the first interim or annual reporting period of the entity’s first fiscal year that begins after December 15, 2005.
 
Effective January 1, 2006, the Company adopted the fair value recognition provisions of SFAS No. 123(R) using the prospective transition method, which requires the Company to apply the provisions of SFAS No. 123(R) only to awards granted, modified, repurchased or cancelled after the effective date. Under this transition method, stock-based compensation expense recognized beginning January 1, 2006 is based on the grant date fair value of stock awards granted or modified after January 1, 2006. As the Company had used the minimum value method for valuing its stock options under the disclosure requirements of SFAS 123, all options granted prior to January 1, 2006 continue to be accounted for under APB No. 25.
 
We have historically granted stock options at exercise prices equivalent to the fair value of our common stock as estimated by our board of directors, with input from management, as of the date of grant. Prior to April 2006, our management and board of directors determined the fair value of our common stock using a contemporaneous preferred stock transaction approach which applied discounts for valuation differences due to: conversion privileges, dividends, control, and seniority and liquidation preferences. We also considered the impact of operating and financial performance and the achievement of corporate milestones for grants made in the period between independent preferred stock transactions. These valuations yielded values ranging from $0.20 per share in January 2003 to $5.15 in December 2005.
 
In early April 2006, we engaged an independent valuation specialist to perform a contemporaneous valuation of our common stock as of March 31, 2006. On April 27, 2006, the independent valuation specialist delivered a report stating that the fair value of our common stock as of March 31, 2006 was $3.24 per share. In August 2006, we engaged an independent valuation specialist to perform a contemporaneous valuation of our common stock as of August 25, 2006. On August 29, 2006, the independent valuation specialist delivered a report stating that the fair value of our common stock as of August 25, 2006 was $4.70 per share.
 
The Company uses the Black-Scholes option pricing model to estimate the calculated value of granted stock options. The use of option valuation models requires the input of highly subjective assumptions, including the expected term and the expected stock price volatility. Additionally, the recognition of expense requires the estimation of the number of options that will ultimately vest and the number of options that will ultimately be forfeited. Accordingly, the use of different estimates and assumptions can have a significant impact on the amount of stock-based compensation that is measured and recognized.
 
Accounting for Income Taxes.  Deferred taxes are determined based on the difference between the financial statement and tax basis of assets and liabilities using enacted tax rates in effect in the years in which the differences are expected to reverse. Valuation allowances are provided if, based upon the weight of available evidence, it is more likely than not that some or all of the deferred tax assets will not be realized.
 
To date, for U.S. federal income tax purposes, we have operated in a loss position. We have $26.6 million of net operating loss carry-forwards as of December 31, 2005, although the use of these net operating loss carry-forwards may be significantly limited by changes in our ownership. As of December 31, 2005, we recorded a full valuation allowance against net deferred tax assets, including deferred tax assets generated by net operating loss carry-forwards. These carry-forwards will begin to expire in 2022. We expect that, to the extent we have taxable income in years before their expiration, these net operating loss carry-forwards will impact our effective tax rate.
 
Warranty.  We provide a one-year warranty against defects in materials and workmanship and will either repair the goods or provide replacement products at no charge to the customer. We record estimated warranty costs, currently at approximately 2.4% of product revenue, based on historical experience by product, at the time we


37


Table of Contents

recognize product revenue. As the complexity of our products increases, we could experience higher warranty claims relative to sales than we have previously experienced, and we may need to increase these estimated warranty reserves.
 
Bad Debt Reserve.  We have historically used a rate of 1.0% of outstanding accounts receivable to estimate our reserve for bad debts based on analysis of past due balances and historical experiences of write-offs. As we expand our business, we expect our accounts receivable balance to grow. If our future experience of actual write-offs for bad debts exceeds 1.0% of our accounts receivable balance, we will have to increase our reserve accordingly.
 
Inventory Valuation.  We outsource our manufacturing and our products are generally drop-shipped directly to our customers by the manufacturers. Therefore, we usually carry relatively little inventory. The inventory on our balance sheet primarily includes products that we use for demonstration purposes at customer locations. We value our inventory at the lower of the actual cost of our inventory or its current estimated market value. We write down inventory for obsolescence or lack of marketability based upon condition of the inventory and our view about future demand and market conditions. Because of the seasonality of our product sales, obsolescence of technology and product life cycles, we generally write down inventory to net realizable value based on forecasted product demand. Actual demand and market conditions may be lower than those that we project and this difference could have a material adverse effect on our gross profit if inventory write-downs beyond those initially recorded become necessary.
 
Results of Operations
 
The following table sets forth our results of operations for the periods shown:
 
                                         
                      Nine months ended
 
    Year ended December 31,     September 30,  
    2003     2004     2005     2005     2006  
                      (unaudited)  
    (in thousands)  
 
Revenue:
                                       
Products
  $ 8,153     $ 12,738     $ 23,589     $ 14,889     $ 18,390  
Services
    1,328       3,955       9,290       6,335       10,544  
                                         
Total revenue
    9,481       16,693       32,879       21,224       28,934  
Cost of revenue:
                                       
Products
    2,570       4,533       6,610       4,229       4,931  
Services
    436       872       1,453       981       2,016  
                                         
Total cost of revenue
    3,006       5,405       8,063       5,210       6,947  
                                         
Gross profit
    6,475       11,288       24,816       16,014       21,987  
Operating expenses:
                                       
Research and development
    3,751       5,706       6,831       4,934       6,334  
Sales and marketing
    9,002       12,585       17,135       12,131       14,512  
General and administrative
    2,141       2,905       5,120       3,123       3,587  
Depreciation and amortization
    441       752       1,103       846       912  
                                         
Total operating expenses
    15,335       21,948       30,189       21,034       25,345  
                                         
Operating loss
    (8,860 )     (10,660 )     (5,373 )     (5,020 )     (3,358 )
Other income (expense), net
    16       164       (85 )     (50 )     442  
                                         
Net loss
  $ (8,844 )   $ (10,496 )   $ (5,458 )   $ (5,070 )   $ (2,916 )
                                         


38


Table of Contents

The following table sets forth our results of operations as a percentage of total revenue for the periods shown:
 
                                         
          Nine months ended
 
    Year ended December 31,     September 30,  
    2003     2004     2005     2005     2006  
                      (unaudited)  
    (% of revenue)  
 
Revenue:
                                       
Products
    86 %     76 %     72 %     70 %     64 %
Services
    14       24       28       30       36  
                                         
Total revenue
    100       100       100       100       100  
                                         
Cost of revenue:
                                       
Products
    27       27       20       20       17  
Services
    5       5       5       5       7  
                                         
Total cost of revenue
    32       32       25       25       24  
                                         
Gross profit
    68       68       75       75       76  
Operating expenses:
                                       
Research and development
    39       34       21       23       22  
Sales and marketing
    95       75       52       57       50  
General and administrative
    22       18       16       15       13  
Depreciation and amortization
    5       5       3       4       3  
                                         
Total operating expenses
    161       132       92       99       88  
                                         
Operating loss
    (93 )     (64 )     (17 )     (24 )     (12 )
Other income (expense), net
          1                   2  
                                         
Net loss
    (93 )%     (63 )%     (17 )%     (24 )%     (10 )%
                                         
 
Comparison of Nine Months Ended September 30, 2006 to Nine Months Ended September 30, 2005
 
Revenue.  Our total revenue increased 36% to $28.9 million in the nine months ended September 30, 2006 from $21.2 million in the nine months ended September 30, 2005. Product revenue increased 24% to $18.4 million in the nine months ended September 30, 2006 from $14.9 million in the nine months ended September 30, 2005. We did not introduce any new products in the 2006 period nor did we change the prices of our products from 2005 to 2006. Therefore, the increase in product revenue was driven primarily by higher demand for our network security solutions available throughout both periods. Our services revenue increased 66% to $10.5 million in the nine months ended September 30, 2006 from $6.3 million in the nine months ended September 30, 2005. The increase in services revenue resulted primarily from support services being provided to a larger installed customer base in the 2006 period.
 
Cost of Revenue.  Our total cost of revenue increased 33% to $6.9 million in the nine months ended September 30, 2006, compared to $5.2 million in the nine months ended September 30, 2005. Our product cost of revenue increased 17% to $4.9 million in the nine months ended September 30, 2006, compared to $4.2 million in the nine months ended September 30, 2005. During these periods, we did not experience a material increase in our cost per unit of hardware platforms, which is the largest component of our product cost of revenue. The increase in product cost of revenue was driven primarily by higher volume demand for our network security solutions for which we must procure and provide the hardware platform to our customers. Our services cost of revenue increased 106% to $2.0 million in the nine months ended September 30, 2006, compared to $1.0 million in the nine months ended September 30, 2005. Of this increase, $0.5 million was attributable to our hiring of additional personnel to both service our larger installed customer base and to provide training and professional services to our customers, and


39


Table of Contents

$0.3 million was attributable to extending the service contracts with the manufacturers for the hardware platform included with our products for our installed base of customers.
 
Gross Profit.  Gross profit increased 37% to $22.0 million in the nine months ended September 30, 2006, from $16.0 million in the nine months ended September 30, 2005. Gross profit as a percentage of total revenue was the nine months ended September 30, 2006 and the nine months ended September 30, 2005. This percentage did not vary much between the periods because our product mix, the selling prices of our products and our hardware platform costs remained relatively stable throughout both periods. The increase of $6.0 million in gross profit was primarily due to the increase in product sales and the increase in the number of our customers that had contracted with us for support arrangements.
 
Research and Development.  Research and development expenses increased 28% to $6.3 million, or total revenue, in the nine months ended September 30, 2006 from $4.9 million, or 23% of total revenue, in the nine months ended September 30, 2005. The increase in the amount of research and development expenses was primarily due to an increase in payroll and benefits of $1.3 million in the nine months ended September 30, 2006, which resulted from adding personnel in our research and development department to support the release of new RNA, intrusion sensor and defense center products between October 2005 and May 2006. In addition, at the beginning of 2006, we began product development work on a new release of the Snort intrusion detection engine.
 
Sales and Marketing.  Sales and marketing expenses increased 20% to $14.5 million, 50% of total revenue, in the nine months ended September 30, 2006 from $12.1 million, or 57% of total revenue, in the nine months ended September 30, 2005. The increase in the amount of sales and marketing expenses was primarily due to an increase of $2.0 in salaries and incentive compensation expense for additional sales personnel as well as an increase of approximately $150,000 in marketing expenses to support our growth and product brand recognition programs and an increase of $100,000 for our European sales office in advertising and promotion expenses in support of our 3D marketing message for our network security solutions.
 
General and Administrative.  General and administrative expenses increased 15% to $3.6 million, or 13% of total revenue, in the nine months ended September 30, 2006 from $3.1 million, or 15% of total revenue, in the nine months ended September 30, 2005. The increase in the amount of general and administrative expenses was primarily due to additional legal costs of $500,000 associated with the planned merger with Check Point Software Technologies, Ltd., and additional payroll and benefits costs of approximately $500,000 for personnel hired in our accounting, information technology, human resources and legal departments.
 
Depreciation and Amortization.  Depreciation and amortization expenses increased 8% to $912,000 in the nine months ended September 30, 2006 from $846,000 in the nine months ended September 30, 2005. These expenses increased principally because of additional personal computers purchased for personnel hired during 2006.
 
Comparison of Years Ended December 31, 2005 and 2004
 
Revenue.  Our total revenue increased 97% to $32.9 million in the year ended December 31, 2005 from $16.7 million in the year ended December 31, 2004. Product revenue increased 85% to $23.6 million in 2005 from $12.7 million in 2004. The increase in product revenue was driven by increasingly strong demand for our network security solutions, particularly by Fortune 100 companies, of which we added seven as customers during 2005, and by $900,000 in sales of our enterprise class intrusion sensors which were introduced in 2005. We made no material changes in the selling prices of our products in 2004 or 2005. Our services revenue increased 135% to $9.3 million in 2005 from $4.0 million in 2004. The $5.3 million increase resulted primarily from an additional $4.4 million in revenue generated from support services being provided to a larger installed customer base in 2005 than in 2004, and a $880,000 increase in professional and training services revenue resulting from our increase in the number of training programs and the personnel to provide these services in 2005 over 2004. During 2005, we created the Sourcefire Certification Program to provide training for network security professionals.
 
Cost of Revenue.  Our total cost of revenue increased 49% to $8.1 million in the year ended December 31, 2005 from $5.4 million in the year ended December 31, 2004. Our product cost of revenue increased 46% to $6.6 million in 2005, compared to $4.5 million in 2004. The increase in product cost of revenue was primarily


40


Table of Contents

attributable to additional hardware platform costs for the approximately 550 incremental units shipped in 2005 over the amount shipped in 2004, as well as the shipment of our more costly enterprise class intrusion sensors, which were introduced in August 2005. Our cost for hardware platforms and manufacturing did not change materially between 2004 and 2005. Additionally our royalty cost of providing third party software in our products increased by approximately $400,000. Our services cost of revenue increased 67% to $1.5 million in the 2005, compared to $872,000 in 2004. Of this increase, approximately $250,000 was attributable to salaries, bonuses and associated employee benefits and overhead costs for our hiring of additional training and professional service personnel in 2005, with a further $200,000 attributable to travel, facilities and consulting costs incurred in the provision of training and services in 2005 over 2004.
 
Gross Profit.  Our gross profit increased 120% to $24.8 million in 2005, from $11.3 million in 2004. Gross profit as a percentage of total revenue increased to 75% in 2005 from 68% in 2004. This increase in gross profit, as a percentage of total revenue, was principally due to a change in product mix between the periods, with a larger percentage of higher margin products being sold in 2005, and significant growth in our customer support revenue of $4.5 million, which did not require an equivalent incremental expense for support personnel.
 
Research and Development.  Research and development expenses increased 20% to $6.8 million, or 21% of total revenue, in the year ended December 31, 2005 from $5.7 million, or 34% of total revenue, in the year ended December 31, 2004. In 2005, we increased our research and development staff to support the development of enhancements to our 3D product line and the introduction of our enterprise class intrusion sensor, which resulted in an approximate increase of $500,000 in compensation and benefits for additional research and development personnel. Additionally we submitted our products to multiple independent security testing processes in 2005, which cost us an additional $418,000 in testing and certification.
 
Sales and Marketing.  Sales and marketing expenses increased 36% to $17.1 million, or 52% of total revenue, in the year ended December 31, 2005 from $12.6 million, or 75% of total revenue, in the year ended December 31, 2004. The reduction in the percentage of sales and marketing costs to total revenue resulted primarily from an increase in support revenue as well as an increase in sales efficiency against higher sales quotas. The increase of $4.5 million in 2005 resulted primarily from $1.7 million in additional compensation and benefits for personnel added to the sales force, $1.6 million in additional incentive compensation earned on significantly higher sales volume and an increase of $700,000 in marketing expenses to support the company’s growth and product brand recognition programs.
 
General and Administrative.  General and administrative expenses increased to $5.1 million, or 16% of total revenue in the year ended December 31, 2005 from $2.9 million, or 17% of total revenue in the year ended December 31, 2004. The significant increase in 2005 resulted from $1.1 million in legal fees, including $750,000 of one-time fees resulting from our planned acquisition by Check Point Software Technologies, Ltd., and approximately $900,000 in additional compensation and benefits for additional general and administrative personnel.
 
Depreciation and Amortization.  Depreciation and amortization expenses increased 47% to $1.1 million in the year ended December 31, 2005 from $752,000 in the year ended December 31, 2004. These expenses increased principally because of additional amortization of leasehold improvements made to our principal place of business into which we moved in April 2005.
 
Comparison of Years Ended December 31, 2004 and 2003
 
Revenue.  Our total revenue increased 76% to $16.7 million in the year ended December 31, 2004, from $9.5 million in the year ended December 31, 2003. Product revenue increased 56% to $12.7 million in 2004 from $8.2 million in 2003. The increase in product revenue in 2004 resulted primarily from the first full year of sales for both our RNA product, which was introduced in December 2003, and our enterprise class Defense Center, which was introduced in September 2003. Our services revenue increased 198% to $4.0 million in 2004 from $1.3 million in 2003. The increase in services revenue resulted primarily from a $2.3 million increase in our support services for our growing customer base as well as the first year of professional training and service revenues of $330,000, which programs were initiated in early 2004.


41


Table of Contents

Cost of Revenue.  Our total cost of revenue increased to $5.4 million, or 32% of total revenue in 2004, from $3.0 million, or 32% of total revenue, in 2003. Our product cost of revenue increased 76% to $4.5 million in 2004, compared to $2.6 million in 2003. The increase in product cost of revenue is primarily due to the increase in product revenue of $4.5 million and the resulting increase in our cost of hardware of $1.5 million. The cost of the hardware platforms as a percentage of the selling price remained relatively static at 29% and 27% for 2004 and 2003, respectively. Our services cost of revenue increased 100% to $872,000 in 2004 from $436,000 in 2003. This increase was attributable to the addition in 2004 of personnel to perform training services, which contributed $440,000 of additional compensation, benefits and associated supplies and overhead expenses.
 
Gross Profit.  Gross profit increased to $11.3 million in 2004 from $6.5 million in 2003. Gross profit as a percentage of total revenue was 68% for both 2004 and 2003. The $4.8 million increase was achieved primarily by increasing the volume of products sold while maintaining a consistent hardware platform cost per unit relative to revenue of 29% and 27% in 2004 and 2003, respectively.
 
Research and Development.  Research and development expenses increased 52% to $5.7 million, or 34% of total revenue, in the year ended December 31, 2004 from $3.8 million, or 40% of total revenue, in the year ended December 31, 2003. The increase of $1.9 million resulted primarily from the addition of hired personnel and outside consultants to our research and development team to support the development of our RNA product, which contributed an increase of $1.4 million in compensation and benefits expenses and $585,000 of consulting costs in 2004.
 
Sales and Marketing.  Sales and marketing expenses increased 40% to $12.6 million, or 75% of total revenue, in the year ended December 31, 2004 from $9.0 million, or 95% of total revenue in the year ended December 31, 2003. The reduction in the percentage of sales and marketing costs to total revenue resulted primarily from an increase in support revenue as well as an increase in sales efficiency against higher sales quotas. The increase of $3.6 million in 2004 was primarily due to approximately $700,000 for salary and benefits for the addition of personnel to the sales force, approximately $900,000 in additional incentive compensation earned on significantly higher sales volume and an increase of $800,000 in marketing programs to support the company’s growth and product brand recognition.
 
General and Administrative.  General and administrative expenses increased to $2.9 million, or 17% of total revenue, in the year ended December 31, 2004 from $2.1 million, or 23% of total revenue in the year ended December 31, 2003. The increase in 2004 resulted primarily from additional personnel in finance and information technology, which added approximately $600,000 of compensation and benefits expenses.
 
Depreciation and Amortization.  Depreciation and amortization expenses increased 71% to $752,000 in the year ended December 31, 2004 from $441,000 in the year ended December 31, 2003. These expenses increased principally because of $200,000 of additional depreciation expense on our fixed assets due to both an increase in purchases of testing equipment for our research and development lab as well as personal computers for additional personnel hired during 2004.


42


Table of Contents

Quarterly Results of Operations
 
You should read the following tables presenting our unaudited quarterly results of operations in conjunction with the consolidated financial statements and related notes contained elsewhere in this prospectus. We have prepared the unaudited information on the same basis as our audited consolidated financial statements. You should also keep in mind, as you read the following tables, that our operating results for any quarter are not necessarily indicative of results for any future quarters or for a full year.
 
The following table presents our unaudited quarterly results of operations for the eight fiscal quarters ended September 30, 2006. This table includes all adjustments, consisting only of normal recurring adjustments, that we consider necessary for fair statement of our operating results for the quarters presented.
 
                                                                 
    Three months ended  
    Dec. 31,
    March 31,
    June 30,
    Sept. 30,
    Dec. 31,
    March 31,
    June 30,
    Sept. 30,
 
    2004     2005     2005     2005     2005     2006     2006     2006  
    (unaudited)  
    (in thousands)  
 
Revenue:
                                                               
Products
  $ 4,682     $ 4,890     $ 4,019     $ 5,980     $ 8,700     $ 5,423     $ 6,040     $ 6,927  
Services
    1,291       1,862       2,076       2,397       2,955       3,109       3,495       3,940  
                                                                 
Total revenue
    5,973       6,752       6,095       8,377       11,655       8,532       9,535       10,867  
                                                                 
Cost of revenue:
                                                               
Products
    1,899       1,375       1,082       1,772       2,381       1,397       1,721       1,813  
Services
    216       290       332       359       472       610       681       725  
                                                                 
Total cost of revenue
    2,115       1,665       1,414       2,131       2,853       2,007       2,402       2,538  
                                                                 
Gross profit
    3,858       5,087       4,681       6,246       8,802       6,525       7,133       8,329  
Operating expenses
    6,078       6,547       6,466       8,021       9,155       8,440       8,485       8,420  
                                                                 
Loss from operations
    (2,220 )     (1,460 )     (1,785 )     (1,775 )     (353 )     (1,915 )     (1,352 )     (91 )
Other income (expense)
    38       (1 )     (10 )     (39 )     (35 )     (10 )     156       296  
                                                                 
Net (loss) income
  $ (2,182 )   $ (1,461 )   $ (1,795 )   $ (1,814 )   $ (388 )   $ (1,925 )   $ (1,196 )   $ 205  
                                                                 
Net cash (used in) provided by operations
    (2,197 )     680       (1,316 )     (2,086 )     (1,736 )     2,701       (1,205 )     416  


43


Table of Contents

The following table sets forth our results of operations as a percentage of total revenue for the periods shown:
 
                                                                 
    Three months ended  
    Dec. 31,
    March 31,
    June 30,
    Sept. 30,
    Dec. 31,
    March 31,
    June 30,
    Sept. 30,
 
    2004     2005     2005     2005     2005     2006     2006     2006  
    (unaudited)  
    (% of revenue)  
 
Revenue:
                                                               
Products
    78 %     72 %     66 %     71 %     75 %     64 %     63 %     64 %
Services
    22       28       34       29       25       36       37       36  
                                                                 
Total revenue
    100       100       100       100       100       100       100       100  
                                                                 
Cost of revenue:
                                                               
Products
    32       21       18       21       20       16       18       17  
Services
    4       4       5       4       4       7       7       7  
                                                                 
Total cost of revenue
    36       25       23       25       24       23       25       24  
                                                                 
Gross profit
    64       75       77       75       76       77       75       76  
Operating expenses
    102       97       106       96       79       99       89       77  
                                                                 
Loss from operations
    (38 )     (22 )     (29 )     (21 )     (3 )     (22 )     (14 )     (1 )
Other income (expense)
    1                   (1 )           (1 )     1       3  
                                                                 
Net (loss) income
    (37 )%     (22 )%     (29 )%     (22 )%     (3 )%     (23 )%     (13 )%     2 %
                                                                 
 
Seasonality
 
Our product revenue has tended to be seasonal. In our third quarter, we have historically benefited from the Federal government’s fiscal year end purchasing activity. This increase has been partially offset, however, by European sales, which have tended to decline significantly in the summer months due to the practice by many Europeans of taking extended vacation time and delaying capital purchase activities until their return in the fall. We have historically generated a significant portion of product revenue in the fourth quarter due to the combination of increased activity in Europe coupled with North American enterprise customers who often wait until the fourth quarter to extract favorable pricing terms from their vendors, including Sourcefire. The timing of these shipments could materially affect our year-end product revenue. Currently, we do not see any indication that these seasonal patterns will change significantly in the foreseeable future.
 
Quarterly Timing of Revenue
 
On a quarterly basis, we have usually generated the majority of our product revenue in the final month of each quarter. We believe this occurs for two reasons. First, many customers wait until the end of the quarter to extract favorable pricing terms from their vendors, including Sourcefire. Second, our sales personnel, who have a strong incentive to meet quarterly sales targets, have tended to increase their sales activity as the end of a quarter nears, while their participation in sales management review and planning activities are typically scheduled at the beginning of a quarter.
 
Liquidity and Capital Resources
 
At September 30, 2006 and December 31, 2005, our principal sources of liquidity were cash and cash equivalents totaling $25.1 million and $1.1 million, respectively, held-to-maturity investments of $1.4 million and $2.0 million, respectively, and accounts receivable of $10.5 million and $12.9 million, respectively. We have funded our growth primarily with proceeds from the issuance of convertible preferred stock for aggregate net cash proceeds of $56.5 million through September 30, 2006, occasional borrowings under a working capital line of credit and cash generated from operations.


44


Table of Contents

We manufacture and distribute our products through contract manufacturers and OEMs. We believe that this approach gives us the advantages of relatively low capital investment and significant flexibility in scheduling production and managing inventory levels. By leasing our office facilities, we also minimize the cash needed for expansion. Our capital spending is generally limited to leasehold improvements, computers, office furniture and product-specific test equipment. The majority of our products are delivered to our customers directly from our contract manufacturers. Accordingly, our contract manufacturers are responsible for purchasing and stocking the components required for the production of our products and they invoice us when the finished goods are shipped.
 
Our product sales are, and are expected to continue to be, highly seasonal. This seasonality typically results in a significant amount of cash provided by our operating activities during the first half of the year with lower to negative cash flow during the second half of the year. We have cash reserves and a working capital line of credit that can be utilized to cover any short-term cash needs resulting from the seasonality of our business.
 
Discussion of Cash Flows
 
Net cash provided by our operating activities in the first nine months of 2006 was $1.9 million compared to net cash used in our operating activities in 2005, 2004 and 2003 of $4.5 million, $9.8 million and $7.6 million, respectively.
 
The cash provided by our operations in the first nine months of 2006 resulted primarily from a reduction in accounts receivable of $2.5 million and an increase in accounts payable and accrued expenses of $1.6 million, offset by a net loss of $2.9 million, and depreciation and amortization of $934,000 and stock-based compensation of $282,000, both of which are non-cash charges. The decrease in accounts receivable resulted primarily from collections in the first nine months of 2006 on our seasonally significant fourth quarter 2005 product sales. The increase in accounts payable and accrued expenses resulted primarily from additional legal costs associated with defending ourselves in a trade secrets litigation filed against us by PredatorWatch, Inc. and costs associated with this offering.
 
The cash used in our operating activities in 2005 resulted primarily from a net loss of $5.5 million and an increase of $5.1 million in accounts receivable and $1.1 million in inventory, offset by an increase in deferred revenue of $5.0 million, and depreciation and amortization of $1.1 million and stock-based compensation of $470,000, both of which are non-cash charges. The increase in accounts receivable resulted primarily from our seasonally significant fourth quarter product sales that are invoiced and recorded as revenue but not collected as of the end of the calendar year, while the increase in inventory was primarily due to the expansion of our number of evaluation, or demonstration, products, especially the enterprise class intrusion sensors. Deferred revenue increased primarily due to an increase of $4.7 million for support services to customers, which are usually paid for in advance but recorded as revenue ratably throughout the term of the service contract.
 
The cash used in our operating activities in 2004 resulted primarily from a net loss of $10.5 million and an increase of $4.7 million in accounts receivable and $409,000 in inventory, offset by an increase in deferred revenue of $3.1 million, an increase in accounts payable and accrued expenses of $1.7 million and depreciation and amortization of $756,000 and stock-based compensation of $177,000, both of which are non-cash charges. The increase in accounts receivable resulted primarily from our seasonally significant fourth quarter product sales that are invoiced and recorded as revenue but not collected as of the end of the calendar year, while the increase in inventory was primarily due to the expansion of our number of evaluation, or demonstration, products. Deferred revenue increased primarily due to an increase of $2.8 million for support services to customers.
 
Historically, we have incurred significant losses, largely attributable to our investment in internally funded research and development and the rapid expansion of our sales force. Based on our historical product development efforts, we launched our first commercial products in November 2001. Since November 2001, our revenue has significantly increased, our investment in internally-funded research and development has declined as a percentage of revenue, but not for any subsequent period. We have not invested significantly in property, plant and equipment, and we have established an outsourced approach to manufacturing that provides significant flexibility in both managing inventory levels and financing our inventory. Our revenue has been highly seasonal. This seasonality tends to result in the generation of cash in the first quarter of the year, due to the collection of accounts receivable from significant fourth quarter billings, and the net use of cash during the remaining nine months of the year. Given


45


Table of Contents

the recent success of our products and resulting growth in revenue, we believe that the proceeds of this offering, existing cash, cash equivalents, cash provided by operating activities and funds available through our bank line of credit will be sufficient to meet our working capital and capital expenditure needs for at least the next 24 months.
 
Credit Facility.  In March 2005, we renewed our loan and security agreement with Silicon Valley Bank, under which we increased our working capital line of credit with Silicon Valley Bank so that we can borrow up to $5.0 million. This agreement also provides for an additional $1.0 million equipment facility for capital expenditure financing and we obtained a supplemental $1.0 million equipment facility in July 2006, for a total of $2.0 million. Interest on the working capital line of credit accrues at a variable rate of prime plus 0.5%. The line expires on March 28, 2007, at which time all advances will be immediately due and payable. As of September 30, 2006, we had no amounts outstanding and $5.0 million available under our working capital line of credit. Any borrowings we may make under the working capital line of credit would be secured by substantially all of our assets, other than our intellectual property. For the equipment facility, we are allowed to request advances through December 31, 2006. Each advance is collateralized into a note payable at a fixed rate of 9.0% or prime plus 0.5% over a term of 36 months. As of September 30, 2006, we had $969,000 outstanding and $617,000 remaining available under the equipment facility. The working capital line of credit restricts our ability to:
 
  •  incur or guaranty additional indebtedness;
 
  •  create liens;
 
  •  enter into transactions with affiliates;
 
  •  make loans or investments;
 
  •  sell assets;
 
  •  pay dividends or make distributions on, or repurchase, our stock; or
 
  •  consolidate or merge with other entities.
 
In addition, we are required to maintain quarterly tangible net worth thresholds under both lines of this credit facility that vary by quarter based on anticipated seasonality in our business. These thresholds are based on our stockholders’ equity, assuming conversion of all of our convertible preferred stock into shares of common stock. These operating and financial covenants may restrict our ability to finance our operations, engage in business activities or expand or pursue our business strategies. As of September 30, 2006, we were in compliance with all covenants under the credit facility. To the extent we are unable to satisfy those covenants in the future, we will need to obtain waivers to avoid being in default of the terms of either of our credit facilities. In addition to a covenant default, other events of default under our credit facilities include the filing or entry of a tax lien, attachment of funds or material judgment against us, or other uninsured loss of our material assets. If a default occurs, the bank may require that we immediately repay all amounts of principal and interest then outstanding. After this offering, we expect that we will have sufficient resources to fund any amounts which may become due under this credit facility as a result of a default by us or otherwise. Any amounts which we may be required to repay prior to a scheduled repayment date, however, would reduce funds that we could otherwise allocate to other opportunities that we consider desirable.
 
Working Capital and Capital Expenditure Needs
 
We currently have no material cash commitments, except for normal recurring trade payables, expense accruals and operating leases, all of which we anticipate funding through our existing working capital line of credit, our available working capital and funds expected to be provided by operating activities. In addition, we do not currently anticipate significant investment in property, plant and equipment, and we believe that our outsourced approach to manufacturing provides us significant flexibility in both managing inventory levels and financing our inventory. In the event that our revenue plan does not meet our expectations, we may eliminate or curtail expenditures to mitigate the impact on our working capital. Our future capital requirements will depend on many factors, including our rate of revenue growth, the expansion of our marketing and sales activities, the timing and extent of spending to support product development efforts, the timing of introductions of new products and enhancements to existing products, the acquisition of new capabilities or technologies, and the continuing market


46


Table of Contents

acceptance of our products and services. Moreover, to the extent that existing cash, cash equivalents, cash from operations, cash from short-term borrowing and the net proceeds from this offering are insufficient to fund our future activities, we may need to raise additional funds through public or private equity or debt financing. In the nine months ended September 30, 2006 and the year ended December 31, 2005, we spent $815,000 and $2.2 million, respectively, on capital equipment. Our capital expenditure budget for the remainder of 2006 and 2007 is for a total of $4.5 million, which is expected to include approximately $500,000 for leasehold improvements, $2.0 million for additional testing equipment for our research and development lab, $1.5 million for additional network systems and $500,000 for personal computers for additional personnel we anticipate hiring.
 
Although we are currently not a party to any agreement or letter of intent with respect to potential investments in, or acquisitions of, businesses, services or technologies, we may enter into these types of arrangements in the future, which could also require us to seek additional equity or debt financing. Additional funds may not be available on terms favorable to us or at all.
 
Contractual Obligations
 
Our principal commitments consist of obligations under our equipment facility, leases for office space and minimum contractual obligations for services. The following table describes our commitments to settle contractual obligations in cash as of September 30, 2006:
 
                                         
    Payments due by period  
          Less than
    1-3
    3-5
    More than
 
    Total     1 year     years     years     5 years  
    (in thousands)  
 
Equipment Line of Credit Facility
  $ 969     $ 535     $ 434              
Operating Leases
    3,302       1,148       1,640       514        
Contingent Purchase Commitment(1)
    800       474       326              
 
 
  (1)  We entered into a conditional purchase commitment with a hardware manufacturing vendor with whom we have a current arrangement. Under the terms of this commitment, we will agree to purchase a set quantity of new appliance inventory over an 18-month period, provided that the new appliance meets certain specifications on or before November 15, 2006. The approximate value of the purchase commitment is $800,000.
 
As of September 30, 2006, our total contractual obligations were $4.3 million or a net increase of $0.3 million over the amount due at December 31, 2005, due to increased borrowings under our equipment facility with Silicon Valley Bank and our off-balance sheet arrangement with ePlus.
 
Off-Balance Sheet Arrangements
 
As of September 30, 2006, we had an off-balance sheet arrangement with ePlus, a supplier and financier of computer equipment and furniture. The arrangement provides for $750,000 in financing that does not meet the requirement of generally accepted accounting principles for treatment as capitalized equipment and furniture due to the short length of the term of the financing versus the useful life of the equipment and furniture. As of September 30, 2006 we had utilized approximately $700,000 of this arrangement which has no set expiration date, but can be terminated by either party providing the other party notice of the intent to discontinue.
 
Recent Accounting Pronouncements
 
On July 13, 2006, the FASB issued FIN 48, “Accounting for Uncertainty in Income Taxes.” FIN 48 clarifies the accounting for uncertainty in income taxes recognized in an enterprise’s financial statements in accordance with FASB Statement No. 109, “Accounting for Income Taxes.” FIN 48 prescribes a recognition threshold and


47


Table of Contents

measurement attribute for the financial statement recognition and measurement of a tax position taken or expected to be taken in a tax return. FIN 48 also provides guidance on derecognition, classification, interest and penalties, accounting in interim periods, disclosure and transition. FIN 48 is effective for fiscal years beginning after December 15, 2006. The Company will adopt FIN 48 on January 1, 2007. An enterprise is required to disclose the cumulative effect of the change on retained earnings in the statement of financial position as of the date of adoption and such disclosure is required only in the year of adoption. We are currently evaluating the effect this FIN will have on our consolidated balance sheets, consolidated statements of operations or consolidated statements of cash flows.
 
In June 2006, the FASB ratified the consensuses in the Emerging Issues Task Force, or EITF, Issue No. 06-3, “How Taxes Collected from Customers and Remitted to Governmental Authorities Should Be Presented in the Income Statement (That Is, Gross versus Net Presentation).” The guidance requires that presentation of any tax assessed by a governmental authority on a gross or net basis is an accounting policy decision and should be disclosed pursuant to APB Opinion No. 22, “Disclosure of Accounting Policies.” The taxes may be directly imposed on a revenue-producing transaction between a seller and a customer and may include, but are not limited to, sales, use, value added and some excise taxes. In addition, for any such taxes that are reported on a gross basis, a company should disclose the amounts of those taxes in interim and annual financial statements for each period for which an income statement is presented if those amounts are significant. The disclosure of those taxes can be done on an aggregate basis. This guidance will be effective beginning on January 1, 2007. If a company wishes to change its historical presentation for such taxes, such a change must be justified as preferable and would be subject to the requirements of FASB Statement No. 154, “Accounting Changes and Error Corrections.” We are currently evaluating the effect this EITF will have on our consolidated statements of operations and related disclosures.
 
Quantitative and Qualitative Disclosures about Market Risk
 
Foreign Currency Risk
 
Nearly all of our revenue is derived from transactions denominated in U.S. dollars, even though we maintain sales and business operations in foreign countries. As such, we have exposure to adverse changes in exchange rates associated with operating expenses of our foreign operations, but we believe this exposure to be immaterial at this time. As we grow our international operations, our exposure to foreign currency risk could become more significant.
 
Interest Rate Sensitivity
 
We had unrestricted cash, cash equivalents and held-to-maturity investments totaling $26.5 million at September 30, 2006. The unrestricted cash and cash equivalents are held for working capital purposes while investments, made in accordance with our low-risk investment policy, take advantage of higher interest income yields. In accordance with our investment policy, we do not enter into investments for trading or speculative purposes. Some of the securities in which we invest, however, may be subject to market risk. This means that a change in prevailing interest rates may cause the principal amount of the investment to fluctuate. To minimize this risk in the future, we intend to maintain our portfolio of cash equivalents and long-term investments in a variety of securities, including commercial paper, money market funds, debt securities and certificates of deposit. Due to the nature of these investments, we believe that we do not have any material exposure to changes in the fair value of our investment portfolio as a result of changes in interest rates.
 
Our exposure to market risk also relates to the increase or decrease in the amount of interest expense we must pay on our outstanding debt instruments, primarily certain borrowings under our bank working capital line of credit and equipment facility. Any advances under the working capital line of credit and certain advances under our equipment facility bear a variable rate of interest determined as a function of the prime rate at the time of the borrowing and is adjusted monthly based on changes in the prime rate. Other advances under our equipment facility bear interest at a fixed rate of interest. At September 30, 2006, there were no amounts outstanding under our working capital line of credit and $969,000 outstanding under the equipment facility. The interest rates paid on this balance at September 30, 2006 were: a fixed rate of 6.5% on $49,000; a fixed rate of 7.0% on $548,000; and a variable rate of 8.75% on $372,000.


