Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Businesses Networking Security The Almighty Buck News

Cisco To Acquire Sourcefire For $2.7 Billion 38

Orome1 writes "Cisco will acquire Sourcefire, a provider of intelligent cybersecurity solutions. Under the terms of the agreement, Cisco will pay $76 per share in cash in exchange for each share of Sourcefire and assume outstanding equity awards for an aggregate purchase price of approximately $2.7 billion, including retention-based incentives. The acquisition has been approved by the board of directors of each company. Once the transaction closes, Cisco will include Sourcefire into its guidance going forward. Prior to the close, Cisco and Sourcefire will continue to operate as separate companies."
This discussion has been archived. No new comments can be posted.

Cisco To Acquire Sourcefire For $2.7 Billion

Comments Filter:
  • by sl4shd0rk ( 755837 ) on Tuesday July 23, 2013 @10:06AM (#44360565)

    Hope most of it is under GPL.

    • by Necroman ( 61604 )

      Looks like they are going to be keeping their open source products open (ClamAV, Snort, and others). []

      Also, it looks like Snort is dual-license: []

    • by billstewart ( 78916 ) on Tuesday July 23, 2013 @12:34PM (#44362175) Journal

      Disclaimer: At $DAYJOB, I work on managed security services using Sourcefire, but this is my own personal commentary, not that of my employer.

      Sourcefire's primary product line takes Snort, wraps it in hardware appliances, and adds a lot of management tools that you can use in an enterprise or managed services environment. This past year, they've added a firewall capability to compete with Palo Alto* and the UTM vendors like Fortinet - in addition to basic firewall support they've got application identification, so you can do things like allow users to read Facebook but block Facebook games, and you can also do things like URL censorship and known-bad-site blacklisting. They've also been buying up other companies like ClamAV and Immunet, so they've got feeds of malware site identification, and are starting to integrate that with the firewall/IDS as well as continuing the host-based versions.

      Cisco's IDS/IPS offers have been pretty lame the past few years, but they've got decent firewalls, so we'll see how those product lines play against each other. (I don't know what Cisco's doing in Anti-virus and cloud malware detection these days.)

      Sourcefire's hardware at the low end is basically Linux box appliances, and at the high end they're doing a bunch of hardware acceleration. Their largest single box will handle 10 Gbps of inspection, and they can cluster up to four of those to support 40 Gbps. There's not much competition up at the high end - McAfee may have come out with a 10 Gbps follower to their previous 5 Gbps box, and Juniper has some boxes that are bigger but are mainly firewalls with some limited IPS capability. If you've got existing Snort on Linux, Sourcefire does also sell connection tools to integrate with their management systems.

      *The term "Next Generation Firewall" means "whatever Palo Alto's marketing says it means", but is at least firewall plus application identification. I've heard that Cisco tried to buy Palo Alto last year.

  • Obviously this is a press release for Sourcefire, so... what are people's real-world experience with Snort? Have you used it successfully to block attacks?

    • by afidel ( 530433 )

      Snort is an IDS not an IPS, in the role of an IDS it is VERY good (probably the best out there), though with the sourcefire modules it can be a bit annoying because it's hard to tell what exactly might be a false positive (with the community modules you can tell exactly what the rules is doing so you can tell if it's tripping on legitimate traffic). It does take some care and feeding, luckily we outsource that job to a local group that does nothing but security monitoring and management so we didn't have to

      • Yes...Snort is an IDS, not an IPS.

        Log Snort through Ethereal, or another network protocol analyzer of your choice, and you've just created a free version of what all these companies want to sell you.

      • by Anonymous Coward

        Snort can be used as an IPS, and Sourcefire IS an IPS. Also, to the guy below saying "Log snort, do some analysis, and you get what companies charge you for", you are completely ignorant. Sourcefire has a proprietary and useful GUI to manage multiple sites and tons of sensors. Sensors that can handle 40Gb/s of traffic. No biggie.

        I'm running Snort as an IPS through pfSense at my home.

    • There are a number of security companies, including one of Dell's acquired business units, that sell security appliances that are basically snort boxes. So yes, Snort is pretty widely used and deployed and not just messed around with by open source enthusiasts.

      Personally, given Cisco's (mis)management of acquired companies in the past, and the inability of their business units to actually work together, I just lost all interest in Snort, unless someone forks it and manages to keep it up to the snuff that So

    • by Anonymous Coward

      Snort is a great piece of technology considering its origin and when used in the right environment. That said, and having years of first hand experience with it, there are definite "cons".

      First, and as others have pointed out, Snort is an IDS not an IPS. This isn't necessarily a negative, but it's an important distinction. Snort tells you that something bad has happened. It doesn't prevent bad things from happening.

      Snort is a giant PITA in a large enterprise environment. It will scale, but it takes a L

  • Wow, that's just in time to still get crushed on price and service level by Fortinet.
  • Did anyone else read "Sourceforge" and start to worry about everyone's (1st/2nd/3rd) favorite code repository?
  • by Anonymous Coward

    Martin Roesch becomes a billionaire, cisco pays him what he is worth, snort gets forked, sourcefire becomes an evil tool with vendor lockin, and open source alternatives to the sourcefire tools go into serious development. cisco gets the less tech savvy enterprises that were trashing their products for sourcefire to keep paying cisco, and the rest just save money by using snort with the new tools to compete with the proprietary/commercial tools at cisco. sounds good to me.

    Martin, you would have made more mo

    • I used Snort quite a few years ago when Marty was just starting to commercialize it. Great product back then (I'm sure now) and Marty put a TON of time into it ... so I say he deserves every penny for all the hard work that he has done.
  • by Sean ( 422 )

    Congrats Marty!

  • It seems that specialised IDS/IPS vendors that get bought up by generalised players dramatically drop off in quality soon after. The generalised players just don't look after their new acquisitions as well as they ran themselves when they were independent.

    It happened with ISS when IBM bought them and happened with Tipping Point when HP bought them.

    Given Cisco's track record I have little faith that Sourcefire will be as good as it was.

The end of labor is to gain leisure.