What Cisco Gains From Sourcefire

$2.7 billion acquisition deal brings intrusion expertise; Sourcefire promises Snort intrusion detection and prevention system will remain free and open source.

Mathew Schwartz

July 23, 2013

2 Min Read
Network Computing logo

Cisco Tuesday announced that it has reached an agreement to buy intrusion detection and prevention product and services vendor Sourcefire, in a deal valued at approximately $2.7 billion.

"Cisco and Sourcefire will combine their world-class products, technologies and research teams to provide continuous and pervasive advanced threat protection across the entire attack continuum -- before, during and after an attack -- and from any device to any cloud," read a statement released by Cisco.

Sourcefire was founded in 2001 by Martin Roesch, who created the popular open source intrusion detection and prevention system known as Snort in 1998. While Snort has remained open source, Sourcefire built its business by offering enterprise-class administration, reporting and log analysis tools on top of the technology, as well as business-class services and support. Over time, the company added anti-malware technology and next-generation firewalls, and its vulnerability research lab has released a real-time and open source analysis and detection engine called Razorback.

[ Network Solutions reports all is back to normal following last week's DDoS attack. Read Network Solutions Recovers After DDoS Attack. ]

"With the acquisition of Sourcefire, we believe our customers will benefit from one of the industry's most comprehensive, integrated security solutions -- one that is simpler to deploy, and offers better security intelligence," said Christopher Young, who runs Cisco's security group, in a statement. Sourcefire and Cisco will continue to be run separately until the deal closes, which Cisco expects to happen before the end of 2013. At that point, Sourcefire employees will become part of Cisco's security group.

Despite joining Cisco, Roesch -- the CTO of Sourcefire, who still holds Snort's general public license and continues to drive its development -- promised on an investor call Tuesdaythat Snort will remain open source and free. "I've always said that Snort is now and always will be free and we will continue that tradition," he said.

Cisco's deal to acquire Sourcefire marks a relatively rare major bid for a security firm of late. Indeed, after what seemed like a non-stop run of mergers and acquisitions-- including Symantec buying VeriSign and PGP, IBM bagging BigFix and OpenPage, and Hewlett-Packard scoring Fortify and ArcSight, just for starters -- up until 2010, M&A activity in the information security realm was relatively scarce in 2011 and 2012.

Historically speaking, Cisco hasn't been Sourcefire's only suitor. In 2005, Check Point Software Technologies made a $225 million bid for the private firm. But the Israeli company withdrew its bid when a U.S. federal watchdog signaled that it would block the acquisitionon the grounds of U.S. national security interests.

In March 2007, meanwhile, Sourcefire went public, with its initial public offering raising $86.3 million. That August, the company snapped up ClamAV, and in 2008 rejected Barracuda Networks' $187 million bid for the company. In January 2011, meanwhile, Sourcefire acquired the cloud-based antivirus firm Immunet.

About the Author(s)

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox
More Insights