Check Point Software Technologies Inc. is snapping up intrusion prevention and real-time network awareness software maker Sourcefire for a $225 million mix of cash and stocks, the security company announced Thursday.
Sourcefire is the maker of Snort, an open-source intrusion detection and prevention technology that underpins its real-time network security software.
Check Point Software founder and CEO Gil Shwed told eWEEK.com that the deal is the next logical step in a 2-year-old strategy aimed at providing full-metric security architecture for customers.
In other words, whatever laptop or other gizmos wander into the insides of a network, theyll be buttonholed before they can gum up the network.
“Inside the network, a lot can go in without passing through the traditional perimeter security,” he said. “Our goal is either theyre completely blocked or, if somebody is doing something outside the company policy and they get into the network, damages are reduced or eliminated completely.”
Sourcefire products will help Check Point to extend its unified security architecture with attack definitions and intelligent threat detection technologies, Shwed said.
Sourcefires 3D approach—”Discover, Determine, Defend”—features a network defense system that unifies intrusion and vulnerability management technologies and is a natural fit to Check Points solutions, specifically in the areas of Internal Security and Security Event Management, he said.
The deal, which has been signed off on by boards of directors of both companies as well as Sourcefire shareholders, is expected to close in the first quarter of 2006.
Check Point will be adding Sourcefires 140 employees to its own staff of 1,400 and expects no layoffs, Shwed said.
Analysts said its no coincidence that the move comes mere days after rival Symantec Corp. gobbled up its third acquisition in two months, announcing Monday that it was buying policy-compliance and vulnerability management software maker BindView Development for $209 million in cash.
The Symantec-BindView deal marked the third acquisition for Symantec Corp. in the last two months and is interpreted as an aggressive move by the Internet security vendor to expand its security offerings following its merger with Veritas Software Corp.
Check Point, not an aggressive company when it comes to acquisitions, is smart to make a move now, analysts say.
As it is, the company has seen its share in hybrid security offerings slip.
Synergy Research has reported that the vendor dropped to 4.8 percent in the first quarter of 2005 versus 8.5 percent in the second quarter of 2002.
Meanwhile, its share of the overall security market slid to 11.1 percent from 15.5 percent during the same period, according to Synergy.
Add to that the fact that Symantec is gobbling up companies like it has a tape worm, and Check Point certainly has motivation to move.
“Im sure the Symantec acquisition has really shaken up the big boys,” said Pete Lindstrom, research director at Spire Security LLC.
“Check Point, I assume, has got to get more aggressive in its ability to add security products to its portfolio.”
Lindstrom called Sourcefire a nice fit.
“The company has a strong reputation and has done a good job developing its customer base, and it has good credentials,” he said.
What customers can expect from the deal is likely to be simply a reduction in back-office costs, both for the Check Point/Sourcefire marriage and the Symantec/BindView pairing, Lindstrom said.
Meanwhile, Sourcefires RNA technology is an interesting technology for Check Point to pick up, Lindstrom said.
The passive asset management and resource identification technology helps to track whats going on your wire—like a sniffer, but one that retains information and looks for changes in activity and so on.
“That gives Check Point an opportunity to build up in an area where theres some momentum growing, on the network side,” he said.
The merger could also make sense to help out Sourcefire, which didnt have that coherent a story when it came to its intrusion prevention technology or its technology that segments off internal networks, which is becoming a hot area now, Lindstrom said.
“Theres constant chatter about the disappearing perimeter” as global networks spread to allow access to a wider range of distributed resources and people,” he said.
“Certainly things like wireless and remote laptops mean you have to really think about your perimeter-based strategy.”
At any rate, Lindstrom said, the buy is indicative of a robust market.
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.