48


Table of Contents

 
BUSINESS
 
Overview
 
We are a leading provider of intelligence driven, open source network security solutions that enable our customers to protect their computer networks in an effective, efficient and highly-automated manner. We sell our security solutions to a diverse customer base that includes over 25 of the Fortune 100 companies and over half of the 30 largest U.S. government agencies. We also manage one of the security industry’s leading open source initiatives, Snort.
 
Our family of network security products forms a comprehensive Discover, Determine and Defend, or 3D, approach to network security. Using this approach, our technology can automatically:
 
  •  Discover potential threats and points of vulnerability through use of our Intrusion Sensors coupled with our Real-time Network Awareness, or RNA, Sensors;
 
  •  Determine the potential impact of those observations to the network by aggregating threat, endpoint and network intelligence, including potential attacks and points of vulnerabilities at the Defense Center; and
 
  •  Defend the network through proactive enforcement of security policy, substantially reducing the need for manual investigation and intervention by information technology, or IT, administrators.
 
 
At the heart of the Sourcefire 3D security solution is RNA, our network intelligence product that provides persistent visibility into the composition, behavior, topology (the relationship of network components) and risk profile of the network. This information provides a platform for automated decision-making and network policy compliance enforcement. The ability to continuously discover characteristics and vulnerabilities of network assets, or endpoint intelligence, enables our Intrusion Prevention products to more precisely identify and block threatening traffic and to more efficiently classify threatening and/or suspicious behavior than products lacking network intelligence.
 
Using a broad range of analysis, reporting and automated response capabilities, the Defense Center aggregates, correlates and prioritizes network security events from RNA Sensors and Intrusion Sensors to synthesize multipoint event correlation and policy compliance analysis. The Defense Center’s policy and response subsystems are designed to leverage existing IT infrastructure such as firewalls, routers, trouble ticketing and patch management systems for virtually any task, including alerting, blocking and initiating corrective measures.
 
The traffic inspection engine used in our intrusion prevention products is the open source technology called Snort®. Martin Roesch, our founder and Chief Technology Officer, created Snort in 1998, and assigned his rights in Snort to us when we were formed. Our employees, including Mr. Roesch, have authored all major components of


49


Table of Contents

Snort, and we maintain control over the Snort project, including the principal Snort community forum, Snort.org. Snort, which has become a de facto industry standard, has been downloaded over 3 million times. We believe that a majority of the Fortune 100 companies and all of the 30 largest U.S. government agencies use Snort technology to monitor network traffic and that Snort is the most widely deployed intrusion prevention technology worldwide. The ubiquitous nature of the Snort user community represents a significant opportunity to sell our proprietary products to customers that require a complete enterprise solution.
 
For the years ended December 31, 2004 and 2005, we generated approximately 84% and 83% of our revenue from customers in North America and 16% and 17% from customers outside of North America, respectively. We have expanded our international and indirect distribution channels and, in the future, we expect to increase sales outside of North America and to source additional customer prospects and generate an increasing portion of product revenue through alliances with original equipment manufacturers, or OEMs, such as Nokia Inc. We increased our revenue from $16.7 million in 2004 to $32.9 million in 2005, representing a growth rate of 97%. For the nine months ended September 30, 2006, our revenue was $28.9 million compared to $21.2 million for the nine months ended September 30, 2005, representing a growth rate of 36%. For the year ended December 31, 2005, product revenue represented 72% of our total revenue and services revenue represented 28% of our total revenue.
 
Our Industry
 
According to International Data Corporation, or IDC, the network security industry is estimated to be a $18.4 billion market in 2006 and is projected to grow to $26.9 billion in 2009, representing a compound annual growth rate of over 13%. Our addressable markets include intrusion prevention, vulnerability management and unified threat management, which are collectively projected to total $2.9 billion in 2006 and are expected to grow at a compound annual growth rate in excess of 21% to $5.2 billion in 2009, according to IDC. We expect growth should continue as organizations seek solutions to various growing and evolving security challenges, including:
 
Greater Sophistication, Severity and Frequency of Network Attacks.  The growing use of the Internet as a business tool has required organizations to increase the number of access points to their networks, which has made vast amounts of critical information more vulnerable to attack. Theft of sensitive information for financial gain motivates network attackers, who derive profit through identity theft, credit card fraud, money laundering, extortion, intellectual property theft and other illegal means. These profit-motivated attackers, in contrast to the hobbyist hackers of the past, are employing much more sophisticated tools and techniques to generate profits for themselves and their well-organized and well-financed sponsors. Their attacks are increasingly difficult to detect and their tools often establish footholds on compromised network assets with little or no discernable effect, facilitating future access to the assets and the networks on which they reside.
 
Increasing Risks from Unknown Vulnerabilities.  Vulnerabilities in computer software that are discovered by network attackers before they are discovered by security and software vendors represent a tremendous risk. These uncorrected flaws can leave networks largely defenseless and open to exploitation. According to CERT-CC, the trends in the rate of vulnerability disclosure are particularly alarming, with approximately 3,780 disclosed in 2004 and more than 5,990 disclosed in 2005. As of October 10, 2006, Microsoft alone issued 41 patches designated as ‘critical’ for its various software products. Many vulnerabilities have existed since the original release of the affected software products — some dating back to the 1990s — but were not corrected until recently.
 
Potential Degradation of Network Performance.  Many security products degrade network performance and are, therefore, disfavored by network administrators who generally prioritize network performance over incremental gains in network security. For example, the use of active scanners that probe networks for vulnerabilities often meet heavy resistance from administrators concerned about excessive network “noise,” clogged firewall logs, and disruption of network assets that are critical to business operations.
 
Diverse Demands on Security Administrators.  The proliferation of targeted security solutions such as firewalls, intrusion prevention systems, URL filters, spam filters and anti-spyware solutions, while critical to enhancing network security, create significant administrative burdens on personnel who must manage numerous disparate technologies that are seldom integrated and often difficult to use. Most network security products require manual, labor intensive incident response and investigation by security administrators, especially when “false


50


Table of Contents

positive” results are generated. Compounding these resource constraint issues, many organizations are increasingly challenged by the loss of key personnel as the demand for security experts has risen dramatically in traditional corporate settings, government agencies and the growing number of start-up security companies.
 
Heightened Government Regulation.  Rapidly growing government regulation is forcing compliance with increased requirements for network security, which has escalated demand for security solutions that both meet compliance requirements and reduce the burden of compliance reporting and enforcement. Examples of these laws include
 
  •  The Health Insurance Portability and Accountability Act of 1996, or HIPAA, and its related rules, which establish requirements for safeguards to protect the confidentiality, integrity and availability of electronic protected health information.
 
  •  The Financial Services Modernization Act of 1999, commonly known as the Gramm-Leach-Bliley Act, which includes provisions to protect consumers’ personal financial information held by financial institutions.
 
  •  The Sarbanes-Oxley Act of 2002, which mandates that public companies demonstrate due diligence in the disclosure of financial information and maintain internal controls and procedures for the communication, storage and protection of such data.
 
  •  The Federal Information Security Management Act, which requires federal agencies, including contractors and other organizations that work with the agencies, to develop, document and implement an agency-wide information security program.
 
Our Competitive Strengths
 
We are a leading provider of intelligence driven, open source network security solutions that enable our customers to protect their computer networks in an effective, efficient and highly automated manner. We apply the Sourcefire 3D security solution — Discover, Determine, Defend — to network security through our comprehensive family of products, which consists of our RNA, Intrusion Sensors and the Defense Center products. Our competitive strengths include:
 
Real-Time Approach to Network Security.  Our approach to network security enables our customers to secure their networks by providing real-time defense against both known and unknown threats. Our solution is designed to support a continuum of network security functions that span pre-attack hardening of assets, high fidelity attack identification and disruption and real-time compromise detection and incident response. In addition, our ability to confidently classify and prioritize threats in network traffic and determine the composition, behavior and relationships of network endpoints allows us to reliably automate what are otherwise manual, time-intensive processes. For example, our Intrusion Sensor may trigger an alert upon identifying a Microsoft Windows-specific threat. The Defense Center would collect this alert, or security event, and classify and prioritize the event based upon a number of factors including, whether any other Intrusion Sensor generated the same alert, whether the network endpoints are vulnerable to that specific attack (based on intelligence collected by RNA Sensors and whether the threat is against a high-priority target (e.g., an e-commerce server). The response to any given security event is predicated upon this automated, real-time intelligent analysis and could range from no action (as in the case where the Defense Center has determined that the network or the individual asset is not vulnerable to the observed threat) to blocking the threat in real time, dynamically modifying firewall policy, and/or launching configuration management software to correct a vulnerability condition.
 
Comprehensive Network Intelligence.  Our innovative network security solution incorporates RNA, which provides persistent visibility into the composition, behavior, topology and risk profile of the network and serves as a platform for automated decision-making and network security policy enforcement. RNA performs passive, or non-disruptive, network discovery. This enables real-time compositional cataloging of network assets, including their configuration, thereby significantly increasing the network intelligence available to IT and security administrators. By integrating this contextual understanding of the network’s components and situational awareness of network events, our solution is effective across a broad range of security domains, especially in the area of threat identification and impact assessment. In the intrusion prevention and vulnerability management markets, we


51


Table of Contents

believe that our solution’s ability to gather this network intelligence has made our products difficult to evade, easy to tune or calibrate, and efficient, in terms of network performance as measured by aggregate throughput and latency reduction.
 
The Snort Community.  The Snort user community, with over 100,000 registered users and over 3 million downloads to date, has enabled us to establish a market footprint unlike any other in the industry. We believe that a majority of the Fortune 100 companies and all of the top 30 U.S. government agencies (as measured by total dollar outlays) use Snort technology to monitor network traffic and that Snort is the most widely deployed intrusion prevention technology worldwide. We believe the Snort open source community provides us with significant benefits, including a broad threat awareness network, significant research and development leverage, and a large pool of security experts that are skilled in the use of our technology. The Snort user community enables us to cost-effectively test new algorithms and concepts on a vast number of diverse networks and significantly expedites the process of product innovation. We believe that Snort’s broad acceptance makes us one of the most trusted sources of intrusion prevention and related security solutions.
 
Leading-Edge Performance.  Our solutions are built to maintain high performance across the network while also providing high levels of network security. Specifically, our solutions have the ability to process multiple gigabits of traffic with latency as low as 100 microseconds. Our intrusion prevention technology incorporates advanced traffic processing functionality, including packet acquisition, protocol normalization and target-based traffic inspection, which yields increased inspection precision and efficiency and enables more granular inspection of network traffic. The Defense Center supports event loads as high as 1,300 events per second, which we believe meets or exceeds the requirements of the most demanding enterprise customers.
 
Significant Security Expertise.  We have a highly knowledgeable management team with extensive network security industry experience gained from past service in leading enterprises and government organizations including Symantec, McAfee, the Department of Defense and the National Security Agency. Our founder and CTO, Martin Roesch, invented Snort and the core RNA technology and is widely regarded as a network security visionary. In addition, our senior management team averages 16 years of experience in the networking and security industries. Our employees have authored all major components of the Snort source code and maintain the Snort project. In addition, our Vulnerability Research Team, or VRT, is comprised of highly experienced security experts who research new vulnerabilities and create innovative methods for preventing attempts to exploit them. By combining the strengths of our VRT with the tremendous breadth of the Snort community, we believe our aggregate industry knowledge places us at the leading edge of the network security industry.
 
Broad Industry Recognition.  We have received numerous industry awards and certifications including recognition by Gartner, Inc. as a “leader” in the network intrusion prevention systems market. RNA is one of only five network security products to receive the NSS Gold award, which is awarded by The NSS Group only to those products that are distinguished in terms of advanced or unique features, and which offer outstanding value. In addition, our technology has achieved Common Criteria Evaluation Assurance Level 2, or EAL2, which is an international evaluation standard for information technology security products sanctioned by, among others, the International Standards Organization, the National Security Agency and the National Institute for Standards and Technology.
 
Our Growth Strategy
 
We intend to become the preeminent provider of network security solutions on a global basis. The key elements of our growth strategy include:
 
Continue to Develop Innovative Network Security Technology.  We intend to maintain and enhance our technological leadership position in network security. We will continue to invest significantly in internal development and product enhancements and to hire additional network security experts to broaden our proprietary knowledge base. We believe our platform is capable of expanding into new markets such as unified threat management, security management and compliance and network management and, over time, we expect to penetrate these markets with innovative products and technologies.


52


Table of Contents

Grow Our Customer Base.  We have a substantial opportunity to grow our customer base as our products become more widely adopted. With over 3 million downloads of Snort and over 100,000 registered users, we believe Snort is the most ubiquitous network intrusion detection and prevention technology and represents a significant customer conversion and up-sell opportunity for Sourcefire. We seek to monetize the Snort installed base by targeting enterprises that implement Snort but have not yet purchased any of the components of our Sourcefire 3D security solution. We will continue to target large enterprises and government agencies that require advanced security technology and high levels of network availability and performance in sectors including finance, technology, healthcare, manufacturing and defense. Furthermore, we may attempt to create new customer conversion and up-sell opportunities by releasing select future product developments and enhancements under an open source licensing scheme, similar to the up-sell opportunities for our current products created by releasing Snort under the GNU General Public License.
 
Further Penetrate Our Existing Customer Base.  We believe our strong customer relationships provide us the opportunity to sell additional quantities of existing products and up-sell new products. Through September 30, 2006, over 1,200 customers have purchased our Intrusion Sensors and Defense Center products. We intend to sell additional Intrusion Sensors to existing customers and expand our footprint in the networks of our customers to include branch offices, remote locations and data centers. In addition, we believe we have a significant opportunity to up-sell our higher margin RNA product to existing customers because of the significant incremental benefit that increased network intelligence can bring to their security systems.
 
Expand Our OEM Alliances and Distribution Relationships.  We believe we have a significant opportunity to drive revenue growth through our OEM and distribution relationships. As part of our ongoing effort to expand our OEM alliances, we recently entered into a relationship with Nokia, Inc. whereby Nokia Enterprise Solutions will market to its enterprise customers network security solutions that utilize our proprietary software and technology. In addition, we seek to expand our strategic reseller agreements and increasingly use this channel to generate additional inbound customer prospects. For example, we have reseller agreements with True North Solutions, which has been acquired by American Systems Corporation, and Pentura Limited, a UK information technology security company, through which we expect to derive additional revenue growth in the future. We also intend to utilize our relationships with managed security service providers such as Verizon, VeriSign and Symantec, to derive incremental revenue. In 2005, we generated approximately 16% of our revenue from governmental organizations and, in the future, we believe we will generate an increasing amount of revenue from government suppliers such as Lockheed Martin, Northrop Grumman and Immix Technology, who resell our products to government agencies. In addition, we believe we have a significant opportunity to drive revenue growth by expanding our relationships with other network security vendors. For example, Crossbeam Systems, Inc. currently offers the Sourcefire 3D security solution as a blade, or server component, in its unified threat management appliance.
 
Strengthen Our International Presence.  We believe the network security needs of many enterprises located outside of North America are not being adequately served and represent a significant potential market opportunity. In 2005, we generated approximately 17% of our revenue from international customers. We have distribution agreements with several resellers having significant foreign presence, through which we now offer the Sourcefire 3D security solution. We are expanding our sales in international markets by adding distribution relationships and expanding our direct sales force, with plans in the next year to double the number of personnel in Europe and to hire a country manager for Japan. We believe that the addition of more sales personnel will lead to increased international sales.
 
Selectively Pursue Acquisitions of Complementary Businesses and Technologies.  To accelerate our expected growth, enhance the capabilities of our existing products and broaden our product and service offerings, we intend to selectively pursue acquisitions of businesses, technologies and products that could complement our existing operations. We continually seek to enhance and expand the functionality of our offerings and in the future we may pursue acquisitions that will enable us to better satisfy our customers’ rigorous and evolving network security needs.


53


Table of Contents

Products
 
Our key products consist of RNA Sensors, Intrusion Sensors and the Defense Center. When deployed in a customer’s network, these three products work together to produce an automated, unified intrusion prevention solution. The RNA Sensors and the Intrusion Sensors report network information and intelligence back to the central management center, known as the Defense Center. The Defense Center then aggregates, contextualizes, analyzes, prioritizes and acts on the event information generated by the RNA Sensors and the Intrusion Sensors. By aggregating the events from these sources, the Defense Center is designed to offer a comprehensive view of security events on a customer’s network.
 
Our approach to network security enables our customers to secure their networks by providing real-time defense against both known and unknown threats. For example, our Intrusion Sensor may trigger an alert upon identifying a Microsoft Windows-specific threat. The Defense Center would collect this alert, or security event, and classify and prioritize the event based upon a number of factors, including whether any other Intrusion Sensor generated the same alert, whether the network endpoints are vulnerable to that specific attack (based on intelligence collected by an RNA sensor) and whether the threat is against a high-priority target (e.g., an e-commerce server). The response to any given security event is predicated upon this automated, real-time intelligent analysis and could range from no action (as in the case where the Defense Center has determined that the network or the individual asset is not vulnerable to the observed threat) to blocking the threat in real time, dynamically modifying firewall policy, and/or launching configuration management software to correct a vulnerability condition.
 
 
Our products are generally sold as dedicated hardware appliances that are pre-configured with our proprietary network security technology, along with open source software, including Snort. By offering our products as turn-key solutions, our customers benefit from:
 
  •  Ease of Installation and Interoperability.  RNA and the Intrusion Sensors can be shipped to various locations, plugged in by any network or systems administrator and configured remotely, usually in less than 30 minutes, and are easy to install across geographically dispersed organizations. In addition, our products are typically interoperable with the diverse range of IT infrastructures used by our customers.
 
  •  Ease of Management and Maintenance.  Because our appliances are pre-configured with our proprietary technology, open source software, a secure operating system and a self-maintaining database, each appliance can be managed and maintained from a central console.
 
  •  High Degree of Performance and Scalability.  Our products exhibit high levels of performance in network environments with line speeds of up to eight gigabits per second with latency as low as 100 microseconds, ideal for latency-sensitive services such as voice over internet protocol. Additionally, depending upon the volume of network traffic, the Defense Center can support up to 120 RNA Sensors and/or Intrusion Sensors, making the Sourcefire 3D security solution scalable for the most demanding customer environments.
 
In addition, RNA can be separately licensed as a standalone software solution for installation on a qualified Linux distribution environment (e.g., Red Hat Enterprise Linux).


