March 24th, 2006
U.S. says no to Sourcefire/Snort deal
Today, the U.S. government nixed the $225 million acquisition of Sourcefire by Check Point Software Technologies, an Israeli security software company. In the wake the Dubai port deal, deals with foreign entities are receiving added scrutiny from the Committee on Foreign Investment. The Washington Post reports that Sourcefire, based in Columbia, MD, had $30 million (13 percent of revenue) in revenue from government clients, including the Defense Department.
Sourcefire’s intrusion prevention software is based on Snort, which is open sourced and has over 100,000 users.
Apparently, the FBI was opposed to the sale, fearing the foreign ownership, Israeli in this case, would make the government and other sensitive networks more vulnerable. What does that say about the U.S./Israeli relationship? Sourcefire’s commercial implementation of Snort must have some secret sauce that would give whoever owns it some hacking advantage. Here’s how Sourcefire describes its product and relationship with Snort:
Over the past several years, Sourcefire has contributed increasing resources to advancing the Snort technology. That commitment has resulted in advances such as gigabit performance capability, the integration of the snort_inline technology, the current and future generations of IP defragmentation and TCP stream reassembly functionality, protocol anomaly detectors and normalization, portscan detection, the unified output subsystem, reams of documentation and two complete code audits. In addition, we have developed the Sourcefire Vulnerability Research Team and dedicated significant resources to improving the quality, accuracy and timeliness of Snort rules.
Today, Sourcefire combines the very best of open source with the best of the commercial world. Leveraging the power and reach of the open source Snort rules-based detection engine, Sourcefire adds a critical layer of asset and behavioral profiling. Sourcefire’s RNA (Real-time Network Awareness) maintains a persistent profile of a network and its assets. Using passive discovery methods, RNA adds a new level of visibility and intelligence.
If Sourcefire’s commercial product were completely open sourced, and not a hybrid, would the U.S. government try to apply export laws or shut down an open source project?
Dan Farber, editor-in-chief of CNET News.com, has more than 20 years of experience as an editor and journalist covering technology. See his full profile and disclosure of his industry affiliations.
