Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


07:11 PM
Connect Directly

Sourcefire Buys Cloud Security Firm

Immunet's cloud-based anti-malware model to boost Sourcefire's enterprise endpoint offerings

IPS maker Sourcefire today made its first official move to the cloud with the $21 million acquisition of cloud-based anti-malware startup Immunet.

The publicly held Sourcefire says the deal not only expands its real-time detection to the cloud, but also adds to its portfolio endpoint protection from advanced persistent threats and other forms of client-side attacks. "IPS captures [these attacks] once they are there, so combining the two technologies felt like a natural fit," says Greg Fitzgerald, senior vice president of marketing at Sourcefire.

It has been a big week for acquisitions in security. Sourcefire's purchase of Immunet follows Dell's Tuesday purchase of managed security services provider SecureWorks. "One reason this acquisition is interesting is that it is another strong sign of the acceleration in security market consolidation. There have been two acquisitions this week alone, and I'm sure we can expect more acquisition and merger announcements as [the] RSA [Conference] approaches," says Andrew Storms, director of security operations at nCircle.

Immunet, which has 750,000 users worldwide, launched two years ago with a new model of inoculating an entire community of users when one member is infected with a new piece of malware. The cloud-based approach since has been catching on even among some traditional AV firms given the heavy footprint of desktop AV and the infections missed by some of these products.

Both antivirus and intrusion prevention technologies have been under fire for reactive approaches to catching malicious traffic and code. "From a technology standpoint, no matter how you think about the relative usefulness of these technologies, they are required by many compliance regulations, and that means IT teams have to implement and support them," nCircle's Storms says.

Sourcefire's Fitzgerald says the Immunet purchase signals the company's first step into cloud-based security. "You will see us playing a lot more with enterprise-scalable products," he says.

The two companies already have been partners, offering a free, Windows-based version of Sourcefire's ClamAV anti-malware product that uses Immunet's so-called Collective Immunity cloud service for real-time malware protection. And Immunet uses ClamAV technology in its service, Fitzgerald notes.

Sourcefire will build an enterprise version of Endpoint Protection, becoming available in the second half of 2011, that incorporates some of the unique capabilities of ClamAV with signatures and customizable signatures, he says. And Immunet's cloud platform also will allow Sourcefire to offer new IP reputation, data leakage protection, and endpoint forensics for enterprises, he says.

The combination of the information Sourcefire can get from Immunet's cloud-based collective can then be used to augment its IPS rules and signatures, he says. "You get double the protection," he says. "If we can provide a cloud-based platform, that can be open to any type of organization that wants to have that type of forensics and analysis. You will see new delivery model" that offloads the endpoint.

Oliver Friedrichs, CEO of Immunet, says while his firm initially targeted consumers, enterprises increasingly have been adopting it on a one-off basis. And Sourcefire's acquisition of his firm basically "reaffirms that the cloud model is here to stay," he says."It's not a fad. It provides up to a 35-times smaller footprint on the endpoint ... Other vendors may be forced to go down this path, but we have a two-and-a-half-year head start."

nCircle's Storms says the Sourcefire-Immunet deal fits with enterprise demands for more integrated, service-based offerings. "I think Sourcefire is responding to the market; people are looking for the same technologies, but delivered as a suite for ease of integration and use, and delivered as a service for cost reasons," Storms says. "We are definitely going to continue to see a wide range of IT services move from the back office into a service-based architectures. Despite security concerns about data in the cloud, companies are embracing the technology because it provides a value-added service at a lower cost."

All full-time Immunet employees, including founders Friedrichs, Alfred Huger, and Adam O'Donnell, will remain on-board and become part of the Office of the CTO at Sourcefire, according to Sourcefire.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio


Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/28/2020
The Problem with Artificial Intelligence in Security
Dr. Leila Powell, Lead Security Data Scientist, Panaseer,  5/26/2020
10 iOS Security Tips to Lock Down Your iPhone
Kelly Sheridan, Staff Editor, Dark Reading,  5/22/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-05-28
CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name.
PUBLISHED: 2020-05-28
node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This has been fixed in 0.2.1.
PUBLISHED: 2020-05-28
Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 through, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P.
PUBLISHED: 2020-05-28
IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 175484.
PUBLISHED: 2020-05-28
A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, causing an error to be displayed and preventing printer from functioning until the printer is rebooted...