Sourcefire

Last updated

Sourcefire
Company typeSubsidiary
Industry Network security; intrusion detection, intrusion prevention system and anti-malware
Founded2001
Founder Martin Roesch
FateAcquired
Headquarters Columbia, Maryland
Key people
John Becker (CEO) (at the sale of the company), Martin Roesch (Founder and CTO)
ProductsSourcefire Firepower network security appliances
Revenue$223.1M (FY12)
Number of employees
560 (3Q12)
Parent Cisco Systems
Website cisco.com

Sourcefire, Inc was a technology company that developed network security hardware and software. The company's Firepower network security appliances were based on Snort, an open-source intrusion detection system (IDS). Sourcefire was acquired by Cisco for $2.7 billion in July 2013. [1] [2]

Contents

Background

Sourcefire was founded in 2001 by Martin Roesch, the creator of Snort. The company created a commercial version of the Snort software, the Sourcefire 3D System, which evolved into the company's Firepower line of network security products. The company's headquarters was in Columbia, Maryland in the United States, with offices abroad.

Financial

The company's initial growth was funded through four separate rounds of financing raising a total of $56.5 million from venture investors such as Sierra Ventures, New Enterprise Associates, Sequoia Capital, Core Capital Partners, Inflection Point Ventures, Meritech Capital Partners, and Cross Creek Capital, L.P. [lower-alpha 1]

In 2005, Check Point Software attempted to acquire Sourcefire for $225 million, [3] but later withdrew its offer after it became clear US authorities would attempt to block the acquisition. [4] The company completed an initial public offering in March 2007, raising $86.3 million. [5] [lower-alpha 2] In August of the same year, Sourcefire acquired Clam AntiVirus. [6] Sourcefire rejected an offer of $187 million in May 2008 from security appliance vendor Barracuda Networks, [7] who had offered to pay US$7.50 per share, amounting to a 13% premium of their then-current stock price. [8] Sourcefire announced its acquisition of the cloud-based antivirus firm Immunet in January 2011. [9] [10]

Revenue for the fourth quarter of 2012 was $67.4 million compared to $53.2 million in the fourth quarter of 2011, an increase of 27%. [11] Revenue for the year ending December 31, 2012 was $223.1 million compared to $165.6 million for 2011, an increase of 35%. International revenues were $74.4 million, up 77% over 2011. As of December 31, 2012, the company's cash, cash equivalents, and investments totaled $204.0 million. [12]

Sourcefire received SC Magazine's 2009 "Reader Trust" award for best intrusion detection and intrusion prevention system (IDS/IPS) for Snort [13] and Network World's "2009 Best of Tests" award for the Sourcefire 3D System. [14] The company placed in the "Leaders" Quadrant in the 2012 Gartner Magic Quadrant competition for intrusion detection and prevention system appliances, [15] and received ICSA Labs' certification for the full line of Firepower (formerly 3D) appliances. [16] Sourcefire was given a top "recommend" rating in 2012 for fastest and most accurate IPS detection from NSS Labs. [17] Firepower was also ranked by NSS Labs at the top of their 2012 "Security Value Map" in security effectiveness and total cost of ownership. [18]

On July 23, 2013, Cisco Systems announced a definitive agreement to acquire Sourcefire for $2.7 billion. [1] [19]

Products

Firepower

The Sourcefire Firepower line of appliances are designed to form part of a layered security defense. They can be deployed as:

  • Application control
  • Malware protection
  • URL filtering

Advanced Malware Protection

Sourcefire Advanced Malware Protection (AMP) offers malware analysis and protection for networks and endpoints using big data analytics to discover, understand and block advanced malware outbreaks, advanced persistent threats (APTs) and targeted attacks. AMP enables malware detection and blocking while provisioning continuous analysis and retrospective alerting, using Sourcefire's cloud security intelligence[ clarification needed ].

Advanced Malware Protection can be deployed inline via a product key on NGIPS, dedicated AMP Firepower appliance or on endpoints, virtual and mobile devices with FireAMP. [20]

Snort

Snort is an open source network intrusion prevention and detection system utilizing a rule-driven language, which combines signature, protocol and anomaly based inspection methods. Developed in tandem with the Snort open source community, its developers claim it is the most widely deployed intrusion detection and prevention technology worldwide. [21]

Immunet

Immunet uses the cloud virus definitions along with virus definitions from Clam AntiVirus which is an open source (GPL) anti-virus toolkit primarily used on UNIX operating systems designed for e-mail scanning on e-mail gateways. It provides a number of utilities including a multi-threaded daemon, a command-line interface scanner and tool for automatic database updates. The core of the package is an anti-virus engine available in a form of a shared library. [22] Immunet was provided in two versions, Free and Plus. [23]

