QUESTION & ANSWER

Is a merger or acquisition in Sourcefire's future?

By Bill Brenner, Senior News Writer 14 Jun 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

How has the Sourcefire IPO settled?
Martin Roesch: The process, the Wall Street aspect, was pretty fascinating. We're public now and it's great. You get taken more seriously as a company. You're no longer the little start-up that could go away. Competitors used to say that because we were private you couldn't tell what was going on, and that we could go away any day. They can't say that now.

Martin Roesch

What are some of the direct benefits customers will notice now that you are public?
Roesch: We have a bigger war chest now and stock that's worth something, which we could use in a future M&A (mergers and acquisitions) transaction. I have to be pretty circumspect in talking about some of what we have planned. We're looking at certain M&A transactions in spaces that compliment what we're doing now. We're looking for ways to leverage open source more effectively. We have some tricks up our sleeve, but it's too soon to really talk about them.

The theme at Gartner this year is Security 3.0, the concept of having security baked into the larger IT infrastructure. Where does Sourcefire fit in?

Sourcefire: Sourcefire, Nmap deal to open vulnerability scanning: Sourcefire and Insecure.org have inked an agreement to develop open source vulnerability scanning tools based on Insecure's Nmap scripting engine. Sourcefire expands strategy in effort to leverage its network real estate: Sourcefire has announced plans to expand its overall product strategy to span network access control, intrusion prevention, network behavior anomaly detection and post-admission network access control under the Enterprise Threat Management banner. Snort creator, Sourcefire seek fresh approach: Sourcefire Inc. is launching Enterprise Threat Management. Sourcefire says the open source tool Snort is the backbone of the new strategy.

Roesch: We have what we call our 3-D strategy, which fits in really well with the Security 3.0 concept. It's an overlay security infrastructure that lets us take our technology, our IPS, defense center, and integrate it with the rest of the existing network infrastructure, making it more effective for providing security in our customer environments. I think it's a great dovetailing of technologies together. Everyone isn't going to run out and buy new security-enabled infrastructure -- switches, routers and so on. They want [their security] to work with what they've got, so our approach is intelligence-enabled technology that overlays very nicely on existing infrastructure.

Snort is hugely popular and sometimes the open source community will cringe at the thought of more integration because they like the freedom to be flexible with different programs. How are the Snort users reacting to Sourcefire's direction?
Roesch: They are very happy with our direction. The bulk of them are Snort users. I'm working on the new Snort 3.0 architecture and I've been showing it to customers and they love it. They feel it's the logical progression, a more comprehensive code base to attack their problems compared to what has come before. The existing Snort architecture has been in the field since 1999 and it is battle tested, very solid code. We're taking it in the next logical direction. The gear heads like the direction and those who aren't gear heads like that they don't have to be gear heads to use it.

Tags: Open Source Security Tools and Applications,  Software Development Methodology,  Security Industry Market Trends, Predictions and Forecasts,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Open Source Security Tools and Applications Screencast: How to launch an OpenVAS scan Could Metasploit popularity erode? Metasploit Project acquired by vulnerability management firm Rapid7 SSH key compromise shuts down Apache website Screencast: Smoothwall offers firewall defense in lean times Screencast: Samurai offers pen-testing nirvana Rootkit Hunter demo: Detect and remove Linux rootkits When to use open source security tools over commercial products Screencasts: On-screen demonstrations of security tools Maltego demo: Identifying a website's trust relationships Software Development Methodology How to detect software tampering Developers Need Help with Security Errors Does an EULA make it truly illegal to decompile software? SQL injection continues to trouble firms, lead to breaches IBM acquires Ounce Labs for source code analysis Microsoft issues emergency Active Template Library updates Software security threats and employee awareness training Adobe patches ColdFusion vulnerability blocking website attack nCircle statistics show rising Web application vulnerabilities Common PCI questions: Web application firewalls or source code review? Security Industry Market Trends, Predictions and Forecasts Healthcare security spending remains sluggish, report shows How to use Internet security threat reports M86 buys Web security gateway vendor Finjan Information Security Decisions 2009: Presentation downloads Bruce Schneier on outsourcing, awareness training Marcus Ranum on cyberwarfare, infosec careers McAfee survey finds faults in midmarket enterprise security Email archiving vendor sues Gartner over Magic Quadrant Information Security magazine October issue PDF Editor's Desk: Security 7 Winners Chronicle Trends That Shape The Industry Security Industry Market Trends, Predictions and Forecasts Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Blowfish  (SearchSecurity.com) Kermit  (SearchSecurity.com) Open Source Hardening Project  (SearchSecurity.com) SnortSnarf  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary