Summary:

Cisco is jumping on the cybersecurity bandwagon by buying Sourcefire to monitor networks and endpoints.

padlock

It’s been quite a year for network security acquisitions — Blue Coat buying Solera (terms undisclosed), Intel buying Stonesoft ($389 million) … and now network-equipment giant Cisco is to pick up Sourcefire for the not insubstantial sum of $2.7 billion.

There is of course a common reason behind all these purchases (and big-time investments such as Tenable Network Security’s $50 million from Accel last year) – attacks are getting more frequent and a darn sight more powerful, while at the same time the move to cloud and mobile computing is making businesses’ systems more exposed by taking them beyond the traditional corporate network firewall. Sourcefire could help Cisco modernize its approach to this shift.

According to a Cisco statement, the Sourcefire acquisition will add better intrusion prevention systems, firewalls and malware protection to Cisco’s mix. Here’s what Christopher Young, head of Cisco Security Group, said:

“The notion of the ‘perimeter’ no longer exists and today’s sophisticated threats are able to circumvent traditional, disparate security products. Organizations require continuous and pervasive advanced threat protection that addresses each phase of the attack continuum.

“With the acquisition of Sourcefire, we believe our customers will benefit from one of the industry’s most comprehensive, integrated security solutions — one that is simpler to deploy, and offers better security intelligence.”

Sourcefire looks at not only networks but millions of endpoint devices, too.

But there is overlap between the Cisco and Sourcefire product lines. Both companies sell firewall appliances. The two companies are working to figure out how to integrate the products — as well as their sales channels.

One perk of the deal is that in buying Sourcefire, based in Columbia, Md., Cisco gets additional presence near the nation’s capital, where there’s lots of interest in cybersecurity. And while Sourcefire did go public in 2007, its capabilities will gain a higher profile when the Cisco name gets tacked on.

Another Sourcefire asset Cisco gets: an open-source community. A few of Sourcefire products are available in the open source, including Snort software for intrusion prevention and detection and ClamAV software for fighting malware and viruses.

The company did $223 million in revenue in 2012 and $5 million in net income, according to its latest annual report.

This is actually Cisco’s second network security purchase this year – in January it bought the Czech firm Cognitive Security for its clever behavioral analysis approach to identifying “cyber threats.”

And on the call, an analyst pointed out that Cisco has already made 23 security acquisitions, including Ironport, ScanSafe and Virtuata. He asked if this was the one remaining missing link to round out the company’s security portfolio. Rather than answer directly, Young pointed out one of the key strengths of Sourcefire — that it will give Cisco access to a wide range of security capabilities. It’s no longer a matter of adding components like antivirus and intrusion prevention piecemeal, but rather about how many functions can run together. “The world is moving toward integrated architectures, integrated appliances, an integrated solution set in security,” Young said. “We’re definitely moving down that path.”

The acquisition aligns Cisco to take advantage of the increased attention cyberattacks have been getting in recent months. In addition to the acquisitions, investors have been keen on backing IT security companies lately as well.

The Sourcefire deal is expected to close sometime this year – both companies’ boards have given approval.

You’re subscribed! If you like, you can update your settings

Comments have been disabled for this post