Cisco to Buy Sourcefire to Bulk Up Security Portfolio

By Jeffrey Burt  |  Posted 2013-07-23

Cisco to Buy Sourcefire to Bulk Up Security Portfolio

Cisco Systems is bolstering its security solutions by spending $2.7 billion to buy Sourcefire, a move that will add bring greater anti-malware capabilities to the networking giant and could be a harbinger of more deals in the industry, according to analysts.

Cisco officials announced the deal July 23, saying the addition of Sourcefire's network security solutions will be the latest step in the company's efforts to offer a broad platform that can address a dynamic and rapidly changing cyber-security landscape driven by such trends as cloud computing and IT mobility.

The deal, which has been approved by the boards of directors from each company, is expected to close in the second half of 2013. Once the deal closes, Sourcefire's employees will become part of Cisco's Security Group, under the direction of Senior Vice President Christopher Young.

Sourcefire will bring a range of capabilities—from intrusion prevention and threat detection to next-generation firewalls and advanced malware protection—to a Cisco security portfolio that the company is aggressively looking to build, Young told eWEEK. Cisco is looking to build a broad security services platform that can be delivered via the cloud and is tightly integrated into Cisco's increasingly open and software-based networking environment.

In January, Cisco bought Cognitive Security, whose technology can help organizations better detect and identify patterns of behavior in networks that may indicate a threat, Young said. In October 2012, Cisco hired Bret Hartman away from EMC's RSA security division to become CTO for the Security Group. Hartman told eWEEK in a recent interview that a key incentive for coming to Cisco was the networking vendor's platform-based approach to security.

The company already offers a range of security solutions, from firewalls, intrusion-detection services and VPNs to its Identity Services Engine (ISE). Sourcefire will help businesses with improved advanced threat protection before, during and after an attack throughout the spectrum, from the cloud to any devices, officials said.

Organizations "don't want to feel like they're behind [the changing threat landscape]," Young said. "They want to feel like they can keep up with advanced threats."

Sourcefire offers a range of cyber-security products, from its next-generation intrusion-protection service and FirePower advanced malware protection service to its FireAMP malware analysis solutions for physical, virtual and mobile environments. At the core of the company's security offerings is Snort, an open-source intrusion-detection and -prevention engine. Created in 1998 by Sourcefire founder and CTO Martin Roesch, Snort has been downloaded more than 4 million times, according to the company.

Cisco's Young said Snort will be a key technology that will integrate with the networking vendor's security solutions.


Cisco to Buy Sourcefire to Bulk Up Security Portfolio

In a post on Sourcefire's blog, Roesch said merging with Cisco will enable company employees to accelerate what they want to do.

"The best news in all of this, especially for our partners, customers and open-source users, is that Cisco is committed to accelerate the realization of our vision into the market," he wrote. "We'll be able to more quickly innovate, develop, and provide products and technologies that continue to solve your biggest security challenges. And not just for commercial and government solutions—[Cisco officials] are committed to continued innovation and support of our open-source projects, too."

Young noted that cloud computing and greater mobility are giving hackers new avenues for attacking networks and creating an increasingly dynamic security environment where vendors like Cisco have to give IT professionals the tools they need while also trying to keep ahead of the bad guys.

At the same time, the move toward software-defined networks (SDNs) will put more pressure on network security professionals. SDN and efforts like Cisco's Open Network Environment (ONE) are designed to move network intelligence and services from physical switches and routers and into software. The goal is to make networks more automated, scalable, flexible and programmable.

It can be a double-edged sword for network administrators. By decoupling network security services from the underlying hardware infrastructure, IT professionals can bring security capabilities throughout the network. However, it also can make networks vulnerable to intruders who are able to gain access to the networks, increasing even more the need for extensive network security solutions, Young said.

That said, any technology transition brings with it a level of risk, he said. In the end, "the benefits [of SDNs] greatly outweigh the risks," Young said.

Analysts said Cisco's Sourcefire acquisition could kick off a consolidation in the cyber-security market, with top-tier vendors like IBM, Hewlett-Packard, Juniper Networks and EMC looking to buy smaller companies to bulk up their security capabilities and meet a growing demand from organizations for more security solutions. In a research note, Daniel Ives, an analyst with FBR Capital Markets, called the deal "game-changing," and said he expects "a surge of consolidation to take place over the next 12 to 18 months."


Rocket Fuel