Cisco To Acquire Sourcefire For $2.7 Billion 38
Orome1 writes "Cisco will acquire Sourcefire, a provider of intelligent cybersecurity solutions. Under the terms of the agreement, Cisco will pay $76 per share in cash in exchange for each share of Sourcefire and assume outstanding equity awards for an aggregate purchase price of approximately $2.7 billion, including retention-based incentives. The acquisition has been approved by the board of directors of each company. Once the transaction closes, Cisco will include Sourcefire into its guidance going forward. Prior to the close, Cisco and Sourcefire will continue to operate as separate companies."
Time to fork Snort (Score:3)
Hope most of it is under GPL.
Re: (Score:2)
Re: (Score:2)
Looks like they are going to be keeping their open source products open (ClamAV, Snort, and others).
http://blog.sourcefire.com/Post/2013/07/23/1374581400-cisco--sourcefire--now-bigger-stronger-faster/ [sourcefire.com]
Also, it looks like Snort is dual-license: http://www.snort.org/snort/license [snort.org]
What Sourcefire Currently Does (Score:4, Informative)
Disclaimer: At $DAYJOB, I work on managed security services using Sourcefire, but this is my own personal commentary, not that of my employer.
Sourcefire's primary product line takes Snort, wraps it in hardware appliances, and adds a lot of management tools that you can use in an enterprise or managed services environment. This past year, they've added a firewall capability to compete with Palo Alto* and the UTM vendors like Fortinet - in addition to basic firewall support they've got application identification, so you can do things like allow users to read Facebook but block Facebook games, and you can also do things like URL censorship and known-bad-site blacklisting. They've also been buying up other companies like ClamAV and Immunet, so they've got feeds of malware site identification, and are starting to integrate that with the firewall/IDS as well as continuing the host-based versions.
Cisco's IDS/IPS offers have been pretty lame the past few years, but they've got decent firewalls, so we'll see how those product lines play against each other. (I don't know what Cisco's doing in Anti-virus and cloud malware detection these days.)
Sourcefire's hardware at the low end is basically Linux box appliances, and at the high end they're doing a bunch of hardware acceleration. Their largest single box will handle 10 Gbps of inspection, and they can cluster up to four of those to support 40 Gbps. There's not much competition up at the high end - McAfee may have come out with a 10 Gbps follower to their previous 5 Gbps box, and Juniper has some boxes that are bigger but are mainly firewalls with some limited IPS capability. If you've got existing Snort on Linux, Sourcefire does also sell connection tools to integrate with their management systems.
*The term "Next Generation Firewall" means "whatever Palo Alto's marketing says it means", but is at least firewall plus application identification. I've heard that Cisco tried to buy Palo Alto last year.
Re: (Score:2)
Cisco IDSMv2 *spit*
"provider of intelligent cybersecurity solutions" (Score:1)
Obviously this is a press release for Sourcefire, so... what are people's real-world experience with Snort? Have you used it successfully to block attacks?
Re: (Score:3)
Snort is an IDS not an IPS, in the role of an IDS it is VERY good (probably the best out there), though with the sourcefire modules it can be a bit annoying because it's hard to tell what exactly might be a false positive (with the community modules you can tell exactly what the rules is doing so you can tell if it's tripping on legitimate traffic). It does take some care and feeding, luckily we outsource that job to a local group that does nothing but security monitoring and management so we didn't have to
Re: (Score:2)
Yes...Snort is an IDS, not an IPS.
Log Snort through Ethereal, or another network protocol analyzer of your choice, and you've just created a free version of what all these companies want to sell you.
Re: (Score:3)
You misspelled Wireshark.
Re: (Score:1)
Snort can be used as an IPS, and Sourcefire IS an IPS. Also, to the guy below saying "Log snort, do some analysis, and you get what companies charge you for", you are completely ignorant. Sourcefire has a proprietary and useful GUI to manage multiple sites and tons of sensors. Sensors that can handle 40Gb/s of traffic. No biggie.
I'm running Snort as an IPS through pfSense at my home.
Re: (Score:3)
There are a number of security companies, including one of Dell's acquired business units, that sell security appliances that are basically snort boxes. So yes, Snort is pretty widely used and deployed and not just messed around with by open source enthusiasts.
Personally, given Cisco's (mis)management of acquired companies in the past, and the inability of their business units to actually work together, I just lost all interest in Snort, unless someone forks it and manages to keep it up to the snuff that So
Re: (Score:2)
Re: (Score:1)
Snort is a great piece of technology considering its origin and when used in the right environment. That said, and having years of first hand experience with it, there are definite "cons".
First, and as others have pointed out, Snort is an IDS not an IPS. This isn't necessarily a negative, but it's an important distinction. Snort tells you that something bad has happened. It doesn't prevent bad things from happening.
Snort is a giant PITA in a large enterprise environment. It will scale, but it takes a L
Re: (Score:2)
Plus they provide "Agile Security". Ever get the feeling that Cisco is buying buzzwords and not a working product ?
just in time (Score:2)
Re: (Score:1)
Fork ClamAV...PLEASE!
I bet everyone hopes Clamav will become what it deserves to be, a superior and unbeatable security solution with the financial/professional support of Cisco.
Re: (Score:2)
Only if the cost remains free or very low.
Oh, SourceFIRE (Score:2)
so lemme get this straight... (Score:1)
Martin Roesch becomes a billionaire, cisco pays him what he is worth, snort gets forked, sourcefire becomes an evil tool with vendor lockin, and open source alternatives to the sourcefire tools go into serious development. cisco gets the less tech savvy enterprises that were trashing their products for sourcefire to keep paying cisco, and the rest just save money by using snort with the new tools to compete with the proprietary/commercial tools at cisco. sounds good to me.
Martin, you would have made more mo
Re: (Score:2)
Re: (Score:2)
In 1998 Cisco entered the "hot" intrusion detection market buy buying WheelGroup and their NetSonar product. Seemingly unable or unwilling to understand/develop the product, it was finally killed in 2003, by which time Cisco had put some (not very good) IDS technology into their own core products.
Largely an irrelevance in the IDS world up until today.... they just decided to have another go at it..
"Cisco Systems Inc. said today it will acquire IDS, IPS and anti -malware specialist Sourcefire Inc.for $2.7 billion."
Cisco are NOT going to merge with Sourcefire, but this time around say they will leave it as a separate business unit, perhaps it will work better for them than NetSonar in 1998, perhaps it wont wither and die.
Incredible that Cisco could not successfully grow such capability in-house. Just goes to show that large companies cant achieve much!
It's pretty simple, Cisco is notorious for writing spectacularly shitty software, especially anything security related. They make decent enough hardware, but their software is attrocious.
So, they just periodically buy up vendors who have fairly good software in the market they want, and use it. Generally after a few revisions it turns into the same Cisco shitpile as their own home-grown stuff, but that's when they decide to go buy someone else.
Congrats (Score:2)
Congrats Marty!
Wave goodbye to the Sourcefire you knew until now (Score:2)
It happened with ISS when IBM bought them and happened with Tipping Point when HP bought them.
Given Cisco's track record I have little faith that Sourcefire will be as good as it was.