As of June 10, 2014, Immunet Plus is no longer available, replaced with Immunet Free, supported by Cisco. [8]

Sourcefire Vulnerability Research Team

The Sourcefire Vulnerability Research Team (VRT) was a group of network security engineers which discovered and assessed trends in hacking activities, intrusion attempts, and vulnerabilities. [24] Members of the Sourcefire VRT include the ClamAV team as well as authors of several standard security reference books [25] [26] [27] and articles. The Sourcefire VRT is also supported by the resources of the open source Snort [28] and ClamAV [29] communities.

The group focuses on developing vulnerability-based rules to protect against emerging exploits for Sourcefire customers and Snort users. The VRT has provided zero-day protection for outbreaks of malware, including Conficker, [30] Netsky, Nachi, [31] Blaster, Sasser, Zotob, [30] Nachi [32] among others. The VRT also delivers rules that provide same day protection for Microsoft Tuesday vulnerabilities, develops the official Snort rules used by the Sourcefire 3D System, develops and maintains the official rule set of Snort.org, and maintains shared object rules that are distributed for various platforms in binary format. [33] [24]

Following the Cisco acquisition [34] of Sourcefire in 2013, the VRT combined with Cisco's TRAC and SecApps (Security Applications) group to form Cisco Talos. [35] "Talos" was officially coined in usage in 2014, followed by its trademark, and was announced at Blackhat that year.

See also

Notes

  1. A venture fund whose general partner is a wholly owned subsidiary of Wasatch Advisors, Inc.
  2. The sole book-running manager of the offering was Morgan Stanley & Co. Incorporated. Lehman Brothers Inc. acted as co-lead manager and UBS Securities LLC and Jefferies Group LLC served as co-managers.

Related Research Articles

An intrusion detection system is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically either reported to an administrator or collected centrally using a security information and event management (SIEM) system. A SIEM system combines outputs from multiple sources and uses alarm filtering techniques to distinguish malicious activity from false alarms.

<span class="mw-page-title-main">Antivirus software</span> Computer software to defend against malicious computer viruses

Antivirus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

Linux malware includes viruses, Trojans, worms and other types of malware that affect the Linux family of operating systems. Linux, Unix and other Unix-like computer operating systems are generally regarded as very well-protected against, but not immune to, computer viruses.

Network security consists of the policies, processes and practices adopted to prevent, detect and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs: conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: it secures the network, as well as protecting and overseeing operations being done. The most common and simple way of protecting a network resource is by assigning it a unique name and a corresponding password.

<span class="mw-page-title-main">Snort (software)</span> Open-source intrusion prevention system

Snort is a free open source network intrusion detection system (IDS) and intrusion prevention system (IPS) created in 1998 by Martin Roesch, founder and former CTO of Sourcefire. Snort is now developed by Cisco, which purchased Sourcefire in 2013.

<span class="mw-page-title-main">ClamAV</span> Open-source antivirus software

ClamAV (antivirus) is a free software, cross-platform antimalware toolkit able to detect many types of malware, including viruses. It was developed for Unix and has third party versions available for AIX, BSD, HP-UX, Linux, macOS, OpenVMS, OSF (Tru64), Solaris and Haiku. As of version 0.97.5, ClamAV builds and runs on Microsoft Windows. Both ClamAV and its updates are made available free of charge. One of its main uses is on mail servers as a server-side email virus scanner.

A host-based intrusion detection system (HIDS) is an intrusion detection system that is capable of monitoring and analyzing the internals of a computing system as well as the network packets on its network interfaces, similar to the way a network-based intrusion detection system (NIDS) operates. HIDS focuses on more granular and internal attacks through focusing monitoring host activities instead of overall network traffic. HIDS was the first type of intrusion detection software to have been designed, with the original target system being the mainframe computer where outside interaction was infrequent.

Sguil is a collection of free software components for Network Security Monitoring (NSM) and event driven analysis of IDS alerts. The sguil client is written in Tcl/Tk and can be run on any operating system that supports these. Sguil integrates alert data from Snort, session data from SANCP, and full content data from a second instance of Snort running in packet logger mode.

<span class="mw-page-title-main">Check Point</span> Israeli security company

Check Point Software Technologies Ltd. is an American-Israeli multinational provider of software and combined hardware and software products for IT security, including network security, endpoint security, cloud security, mobile security, data security and security management.