54


Table of Contents

We charge our customers a one-time, up-front fee for each of our appliances, which includes a perpetual license to use our proprietary technology installed on that appliance. We license the standalone software version of RNA based upon the number of nodes, or devices, on the network segment monitored by the software. We also charge our customers for annual maintenance and support, which includes the right to receive our VRT certified Rules and updates to the vulnerability database. The ability to receive up-to-date Rules and vulnerabilities is critical to the successful performance of the Sourcefire 3D security solution. Of the maintenance and support contracts up for renewal during the nine months ended September 30, 2006, our customers renewed them approximately 83% of the time. Such services are typically paid for in advance, and recognized ratably as revenue over the period of the agreement.
 
As of September 30, 2006, the list prices of our sensors ranged from approximately $1,200 to approximately $120,000.
 
Real-Time Network Awareness, or RNA
 
RNA, available either as a software product or as an appliance, was invented to solve a very basic problem with traditional network security technologies: they have limited knowledge about the networks that they are defending. Even at the most basic level, firewalls, intrusion detection and prevention systems, patch management systems, vulnerability management systems and IT compliance solutions have limited knowledge about the assets and network they are protecting at any given point in time. Correspondingly, most of these enterprise network security technologies operate with little real-time information about composition, behavior or change within the network environment. As a result, these technologies are often blind to obvious critical security events and are unable to respond without human intervention.
 
As illustrated below, traditional intrusion prevention and detection technologies provide little automation and require IT professionals to manually perform event analysis and response. By incorporating network intelligence, the Sourcefire 3D security solution increases the amount of automated response to actionable and dismissible events, and reduces the number of security events requiring human analysis and response.
 
 
RNA Sensors are deployed at strategic points on the network to provide visibility into traffic passing that point. If RNA can observe the traffic of devices in the network, it can determine the operating system of those devices, the network, transport and application layer protocols (including tunneled protocols and protocols on non-standard ports) they are using, and the services and clients employed by those devices. Once RNA has gathered this information it can determine the topology of the network and the vulnerability state of any individual device.
 
In addition to determining network and device composition, RNA, coupled with the Defense Center, is capable of identifying potentially threatening or abnormal traffic. RNA and the Defense Center accomplish this by collecting, aggregating and analyzing traffic ‘flow’ information. These flow records contain a wide variety of information about the observed network traffic, and anomalies in these flow records can be indicative of malicious or abnormal activity. The Defense Center uses this information to build models of ‘normal’ network traffic behavior. Divergence from traffic norms, especially when correlated with other network events, enables the Defense Center to identify and trigger responses to threats posed by unknown vulnerabilities, newly released exploits, worms, stealth scans, distributed denial of service and other attacks.
 
While RNA was originally invented to accumulate intelligence about the network environment, it has a number of other applications. For example, RNA can (i) inform network access control about device changes that are not compliant with network policy or user roles; (ii) drive real-time patch management by informing those systems of


55


Table of Contents

the presence and composition of network end-points; and (iii) inform vulnerability management systems of new hosts and their composition, enabling surgical scanning of those devices on a basis consistent with network security policy. Beyond network security, RNA is also proving to be beneficial in purely administrative tasks. For example, IT administrators use RNA inventory information to assist in asset and license management functions.
 
RNA 4.0, which we intend to release in the next several months, will allow customers to define and set compliance policies for endpoints, subnetworks or networks with the click of a mouse. Once defined, any change outside of policy would result in immediate notification followed by an array of possible corrective actions, including the sending of an alert, redirection of the asset into a ‘sandbox’ or quarantined network, blocking some or all traffic to or from the asset, and corrective measures such as patch and configuration management. RNA 4.0 will also include a sophisticated compliance dashboard that will allow administrators to monitor and report on compliance in real-time.
 
Intrusion Sensors
 
Intrusion Sensor appliances include proprietary Sourcefire components and open source Snort technology. They monitor network traffic and compare observed traffic to a set of Rules, or a set of network traffic characteristics, indicative of malicious activity. These Rules are created by our Vulnerability Research Team and are updated two to three times per month, depending on the rate that new vulnerabilities and/or exploits are discovered and disclosed. Once the Intrusion Sensors match a Rule to the observed traffic, they send an alert to the Defense Center for further analysis and prioritization.
 
The Intrusion Sensors can be used either as an intrusion prevention system, configured as an “in-line” solution, or as an intrusion detection system, passively monitoring traffic and providing alerts. The in-line configuration allows IT administrators to proactively and automatically protect their networks by, for example, blocking sessions containing malicious traffic. We offer several different models of Intrusion Sensors depending on the network traffic volume and inspection performance desired.
 
Defense Center
 
The Defense Center enables the central management of critical network security functions, including event monitoring, event correlation and prioritization, policy definition and enforcement, forensic analysis, trends analysis, management reporting, and system administration.
 
The Defense Center can also accept data from legacy Snort sensors, which are sensors built by a customer who has downloaded the open source Snort engine from www.snort.org.
 
The Defense Center, with its intuitive and easy-to-navigate web-based user interface, includes an integrated high performance database capable of correlating and analyzing events received from RNA Sensors, the Intrusion Sensors and/or Intrusion Agents in real-time to determine the:
 
  •  relevance of an event to a specific network asset;
 
  •  potential impact an event will have on the network asset; and
 
  •  criticality of an event based on the business sensitivity of the targeted network.
 
Automated event prioritization allows IT administrators to focus their time and resources on real security events that represent the most critical threats based upon the customer’s actual, point-in-time network exposures and threats.
 
Designed to scale to virtually any size deployment, from remote site to global enterprise, the Defense Center’s data management solution is capable of handling extremely high event loads while also preserving those events for both high-level security trends analysis and in-depth forensic analysis down to the individual packet level. The forensic analysis interface features customizable workflows that enable users to tailor the graphical user interface to fit the way they prefer to monitor their networks and investigate and analyze security events. In addition, users can easily create standard or customized reports in PDF, HTML and CSV formats that can be automatically emailed for easy distribution.


56


Table of Contents

The Defense Center also excels as an administrative platform. A flexible scheduling subsystem allows the automation of tasks including system backup, report generation, software update downloading, policy update downloading and the application of intrusion prevention policies. The Defense Center also supports high-availability deployment for management redundancy and dynamic load balancing of our Intrusion Sensors where required.
 
Services
 
Maintenance and Support.  We offer our customers ongoing product support services for both hardware and software. These maintenance programs are typically sold to customers for a one-year term at the time of the initial product sale and typically automatically renew for successive one-year periods. As part of our maintenance and support, we provide telephone and web-based support, documentation and software updates, error corrections and Rules and vulnerability updates. Additionally, we provide expedited replacement for any defective hardware under warranty.
 
A critical component of our maintenance and support program is the ability to receive an accurate and up-to-date set of Rules with which our sensors inspect network traffic. Because the sophistication and methods of attacks are constantly changing, our Vulnerability Research Team, or VRT, is continually crafting, refining and updating our set of Rules so that, when deployed, Intrusion Sensors can detect the most recently discovered vulnerabilities and exploits. We typically release new and updated Rules two to three times per month; however, that rate can increase or decrease depending on the rate that new vulnerabilities and exploits are discovered and disclosed. Approximately 83% of our customers renewed their maintenance and support agreements in the nine months ended September 30, 2006.
 
We make available all updates, upgrades, patches and new Rules to our customers through our web site. Our maintenance and support team is located at our corporate headquarters in Columbia, Maryland.
 
Professional Services and Training.  Our technical consultants assist our customers in the configuration of our appliances and software. These fee-based services, provided by our technical consultants, include providing advice on optimal sensor deployment strategies within the customer’s network, customization, or tuning of, Rules and configuration of appliances for the particular characteristics of the customer’s network. Additionally, we provide our customers with fee-based, hands-on training classes on subjects such as sensor deployment, Rule creation, tuning and configuration and security assessment. Our professional services and training are sold directly to our customers as well as indirectly through our resellers and can be delivered by our personnel or authorized training and service partners.
 
Technology
 
The Sourcefire 3D security solution provides our customers with a unified intrusion, vulnerability management and compliance enforcement capability. By combining the intelligence gathered by RNA and the Intrusion Sensor, along with the central management of the Defense Center, our customers can better prepare for, defend and remediate attacks on their networks.
 
Real-time Network Awareness.  RNA acquires intelligence about the network passively; that is, it listens to network traffic to determine the key characteristics of the devices on the network. For example, by watching the creation and termination of a transmission control protocol, or TCP, connection, RNA can determine, among other things, the operating systems and versions running on the devices communicating with each other, as well the identity of those devices, or their IP addresses. Active network discovery, by contrast, works by sending out probative traffic in order to stimulate a response from accessible devices. It then interprets the responses so that it can draw conclusions about those devices. Because active scanners rely on a “pinging” model of stimulus and response, they are “noisy,” have the potential to disrupt or degrade overall network performance, and sometimes disturb the potentially sensitive assets that they seek to interrogate. RNA’s passive network discovery methods do not generate traffic on the network and are designed not to disrupt or degrade network performance.
 
Once RNA has established a host profile for a specific device, it will update that profile dynamically as it observes traffic to or from that device. The types of information that could be updated include routing changes, new


57


Table of Contents

services, new protocols on existing service ports, OS vendor or version changes, changed hop count to the device, and changed vendor and version data of services.
 
In addition to determining network and device composition, RNA, coupled with the Defense Center, is capable of identifying traffic anomalies. RNA and the Defense Center accomplish this by collecting, aggregating and analyzing traffic flow information. These flow records can contain a wide variety of information about the observed network traffic, including a timestamp for the flow start and finish time, the number of bytes and packets observed in the flow, their sequence, the flow’s source and destination IP addresses, source and destination port numbers, IP protocol, the application layer protocol and, in the case of TCP flows, all TCP flags observed over the life of the flow. The Defense Center leverages this information to build models of ‘normal’ network traffic behavior. Divergence from traffic norms, especially when correlated with other network events, can enable critical protection against threats posed by unknown vulnerabilities, newly released exploits, “zero-learning” worm detection, stealth scans, and fine-grained distributed denial of service attacks, as well as network system malfunctions and misconfigurations.
 
Defense Center.  The Defense Center is a high performance management system suited for large, complex and distributed enterprise networks. It simplifies the complicated issues usually associated with intrusion detection and prevention deployments by incorporating policy management, data aggregation, correlation, analysis and reporting into a single centralized solution that enables our customers to take advantage of a distributed sensor infrastructure. The Defense Center is delivered with a built-in high performance database capable of handling millions of events and supporting in-depth forensic analysis for identification of both discrete occurrences and long-term security trends. Packaged as a complete, preconfigured system and including an intuitive, efficient interface, the Defense Center is easy to install and easy to use on a daily basis.
 
 
The Defense Center also allows IT administrators to build customized policies that combine threat, network and vulnerability management, so that IT administrators can define responses in advance to anomalous observations, including any combination of alerting, blocking or correcting the non-normal condition. Examples include alerting via email, Simple Network Management Protocol, or SNMP, traps or SYSLOG events, blocking by dynamically modifying router, firewall, switch, or IPS policies, and correcting via interaction with trouble ticketing, patch management, or configuration management systems. For maximum flexibility, the Defense Center provides a fully documented remediation application programming interface, or API, that allows the creation of customized responses with third-party technologies.
 
We also separately license a visualization module to the Defense Center that provides our customers a real-time map of their network using the intelligence gathered by RNA. This visualization module provides a unique, intuitive graphical interface for IT professionals to manage their network assets and enforce policy compliance.
 
Intrusion Sensors.  The Intrusion Sensors are sold as turn-key networking appliances that are composed of highly optimized proprietary Sourcefire components and open source Snort technology. The Intrusion Sensor’s threat detection algorithms are governed by a rules-based language that combines the benefits of signature, protocol


58


Table of Contents

and anomaly-based inspection methods. The highly flexible Snort rules language also allows administrators to write their own custom rules or to tailor existing rules to their specific networking environment. Once the Intrusion Sensor matches observed traffic with one of the many Rules deployed on the Intrusion Sensor, an alert is generated and sent to the Defense Center for additional analysis and prioritization.
 
Awards and Certifications.  We have received numerous industry awards and certifications, including:
 
  •  Gartner Magic Quadrant.  We were recognized by Gartner, Inc. as being a “Leader” in the Network Intrusion Prevention System Appliances category.
 
  •  NSS Gold Award.  Our product is one of only five network security products to be awarded the NSS Gold award. NSS is a world leader in benchmarking and independent product evaluations, and the NSS Gold Award is awarded only to those products that are distinguished in terms of advanced or unique features, and which offer outstanding value.
 
  •  EAL2.  Common Criteria Evaluation Assurance Level 2 is an international evaluation standard for information technology security products sanctioned by, among others, the International Standards Organization, the National Security Agency and the National Institute for Standards and Technology.
 
  •  National Security Agency Systems and Network Attack Center.  We have met the classified testing standards of the National Security Agency Systems and Network Attack Center, which are required in order to sell security products to certain agencies of the U.S. Government.
 
  •  DISA FAO STIG.  We have met the classified testing standards of the Defense Information Security Agency, Finance and Accounting Office — Security Technical Implementation Guide, which are required in order to sell security products to certain agencies of the U.S. Government.
 
  •  FIPS 140-2.  Federal Information Processing Standard 140-2 is a standard that describes US Federal government requirements that IT products should meet for Sensitive, but Unclassified, or SBU, use. The standard was published by the National Institute of Standards and Technology (NIST). FIPS 140-2 evaluation is required for sale of products implementing cryptography to the Federal Government. In addition, the financial community increasingly specifies FIPS 140-2 as a procurement requirement and is beginning to embrace it.
 
  •  NEBS.  Network Equipment-Building System requirements are used by service providers to qualify equipment that will provide a high level of reliability and safety to their network. These requirements are designed to ensure that products are safe and do not interfere with the reliable operation of a network. NEBS compliance is a critical issue to service providers evaluating the suitability of products for use in their networks.
 
  •  OSEC.  Open Security Evaluation Criteria is a framework for evaluating the security functionality of networked products. OSEC defines a core set of tests for any networked security product, and then adds tests for security and performance to each product space, such as network intrusion detection systems. OSEC criteria are open to view and critique, and are formulated with input from vendors, end-users, and many representatives from the security community that actively work in the product spaces for which criteria have been developed.
 
Customers
 
We provide products and services to a variety of end users worldwide, including some of the world’s largest banks, defense contractors, hospitals, IT companies and retailers, as well as U.S. and other national, state and local government agencies. We view our primary customers as enterprise, service provider and risk management enterprises, but we have also developed products and services for the consumer and small office market. Our enterprise market customers generally have annual revenue exceeding $500 million.
 
In 2003, Northrop Grumman, a federal government reseller, accounted for 15% of our revenues. In 2004, Immix Technologies, a federal government reseller, accounted for 10% of our revenues. In 2005, no customer accounted for over 10% of our revenues. If we failed to retain either Northrop Grumman or Immix Technologies as a


59


Table of Contents

reseller customer, we believe that we would find another federal government reseller through which we could sell our products. Our customers represent a broad spectrum of organizations within diverse sectors, including financial services, technology, telecommunications and government and information technology services.
 
For both of the years ended December 31, 2004 and 2005, we generated approximately 82% of our revenue from customers in the United States and approximately 18% from customers outside of the United States.
 
Sales and Marketing
 
We market and sell our appliances, software and services directly to our customers through our direct sales organization and indirectly through our resellers, distributors and original equipment manufacturers.
 
Sales.  As of September 30, 2006, our sales organization was comprised of approximately 74 full-time individuals organized into two groups: North America and International. We maintain sales offices in Columbia, Maryland; Vienna, Virginia; Livonia, Michigan; and Reading, United Kingdom. As of September 30, 2006, our International sales force was made up of 15 individuals, and our North America sales force was made up of 59 individuals divided into three geographic regions: East, West and Federal. Our sales personnel are responsible for market development, including managing our relationships with resellers, assisting resellers in winning and supporting key customer accounts and acting as liaisons between the end customers and our marketing and product development organizations. We expect to continue to expand our International direct sales group in Europe, the Middle East, Asia/Pacific and Latin America. We are expanding our sales in international markets by adding distribution relationships and expanding our direct sales force, with plans in the next year to double the number of personnel in Europe and to hire a country manager for Japan.
 
Each sales organization is supported by experienced sales engineers who are responsible for providing pre-sales technical support and technical training for the sales team and for our resellers and distributors. All of our sales personnel are responsible for lead follow-up and account management. Our sales personnel have quota requirements and are compensated with a combination of base salary and earned commissions.
 
Our indirect sales channel, comprised primarily of resellers and distributors, is supported by our dedicated sales force with broad experience in selling network security products to resellers. We maintain a broad network of value-added resellers throughout the United States and Canada, and distributors in Europe, Latin America and Asia/Pacific. Our arrangements with our resellers are non-exclusive, territory-specific, and generally cover all of our products and services and provide for appropriate discounts based on a variety of factors including volume purchases. These agreements are generally terminable at will by either party by providing the other party at least 90 days written notice. Our arrangements with distributors also are non-exclusive and territory-specific and provide distributors with discounts based upon the annual volume of their orders. We provide our resellers and distributors with marketing assistance, technical training and support.
 
Strategic Relationships.  We have established commercial relationships with networking and security companies to provide alternative distribution channels for our products.
 
We recently executed an OEM agreement with Nokia Inc. under which Nokia is permitted to incorporate our RNA and Intrusion Sensor technology into Nokia Enterprise Solutions hardware platform for direct and indirect sales to its enterprise customers. In addition, Nokia has the ability to resell the Defense Center. This agreement expires on July 14, 2009.
 
Marketing.  Our marketing activity consists primarily of product marketing, product management and sales support programs. Marketing also includes advertising, our Web site, trade shows, direct marketing and public relations. Our marketing program is designed to build the Sourcefire and Snort brands, increase customer awareness, generate leads and communicate our product advantages. We also use our marketing program to support the sale of our products through new channels and to new markets. We have eight full-time employees in our marketing department.


60


Table of Contents

Research and Development
 
Our research and development efforts are focused primarily on improving and enhancing our existing network security products as well as developing new features and functionality. We communicate with our customers and the open source community when considering product improvements and enhancements, and we regularly release new versions of our products incorporating these improvements and enhancements.
 
Vulnerability Research Team.  Our Vulnerability Research Team is a group of leading edge network security experts working to proactively discover, assess and respond to the latest trends in network threats and security vulnerabilities. By gathering and analyzing this information, our Vulnerability Research Team creates and updates Snort Rules and security tools that are designed to identify, characterize and defeat attacks.
 
This team operates from our corporate headquarters in Columbia, Maryland and relies upon interactions with the open source Snort community to learn of new vulnerabilities and exploits. The Vulnerability Research Team also coordinates and shares information with other security authorities such as The SANS Institute, CERT-CC (Computer Emergency Response Team), iDefense (Verisign), SecurityFocus (Bugtraq; Symantec) and Common Vulnerabilities and Exposures (Mitre). Because of the knowledge and experience of our personnel comprising the Vulnerability Research Team, as well as its extensive coordination with the open source community, we believe that we have access to one of the largest and most sophisticated groups of IT security experts researching vulnerability and threats on a real-time basis.
 
As of September 30, 2006, we had approximately 53 employees dedicated to research and development. Our research and development expense was $3.8 million, $5.7 million, $6.8 million and $6.3 million for the years ended December 31, 2003, 2004 and 2005 and the nine months ended September 30, 2006, respectively.
 
Manufacturing and Suppliers
 
We rely primarily on contract equipment manufacturers to assemble, integrate and test our appliances and to ship those appliances to our customers. We typically hold little inventory, relying instead on a just-in-time manufacturing philosophy. We rely on four primary integrators. We have contracted with Avnet, Inc., a leading distributor of enterprise network and computer equipment, to manufacture all of our appliances built on IBM hardware. We have also contracted with Patriot Technologies, Inc. and Intelligent Decisions Inc., or IDI, to assemble, integrate and test all our product offerings operating on an Intel platform. Our agreement with Patriot expires on December 12, 2006, and will automatically renew for successive one year periods unless either we or Patriot notify the other of an intent not to renew at least 90 days prior to expiration. We entered into a conditional purchase commitment with Patriot pursuant to which we have agreed to purchase a set quantity of new appliance inventory over an 18-month period provided that the new appliance meets certain specifications on or before November 15, 2006. The approximate value of the purchase commitment is $800,000. Our agreement with IDI expires on January 31, 2007 and will automatically renew unless either party notifies the other party of its intent not to renew at least 30 days prior to the end of the term. Finally, we have contracted with Bivio Networks, Inc. to manufacture select high performance models of our appliances. Our agreement with Bivio expires on February 10, 2008. All of these agreements are non-exclusive. We would be faced with the burden, cost and delay of having to qualify and contract with a new supplier if any of these agreements terminate or expire for any reason.
 
Intellectual Property
 
To protect our intellectual property, both domestically and abroad, we rely primarily on patent, trademark, copyright and trade secret laws. As of the date hereof we had 19 patent applications pending for examination in the U.S. and foreign jurisdictions. We currently hold no issued patents. The claims for which we have sought patent protection relate to methods and systems we have developed for intrusion detection and prevention used in our RNA, Intrusion Sensor and Defense Center products. In addition, we utilize contractual provisions, such as non-disclosure and non-compete agreements, as well as confidentiality procedures to strengthen our protection.
 
Despite our efforts to protect our intellectual property, unauthorized parties may attempt to copy aspects of our products or obtain and use information that we regard as proprietary. While we cannot determine the extent to which piracy of our software products occurs, we expect software piracy to be a persistent problem. In addition, the laws of


61


Table of Contents

some foreign countries do not protect our proprietary rights to as great an extent as do the laws of the United States and many foreign countries do not enforce these laws as diligently as U.S. government agencies and private parties.
 
Seasonality
 
Our business is subject to seasonal fluctuations. For a discussion of seasonality affecting our business, see “Management’s Discussion and Analysis of Financial Condition and Results of Operations — Seasonality.”
 
Competition
 
The market for network security monitoring, detection, prevention and response solutions is intensely competitive and we expect competition to increase in the future. Our chief competitors generally fall within the following categories:
 
  •  large companies, including Symantec Corporation, Cisco Systems, Inc., Internet Security Systems, Inc. (which has recently been acquired by IBM), Juniper Networks, Inc., 3Com Corporation, Check Point Software Technologies, LTD and McAfee, Inc., that sell competitive products and offerings, as well as other large software companies that have the technical capability and resources to develop competitive products;
 
  •  software or hardware network infrastructure companies, including Cisco Systems, Inc., 3Com Corporation and Juniper Networks, Inc., that could integrate features that are similar to our products into their own products;
 
  •  smaller software companies offering relatively limited applications for network and Internet security monitoring, detection, prevention or response; and
 
  •  small and large companies offering point solutions that compete with components of our product offerings.
 
Mergers or consolidations among these competitors, or acquisitions of our competitors by large companies, present competitive challenges to our business. For example, Symantec Corporation, Cisco Systems, Inc., McAfee, Inc., 3Com Corporation and Juniper Networks, Inc. have acquired during the past several years smaller companies, which have intrusion detection or prevention technologies and Internet Security Systems, Inc. has recently been acquired by IBM. These acquisitions will make these combined entities potentially more formidable competitors to us if such products and offerings are effectively integrated. Large companies may have advantages over us because of their longer operating histories, greater brand name recognition, larger customer bases or greater financial, technical and marketing resources. As a result, they may be able to adapt more quickly to new or emerging technologies and changes in customer requirements. They also have greater resources to devote to the promotion and sale of their products than us. In addition, these companies have reduced and could continue to reduce, the price of their security monitoring, detection, prevention and response products and managed security services, which intensifies pricing pressures within our market.
 
Several companies currently sell software products (such as encryption, firewall, operating system security and virus detection software) that our customers and potential customers have broadly adopted. Some of these companies sell products that perform the same functions as some of our products. In addition, the vendors of operating system software or networking hardware may enhance their products to include functions similar to those that our products currently provide.
 
We believe that the principal competitive factors affecting the market for information security solutions include security effectiveness, manageability, technical features, performance, ease of use, price, scope of product offerings, professional services capabilities, distribution relationships and customer service and support. We believe that our solutions generally compete favorably with respect to such factors.
 
Properties
 
Our principal executive offices are located in Columbia, Maryland. We also lease sales offices in Vienna, Virginia; Livonia, Michigan; and Reading, United Kingdom. Our lease in Columbia, Maryland expires on May 31, 2010; our lease in Vienna, Virginia expires on December 31, 2006; our lease in Livonia, Michigan expires on August 31, 2008; and our lease in Reading, United Kingdom expires on November 30, 2006. We believe that our


62


Table of Contents

facilities are generally suitable to meet our needs for the foreseeable future; however, we will continue to seek additional space as needed to satisfy our growth.
 
Employees
 
As of September 30, 2006, we had 174 employees, of whom 53 were engaged in product research and development, 82 were engaged in sales and marketing, 11 were engaged in customer service and support, 6 were engaged in professional services and 22 were engaged in administrative functions. Our current employees are not represented by a labor union and are not the subject of a collective bargaining agreement. We believe that we have good relations with our employees.
 
Legal Proceedings
 
On April 25, 2006, we were served with a complaint filed by PredatorWatch, Inc. (a.k.a. NetClarity) in the Superior Court of Suffolk County, Massachusetts. The plaintiff alleges that we and Martin F. Roesch, our Chief Technology Officer, together with Inflection Point Ventures, L.P., a stockholder of Sourcefire, and certain general partners of Inflection Point: (i) misappropriated its trade secrets; (ii) breached an oral agreement of confidentiality; (iii) breached a covenant of good faith and fair dealing owed to the plaintiff; (iv) were unjustly enriched; (v) misrepresented certain material facts to the plaintiff upon which the plaintiff relied to its detriment; and (vi) engaged in unfair and deceptive acts in violation of Massachusetts state law. The plaintiff has sought to recover amounts to be ascertained and established, as well as double and treble damages and attorneys’ fees.
 
On May 22, 2006, we answered the plaintiff’s complaint and denied each and every count contained in the plaintiff’s complaint. As of September 30, 2006, the parties are in the process of conducting discovery and no trial date has been set. We have not recorded any reserve in our financial statements for potential liability for legal fees in connection with this suit. We intend vigorously to defend against the plaintiff’s case.
 
Additionally, PredatorWatch has separately notified us that they believe that RNA technology is covered by claims contained in its pending patent application. This pending patent application has not issued as a patent, but in the event it does issue, PredatorWatch could file an additional complaint to include a patent infringement claim against us.
 
From time to time, we may be involved in other disputes or litigation relating to claims arising out of our operations. However, we are not currently a party to any other material legal proceedings.


63


Table of Contents

 
MANAGEMENT
 
Directors and Executive Officers
 
The following table sets forth information concerning our directors, executive officers and other key members of our management team as of September 30, 2006:
 
             
Name
  Age    
Position
 
E. Wayne Jackson, III
    45     Chief Executive Officer and Chairman of the Board of Directors
Martin F. Roesch
    36     Chief Technology Officer and Director
Thomas M. McDonough
    52     President and Chief Operating Officer
Todd P. Headley
    43     Chief Financial Officer and Treasurer
Michele M. Perry-Boucher
    45     Chief Marketing Officer
Joseph M. Boyle
    40     General Counsel and Secretary
Thomas D. Ashoff
    45     Vice President of Engineering
John T. Czupak
    43     Vice President of International Sales and Business Development
John G. Negron
    42     Vice President of North American Sales
Asheem Chandna(2)(3)
    42     Director
Joseph R. Chinnici(1)(3)
    52     Director
Tim A. Guleri(1)(2)
    41     Director
Steven R. Polk (3)
    59     Director
Harry R. Weller(1)(2)
    36     Director
 
(1) Member of our audit committee
(2) Member of our compensation committee
(3) Member of our nominating and corporate governance committee
 
Executive Officers
 
E. Wayne Jackson, III, Chief Executive Officer and Chairman of the Board of Directors
 
Wayne Jackson joined us in May 2002 as our Chief Executive Officer and a director. He was appointed Chairman of our Board of Directors in October 2006. Before joining Sourcefire, Mr. Jackson was a private investor from September 2001 until May 2002. Prior to that, Mr. Jackson co-founded Riverbed Technologies, Inc., a wireless infrastructure company, served as its CEO from January 1999 until the sale of the company to Aether Systems Inc. for more than $1.0 billion in March 2000 and continued as an employee of Aether Systems as Managing Director of Aether Capital until September 2001. Previously, Mr. Jackson built an emerging technologies profit center for Noblestar Systems Inc., a large systems integrator, and has consulted to organizations including General Electric, the World Bank and the Federal Reserve. Mr. Jackson holds a B.B.A. in Finance from James Madison University.
 
Martin F. Roesch, Chief Technology Officer and Director
 
Martin F. Roesch founded Sourcefire in 2001 and served as our President and Chief Technology Officer until September 2002, since which time he has continued to serve as our Chief Technology Officer. Mr. Roesch is responsible for our technical direction and product development efforts. Mr. Roesch, who has 16 years of industry experience in network security and embedded systems engineering, is also the author and lead developer of the Snort Intrusion Prevention and Detection System that forms the foundation for the Sourcefire 3D System. Over the past ten years, Mr. Roesch has developed various network security tools and technologies, including intrusion prevention and detection systems, honeypots, network scanners and policy enforcement systems for organizations such as GTE Internetworking and Stanford Telecommunications, Inc. Mr. Roesch holds a B.S. in Electrical and Computer Engineering from Clarkson University.


64


Table of Contents

Thomas M. McDonough, President and Chief Operating Officer
 
Thomas M. McDonough joined us in September 2002 as our President and Chief Operating Officer and is our executive officer in charge of sales. Before joining Sourcefire, Mr. McDonough was the Chief Executive Officer of Mountain Wave, Inc., an information security company, from March 2002 until September 2002, which was acquired by Symantec Corporation in July 2002. Prior to that, Mr. McDonough was Senior Vice President of Worldwide Sales for Riverbed Technologies from February 2000 until March 2000, when it was acquired by Aether Systems. He then served as the Senior Vice President of Worldwide Sales for Aether Systems until March 2002. Previously, Mr. McDonough spent six years with Axent Technologies, Inc. as Vice President of North American Sales and Professional Services. That company was acquired by Symantec Corporation in December 2000 for $960 million. Mr. McDonough holds a B.A. in Economics and an M.B.A. from the University of Notre Dame.
 
Todd P. Headley, Chief Financial Officer and Treasurer
 
Todd P. Headley joined us in April 2003 and serves as our Chief Financial Officer and Treasurer. Prior to joining Sourcefire, Mr. Headley was CFO for BNX Corporation, a network access management company, from September 2001 until April 2003. Prior to BNX, Mr. Headley served as CFO for FBR Technology Venture Partners, a Virginia-based venture capital firm, from September 2000 until May 2001. Mr. Headley served as Chief Financial Officer of Riverbed Technologies, a wireless infrastructure company, from March 1999 until its acquisition by Aether Systems in March 2000. Mr. Headley continued with Aether Systems until June 2000, where he was engaged in various business development and integration activities. Mr. Headley also served as Controller at POMS Corporation, a manufacturing supply chain execution company, from February 1998 until February 1999 and as Vice President and Controller of Roadshow International, Inc., a supply chain execution company, from April 1992 until February 1998. Mr. Headley began his career at Arthur Andersen in 1985 as an auditor. Mr. Headley is a C.P.A. and holds a B.S. in accounting from Virginia Polytechnic Institute and State University.
 
Michele M. Perry-Boucher, Chief Marketing Officer
 
Michele M. Perry-Boucher joined us in March 2004 and serves as our Chief Marketing Officer. From September 2001 until joining Sourcefire, Ms. Perry-Boucher operated her own strategic marketing and business development consultancy, MPB Strategies, which specialized in providing consulting and strategy services to fast growing companies. Previously, Ms. Perry-Boucher was Senior Vice President, Marketing at USinternetworking, Inc. from July 1998 until June 2001. Additionally, Ms. Perry-Boucher held senior marketing and management positions at Versatility Inc. (acquired by Oracle Corporation) from February 1997 to June 1998 and Software AG from January 1992 until January 1997. Ms. Perry-Boucher holds a B.S. from the University of Pennsylvania (Wharton School) and an M.B.A. from Harvard Business School.
 
Joseph M. Boyle, General Counsel and Secretary
 
Joseph M. Boyle joined us in April 2006 and serves as our General Counsel and Secretary. Prior to joining us, Mr. Boyle was in private practice from February 2005 until April 2006 where he focused on representing entrepreneurs, start-ups, emerging growth and technology companies. Mr. Boyle acted as the Chief of Staff to the Director of the National Cyber Security Division within the Department of Homeland Security’s Information Assurance and Infrastructure Protection Directorate from February 2004 to February 2005. From September 2001 until February 2004, Mr. Boyle served as general counsel to Riptech, Inc., an Alexandria, Virginia based managed security service provider, which was acquired by Symantec Corporation in August 2002. Prior to joining Riptech, Mr. Boyle served from April 1998 until September 2001 as general counsel to Cysive, Inc., a Reston, Virginia based IT professional services firm. Prior to Cysive, Mr. Boyle was in private practice focusing on private equity, mergers and acquisitions and corporate securities. Mr. Boyle holds a B.S. in Mechanical Engineering from the University of Detroit and received his J.D. from the University of Michigan. He is admitted to practice law in the Commonwealth of Virginia and the District of Columbia.


65


Table of Contents

Other Key Members of Management
 
Thomas D. Ashoff, Vice President of Engineering
 
Thomas D. Ashoff joined us in April 2003 as Vice President of Engineering. Prior to joining Sourcefire, Mr. Ashoff worked for Network Associates Inc. (now McAfee Inc.) in a number of capacities from April 1998 until February 2003. At Network Associates, Mr. Ashoff was Vice President, Strategic Product Engineering in the Technology Research Division as well as Vice President of Engineering for Network Associates’ PGP Security business unit. Mr. Ashoff joined Network Associates in 1998 when it acquired Trusted Information Systems (TIS). At TIS, Mr. Ashoff was the Senior Development Manager for the Gauntlet Firewall and VPN products. Prior to TIS, Mr. Ashoff developed software for GTE Spacenet/Contel ASC from 1988 to June 1994. Mr. Ashoff also provided consultancy services to the National Security Agency (NSA) through HRB Singer, Inc. from 1985 until 1988 and was employed by the NSA from 1982 until 1985. Mr. Ashoff holds a B.S. in Computer Science from the University of Pittsburgh.
 
John T. Czupak, Vice President of International Sales and Business Development
 
John T. Czupak joined us in October 2002 and serves as our Vice President of International Sales and Business Development. Before joining us, Mr. Czupak was the Senior Vice President of Worldwide Sales for Mountain Wave, Inc., an information security company, from October 2001 until October 2002, which was acquired by Symantec Corporation in July 2002. Prior to joining Mountain Wave, Mr. Czupak was the Director of International Operations for Riverbed Technologies from December 1999 until March 2000. He subsequently became the General Manager, Europe, Middle East & Asia for Aether Systems, Inc., after Aether acquired Riverbed Technologies in March 2000, and served in that position until October 2001. Previously, Mr. Czupak was with Axent Technologies, Inc., an Internet security company, where he was Vice President of Asia, Pacific & Latin America from August 1994 until December 1999. Mr. Czupak holds a B.S. in Marketing from Towson State University and an M.B.A. from the University of Maryland.
 
John G. Negron, Vice President of North American Sales
 
John G. Negron joined us in July 2002 and serves as Vice President of North American Sales. Before joining us, from December 2001 until May 2002, Mr. Negron was Vice President of Sales and Marketing at mindShift Technologies, Inc. Mr. Negron joined Riverbed Technologies in February 2000 as Director of Sales and continued to serve in that capacity following its acquisition by Aether Systems in March 2000, until October 2001. He also served as Director of Sales for Aether Systems’ Enterprise Vertical when Aether acquired Riverbed in March 2000. From September 1994 until January 2000, Mr. Negron was employed by Axent Technologies, an internet security software company, where he directed the company’s penetration into the public sector. Mr. Negron also held multiple domestic and international sales management roles at SunGard Data Systems Inc. from August 1985 until September 1991 which provided software and services in the disaster recovery segment of the security industry. Mr. Negron holds a B.S. from Bentley College.
 
Directors
 
Asheem Chandna, Director
 
Asheem Chandna joined our board of directors in May 2003 and is currently a partner with Greylock Partners, a venture capital firm. Prior to joining Greylock in September 2003, Mr. Chandna was with Check Point Software Technologies Ltd. from April 1996 until December 2002 where he was Vice-President of Business Development and Product Management. Prior to Check Point, Mr. Chandna was Vice-President of Marketing with CoroNet Systems from October 1994 to November 1995 and was with Compuware Corporation from November 1995 to April 1996, following Compuware’s acquisition of CoroNet. Previously, Mr. Chandna held strategic marketing and product management positions with SynOptics/Bay Networks from June 1991 to October 1994 and consulting positions with AT&T Bell Laboratories from September 1988 to May 1991. Mr. Chandna currently serves on the board of directors of several privately held companies including Imperva Inc., Palo Alto Networks, PortAuthority Technologies, Inc. and Securent, Inc.. He previously served on the board of directors at CipherTrust, Inc. (acquired


66


Table of Contents

by Secure Computing Corporation) and NetBoost Inc. (acquired by Intel Corporation). Mr. Chandna holds B.S. and M.S. degrees in electrical and computer engineering from Case Western Reserve University in Cleveland, Ohio.
 
Joseph R. Chinnici, Director
 
Joseph R. Chinnici joined our board of directors in July 2006. Mr. Chinnici has served as Senior Vice President, Finance and Chief Financial Officer at Ciena Corporation since August 1997, and was previously Vice President, Finance and Chief Financial Officer from May 1995 to August 1997. Mr. Chinnici served previously as Controller since joining Ciena in September 1994. From 1993 through 1994, Mr. Chinnici served as a financial consultant for Halston Borghese Inc. From 1977 to 1993, Mr. Chinnici held a variety of accounting and finance assignments for Playtex Apparel, Inc. (now a division of Sara Lee Corporation), ending this period as Director of Operations Accounting and Financial Analysis. Mr. Chinnici serves on the board of directors for Brix Networks, Inc. He holds a B.S. degree in accounting from Villanova University and an M.B.A. from Southern Illinois University.
 
