Channels ▼


Sourcefire Has Big Plans For Open-Source Snort

The U.S. government may have stopped Sourcefire Inc.'s plans to merge with Check Point Software Technologies Ltd., but Sourcefire still has big plans for the expansion of its open-source Snort-based network security technology.

Many companies incorporate Snort intrusion detection and prevention capabilities into their network-security products. Sourcefire founder and chief technology officer Martin Roesch owns Snort's General Public License, which means he drives the technology's development roadmap.

This includes upcoming features that will let Snort better protect its users from spyware. Sourcefire hopes to capitalize on new Snort features as it develops its Defense Center network security appliance, which uses intrusion sensors and agents and real-time network awareness sensors to aggregate, contextualize, analyze, prioritize, and act on threat information.

Sourcefire claims its technology analyzes information both about network security threats and their intended targets so that companies can adopt a more specific defense posture. "Either you can't block it all, or you get too much information," which is as useful as a car alarm in a crowded parking lot, says Sourcefire chief marketing officer Michele Perry. The company's strategy is also to embed additional security measures, such as network behavior anomaly detection, into its existing products so customers don't need to purchase additional network security appliances.

There are at least 15 companies that incorporate Snort into their network security offerings, Perry estimates, adding that the open-source technology has been downloaded 3 million times since its 1998 debut. Apani Networks Monday introduced its Snort-based ThreatView administrative tool designed to alert companies when data designated as "sensitive" is in transit within their network perimeter. ThreatView includes reporting features designed to help administrators assess the security risk level when sensitive data is accessed. Networking equipment provider Foundry Networks Inc. builds its sFlow traffic monitoring technology on Snort, and Astaro Corp. uses Snort as part of its intrusion-prevention system, as does StillSecure's Strata Guard network-based intrusion detection/prevention systems.

Late last year, when Check Point announced its intention to buy Sourcefire, the pairing appeared to be a good deal for both companies, as Check Point looked to add intrusion detection and prevention to its product portfolio and Sourcefire looked to expand its market outside the U.S. "We're disappointed that the Check Point thing fell apart," Perry says. "They had worldwide sales and distribution in place. They also had a name brand and established customers."

Check Point had put $225 million on the table to close the deal, but the transaction was scuttled after it came under scrutiny from the Committee on Foreign Investment in the United States, or CFIUS, an inter-agency committee chaired by the Treasury Secretary. Check Point's decision was emblematic of the political pressure being applied to foreign-based companies such as Dubai Ports World of United Arab Emirates, which planned in March to take over the operation of terminals at six major U.S. ports. Dubai Ports World ultimately decided to transfer those operations to a U.S. entity after the deal was postponed at the behest of Congress so that CFIUS could conduct a 45-day review.

Following their canceled transaction, Check Point and Sourcefire said they would continue to pursue partnership opportunities, which would be more cost effective than a lengthy CFIUS investigation. Although it is incorporated in Israel, most of Check Point's 1,400 employees work outside that country, with about 600 in the U.S. and more than 200 in Europe and Asia.

Check Point is already seeing the downside of its aborted bid for Sourcefire. The company Monday reported a first-quarter profit of $61.6 million on revenue of $133.6 million, but this was down 3% year over year. Check Point had issued an earnings warning on April 4 in part because of the canceled Sourcefire deal. The company is also adjusting to a new sales model that focuses on annual subscription licenses rather than perpetual licenses.

Sourcefire's financial fortunes, however, appear to be heading in the opposite direction. The privately held Maryland company recently stated that revenues from the first quarter of 2005 through the first quarter of 2006 grew 68%, although it didn't provide specific numbers.

Related Reading

More Insights

Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.