Cisco Banks On Sourcefire And Snort For Its Security Future

Ciscos security save costs to the tune of $2.7 billion, and the Snort pig stays open source

Ciscos announcement today that it plans to purchase Sourcefire in a $2.7 billion deal signals a major effort to resuscitate the networking giants increasingly shaky standing in the network security market.
Christopher Young, senior vice president of Ciscos Security Group, said during a shareholder call today that the definitive agreement to buy Sourcefire fits Ciscos goal of becoming the No. 1 security vendor for customers. By bringing the innovation that Sourcefire brings in IPS, advance malware prevention, content-awareness ... the combination of the two companies is really going to have a big imprint on the industry overall, Young said.
Under the deal, which is expected to close in the second half of this year, Cisco will pay $76 per share in cash in exchange for each Sourcefire share. Martin Roesch, the renowned founder and chief technology officer of Sourcefire, as well as the creator of the open-source Snort intrusion detection and prevention technology, will become vice president and chief architect of Ciscos Security Group and report directly to Young.
Cisco executives emphasized that the acquisition would pave the way for Cisco to provide a comprehensive and integrated family of security solutions. [Sourcefire has] done very unique things in thinking about IPS, IDS, advanced malware [detection], threat awareness, and leveraging cloud-based intelligence ... to see malware infections before, during and after an attack, Ciscos Young said, pointing to Ciscos firewall, Web, and email security businesses rounding out the newly combined portfolio. It all maps very well with our strategy: A path to an integrated solution set that combines the best of both portfolios is achievable in near-term fashion.
While Young wouldnt specify just yet what all of this means for existing Cisco and Sourcefire products, the big question was what happens to Ciscos IDS/ISP products now since theres a glaring duplication with the newly acquired Sourcefire IDS/IPS line. Next-generation IPS and advanced malware protection will be integrated with our firewall and part of our overall Cisco footprint, he said.
But its likely the end of the road for Ciscos IDS/IPS line now that Snort is in the house, security experts say. Dead, says Mike Rothman, president of Securosis and author of
The Pragmatic CSO
. The question is when and what is the migration path, and the sooner, the better for Ciscos IDS/IPS customers, he says.
The big problem is Cisco had underperforming network security products. They had to fix those if they wanted to stay in the business, and this was a way to fix that problem, Rothman says. Cisco had a problem it had to solve.
For Sourcefire, its an entree into the firewall space as well as a greenfield of enterprise business where Cisco switches and routers have been network staples for so long. Cisco has hundreds of thousands of customers and a breadth of distribution. There are only a handful of tech companies that can match that scale, Rothman says.
John Pescatore, director of emerging security trends at SANS, also sees the Sourcefire deal as a possible game-changer for Ciscos security business -- namely, if Cisco successfully takes Sourcefires industry-leading IPS products and continues to enhance them. Cisco had the switchover from PIX firewalls to ASA, and a bunch of stumbles to ASA, especially on the intrusion detection and intrusion prevention side, Pescatore says.
The catch will be in how Cisco orchestrates the acquisition when it comes to the software side of things, he says. While the networking giant has done well in network appliance-type buys, Ciscos desktop software company acquisitions havent gone so well, he says. If Cisco is going to [attempt] to be a big player in desktop AV, [thats] going to be a disaster, he says. If they use the Immunet threat research guys, they will better be able to compete with Palo Alto Networks and FireEye.
Another possible red flag is if Cisco emphasizes building security into the network fabric, Pescatore says. As a market, we dont really trust infrastructure vendors to secure themselves. Thats why Microsoft hasnt been successful in AV, he says.
Sourcefire will also give Cisco a foray into the network forensics space, with monitoring and storing of network traffic information, he says. Sourcefire, meanwhile, had struggled to gain a foothold in the firewall business, so Ciscos ASA firewall family fills that gap, he says.
[How not to respond to a cyberattack. See
3 Big Mistakes In Incident Response
.]
Then theres that pig -- open-source Snort, that is -- in the room. While Cisco has not traditionally been associated with the open-source community, Snort will change all of that. Snort brings a vibrant, open-source community to Cisco, Ciscos Young says. That was an important attribute that attracted us to Sourcefire ... Together we will have a continued partnership with the open-source community.
Sourcefires Roesch echoed the promise that Snort would remain open. Snort will always be free. We will continue that tradition, he says.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Cisco Banks On Sourcefire And Snort For Its Security Future