Sourcefire Buys Cloud Security Firm

IPS maker Sourcefire today made its first official move to the cloud with the $21 million acquisition of cloud-based anti-malware startup Immunet.

The publicly held Sourcefire says the deal not only expands its real-time detection to the cloud, but also adds to its portfolio endpoint protection from advanced persistent threats and other forms of client-side attacks. "IPS captures [these attacks] once they are there, so combining the two technologies felt like a natural fit," says Greg Fitzgerald, senior vice president of marketing at Sourcefire.

It has been a big week for acquisitions in security. Sourcefire's purchase of Immunet follows Dell's Tuesday purchase of managed security services provider SecureWorks. "One reason this acquisition is interesting is that it is another strong sign of the acceleration in security market consolidation. There have been two acquisitions this week alone, and I'm sure we can expect more acquisition and merger announcements as [the] RSA [Conference] approaches," says Andrew Storms, director of security operations at nCircle.

Immunet, which has 750,000 users worldwide, launched two years ago with a new model of inoculating an entire community of users when one member is infected with a new piece of malware. The cloud-based approach since has been catching on even among some traditional AV firms given the heavy footprint of desktop AV and the infections missed by some of these products.

Both antivirus and intrusion prevention technologies have been under fire for reactive approaches to catching malicious traffic and code. "From a technology standpoint, no matter how you think about the relative usefulness of these technologies, they are required by many compliance regulations, and that means IT teams have to implement and support them," nCircle's Storms says.

Sourcefire's Fitzgerald says the Immunet purchase signals the company's first step into cloud-based security. "You will see us playing a lot more with enterprise-scalable products," he says.

The two companies already have been partners, offering a free, Windows-based version of Sourcefire's ClamAV anti-malware product that uses Immunet's so-called Collective Immunity cloud service for real-time malware protection. And Immunet uses ClamAV technology in its service, Fitzgerald notes.

Sourcefire will build an enterprise version of Endpoint Protection, becoming available in the second half of 2011, that incorporates some of the unique capabilities of ClamAV with signatures and customizable signatures, he says. And Immunet's cloud platform also will allow Sourcefire to offer new IP reputation, data leakage protection, and endpoint forensics for enterprises, he says.

The combination of the information Sourcefire can get from Immunet's cloud-based collective can then be used to augment its IPS rules and signatures, he says. "You get double the protection," he says. "If we can provide a cloud-based platform, that can be open to any type of organization that wants to have that type of forensics and analysis. You will see new delivery model" that offloads the endpoint.

Oliver Friedrichs, CEO of Immunet, says while his firm initially targeted consumers, enterprises increasingly have been adopting it on a one-off basis. And Sourcefire's acquisition of his firm basically "reaffirms that the cloud model is here to stay," he says."It's not a fad. It provides up to a 35-times smaller footprint on the endpoint ... Other vendors may be forced to go down this path, but we have a two-and-a-half-year head start."

nCircle's Storms says the Sourcefire-Immunet deal fits with enterprise demands for more integrated, service-based offerings. "I think Sourcefire is responding to the market; people are looking for the same technologies, but delivered as a suite for ease of integration and use, and delivered as a service for cost reasons," Storms says. "We are definitely going to continue to see a wide range of IT services move from the back office into a service-based architectures. Despite security concerns about data in the cloud, companies are embracing the technology because it provides a value-added service at a lower cost."

All full-time Immunet employees, including founders Friedrichs, Alfred Huger, and Adam O'Donnell, will remain on-board and become part of the Office of the CTO at Sourcefire, according to Sourcefire.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.