Tim A. Guleri, Director
 
Tim A. Guleri joined our board of directors in June 2002 and is currently a Managing Director with Sierra Ventures. Before joining Sierra Ventures in February 2001, Mr. Guleri was the Vice Chairman and Executive Vice President with Epiphany, Inc. from March 2000 until February 2001; the Chairman, CEO and Co-founder of Octane Software Inc. from September 1997 until March 2000; Vice President of Field Operations, Product Marketing with Scopus Technology Inc. from February 1992 until February 1996 and was part of the information technology team with LSI Logic Corporation from September 1989 until September 1991. He has been a director of: Octane Software from 1997 to 2000 (Sold to Epiphany in 2000); Net6, Inc. from March 2001 to March 2004 (Acquired by Citrix Systems, Inc. in 2004); Approva, Inc. since April 2005; Spoke Software, Inc. since July 2002; CodeGreen Networks, Inc. since March 2005; AIRMEDIA, Inc. since April 2005; Steelbox Networks Inc. since 2006 and Everest, Inc. since October 2003. Mr. Guleri holds a B.S. of Electrical Engineering from Punjab Engineering College, India and an M.S. of Engineering and Operational Research from Virginia Tech.
 
Lt. Gen. Steven R. Polk (ret.), Director
 
Lt. Gen. Steven R. Polk joined our board of directors in August 2006. General Polk was the Inspector General of the Air Force, Office of the Secretary of the Air Force, Washington, D.C., from December 2003 until he retired on February 1, 2006. While at the Air Force, General Polk oversaw Air Force inspection policy, criminal investigations, counterintelligence operations, intelligence oversight, complaints, and fraud, waste and abuse programs and was also responsible for two field operating agencies — the Air Force Inspection Agency and Air Force Office of Special Investigations. Prior to this assignment, he was Vice Commander, Pacific Air Forces from March 2002 to November 2003 and Commander, 19th Air Force, Air Education and Training Command from May 1999 to March 2002. Staff appointments included Director of Operations at Headquarters Pacific Air Forces and Assistant Chief of Staff for Operations at Headquarters Allied Air Forces Northwestern Europe, NATO, as well as duty at Headquarters U.S. Air Forces in Europe and Headquarters U.S. Air Force. General Polk graduated and was commissioned from the U.S. Air Force Academy in June 1968 with a B.S. in aeronautical engineering. In 1974, he received an M.S. in engineering from Arizona State University, Tempe and in 1988 he received an M.A. in national security and strategic studies from Naval War College, Newport, R.I.
 
Harry R. Weller, Director
 
Harry R. Weller joined our board of directors in February 2003. Currently a Partner with New Enterprise Associates, Mr. Weller joined New Enterprise Associates in January 2002. Prior to joining New Enterprise Associates, Mr. Weller was a partner at FBR Technology Venture Partners from 1997 until 2001, where he worked with start-up teams. Previously, Mr. Weller was with the Boston Consulting Group in 1997 and Deloitte & Touche Management Consulting from 1993 until 1996. At both firms, he managed strategy and technology initiatives in the financial, manufacturing and telecommunications industries. Mr. Weller has served on the board of directors of Vonage, Inc. since October 2003. Mr. Weller received a B.S. in Physics from Duke University and an M.B.A. from Harvard University Graduate School of Business.


67


Table of Contents

Board of Directors
 
Prior to this offering, our board of directors had seven members. Upon the completion of this offering, our board will have nine members. At each annual meeting, our stockholders will re-elect, or elect successors to, our directors. Our executive officers and key employees serve at the discretion of our board of directors.
 
Board Committees
 
The standing committees of our board of directors consist of an audit committee, a compensation committee and a nominating and corporate governance committee.
 
Audit Committee
 
Our audit committee consists of Joseph R. Chinnici, Tim A. Guleri and Harry R. Weller. Mr. Chinnici serves as the chairman of our audit committee. The audit committee reviews and recommends to our board of directors internal accounting and financial controls and accounting principles and auditing practices to be employed in the preparation and review of our financial statements. In addition, the audit committee has the authority to engage public accountants to audit our annual financial statements and determine the scope of the audit to be undertaken by such accountants. The board of directors has determined that Mr. Chinnici is a financial expert under the SEC rule implementing Section 407 of the Sarbanes-Oxley Act of 2002.
 
Compensation Committee
 
Our compensation committee consists of Asheem Chandna, Tim A. Guleri and Harry R. Weller. Mr. Guleri serves as the chairman of our compensation committee. The compensation committee reviews and recommends to our Chief Executive Officer and the board policies, practices and procedures relating to the compensation of managerial employees and the establishment and administration of certain employee benefit plans for managerial employees. The compensation committee has authority to administer our stock incentive plan and advise and consult with our officers regarding managerial personnel policies.
 
Nominating and Corporate Governance Committee
 
Our nominating and corporate governance committee consists of Asheem Chandna, Joseph R. Chinnici and Steven R. Polk. General Polk serves as the chairman of our nominating and corporate governance committee. The nominating and corporate governance committee assists the board of directors with its responsibilities regarding, among other things, the identification of individuals qualified to become directors; the selection of the director nominees for the next annual meeting of stockholders; the selection of director candidates to fill any vacancies on the board of directors; reviewing and making recommendations to the board with respect to management succession planning; developing and recommending to the board corporate governance principles; and overseeing an annual evaluation of the board.
 
From time to time, the board may establish other committees to facilitate the management of our business.
 
Director Compensation
 
We have agreed to pay Joseph R. Chinnici an annual fee of $30,000 to serve on our board of directors and to serve as chairman of our audit committee, and Steven R. Polk an annual fee of $20,000 to serve on our board of directors and to serve as chairman of our nominating and corporate governance committee. We do not otherwise provide cash compensation to our directors for their services as members of the board of directors or its committees or for attendance at board or committee meetings. However, directors will be reimbursed for reasonable travel and other expenses incurred in connection with attending meetings of the board and its committees. Under our stock incentive plan, directors are eligible to receive stock option and restricted stock grants at the discretion of our compensation committee or other administrator of the plan. We have made the following grants to our directors under our stock incentive plan:
 
  •  On October 23, 2003, we granted Asheem Chandna an option to purchase 160,000 shares of our common stock at an exercise price of $0.20 per share, which our board of directors determined to be the fair market


68


Table of Contents

  value of our common stock on the date of grant. Mr. Chandna exercised this option in full on December 21, 2004.
 
  •  On August 15, 2006 we agreed to issue Joseph R. Chinnici 25,000 shares of restricted common stock at a price of $0.001 per share and vesting on the earlier of (i) the consummation of a firm commitment underwritten public offering of our common stock, along with the expiration of any applicable lock-up agreements,(ii) a change in control of Sourcefire or (iii) June 30, 2008.
 
  •  On September 7, 2006 we agreed to issue Steven R. Polk 20,000 shares of restricted common stock at a price of $0.001 per share and vesting on the earlier of (i) the consummation of a firm commitment underwritten public offering of our common stock, along with the expiration of any applicable lock-up agreements, (ii) a change in control of Sourcefire or (iii) June 30, 2008.
 
Compensation Committee Interlocks and Insider Participation
 
None of our executive officers serves as a member of the board of directors or compensation committee of any entity that has one or more executive officers serving as our director or as a member of our compensation committee.
 
Executive Compensation
 
The following table sets forth information regarding the compensation of our Chief Executive Officer and each of our other four most highly-compensated executive officers, referred to in this prospectus as the “named executive officers,” for the year ended December 31, 2005.
 
Summary Compensation Table
 
                         
          Long-term
 
          compensation
 
                awards  
                Securities
 
    Annual compensation     underlying
 
Name and principal position
  Salary     Bonus     options (#)  
 
E. Wayne Jackson, III
  $ 225,000     $ 74,000       160,000  
Chief Executive Officer
                       
Thomas M. McDonough
  $ 200,000     $ 151,500       150,000  
President and Chief Operating Officer
                       
Martin F. Roesch
  $ 175,000     $ 64,000       100,000  
Chief Technology Officer
                       
Todd P. Headley
  $ 162,500     $ 60,250       38,000  
Chief Financial Officer and Treasurer
                       
Michele M. Perry-Boucher
  $ 157,500     $ 48,969       35,000  
Chief Marketing Officer
                       


69


Table of Contents

The following table provides certain information concerning grants of options to our named executive officers for the year ended December 31, 2005.
 
Option Grants in 2005
 
                                                 
                            Potential
 
                            realizable value
 
                            at assumed
 
    Number of
    Percent of
                annual rate
 
    shares
    total options
                of stock price
 
    underlying
    granted to
    Exercise
          appreciation for
 
    options
    employees In
    price
    Expiration
    option term(2)  
Name
  granted(1)     fiscal year     per share     date     5%     10%  
 
E. Wayne Jackson, III
    160,000       11.5 %   $ 1.25       6/24/15     $ 126,000     $ 319,000  
Thomas M. McDonough
    150,000       10.8       1.25       6/24/15       118,000       299,000  
Martin F. Roesch
    100,000       7.2       1.25       6/24/15       79,000       199,000  
Todd P. Headley
    38,000       2.7       1.25       6/24/15       30,000       76,000  
Michele M. Perry-Boucher
    35,000       2.5       1.25       6/24/15       28,000       70,000  
 
(1) The options were granted pursuant to our 2002 Stock Incentive Plan and vest 25% after one year and in equal monthly installments over the subsequent three years. In addition, any named executive officer’s options accelerate and become fully vested if there is a change of control and the named executive officer’s employment is terminated without cause within one year after the change of control.
(2) In accordance with the requirements of the Securities and Exchange Commission (the “SEC”), these columns show potential gains that could accrue for the respective options, assuming that the market price of our common stock appreciates in value from the date the options were granted over a period of 10 years at an annualized rate of 5% or 10%, as indicated. Actual gains, if any, on stock option exercises are dependent on the future performance of our common stock. These amounts are not intended to forecast possible future increases, if any, in the market price of our common stock.
 
The following table provides information concerning exercisable and unexercisable options held by our named executive officers during the fiscal year ended December 31, 2005. No options were exercised in 2005.
 
December 31, 2005 Option Values
 
                                                 
                Number of securities
             
                underlying unexercised
    Value of unexercised
 
    Shares
          options at
    In-the-money options at
 
    acquired on
    Value
    December 31, 2005 (#)     December 31, 2005(1)  
Name
  exercise (#)     realized ($)     Exercisable     Unexercisable     Exercisable     Unexercisable  
 
E. Wayne Jackson, III
                      160,000     $     $    
Thomas M. McDonough
                      150,000     $     $    
Martin F. Roesch
                      100,000     $     $    
Todd P. Headley
                117,500       132,500     $       $    
Michele M. Perry-Boucher
                87,500       147,500     $       $  
 
(1) There was no public trading market for our common stock as of December 31, 2005. Accordingly, the value of the unexercised in-the-money options as of December 31, 2005 has been determined by calculating the difference between an assumed initial public offering price of $     , the midpoint of the filing range set forth on the cover of this prospectus, and the option exercise price of each applicable in-the-money option, multiplied by the number of shares underlying such option.
 
Employment Agreements
 
Employment Agreement with E. Wayne Jackson III
 
We entered into an employment agreement with E. Wayne Jackson III, our Chief Executive Officer, in August 2002. The employment agreement provides that increases to the amount of Mr. Jackson’s base salary will be


70


Table of Contents

determined annually by our board of directors, but will not be less than the initial base salary of $150,000 per annum. Mr. Jackson’s current annual base salary, as approved by our board of directors, is $225,000. Also, Mr. Jackson is eligible to receive an annual cash bonus of up to $100,000 per annum in the event that he and Sourcefire achieve deliverables or reasonable goals approved by Mr. Jackson and our board of directors or compensation committee. Mr. Jackson is eligible to participate in any and all plans providing general benefits to our employees, subject to the provisions, rules and regulations applicable to each such plan.
 
Pursuant to the terms of his employment agreement, Mr. Jackson received a restricted stock award equal to 909,000 shares of our common stock at a price of $0.001 per share in August 2002 and is also eligible to participate in our stock incentive plan. In December 2003, Mr. Jackson received additional restricted stock awards equal to 105,000 shares of our common stock at a price of $0.001 per share.
 
Mr. Jackson’s employment agreement may be terminated, with or without cause, by us or the executive at any time. If we terminate the employment agreement for cause (as defined in the agreement) or on account of death, or if Mr. Jackson terminates the agreement for any reason other than for good reason (as defined in the agreement), Mr. Jackson is entitled to no further compensation or benefits other than those earned through the date of termination. If we terminate the agreement for any reason other than for cause or death, if we terminate the agreement in the event Mr. Jackson becomes permanently disabled (as defined in the agreement) or if Mr. Jackson terminates the agreement for good reason (as defined in the agreement), we will provide continued payment of base salary and medical benefits for the six months following the termination of employment, conditioned upon the execution by Mr. Jackson of a release. The terms and provisions of the assignment of inventions, non-disclosure, non-solicitation, and non-competition agreement, or NDA, entered into between Sourcefire and Mr. Jackson, shall remain effective in the event Mr. Jackson is terminated; provided, however, that if Mr. Jackson is terminated without cause or resigns for good reason, and agrees to waive his rights to the six months of post-termination compensation described above, the non-solicitation and the 12 month non-competition provisions of the NDA shall be of no further force or effect as of the date of termination.
 
Mr. Jackson’s employment agreement expires on May 5, 2007 and may be renewed by our board of directors for consecutive one-year terms.
 
Employment Agreement with Thomas M. McDonough
 
We entered into an employment agreement with Thomas M. McDonough, our President and Chief Operating Officer, in August 2002. The employment agreement provides that increases to the amount of Mr. McDonough’s base salary will be determined annually by our board of directors, but will not be less than the initial base salary of $150,000 per annum. Mr. McDonough’s current annual base salary, as approved by our board of directors, is $200,000. In addition, Mr. McDonough is eligible to receive a cash bonus of up to $100,000 per annum, payable quarterly, in the event that he and Sourcefire achieve deliverables or reasonable goals approved by Mr. McDonough and our board of directors or compensation committee. Mr. McDonough is eligible to participate in any and all plans providing general benefits to our employees, subject to the provisions, rules and regulations applicable to each such plan.
 
Pursuant to the terms of his employment agreement, Mr. McDonough received a restricted stock award equal to 507,000 shares of our common stock at a price of $0.001 per share in August 2002 and is also eligible to participate in our stock incentive plan. In December 2003, Mr. McDonough received additional restricted stock awards equal to 210,000 shares of our common stock at a price of $0.001 per share.
 
Mr. McDonough’s employment agreement may be terminated, with or without cause, by us or the executive at any time. If we terminate the employment agreement for cause (as defined in the agreement) or on account of death, or if Mr. McDonough terminates the agreement for any reason other than for good reason (as defined in the agreement), Mr. McDonough is entitled to no further compensation or benefits other than those earned through the date of termination. If we terminate the agreement for any reason other than for cause or death, if we terminate the agreement in the event Mr. McDonough becomes permanently disabled (as defined in the agreement) or if Mr. McDonough terminates the agreement for good reason (as defined in the agreement), we will provide continued payment of base salary and medical benefits for the six months following the termination of employment, conditioned upon the execution by Mr. McDonough of a release. The terms and provisions of the NDA entered into


71


Table of Contents

between Sourcefire and Mr. McDonough shall remain effective in the event Mr. McDonough is terminated; provided, however, that if Mr. McDonough is terminated without cause or resigns for good reason, and agrees to waive his rights to the six months of post-termination compensation described above, the non-solicitation and the 12-month non-competition provisions of the NDA shall be of no further force or effect as of the date of termination.
 
Mr. McDonough’s employment agreement expires on September 8, 2007 and may be renewed by our board of directors for consecutive one-year terms.
 
Employment Agreement with Martin F. Roesch
 
We entered into an employment agreement with Martin F. Roesch, our Chief Technology Officer, in February 2002 and amended that agreement in June 2002. The employment agreement, as amended, provides for an initial base salary of $150,000 per annum, and eligibility to receive an annual performance bonus, contingent upon Mr. Roesch’s ability to achieve management objectives. Compensation for Mr. Roesch is subject to normal periodic review by the compensation committee of our board of directors. Mr. Roesch’s current annual base salary, as approved by our board of directors, is $200,000. Mr. Roesch is eligible to participate in any and all plans providing general benefits to our employees, subject to the provisions, rules and regulations applicable to each such plan.
 
Mr. Roesch executed our employee proprietary information, inventions, and non-competition agreement.
 
Mr. Roesch’s employment may be terminated at any time, with or without cause and with or without notice, by Mr. Roesch or by us. If Mr. Roesch’s employment is terminated by us without cause (as defined in the agreement), we will provide payment of salary, benefits and any bonus earned for the three months following the termination of employment, conditioned upon the execution by Mr. Roesch of a release.
 
The employment agreement states that Mr. Roesch’s employment is of no set duration.
 
Employment Agreement with Todd P. Headley
 
We entered into an employment agreement with Todd P. Headley, our Chief Financial Officer and Treasurer, in April 2003. The employment agreement provides for an initial base salary of $125,000 per annum, and eligibility to receive an annual performance bonus at the discretion of the compensation committee of our board of directors, contingent upon the executive’s ability to achieve management objectives. Compensation for Mr. Headley is subject to normal periodic review by the compensation committee of our board of directors. Mr. Headley’s current annual base salary, as approved by our board of directors, is $175,000. Mr. Headley is eligible to participate in any and all plans providing general benefits to our employees, subject to the provisions, rules and regulations applicable to each such plan.
 
The employment agreement also provides that Mr. Headley is eligible to participate in our stock incentive plan and receive an initial grant of options to purchase 172,000 shares of our common stock with vesting over a four year period at quarterly intervals, one year acceleration of vesting upon termination without cause (as defined in the agreement) or in the event of a change of control (as defined in our stock incentive plan), and full acceleration of vesting on termination without cause following a change of control. The employment agreement was contingent upon Mr. Headley executing our employee proprietary information, inventions, and non-competition agreement.
 
Mr. Headley’s employment may be terminated at any time, with or without cause and with or without notice, by Mr. Headley or by us. If Mr. Headley’s employment is terminated by us without cause (as defined in the agreement), we will provide payment of salary, benefits and any bonus earned for the three months following the termination of employment.
 
The employment agreement states that Mr. Headley’s employment is of no set duration.
 
Employment Agreement with Michele M. Perry-Boucher
 
We entered into an employment agreement with Michele M. Perry-Boucher, our Chief Marketing Officer, in March 2004. The employment agreement provides for an initial base salary of $150,000 per annum, and eligibility to receive an annual performance bonus up to an initial amount of $50,000, contingent upon the executive’s ability to achieve management objectives. Compensation for Ms. Perry-Boucher is subject to normal periodic review by


72


Table of Contents

the compensation committee of our board of directors. Ms. Perry-Boucher’s current annual base salary, as approved by our board of directors, is $185,000. Ms. Perry-Boucher is eligible to participate in any and all plans providing general benefits to our employees, subject to the provisions, rules and regulations applicable to each such plan.
 
The employment agreement also provides that Ms. Perry-Boucher is eligible to participate in our stock incentive plan and receive an initial grant of options to purchase 200,000 shares of our common stock with vesting over a four year period at quarterly intervals, one year acceleration of vesting upon termination without cause (as defined in the agreement) or in the event of a change of control (as defined in our stock incentive plan). The employment agreement was contingent upon Ms. Perry-Boucher executing our employee proprietary information, inventions, and non-competition agreement.
 
Ms. Perry-Boucher’s employment may be terminated at any time, with or without cause and with or without notice, by Ms. Perry-Boucher or by us. If Ms. Perry-Boucher’s employment is terminated by us without cause (as defined in the agreement), we will provide payment of salary, benefits and any bonus earned for the three months following the termination of employment.
 
The employment agreement states that Ms. Perry-Boucher’s employment is of no set duration.
 
Employee Benefits Plans
 
2002 Stock Incentive Plan
 
In January 2002, we adopted and our stockholders approved the Sourcefire, Inc. 2002 Stock Incentive Plan, which we refer to as the 2002 Plan.
 
As of September 30, 2006, there were an aggregate of 8,283,766 shares of common stock reserved for issuance under the 2002 Plan, of which options to purchase 4,457,866 shares of common stock were outstanding, 1,776,000 shares of common stock were granted as restricted stock awards and were outstanding, and 1,044,194 shares of common stock remained available for future awards. Upon the effective date of this offering, no further awards will be made under the 2002 Plan and all shares remaining available for grant will be transferred into the 2006 Plan discussed below.
 
The 2002 Plan allows for the grant of incentive stock options, nonqualified stock options, restricted and unrestricted stock awards, stock appreciation rights, phantom stock awards, performance awards and other stock-based awards, which we collectively refer to as awards. Our and our affiliates’ employees, officers, non-employee directors and consultants are eligible to receive awards, except that incentive stock options may be granted only to employees.
 
Administration.  The board of directors has appointed our compensation committee as the administrator of this plan. Subject to the terms of the 2002 Plan, the compensation committee determines, among other things, the:
 
  •  individuals eligible to receive an award;
 
  •  number of shares of common stock covered by the awards and the dates upon which such awards become exercisable and expire and the dates on which any restrictions lapse;
 
  •  form of award and the price and method of payment for each such award;
 
  •  vesting period; and
 
  •  exercise price or purchase price of awards.
 
Incentive Stock Options.  Incentive stock options are intended to qualify as incentive stock options under Section 422 of the Internal Revenue Code. The compensation committee determines the exercise price for an incentive stock option, which may not be less than 100% of the fair market value of the stock underlying the option determined on the date of grant. However, incentive stock options granted to employees who own, or are deemed to own, more than 10% of our voting stock, must have an exercise price not less than 110% of the fair market value of the shares underlying the option determined on the date of grant. As of September 30, 2006, we have not granted any incentive stock options.


73


Table of Contents

Restricted Stock and Other Stock-Based Awards.  Stock appreciation rights and restricted stock, phantom stock and other stock-based awards may be granted on such terms as may be approved by the compensation committee. Rights to acquire shares under a restricted stock or other stock-based award may be transferable only to the extent determined by the compensation committee.
 
Transfer of Awards.  Except as otherwise determined by the compensation committee, and in any event in the case of an incentive stock option or a stock appreciation right granted with respect to an incentive stock option, no award shall be transferable otherwise than by will or the laws of descent and distribution.
 
Change of Control of Company.  In the event of a change of control of our company, as such term is defined in the 2002 Plan, outstanding awards will terminate upon the effective time of such change of control unless provision is made in connection with the transaction for the continuation, assumption or substitution of such awards by the successor entity. The compensation committee shall also have the discretion to accelerate outstanding options or terminate the company’s repurchase rights with respect to restricted stock awards and otherwise modify, amend or extend outstanding awards.
 
2006 Stock Incentive Plan
 
We intend to adopt the Sourcefire, Inc. 2006 Stock Incentive Plan, which we refer to as the 2006 Plan. This plan will become effective upon approval by our board of directors and our stockholders, which we anticipate receiving by December 31, 2006. The number of shares of common stock that may be issued pursuant to awards granted under the 2006 Plan initially shall be            , which number will be increased annually on the first day of each fiscal year, beginning in          and until         , to a number to equal percent of the outstanding shares of common stock of the company as of                 of the immediately preceding year.
 
The 2006 Plan will allow for the grant of incentive stock options, nonqualified stock options, restricted and unrestricted stock awards, stock appreciation rights, dividend equivalent rights and other stock-based awards, which we collectively refer to as awards. Our and our affiliates’ employees, officers, non-employee directors and consultants are eligible to receive awards, except that incentive stock options may be granted only to employees.
 
Administration.  The administrator of the 2006 Plan will be the compensation committee of our board of directors. Subject to the terms of the 2006 Plan, the compensation committee determines, among other things, the:
 
  •  individuals eligible to receive an award;
 
  •  number of shares of common stock covered by the awards and the dates upon which such awards become exercisable and expire and the dates on which any restrictions lapse;
 
  •  form of award and the price and method of payment for each such award;
 
  •  vesting period; and
 
  •  exercise price or purchase price of awards.
 
Incentive Stock Options.  Incentive stock options are intended to qualify as incentive stock options under Section 422 of the Internal Revenue Code. The compensation committee determines the exercise price for an incentive stock option, which may not be less than 100% of the fair market value of the stock underlying the option determined on the date of grant. However, incentive stock options granted to employees who own, or are deemed to own, more than 10% of our voting stock, must have an exercise price not less than 110% of the fair market value of the shares underlying the option determined on the date of grant.
 
Transfer of Awards.  Incentive stock options shall only be transferable by will or the laws of descent and distribution. Other awards shall be transferable by will or the laws of descent and distribution during the lifetime of the grantee to the extent and in the manner authorized by the compensation committee.
 
Change of Control of Company.  In the event of a change of control of our company or a corporate transaction, as such terms are defined in the 2006 Plan, outstanding awards will terminate upon the effective time of such change of control or such corporate transaction unless provision is made in connection with the transaction for the continuation, assumption or substitution of such awards by the successor entity. The compensation committee shall also have the discretion to accelerate outstanding options, terminate the company’s repurchase rights with respect to restricted stock awards and otherwise modify, amend or extend outstanding awards.


74


Table of Contents

 
CERTAIN RELATIONSHIPS AND RELATED PARTY TRANSACTIONS
 
Series D Financing
 
In May and June 2006, we sold 3,264,449 shares of Series D convertible preferred stock, or approximately 9.5% of our total outstanding equity securities on an as-converted fully-diluted basis, in exchange for approximately $23 million in cash, or $7.0456 per share. Entities affiliated with each of Inflection Point Ventures, Sierra Ventures, Core Capital, New Enterprise Associates and Sequoia Capital were all 5% or greater stockholders immediately before the time of the sale and purchased an aggregate of 1,886,902 shares of Series D convertible preferred stock.
 
Investor Rights Agreement
 
In May and June 2006, we and the holders of all series of our convertible preferred stock entered into the fourth amended and restated investor rights agreement, which is included as an exhibit to the registration statement of which this prospectus is a part. Under the agreement, the holders of registrable securities (as defined in the agreement) have the right, upon the occurrence of certain events to require us to file with the SEC and cause to be declared effective a registration statement covering the resale of shares of common stock issued or issuable upon the conversion of the shares of our Series A, B, C and D convertible preferred stock. Also, if we propose to register any of our capital stock under the Securities Act, the holders of all series of our convertible preferred stock will be entitled to customary “piggyback” registration rights with respect to shares of common stock issued or issuable upon the conversion of the shares of our Series A, B, C and D convertible preferred stock. In addition, the holders of our convertible preferred stock also have a right of first refusal to acquire any offered securities (as defined in the agreement) issued, sold or exchanged by us. This right of first refusal is not applicable in this offering. The agreement also includes certain negative covenants that restrict us and the holders of our convertible preferred stock. This agreement will terminate upon the closing of the offering contemplated by this prospectus, except for the registration rights and confidentiality provisions of the agreement.
 
Right of First Refusal and Co-Sale Agreement
 
In May and June 2006, we and certain key holders of our common stock and the holders of our preferred stock entered into the fourth amended and restated right of first refusal and co-sale agreement, which is included as an exhibit to the registration statement of which this prospectus is a part. Under this agreement, certain key holders of our common stock are subject to contractual restrictions relating to their proposed transfer of our common stock. In addition, in the event such key holders desire to transfer their shares of our common stock to a third party, such transfer is subject to a right of first refusal held by us and, in the event we do not exercise this right, in whole or in part, then the holders of our preferred stock have a right, on a pro-rata basis, to purchase such shares of common stock proposed to be transferred. The holders of our convertible preferred stock also have a right of co-sale under this agreement to sell their own stock, on a pro-rata basis, in the event of a proposed transfer of stock by such key holders. Under this agreement, we were also granted certain “drag-along” rights to require certain security holders to participate in the event of a proposed sale or merger of the company. This agreement will terminate upon the closing of the offering contemplated by this prospectus.
 
Stockholders’ Voting Agreement
 
In May and June 2006, we and certain key holders of our common stock and the holders of our preferred stock entered into the fourth amended and restated stockholders’ voting agreement, which is included as an exhibit to the registration statement of which this prospectus is a part. Under this agreement, key holders of our common stock and holders of our preferred stock agreed to vote all shares of capital stock owned by such holders for the election of our directors in accordance with the terms set forth in such agreement. This agreement will terminate upon the closing of the offering contemplated by this prospectus.
 
Stock Option Grant to Vispi Daver
 
On June 24, 2005 we granted to Vispi Daver, an employee of Sierra Ventures, an option to purchase 12,000 shares of our common stock for an exercise price of $1.25 per share, which our board of directors


75


Table of Contents

determined to be the fair market value of our common stock at the time of grant. The option was fully vested and immediately exercisable at the time of grant. We granted this option to purchase our common stock to Mr. Daver in consideration for his consultancy services rendered during the period commencing in March 2004 to March of 2005.
 
Restricted Stock Grants
 
We have granted restricted stock to certain of our directors, as described in “Management — Director Compensation.” We have also granted restricted stock to Messrs. Jackson and McDonough, as described in “Management — Employment Agreements.”
 
Employment Agreements
 
We have employment agreements with certain of our named executive officers, as described in “Management — Employment Agreements.”
 
Engagement Agreement with Joseph M. Boyle
 
Prior to his employment with Sourcefire, Joseph M. Boyle, our General Counsel and Secretary, provided legal services to us as our outside attorney and received $124,219 and $37,414 for those services in 2005 and 2006, respectively.


76


Table of Contents

 
PRINCIPAL AND SELLING STOCKHOLDERS
 
The following table provides certain information regarding the beneficial ownership of our outstanding capital stock with respect to:
 
  •  each person or group who beneficially owns more than 5% of our capital stock on a fully diluted basis;
 
  •  each of our executive officers named in the Summary Compensation Table;
 
  •  each of our directors; and
 
  •  all of our directors and executive officers as a group
 
This table assumes conversion of all outstanding shares of preferred stock into 23,226,683 shares of common stock immediately prior to the completion of this offering. The percentage of ownership indicated before this offering is based on 28,887,369 shares of common stock outstanding as of September 30, 2006. The percentage of ownership indicated after this offering is based on           shares, including the shares offered by this prospectus and assuming no exercise of the underwriters’ over-allotment option and no exercise of options outstanding after September 30, 2006.
 
Beneficial ownership of shares is determined under the rules of the Securities and Exchange Commission and generally includes any shares over which a person exercises sole or shared voting or investment power. Except as indicated by footnote, and subject to applicable community property laws, each person identified in the table possesses sole voting and investment power with respect to all shares of common stock held by them. Shares of common stock subject to options currently exercisable or exercisable within 60 days of September 30, 2006 and not subject to repurchase as of that date are deemed outstanding for calculating the percentage of outstanding shares of the person holding these options, but are not deemed outstanding for calculating the percentage of any other person.
 
Unless otherwise noted, the address for each director and executive officer is c/o Sourcefire, Inc., 9770 Patuxent Woods Drive, Columbia, Maryland 21046.
 
                                         
                Shares
             
    Shares beneficially owned prior
    to be sold
             
    to this offering     in this
    Shares beneficially owned after this offering  
Name of beneficial owner
  Number     Percent     offering     Number     Percent  
 
Beneficial owners of 5% or more of the outstanding common stock
                                       
Entities affiliated with Sierra Ventures(1)
    8,315,732       28.8 %                                 
Entities affiliated with New Enterprise Associates(2)
    5,225,326       18.1 %                        
Entities affiliated with Inflection Point(3)
    2,550,836       8.8 %                        
Martin F. Roesch(4)
    2,435,415       8.4 %                        
Entities affiliated with Core Capital Partners(5)
    2,193,718       7.6 %                        
Entities affiliated with Sequoia Capital(6)
    2,177,456       7.5 %                        
Named executive officers
                                       
E. Wayne Jackson, III(7)
    1,285,244       4.4 %                        
Thomas M. McDonough(8)
    770,122       2.7 %                        
Todd P. Headley(9)
    181,457       *                          
Michele M. Perry-Boucher(10)
    137,395       *                          
Directors
                                       
Asheem Chandna(11)
    321,825       1.1 %                        
Joseph R. Chinnici
                                   
Tim A. Guleri(12)
    8,315,732       28.8 %                        
Steven R. Polk
                                   
Harry R. Weller(13)
    5,225,326       18.1 %                        
All directors and executive officers as a group (11 persons)
    18,681,891       63.6 %                        
 
 
Less than 1% beneficial ownership.


77


Table of Contents

(1) Includes 2,597,581 shares of common stock issuable upon conversion of preferred stock held by Sierra Ventures VIII, L.P., 5,122,025 shares of common stock issuable upon conversion of preferred stock held by Sierra Ventures VIII-A, L.P., 49,954 shares of common stock issuable upon conversion of preferred stock held by Sierra Ventures VII-B, L.P., 174,183 shares of common stock issuable upon conversion of preferred stock held by Sierra Ventures Associates VII, L.L.C., as nominee for its members and 371,985 shares of common stock issuable upon conversion of preferred stock held by Sierra Ventures Associates VIII, L.L.C., as nominee for its members. The address of these stockholders is c/o Sierra Ventures, 2884 Sand Hill Road, Suite 100, Menlo Park, CA 94025.
 
(2) Includes 5,212,358 shares of common stock issuable upon conversion of preferred stock held by New Enterprise Associates 10, Limited Partnership and 12,968 shares of common stock issuable upon conversion of preferred stock held by NEA Ventures 2003, Limited Partnership. The address of these stockholders is c/o New Enterprise Associates, 1119 St. Paul Street, Baltimore, MD 21202.
 
(3) Includes 1,785,585 shares of common stock issuable upon conversion of preferred stock held by Inflection Point Ventures II, L.P. and 765,251 shares of common stock issuable upon conversion of preferred stock held by Inflection Point Ventures, L.P. The address of these stockholders is c/o Inflection Point Ventures, 7903 Sleaford Place, Bethesda, MD 20814.
 
(4) Includes 2,400,000 shares of common stock and options exercisable within 60 days of September 30, 2006 to purchase 35,415 shares of common stock.
 
(5) Includes 1,754,974 shares of common stock issuable upon conversion of preferred stock held by Core Capital Partners, L.P., 410,357 shares of common stock issuable upon conversion of preferred stock held by Minotaur Funds, LLC and 28,387 shares of common stock issuable upon conversion of preferred stock held by Minotaur Annex Fund LLC. The address of these stockholders is c/o Core Capital Partners, 901 15th Street, N.W. Suite 950, Washington, D.C. 20005.
 
(6) Includes 1,916,161 shares of common stock issuable upon conversion of preferred stock held by Sequoia Capital Franchise Fund and 261,295 shares of common stock issuable upon conversion of preferred stock held by Sequoia Capital Franchise Partners. The address of these stockholders is c/o Sequoia Capital, 3000 Sand Hill Road, Bldg. 4, Suite 180, Menlo Park, CA 94025.
 
(7) Includes 1,014,000 shares of common stock, 214,580 shares of common stock issuable upon conversion of preferred stock and options exercisable within 60 days of September 30, 2006 to purchase 56,664 shares of common stock.
 
(8) Includes 717,000 shares of common stock and options exercisable within 60 days of September 30, 2006 to purchase 53,122 shares of common stock.
 
(9) Includes options exercisable within 60 days of September 30, 2006 to purchase 181,457 shares of common stock.
 
(10) Includes options exercisable within 60 days of September 30, 2006 to purchase 137,395 shares of common stock.
 
(11) Includes 160,000 shares of common stock and 161,825 shares of common stock issuable upon conversion of preferred stock held by Asheem Chandna and Aarti Chandna, as Trustees of the Chandna Family Revocable Trust of April 13, 1998. Ms. Chandna has voting and investment control with respect to the shares held by Asheem Chandna and Aarti Chandna, as Trustees of the Chandna Family Revocable Trust of April 13, 1998.
 
(12) Includes 2,597,581 shares of common stock issuable upon conversion of preferred stock held by Sierra Ventures VII, L.P., 5,122,026 shares of common stock issuable upon conversion of preferred stock held by Sierra Ventures VIII-A, L.P., 49,954 shares of common stock issuable upon conversion of preferred stock held by Sierra Ventures VIII-B, L.P., 174,183 shares of common stock issuable upon conversion of preferred stock held by Sierra Ventures Associates VII, L.L.C., as nominee for its members and 371,985 shares of common stock issuable upon conversion of preferred stock held by Sierra Ventures Associates VIII, L.L.C., as nominee for its members. Mr. Guleri is a managing director of Sierra Ventures Associates VII, LLC, which is the general partner of Sierra Ventures VII, L.P. and a managing director of Sierra Ventures Associates VIII, LLC, which is the general partner of Sierra Ventures VIII-A, L.P. and Sierra Ventures VIII-B, L.P. Mr. Guleri does not have voting or dispositive power with respect to any of these shares listed. Therefore, Mr. Guleri disclaims beneficial ownership of all these shares listed, except to the extent of his proportionate pecuniary interest therein.
 
(13) Includes 5,212,358 shares of common stock issuable upon conversion of preferred stock held by New Enterprise Associates 10, Limited Partnership, for which voting and investment power is shared by M. James Barrett, Peter J. Barris, C. Richard Kramlich, Peter T. Morris, Charles W. Newhall III, Mark W. Perry, Scott D. Sandell and Eugene A. Trainor III, each of whom is a general partner of NEA Partners 10, Limited Partnership, the general partner of New Enterprise Associates 10, Limited Partnership and 12,968 shares of common stock issuable upon conversion of preferred stock held by NEA Ventures 2003, Limited Partnership, for which voting and investment power is held by its general partner, J. Daniel Morre. Mr. Weller, a partner of NEA Partners 10, Limited Partnership, and each of the general partners of NEA Partners 10, Limited Partnership and NEA Ventures 2003, Limited Partnership disclaims beneficial ownership of the shares held by each of the aforementioned entities except to the extent of his pecuniary interest therein. Mr. Weller does not have voting power or dispositive power with respect to any of the shares listed.


