When Cisco announced the $2.7bn acquisition of security firm Sourcefire, there were some who instantly concluded that it means the imminent demise of the open source intrusion detection and prevention technology, Snort, and its community. Not so, says Cisco.
Critics: Some took to Twitter to predict Snort’s demise.
I asked Cisco SVP of security Chris Young what he would say to users and community members who are fearful that its acquisition by such a large firm – not especially well-known as an open source advocate – will mean it’s starved of resources and left to wither. "What I’d say to them is that Snort is one of the key pieces of value in the acquisition – it’s one of the reasons that we bought it in the first place," Young said.
"It’s incredibly important that we keep the community vibrant and we continue to invest in that community," he said. "We’re also going to learn as much about open source as we can from them. Cisco has been doing more in open source recently, for example with Project OpenDaylight [which is around software defined networking] and OpenStack [an open source cloud computing project]. We’re doing more around open source at the company level and we intend to learn more from Marty [Roesch, founder of Sourcefire] and his team."
Roesch created Snort in 1998. Snort is said to use a rule-driven language which combines the benefits of signature, protocol and anomaly-based inspection methods. It’s had over four million downloads and is said to be the most widely-used IDS/IPS in the world. Sourcefire also manages another open source security project, ClamAV anti-malware, and provides other open source and freeware tools such as OfficeCat and Daemonlogger.
The $2.7bn price-tag that Cisco is paying for Sourcefire comes to over ten times Sourcefire’s annual revenue, but it’s instantly given Cisco orders-of-magnitude greater strength in security, particularly cybersecurity.