Young also says Cisco, which is growing more open in integrating third-party products into its products, was more than ready to take up the banner of open-source IDS. Sourcefire's Roesch is expected to be named vice president and chief architect for Cisco security, and he "will be driving a lot of the strategy around Cisco's portfolio," Young says.
For his part, Roesch in a conference call with Wall Street analysts said discussions between Sourcefire and Cisco leading up to today's announcement had convinced him there's "a great deal of synergy" and that the two companies share "similar cultural ideals." Sourcefire brings 2,500 business and government customers in 180 countries, and it has a strong presence in the Washington, D.C. ,area where it has federal government customers.
Analysts are buying in so far.
"It's a good acquisition for them because there were questions around Cisco security," says Zeus Kerravala, principal at ZK Research. "They can't win the security wars by being a better appliance vendor than all the others at every point in the network."
Sourcefire will help Cisco fill out pxGrid, a framework the company announced last month for allowing third-party developers of security applications to add capabilities to Cisco Identity Services Engine (ISE). ISE is designed to provide policy-based, context-aware security for Cisco networks.
Third-parties will be able to add capabilities to ISE that allow the appliance to share network context information user ID, type of device, access method, access media, privilege level with other systems in the IT infrastructure and then allow those systems to instruct ISE on what remediation actions to take on Cisco network elements, if warranted. Cisco plans to submit pxGrid to the IETF and other standards organizations early next year as an industry-sanctioned framework for injecting context-aware security and remediation into networks.
PxGrid aggregates all security information and analytics, and provides a networkwide view, Kerravala says. "They get more IPS and security management analytics from Sourcefire, as well as a next-generation firewall. I wasn't expecting [an acquisition] that big but it does take care of a couple of things," he says.
IDC security analyst Phil Hochmuth says Sourcefire gives Cisco some cloud-based advanced threat technology in addition to firewall and IPS expertise. "They get cloud-based complex malware analysis and advanced, undetectable threat" detection technology, Hochmuth says. "It will be interesting to see how they tie it together with the Cognitive Security acquisition" announced back in January.
Cognitive Security specializes in real-time behavioral analysis to detect security threats. Cisco is looking to combine Cognitive's technology with its own global, cloud-based threat-intelligence system.
"Cisco needs to get more cloud-oriented with security," Hochmuth says. "They need to tie together cloud security with on-premises devices. They're moving towards that" with the Sourcefire, Cognitive and ScanSafe acquisitions. Cisco bought ScanSafe, a maker of software-as-a-service (SaaS) Web security services for enterprises and small-to-mid-sized businesses in 2009.
Sign up for Computerworld eNewsletters.