78


Table of Contents

 
DESCRIPTION OF CAPITAL STOCK
 
Our certificate of incorporation will be restated prior to the consummation of this offering. The following description of the material terms of our capital stock contained in the restated certificate of incorporation is only a summary. You should read it together with our restated certificate of incorporation and our amended and restated bylaws, which are included as exhibits to the registration statement of which this prospectus is a part. The descriptions of the common stock and preferred stock reflect changes to our capital structure that will occur immediately prior to the closing of this offering.
 
General
 
As of September 30, 2006, there were 5,660,686 shares of common stock issued and outstanding and 18,276,107 shares of preferred stock issued and outstanding. As of September 30, 2006, there were 52 holders of record of our common stock.
 
Immediately prior to the completion of this offering, all outstanding shares of our preferred stock will be converted into shares of our common stock. Upon the completion of this offering, our authorized capital stock will consist of           shares of common stock, par value $0.001 per share, and           shares of preferred stock, par value $0.001 per share, all of which shares of preferred stock will be undesignated. Our board of directors may establish the rights and preferences of the preferred stock from time to time, without stockholder approval.
 
Common Stock
 
Subject to any preferential voting rights of any outstanding preferred stock, each holder of our common stock is entitled to one vote for each share on all matters to be voted upon by the stockholders, and there are no cumulative rights. Subject to any preferential rights of any outstanding preferred stock, holders of our common stock will be entitled to receive ratably the dividends, if any, as may be declared from time to time by our board of directors out of funds legally available therefor. If there is a liquidation, dissolution or winding up of our company, holders of our common stock would be entitled to receive all assets of Sourcefire available for distribution to its stockholders, subject to any preferential rights of any outstanding preferred stock.
 
Holders of our common stock will have no preemptive or conversion rights or other subscription rights, and there will be no redemption or sinking fund provisions applicable to the common stock. All outstanding shares of our common stock will be fully paid and non-assessable. The rights, preferences and privileges of the holders of our common stock will be subject to, and may be adversely affected by, the rights of the holders of shares of any series of preferred stock which we may designate and issue in the future.
 
Preferred Stock
 
Under the terms of our restated certificate of incorporation, our board of directors is authorized to designate and issue shares of preferred stock in one or more series without stockholder approval. Our board of directors has the discretion to determine the rights, preferences, privileges and restrictions, including voting rights, dividend rights, conversion rights, redemption privileges and liquidation preferences, of each series of preferred stock.
 
The purpose of authorizing our board of directors to issue preferred stock and determine its rights and preferences is to eliminate delays associated with a stockholder vote on specific issuances. The issuance of preferred stock, while providing flexibility in connection with possible future acquisitions and other corporate purposes, will affect, and may adversely affect, the rights of holders of common stock. It is not possible to state the actual effect of the issuance of any shares of preferred stock on the rights of holders of common stock until the board of directors determines the specific rights attached to that preferred stock. The effects of issuing preferred stock could include one or more of the following:
 
  •  restricting dividends on the common stock;
 
  •  diluting the voting power of the common stock;


79


Table of Contents

 
  •  impairing the liquidation rights of the common stock; or
 
  •  delaying or preventing changes in control or management of our Company.
 
We have no present plans to issue any shares of preferred stock.
 
Registration Rights for Holders of Our Currently Outstanding Convertible Preferred Stock
 
Immediately prior to the completion of this offering, all outstanding shares of all series of our convertible preferred stock will be converted into shares of common stock according to the formula set forth in our current certificate of incorporation.
 
In May and June 2006, we and the holders of all series of our convertible preferred stock entered into the fourth amended and restated investor rights agreement, which is included as an exhibit to the registration statement of which this prospectus is a part.
 
Under the agreement, upon the request of the holders of at least 20% of the registrable shares (as defined in the agreement) at any time commencing six months after the closing of this offering, we are required to file with the SEC and cause to be declared effective a registration statement on Form S-1 covering the resale of all shares of common stock issued or issuable upon the conversion of the shares of our Series A, B, C and D convertible preferred stock. If requested by the holders of at least 10% of the registrable shares (as defined in the agreement), we will effect, subject to certain terms and conditions, a registration on Form S-3, if it is available, to facilitate the sale and distribution of the shares of common stock issued or issuable upon the conversion of their shares of Series A, B, C and D convertible preferred stock. Finally, if we propose to register any of our capital stock under the Securities Act, the holders of all series of our convertible preferred stock will be entitled to customary “piggyback” registration rights with respect to shares of common stock issued or issuable upon the conversion of the shares of our Series A, B, C and D convertible preferred stock.
 
Transfer Agent and Registrar
 
                                                       is the transfer agent and registrar for the common stock.
 
SHARES ELIGIBLE FOR FUTURE SALE
 
If our stockholders sell substantial amounts of our common stock, including shares issued upon the exercise of outstanding options or warrants, in the public market following the offering, the market price of our common stock could decline. These sales also might make it more difficult for us to sell equity or equity- related securities in the future at a time and price that we deem appropriate.
 
Upon completion of the offering, we will have outstanding an aggregate of           shares of our common stock, assuming no exercise of the underwriters’ over-allotment option and no exercise of outstanding options. Of these shares, all of the shares sold in the offering will be freely tradeable without restriction or further registration under the Securities Act, unless the shares are purchased by “affiliates” as that term is defined in Rule 144 under the Securities Act. This leaves shares eligible for sale in the public market as follows:
 
     
Number of
   
Shares
 
Date
 
    After 90 days from the date of this prospectus (subject, in some cases, to volume limitations).
    At various times after 180 days from the date of this prospectus as described below under “Lock-up Agreements.”


80


Table of Contents

Rule 144
 
In general, under Rule 144 as currently in effect, beginning 90 days after the date of this prospectus, a person who has beneficially owned shares of our common stock for at least one year would be entitled to sell within any three-month period a number of shares that does not exceed the greater of:
 
  •  1.0% of the number of shares of our common stock then outstanding, which will equal approximately           shares immediately after the offering; or
 
  •  the average weekly trading volume of our common stock on the Nasdaq Global Market during the four calendar weeks preceding the filing of a notice on Form 144 with respect to that sale.
 
Sales under Rule 144 are also subject to manner of sale provisions and notice requirements and to the availability of current public information about us.
 
Rule 144(k)
 
Under Rule 144(k), a person who is not deemed to have been one of our affiliates at any time during the three months preceding a sale, and who has beneficially owned the shares proposed to be sold for at least two years, including the holding period of any prior owner other than an affiliate, is entitled to sell those shares without complying with the manner of sale, public information, volume limitation or notice provisions of Rule 144.
 
Lock-Up Agreements
 
All of our officers and directors and certain of our stockholders have entered into lock-up agreements under which they agreed not to transfer or dispose of, directly or indirectly, any shares of our common stock or any securities convertible into or exercisable or exchangeable for shares of our common stock, for a period of 180 days after the date of this prospectus, without the prior written consent of Morgan Stanley & Co. Incorporated on behalf of the underwriters.
 
Rule 701 and Form S-8
 
In general, under Rule 701 of the Securities Act as currently in effect, any of our employees, consultants or advisors who is not one of our affiliates and who purchases shares of our common stock from us in connection with a compensatory stock or option plan or other written agreement is eligible to resell those shares 90 days after the effective date of this prospectus in reliance on Rule 144, but without compliance with some of the restrictions, including the holding period, contained in Rule 144.
 
Following the offering, we intend to file a registration statement on Form S-8 under the Securities Act covering approximately           shares of common stock issued or issuable upon the exercise of stock options, subject to outstanding options or reserved for issuance under our employee and director stock benefit plans. Accordingly, shares registered under that registration statement will, subject to Rule 144 provisions applicable to affiliates, be available for sale in the open market, except to the extent that the shares are subject to vesting restrictions or the contractual restrictions described above. See “Management — Employee Benefits Plans.”


81


Table of Contents

 
CERTAIN MATERIAL U.S. FEDERAL INCOME TAX
CONSIDERATIONS TO NON-U.S. HOLDERS
 
The following summary describes certain material United States federal income tax consequences of the ownership and disposition of our common stock by a Non-U.S. Holder (as defined below) holding shares of our common stock as capital assets as of the date of this prospectus. This discussion does not address all aspects of United States federal income taxation and does not deal with estate, gift, foreign, state and local tax consequences that may be relevant to such Non-U.S. Holders in light of their personal circumstances. Special U.S. tax rules may apply to certain Non-U.S. Holders, such as “controlled foreign corporations,” “passive foreign investment companies,” corporations that accumulate earnings to avoid U.S. federal income tax, investors in partnerships or other pass-through entities for U.S. federal income tax purposes, dealers in securities, holders of securities held as part of a “straddle,” “hedge,” “conversion transaction” or other risk reduction transaction, and certain former citizens or long-term residents of the United States that are subject to special treatment under the Internal Revenue Code of 1986, as amended (the “Code”). Such entities and persons should consult their own tax advisors to determine the U.S. federal, state, local and other tax consequences that may be relevant to them. Furthermore, the discussion below is based upon the provisions of the Code and Treasury regulations promulgated thereunder, and rulings and judicial decisions interpreting the foregoing as of the date hereof; such authorities may be repealed, revoked or modified with or without retroactive effect so as to result in United States federal income tax consequences different from those discussed below.
 
If a partnership (or an entity treated as a partnership for U.S. federal income tax purposes) holds our common stock, the tax treatment of a partner will generally depend on the status of the partner and the activities of the partnership. Accordingly, persons who are partners in partnerships holding our common stock should consult their tax advisors.
 
The authorities on which this summary is based are subject to various interpretations, and any views expressed within this summary are not binding on the Internal Revenue Service (the “IRS”) or the courts. No assurance can be given that the IRS or the courts will agree with the tax consequences described in this prospectus.
 
As used herein, a “Non-U.S. Holder” means a beneficial owner of our common stock that is not any of the following for U.S. federal income tax purposes:
 
  •  a citizen or resident of the United States,
 
  •  a corporation (or other entity treated as a corporation for United States federal income tax purposes) created or organized in or under the laws of the United States, any state thereof or the District of Columbia,
 
  •  an estate the income of which is subject to United States federal income taxation regardless of its source, or
 
  •  a trust (i) which is subject to primary supervision by a court situated within the United States and as to which one or more United States persons have the authority to control all substantial decisions of the trust, or (ii) that has a valid election in effect under applicable U.S. Treasury regulations to be treated as a United States person.
 
PROSPECTIVE PURCHASERS ARE URGED TO CONSULT THEIR OWN TAX ADVISORS REGARDING THE U.S. FEDERAL INCOME TAX CONSEQUENCES, AS WELL AS OTHER U.S. FEDERAL, STATE, AND LOCAL INCOME AND ESTATE TAX CONSEQUENCES, AND NON-U.S. TAX CONSEQUENCES, TO THEM OF ACQUIRING, OWNING, AND DISPOSING OF OUR COMMON STOCK.
 
Dividends
 
If we make distributions on our common stock, such distributions paid to a Non-U.S. Holder will generally constitute dividends for U.S. federal income tax purposes to the extent such distributions are paid from our current or accumulated earnings and profits, as determined under U.S. federal income tax principles. If a distribution exceeds our current and accumulated earnings and profits, the excess will be treated as a tax-free return of the Non-U.S. Holder’s investment to the extent of the Non-U.S. Holder’s adjusted tax basis in our common stock. Any remaining excess will be treated as capital gain. See “— Gain on Disposition of Common Stock” below for additional information.


82


Table of Contents

Dividends paid to a Non-U.S. Holder generally will be subject to withholding of United States federal income tax at a 30% rate or such lower rate as may be specified by an applicable income tax treaty. A Non-U.S. Holder of common stock who wishes to claim the benefit of an exemption from withholding under provisions of an applicable treaty or an applicable treaty rate for dividends will be required to (a) complete IRS Form W-8BEN (or appropriate substitute form) and certify, under penalty of perjury, that such holder is not a U.S. person and is eligible for the benefits with respect to dividends allowed by such treaty or (b) hold common stock through certain foreign intermediaries and satisfy the certification requirements for treaty benefits of applicable Treasury regulations. Special certification requirements apply to certain Non-U.S. Holders that are “pass-through” entities for U.S. federal income tax purposes. A Non-U.S. Holder eligible for a reduced rate of United States withholding tax pursuant to an income tax treaty may obtain a refund of any excess amounts withheld by timely filing an appropriate claim for refund with the IRS.
 
Subject to variations under applicable treaties, this United States withholding tax generally will not apply to dividends that are effectively connected with the conduct of a trade or business by the Non-U.S. Holder within the United States. Dividends effectively connected with the conduct of a United States trade or business are instead subject to United States federal income tax generally in the same manner as if the Non-U.S. Holder were a U.S. person, as defined under the Code. In order to obtain this exemption from withholding on effectively connected dividends, a Non-U.S. Holder must provide to the payor or withholding agent a valid IRS Form W-8ECI or other successor form properly certifying such exemption. Any such effectively connected dividends received by a Non-U.S. Holder that is a foreign corporation may, under certain circumstances, be subject to an additional “branch profits tax” at a 30% rate or such lower rate as may be specified by an applicable income tax treaty.
 
Gain on Disposition of Common Stock
 
A Non-U.S. Holder generally will not be subject to United States federal income tax (or any withholding thereof) with respect to gain recognized on a sale or other disposition of our common stock unless:
 
  •  the gain is effectively connected with a trade or business of the Non-U.S. Holder in the United States or, where a tax treaty applies, is attributable to a United States permanent establishment or fixed base of the Non-U.S. Holder,
 
  •  the Non-U.S. Holder is an individual who is present in the United States for 183 or more days during the taxable year of disposition and meets certain other requirements, or
 
  •  we are or have been a “U.S. real property holding corporation” within the meaning of Section 897(c)(2) of the Code, also referred to as a USRPHC, for United States federal income tax purposes at any time within the five-year period preceding the disposition (or, if shorter, the Non-U.S. Holder’s holding period for the common stock).
 
Gain recognized on the sale or other disposition of our common stock that is effectively connected with a United States trade or business, or attributable to a United States permanent establishment or fixed base of the Non-U.S. Holder under an applicable treaty, is subject to United States federal income tax on a net income basis generally in the same manner as if the Non-U.S. Holder were a U.S. person, as defined under the Code. Any such effectively connected gain from the sale or disposition of our common stock received by a Non-U.S. Holder that is a foreign corporation may, under certain circumstances, be subject to an additional “branch profits tax” at a 30% rate or such lower rate as may be specified by an applicable income tax treaty.
 
An individual Non-U.S. Holder who is present in the United States for 183 or more days during the taxable year of disposition generally will be subject to a 30% tax imposed on the gain derived from the sale or disposition of our common stock, which may be offset by U.S. source capital losses realized in the same taxable year.
 
In general, a corporation is a USRPHC if the fair market value of its “U.S. real property interests” equals or exceeds 50% of the sum of the fair market value of its worldwide (domestic and foreign) real property interest and its other assets used or held for use in a trade or business. For this purpose, real property interests include land, improvements and associated personal property.


83


Table of Contents

We believe that we currently are not a USRPHC. In addition, based on our financial statements and current expectations regarding the value and nature of our assets and other relevant data, we do not anticipate becoming a USRPHC.
 
If we become a USRPHC, a Non-U.S. Holder nevertheless will not be subject to United States federal income tax if our common stock is regularly traded on an established securities market, within the meaning of applicable Treasury regulations, and the Non-U.S. Holder holds no more than five percent of our outstanding common stock, directly or indirectly, during the applicable testing period. We have applied to list our common stock for quotation on the Nasdaq Global Market and we expect that our common stock may be regularly traded on an established securities market in the United States so long as it is so quoted.
 
Information Reporting and Backup Withholding
 
We must report annually to the IRS and to each Non-U.S. Holder the amount of dividends paid to such holder and the tax withheld with respect to such dividends, regardless of whether withholding was required. Copies of the information returns reporting such dividends and withholding may also be made available to the tax authorities in the country in which the Non-U.S. Holder resides under the provisions of an applicable income tax treaty.
 
The United States imposes a backup withholding tax on dividends and certain other types of payments to United States persons (currently at a rate of 28%) of the gross amount. Dividends paid to a Non-U.S. Holder will not be subject to backup withholding if proper certification of foreign status (usually on the forms described above) is provided, and the payor does not have actual knowledge or reason to know that the beneficial owner is a United States person, or the holder is a corporation or one of several types of entities and organizations that qualify for exemption.
 
Backup withholding is not an additional tax. Any amounts withheld under the backup withholding rules may be allowed as a refund or a credit against such holder’s U.S. federal income tax liability provided the required information is timely furnished to the IRS.


84


Table of Contents

 
UNDERWRITERS
 
Under the terms and subject to the conditions contained in an underwriting agreement dated the date of this prospectus, the underwriters named below, for whom Morgan Stanley & Co. Incorporated is acting as representative, have severally agreed to purchase, and we and the selling stockholders have agreed to sell to them, severally, the number of shares indicated below:
 
         
    Number of
 
Name
  Shares  
 
Morgan Stanley & Co. Incorporated
       
Lehman Brothers Inc. 
       
UBS Securities LLC
       
Jefferies & Company, Inc. 
       
     
 
Total
       
         
 
The underwriters are offering the shares of common stock subject to their acceptance of the shares from us and the selling stockholders and subject to prior sale. The underwriting agreement provides that the obligations of the several underwriters to pay for and accept delivery of the shares of common stock offered by this prospectus are subject to the approval of certain legal matters by their counsel and to certain other conditions. The underwriters are obligated to take and pay for all of the shares of common stock offered by this prospectus if any such shares are taken. However, the underwriters are not required to take or pay for the shares covered by the underwriters’ over-allotment option described below.
 
In the agreement among the underwriters, sales may be made between the underwriters of any number of shares as may be mutually agreed. The per share price of any shares sold by the underwriters shall be the public offering price listed on the cover page of this prospectus, less an amount not greater than the per share amount of the concession to dealers described below.
 
The underwriters initially propose to offer part of the shares of common stock directly to the public at the public offering price listed on the cover page of this prospectus and part to certain dealers at a price that represents a concession not in excess of $      a share under the public offering price. Any underwriter may allow, and such dealers may reallow, a concession not in excess of $      a share to other underwriters or to certain dealers. After the initial offering of the shares of common stock, the offering price and other selling terms may from time to time be varied by the representative.
 
We and the selling stockholders have granted to the underwriters an option, exercisable for 30 days from the date of this prospectus, to purchase up to an aggregate of           additional shares of common stock at the public offering price listed on the cover page of this prospectus, less underwriting discounts and commissions. The underwriters may exercise this