<span class="mw-page-title-main">Symantec Endpoint Protection</span> Computer security software

Symantec Endpoint Protection, developed by Broadcom Inc., is a security software suite that consists of anti-malware, intrusion prevention and firewall features for server and desktop computers. It has the largest market-share of any product for endpoint security.

<span class="mw-page-title-main">Martin Roesch</span> American computer security developer and business leader

Martin Roesch founded Sourcefire in 2001 and was its Chief Technology Officer until the company was acquired by Cisco Systems on October 7, 2013 for $2.7B. Roesch now is CEO of Netography which raised $45M in Series A funding in November 2021. A respected authority on intrusion prevention, detection technology, and forensics, he was responsible for the technical direction and product development efforts of Sourcefire and Cisco Security before he moved into board roles and VC roles with Decibel Partners. Martin, has industry experience in network security and embedded systems engineering. He is also the author and lead developer of the Snort Intrusion Prevention and Detection System which formed the foundation for the Sourcefire firewall and IDS/IPS systems. Snort is still developed by Cisco Systems today and remains the most-used open source IDS technology.

Immunet was a free, cloud-based, community-driven antivirus application, using the ClamAV and its own engine. The software is complementary with existing antivirus software. In January 2011 Immunet was acquired by Sourcefire.

Stonesoft Corporation was a public company that developed and sold network security solutions based in Helsinki, Finland. It was publicly owned until 2013 when it was acquired by Intel's subsidiary McAfee.

In network security, evasion is bypassing an information security defense in order to deliver an exploit, attack, or other form of malware to a target network or system, without detection. Evasions are typically used to counter network-based intrusion detection and prevention systems but can also be used to by-pass firewalls and defeat malware analysis. A further target of evasions can be to crash a network security defense, rendering it in-effective to subsequent targeted attacks.

<span class="mw-page-title-main">Trend Micro Internet Security</span>

Trend Micro Internet Security is an antivirus and online security program developed by Trend Micro for the consumer market. According to NSS Lab comparative analysis of software products for this market in 2014, Trend Micro Internet Security was fastest in responding to new internet threats.

Avira Operations GmbH & Co. KG is a German multinational computer security software company mainly known for its Avira Free Security antivirus software. Although founded in 2006, the Avira antivirus application has been under active development since 1986 through its predecessor company H+BEDV Datentechnik GmbH. Since 2021, Avira has been owned by American software company NortonLifeLock, which also operates Norton, Avast and AVG. It was previously owned by investment firm Investcorp.

Sagan is an open source (GNU/GPLv2) multi-threaded, high performance, real-time log analysis & correlation engine developed by Quadrant Information Security that runs on Unix operating systems. It is written in C and uses a multi-threaded architecture to deliver high performance log & event analysis. Sagan's structure and rules work similarly to the Sourcefire Snort IDS/IPS engine. This allows Sagan to be compatible with Snort or Suricata rule management softwares and give Sagan the ability to correlate with Snort IDS/IPS data.

Unified threat management (UTM) is an approach to information security where a single hardware or software installation provides multiple security functions. This contrasts with the traditional method of having point solutions for each security function. UTM simplifies information-security management by providing a single management and reporting point for the security administrator rather than managing multiple products from different vendors. UTM appliances have been gaining popularity since 2009, partly because the all-in-one approach simplifies installation, configuration and maintenance. Such a setup saves time, money and people when compared to the management of multiple security systems. Instead of having several single-function appliances, all needing individual familiarity, attention and support, network administrators can centrally administer their security defenses from one computer. Some of the prominent UTM brands are Cisco, Fortinet, Sophos, Netgear, Huawei, Wi-Jungle, SonicWall and Check Point. UTMs are now typically called next-generation firewalls.

Data center security is the set of policies, precautions and practices adopted at a data center to avoid unauthorized access and manipulation of its resources. The data center houses the enterprise applications and data, hence why providing a proper security system is critical. Denial of service (DoS), theft of confidential information, data alteration, and data loss are some of the common security problems afflicting data center environments.

Cisco Talos, or Cisco Talos Intelligence Group, is a cybersecurity technology and information security company based in Fulton, Maryland. It is a part of Cisco Systems Inc. Talos' threat intelligence powers Cisco Secure products and services, including malware detection and prevention systems. Talos provides Cisco customers and internet users with customizable defensive technologies and techniques through several of their own open-source products, including the Snort intrusion prevention system and ClamAV anti-virus engine.

