Proofpoint today announced the acquisition of security intelligence vendor Emerging Threats for $40 million in cash and stock. Under the deal, Emerging Threats' technology, including its open-source-based ETOpen rule set, will be integrated into Proofpoint's threat-protection platform.
"The team is very highly regarded within the security community, and we believe its database of network threat intelligence is unmatched in the industry," David Knight, executive vice president and general manager of information security products at Sunnyvale, Calif.-based Proofpoint, told eWEEK. "This would be hard to build or organically create, especially given the speed with which the industry is moving."
Part of Emerging Threat's value proposition is the company's threat-collection network, which is able to obtain 150,000 to 300,000 new, unique malware samples every day by way of the Emerging Threats private malware exchange, which benefits from the participation of antivirus, cloud vendors and Internet service providers.
The Emerging Threats' technology is complementary to Proofpoint's threat intelligence, and the combination provides timely, actionable end-to-end attack intelligence and protection, Knight said.
Proofpoint's threat-detection and response products for email and social media security and compliance will be further enhanced by pairing them with Indianapolis-based Emerging Threats' deep research and intelligence capabilities.
"Together, the technologies provide end-to-end protection across the entire attack chain," Knight said. "In addition, Emerging Threats' vision, strategy and technology around cloud-based threat intelligence collection and analysis is extremely well aligned with Proofpoint's cloud-based vision and complements our existing capabilities and investments."
Emerging Threats' technology portfolio includes the open-source ETOpen rule set ,which provides IPS/IDS (intrusion-prevention system/intrusion-detection system) rules for malware and its associated command and control communications. The ETOpen rule set is available for the open-source SNORT IPS, which is the basis for Cisco's Soucefire IPS devices. The ETOpen rule set also supports the open-source Suricata IPS which is an open-source fork of SNORT.
"The ETOpen rules for SNORT and Suricata open-source IDS/IPS engines are submitted by a global community of threat researchers, typically in response to something they've seen on their local networks," Knight explained. "These rules are submitted to Emerging Threats, which then runs them through a quality assurance process to reduce false positives and ensure optimized performance on the target platforms."
The ETOpen rule set is published every day to the open-source community. Then, from a commercial perspective, ETOpen is also incorporated in ETPro rule set package that is delivered daily from Emerging Threats. Emerging Threats often donates new ETPro rules to the ETOpen community, Knight said.
The ETPro rule set is one part of the Emerging Threats' IQRisk Suite, which also includes the IQRisk Rep List and IQRisk Query services. The IQRisk Rep List provides a scored list of threat intelligence while IQRisk Query enables the ability to query the threat activity database.
Proofpoint is committed to increasing the investment in Emerging Threats' threat research and development capabilities, allowing the combined company to produce even more timely and accurate threat intelligence, Knight said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.