Mission alignment drives biggest deal of the year

Cisco’s $2.7 billion acquisition of Sourcefire last October was driven in large part by a new paradigm in cyber security, a threat-centric approach that addresses the full attack continuum across ever-extending networks.

What Sourcefire brought to Cisco was the technology, talent and innovation to bolster its portfolio of security products and services under the new model, Cisco officials say.

The deal was picked as the best large business acquisition in 2013 as part of Washington Technology’s annual M&A special report.“The big mind shift is that as mobility has risen, as clouds have risen and as the Internet of Everything will rise, the notion of perimeter defenses is just not sufficient,” said Raja Patel, senior director of cloud security for the Cisco Security Business Group.

“The perimeter control point continues to distribute because of mobility so you have to take an extended-network view,” he said. “You don’t have one place where you can do security. You need architectures and solutions that continuously evolve and loop across before, during and after an attack.”

Patel said Cisco came to recognize that its security portfolio needed to encompass products and services that captured the entire attack continuum. Sourcefire, a Maryland-based company that develops network security hardware and software, embraced the attack-continuum security model that would align perfectly with Cisco’s security strategy, he said.

As a result, Sourcefire brought “alignment on mission at a high level” to Cisco, Patel said. “When we looked at the new paradigm in security prior to the acquisition and what Sourcefire [offered] it was 100 percent alignment—focus on threat and focus on the entire attack continuum,” he said. “The portfolios are quite complementary.”

On the technology side, Sourcefire brought a portfolio of products that includes Sourcefire Advanced Malware Protection (AMP), which provides malware analysis and protection for networks and endpoints.  Cisco has integrated AMP into its content security portfolio. “Cisco has had market leading platforms for Web and email security delivered as appliances and from the cloud,” Patel said. “That AMP capability…is a natural next layer of technology integration.”

Sourcefire also adds open-source innovation to Cisco’s security program. Sourcefire’s FirePOWER network security appliances, for example, are based on Snort, an open-source intrusion detection system created by Martin Roesch, who founded Sourcefire in 2001. Cisco officials said that the company is committed to driving the FirePOWER platform forward and to open-source development in general. Cisco also will continue to support Snort, Clam Antivirus and other open-source projects.

“Sourcefire was founded on the construct of open source so bringing that community-based approach into the [security] portfolio is really important,” Patel said.

The acquisition also infused Cisco’s security group with talented personnel from Sourcefire, including Roesch, who became vice president and chief architect for the security group.

“There is no doubt that Sourcefire brings top industry talent to us,” Patel said. “That talent is really, really important,” he said. “That deeper security knowledge expands our security practice and augments [the expertise] we already had in the company.”

The merger also strengthens Cisco’s in the government space. “Sourcefire naturally has a lot of government customers, and many of them are traditional Cisco customers as well,” he said.