References

  1. 1 2 "Cisco Completes Acquisition of Sourcefire". Cisco Systems. October 7, 2013. Retrieved October 7, 2013.
  2. "Cisco to Buy Sourcefire, a Cybersecurity Company, for $2.7 Billion". The New York Times . July 23, 2013. Retrieved July 23, 2013.
  3. "Check Point and Sourcefire to Explore Alternative Business Relationship". Check Point. March 23, 2006. Archived from the original on March 26, 2014. Retrieved October 12, 2008.
  4. "Check Point calls off Sourcefire buy". Symantec. March 24, 2006. Retrieved October 13, 2008.
  5. "Top 10 technology IPOs of 2007". TechTarget . December 31, 2007. Retrieved September 24, 2016.
  6. "Sourcefire acquires ClamAV". SecurityFocus. August 17, 2007. Archived from the original on November 11, 2012. Retrieved October 28, 2008.
  7. "Barracuda hungry for OSS security developer Sourcefire". Ars Technica . May 30, 2008. Retrieved August 20, 2009.
  8. "Sourcefire says no to Barracuda's takeover bid". InfoWorld . May 30, 2008. Retrieved August 20, 2009.
  9. Friedrichs, Oliver. "Immunet Acquired by Sourcefire". Immunet. Archived from the original on January 10, 2011. Retrieved April 10, 2011.
  10. "Sourcefire Announces Acquisition of Immunet". Sourcefire. Business Wire. January 5, 2011. Archived from the original on April 13, 2011. Retrieved April 10, 2011.
  11. "Sourcefire Security Blazes Up on Q4 After VMware Drop" . Investor's Business Daily . February 22, 2013. Retrieved September 24, 2016.
  12. "Sourcefire Announces Record Revenue for Fourth Quarter & Full Year 2012". Yahoo! Finance. Marketwire. February 21, 2013. Retrieved February 21, 2013.
  13. "Best IDS/IPS solution". SC Magazine. Haymarket Media Group. April 22, 2009. Archived from the original on November 27, 2011. Retrieved October 29, 2009.
  14. "2009 Best of the Tests winners". Network World . February 24, 2009. Archived from the original on September 27, 2016. Retrieved October 29, 2009.
  15. "Gartner Magic Quadrant Report". Gartner. July 5, 2012. Archived from the original on October 23, 2013. Retrieved December 26, 2012.
  16. "ICSA Labs Report" (PDF). International Computer Security Association. September 21, 2009. Archived from the original (PDF) on June 21, 2022. Retrieved October 29, 2009.
  17. "NSS Labs Security Value Map for Intrusion Prevention Systems". Sourcefire. Business Wire. January 30, 2013. Archived from the original on February 13, 2013. Retrieved January 30, 2013.
  18. "2012 Intrusion Prevention Systems Security Value Map" (PDF). NSS Labs. August 31, 2012. Archived from the original (PDF) on August 31, 2012. Retrieved August 31, 2012.
  19. "Cisco Agrees to Buy Sourcefire in $2.7 Billion Deal". Bloomberg News. July 23, 2013. Retrieved September 25, 2016.
  20. "FireAMP Fights Malware with Big Data Analytics". PC World . January 23, 2012. Retrieved January 23, 2012.
  21. "Snort Website" . Retrieved October 28, 2008.
  22. "ClamAV Website". Archived from the original on January 10, 2010. Retrieved October 28, 2008.
  23. "Immunet Website" . Retrieved May 23, 2015.
  24. 1 2 "Inside Sourcefire's Vulnerability Research Team". May 12, 2010. Retrieved July 6, 2010.
  25. "Snort 2.1 Intrusion Detection, Second Edition". Amazon. April 30, 2004. Retrieved December 11, 2009.
  26. "Snort2.0 Intrusion Detection (Paperback)". Amazon. 2003. Retrieved December 11, 2009.
  27. Trost, Ryan (July 3, 2009). Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century. Addison-Wesley. ISBN   978-0321591807.
  28. "Sourcefire VRT" . Retrieved July 6, 2010.
  29. "FAQ – Malware Statistics" . Retrieved July 6, 2010.
  30. 1 2 "Dark Reading Article". January 30, 2009. Archived from the original on January 20, 2013. Retrieved December 11, 2009.
  31. "The Free Library Article". 2007. Archived from the original on October 20, 2012. Retrieved December 11, 2009.
  32. "Encyclopedia.com Article". August 17, 2005. Retrieved December 11, 2009.
  33. "Microsoft Security Response Center Partners". Microsoft . Retrieved July 6, 2010.
  34. "Cisco Completes Acquisition of Sourcefire". cisco.com. October 7, 2013. Retrieved June 18, 2014.
  35. "Cisco Talos". January 19, 2018.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.