While some buyers might think security is best left to vendors of proprietary software like Symantec or SonicWall , experts says open source software can give SMBs the protection they seek.
Nick Selby, senior analyst at New York-based research firm The 451 Group, said at the C-level, at least, there definitely is a bias. "The problem with open source security is the same problem that open source had in the mid-1990s: Executives can't understand the revenue model. If you believe that your security is beholden to the good will of unnamed, faceless hippies that might update the software if they feel like, chances are they'll buy a proprietary product."
The market for open source security products is nascent, said Selby, who's also director of The 451 Group's enterprise security practice. However, the open source industry in general is growing.
Earlier this year, research firm IDC found that the open source software market reached $1.8 billion last year. It predicted that the market would reach $5.8 billion in 2011.
Open source security software is in its early stages with just a few vendors, Fletcher said. But SMBs would do well to try the products.
Dan Nickason, an IT manager at Genesis Physicians Group in Dallas, became a believer after he started using a network security appliance from Untangle, a supplier of open source security technology. Untangle bundles more than a dozen open source security applications, which it offers for free. It sells support and services for the technology and also sells servers with the software preinstalled.
"I like open source, man," Nickason said. "I did not realise the power of it prior to Untangle."
Nickason said the appliance and two years of support for the 38 users in his company cost the same as his Symantec antivirus software. And with the Untangle appliance, he gets more than antivirus protection. The Untangle Gateway Platform includes spam, spyware and phishing blockers; virus protection; a Web filter; protocol control; intrusion prevention; a firewall; a VPN; and several other applications.
"The biggest value is the overall protection it provides for the cost," Nickason said. "You get so many different types of protection for a really low cost."
Fletcher said, "From a technological perspective, I think the fact that [Untangle] embraces open source gives them a lot more diversity in terms of what they're able to integrate into their offering. They've been able to leverage some pretty solid open source components that are very much stable and as capable as anything in the proprietary market."
Selby said open source products are in many ways more secure than commercial software.
"The interesting thing is that most open source products out there are inherently more secure in the sense that open source products tend to get fished at a lot more," Selby said. "They get fished by security researchers far more thoroughly than proprietary products, because the code is free and available to the public."
Despite the presence of Untangle and other vendors that offer open source products with proprietary extras, such as SourceFire, the market for open source security products is still small.
"There is a relative paucity of commercial support options for open source security products," Selby said.
"When I came over here, all we had was the firewall," he said. "With my experience with Untangle I knew it could definitely secure our network, especially for dealing with HIPAA requirements and things like that. It was very cost-effective and it provided a lot of functionality for a low cost."
Nickason said he still has the Cisco firewall in place, as well some other proprietary security software that predated his adoption of Untangle.
"We still have everything we had before," he said. "We run it all. This is just an added level. It plays well with everybody."
Nickason said he never really had a bias against using open source security technology.
"The only bias I had was my ability to understand it," he said. "When Linux first came out the only thing that made it unpopular was that it was not very user friendly. As it has grown more user friendly, it has grown quite popular."