Many companies incorporate Snort intrusion detection and prevention capabilities into their network security products. Sourcefire founder and chief technology officer Martin Roesch owns Snort's General Public License, which means he drives the technology's development road map.

Larry Greenemeier, Contributor

April 25, 2006

3 Min Read

The U.S. government may have stopped Sourcefire Inc.'s plans to merge with Check Point Software Technologies Ltd., but Sourcefire still has big plans for the expansion of its open-source Snort-based network security technology.

Many companies incorporate Snort intrusion detection and prevention capabilities into their network-security products. Sourcefire founder and chief technology officer Martin Roesch owns Snort's General Public License, which means he drives the technology's development roadmap.

This includes upcoming features that will let Snort better protect its users from spyware. Sourcefire hopes to capitalize on new Snort features as it develops its Defense Center network security appliance, which uses intrusion sensors and agents and real-time network awareness sensors to aggregate, contextualize, analyze, prioritize, and act on threat information.

Sourcefire claims its technology analyzes information both about network security threats and their intended targets so that companies can adopt a more specific defense posture. "Either you can't block it all, or you get too much information," which is as useful as a car alarm in a crowded parking lot, says Sourcefire chief marketing officer Michele Perry. The company's strategy is also to embed additional security measures, such as network behavior anomaly detection, into its existing products so customers don't need to purchase additional network security appliances.

There are at least 15 companies that incorporate Snort into their network security offerings, Perry estimates, adding that the open-source technology has been downloaded 3 million times since its 1998 debut. Apani Networks Monday introduced its Snort-based ThreatView administrative tool designed to alert companies when data designated as "sensitive" is in transit within their network perimeter. ThreatView includes reporting features designed to help administrators assess the security risk level when sensitive data is accessed. Networking equipment provider Foundry Networks Inc. builds its sFlow traffic monitoring technology on Snort, and Astaro Corp. uses Snort as part of its intrusion-prevention system, as does StillSecure's Strata Guard network-based intrusion detection/prevention systems.

Late last year, when Check Point announced its intention to buy Sourcefire, the pairing appeared to be a good deal for both companies, as Check Point looked to add intrusion detection and prevention to its product portfolio and Sourcefire looked to expand its market outside the U.S. "We're disappointed that the Check Point thing fell apart," Perry says. "They had worldwide sales and distribution in place. They also had a name brand and established customers."

Check Point had put $225 million on the table to close the deal, but the transaction was scuttled after it came under scrutiny from the Committee on Foreign Investment in the United States, or CFIUS, an inter-agency committee chaired by the Treasury Secretary. Check Point's decision was emblematic of the political pressure being applied to foreign-based companies such as Dubai Ports World of United Arab Emirates, which planned in March to take over the operation of terminals at six major U.S. ports. Dubai Ports World ultimately decided to transfer those operations to a U.S. entity after the deal was postponed at the behest of Congress so that CFIUS could conduct a 45-day review.

Following their canceled transaction, Check Point and Sourcefire said they would continue to pursue partnership opportunities, which would be more cost effective than a lengthy CFIUS investigation. Although it is incorporated in Israel, most of Check Point's 1,400 employees work outside that country, with about 600 in the U.S. and more than 200 in Europe and Asia.

Check Point is already seeing the downside of its aborted bid for Sourcefire. The company Monday reported a first-quarter profit of $61.6 million on revenue of $133.6 million, but this was down 3% year over year. Check Point had issued an earnings warning on April 4 in part because of the canceled Sourcefire deal. The company is also adjusting to a new sales model that focuses on annual subscription licenses rather than perpetual licenses.

Sourcefire's financial fortunes, however, appear to be heading in the opposite direction. The privately held Maryland company recently stated that revenues from the first quarter of 2005 through the first quarter of 2006 grew 68%, although it didn't provide specific numbers.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights