Sourcefire

Sourcefire was founded in 2001 by Martin Roesch, the creator of Snort. The company created a commercial version of the Snort software, the Sourcefire 3D System, which evolved into the company's Firepower line of network security products. The company's headquarters was in Columbia, Maryland in the United States, with offices abroad.

The company's initial growth was funded through four separate rounds of financing raising a total of $56.5 million from venture investors such as Sierra Ventures, New Enterprise Associates, Sequoia Capital, Core Capital Partners, Inflection Point Ventures, Meritech Capital Partners, and Cross Creek Capital, L.P.{{efn|A venture fund whose general partner is a wholly owned subsidiary of Wasatch Advisors, Inc.}}

In 2005, Check Point Software attempted to acquire Sourcefire for $225 million,{{cite web |url=http://www.checkpoint.com/press/2006/sourcefire032306.html |title=Check Point and Sourcefire to Explore Alternative Business Relationship |date=March 23, 2006 |publisher=Check Point |access-date=October 12, 2008 |url-status=dead|archive-url=https://web.archive.org/web/20140326093518/http://www.checkpoint.com/press/2006/sourcefire032306.html |archive-date=March 26, 2014}} but later withdrew its offer after it became clear US authorities would attempt to block the acquisition.{{cite web |url=http://www.securityfocus.com/news/11382 |title=Check Point calls off Sourcefire buy |date=March 24, 2006 |publisher=Symantec |access-date=October 13, 2008}} The company completed an initial public offering in March 2007, raising $86.3 million.{{cite news |url=http://searchstorage.techtarget.com/news/1288233/Top-10-technology-IPOs-of-2007 |title=Top 10 technology IPOs of 2007 |date=December 31, 2007 |work=TechTarget |access-date=September 24, 2016}}{{efn|The sole book-running manager of the offering was Morgan Stanley & Co. Incorporated. Lehman Brothers Inc. acted as co-lead manager and UBS Securities LLC and Jefferies Group LLC served as co-managers.}} In August of the same year, Sourcefire acquired Clam AntiVirus.{{cite web |url=http://www.securityfocus.com/brief/571 |title=Sourcefire acquires ClamAV |publisher=SecurityFocus |date=August 17, 2007 |access-date=October 28, 2008 |archive-date=November 11, 2012 |archive-url=https://web.archive.org/web/20121111181428/http://www.securityfocus.com/brief/571 |url-status=dead }} Sourcefire rejected an offer of $187 million in May 2008 from security appliance vendor Barracuda Networks,{{cite news

|url=https://arstechnica.com/information-technology/2008/05/barracuda-hungry-for-oss-security-developer-sourcefire/ |title=Barracuda hungry for OSS security developer Sourcefire |date=May 30, 2008 |work=Ars Technica |access-date=August 20, 2009}} who had offered to pay US$7.50 per share, amounting to a 13% premium of their then-current stock price.{{cite news |url=http://www.infoworld.com/article/2652031/techology-business/sourcefire-says-no-to-barracuda-s-takeover-bid.html |title=Sourcefire says no to Barracuda's takeover bid |date=May 30, 2008 |work=InfoWorld |access-date=August 20, 2009}} Sourcefire announced its acquisition of the cloud-based antivirus firm Immunet in January 2011.{{cite web |last=Friedrichs |first=Oliver |title=Immunet Acquired by Sourcefire |url=http://blog.immunet.com/blog/2011/1/5/immunet-acquired-by-sourcefire.html |publisher=Immunet |access-date=April 10, 2011 |url-status=live|archive-url=https://web.archive.org/web/20110110185812/http://investor.sourcefire.com/phoenix.zhtml?c=204582&p=irol-newsArticle&ID=1513329&highlight= |archive-date=January 10, 2011}}{{cite news |title=Sourcefire Announces Acquisition of Immunet |url=http://investor.sourcefire.com/phoenix.zhtml?c=204582&p=irol-newsArticle&ID=1513329&highlight= |publisher=Sourcefire |access-date=April 10, 2011 |date=January 5, 2011 |agency=Business Wire |archive-url=https://web.archive.org/web/20110413030018/http://blog.immunet.com/blog/2011/1/5/immunet-acquired-by-sourcefire.html |url-status=dead |archive-date=April 13, 2011}}

Revenue for the fourth quarter of 2012 was $67.4 million compared to $53.2 million in the fourth quarter of 2011, an increase of 27%.{{cite news |url=http://www.investors.com/news/technology/sourcefire-security-stock-rises-on-earnings-report/ |title=Sourcefire Security Blazes Up on Q4 After VMware Drop |date=February 22, 2013 |work=Investor's Business Daily |access-date=September 24, 2016 |url-access=subscription }} Revenue for the year ending December 31, 2012 was $223.1 million compared to $165.6 million for 2011, an increase of 35%. International revenues were $74.4 million, up 77% over 2011. As of December 31, 2012, the company's cash, cash equivalents, and investments totaled $204.0 million.{{cite news |url=https://finance.yahoo.com/news/sourcefire-announces-record-revenue-fourth-210500719.html |title=Sourcefire Announces Record Revenue for Fourth Quarter & Full Year 2012 |date=February 21, 2013 |access-date=February 21, 2013 |publisher=Yahoo! Finance |agency=Marketwire

}}

Sourcefire received SC Magazine's 2009 "Reader Trust" award for best intrusion detection and intrusion prevention system (IDS/IPS) for Snort{{cite news |url=http://www.scmagazineus.com/Best-IDSIPS-solution/article/130871/ |title=Best IDS/IPS solution |date=April 22, 2009 |work=SC Magazine |publisher=Haymarket Media Group |access-date=October 29, 2009 |url-status=dead|archive-url=https://web.archive.org/web/20111127215827/http://www.scmagazineus.com/best-idsips-solution/article/130871/ |archive-date=November 27, 2011}} and Network World's "2009 Best of Tests" award for the Sourcefire 3D System.{{cite news |url=http://www.networkworld.com/article/2870352/data-center/2009-best-of-the-tests-winners.html#slide14 |title=2009 Best of the Tests winners |date=February 24, 2009 |work=Network World |access-date=October 29, 2009 |archive-date=September 27, 2016 |archive-url=https://web.archive.org/web/20160927010735/http://www.networkworld.com/article/2870352/data-center/2009-best-of-the-tests-winners.html#slide14 |url-status=dead }}

On July 23, 2013, Cisco Systems announced a definitive agreement to acquire Sourcefire for $2.7 billion.{{cite news |url=https://www.bloomberg.com/news/articles/2013-07-23/cisco-agrees-to-buy-sourcefire-in-2-7-billion-deal |title=Cisco Agrees to Buy Sourcefire in $2.7 Billion Deal |date=July 23, 2013 |publisher=Bloomberg News |access-date=September 25, 2016}}

The Sourcefire Firepower line of appliances are designed to form part of a layered security defense. They can be deployed as:

• Next-Generation Intrusion Prevention System (NGIPS), with network visibility into hosts, operating systems, applications, services, protocols, users, content, network behavior and network attacks and malware.
• Next-Generation Firewall (NGFW) with NGIPS, incorporating access and application control, threat prevention and firewall capabilities
• Next-Generation Intrusion Prevention System with integrated:

:* Application control

:* Malware protection

:* URL filtering

• Advanced Malware Protection Appliance for dedicated inline network protection against advanced malware.

Sourcefire Advanced Malware Protection (AMP) offers malware analysis and protection for networks and endpoints using big data analytics to discover, understand and block advanced malware outbreaks, advanced persistent threats (APTs) and targeted attacks. AMP enables malware detection and blocking while provisioning continuous analysis and retrospective alerting, using Sourcefire's cloud security intelligence{{clarify|date=July 2013}}.

Advanced Malware Protection can be deployed inline via a product key on NGIPS, dedicated AMP Firepower appliance or on endpoints, virtual and mobile devices with FireAMP.{{cite news |url=http://www.pcworld.com/article/248563/fireamp_fights_malware_with_big_data_analytics.html |title=FireAMP Fights Malware with Big Data Analytics |date=January 23, 2012 |work=PC World |access-date=January 23, 2012}}

{{main|Snort (software)}}

Snort is an open source network intrusion prevention and detection system utilizing a rule-driven language, which combines signature, protocol and anomaly based inspection methods. Developed in tandem with the Snort open source community, its developers claim it is the most widely deployed intrusion detection and prevention technology worldwide.{{cite web |url=http://www.snort.org |title=Snort Website |access-date=October 28, 2008}}

{{main|Immunet}}

Immunet uses the cloud virus definitions along with virus definitions from Clam AntiVirus which is an open source (GPL) anti-virus toolkit primarily used on UNIX operating systems designed for e-mail scanning on e-mail gateways. It provides a number of utilities including a multi-threaded daemon, a command-line interface scanner and tool for automatic database updates. The core of the package is an anti-virus engine available in a form of a shared library.{{cite web |url=http://www.clamav.org |title=ClamAV Website |access-date=October 28, 2008 |url-status=dead|archive-url=https://web.archive.org/web/20100110212818/http://www.clamav.org/ |archive-date=January 10, 2010}} Immunet was provided in two versions, Free and Plus.{{cite web |url=http://www.immunet.com |title=Immunet Website |access-date=May 23, 2015}}

As of June 10, 2014, Immunet Plus is no longer available, replaced with Immunet Free, supported by Cisco.^[8]

The Sourcefire Vulnerability Research Team (VRT) was a group of network security engineers which discovered and assessed trends in hacking activities, intrusion attempts, and vulnerabilities.{{Cite web|url=http://www.csoonline.com/article/593237/inside-sourcefire-s-vulnerability-research-team

|title=Inside Sourcefire's Vulnerability Research Team

|work=CSO

|date= 2010-05-12

|access-date=2010-07-06}} Members of the Sourcefire VRT include the ClamAV team as well as authors of several standard security reference books{{Cite web|url=https://www.amazon.com/exec/obidos/tg/detail/-/1931836043/

|title=Snort 2.1 Intrusion Detection, Second Edition

|website=Amazon

|date=2004-04-30

|access-date=2009-12-11}}{{Cite web|url=https://www.amazon.com/exec/obidos/tg/stores/detail/-/books/1931836744/

|title=Snort2.0 Intrusion Detection (Paperback)

|website=Amazon

|year=2003

|access-date=2009-12-11}}{{Cite book|title=Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century |date=2009-07-03

|isbn=978-0321591807 |last1=Trost |first1=Ryan |publisher=Addison-Wesley

}} and articles. The Sourcefire VRT is also supported by the resources of the open source Snort{{Cite web|url=http://www.snort.org/vrt

|title= Sourcefire VRT

|date=

|access-date=2010-07-06}} and ClamAV{{Cite web|url=http://www.clamav.net/lang/en/support/faq/faq-cctts/

|title= FAQ – Malware Statistics

|date=

|access-date=2010-07-06}} communities.

The group focuses on developing vulnerability-based rules to protect against emerging exploits for Sourcefire customers and Snort users. The VRT has provided zero-day protection for outbreaks of malware, including Conficker,{{Cite web

|url=http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=213000041

|archive-url=https://archive.today/20130120071239/http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=213000041

|url-status=dead

|archive-date=January 20, 2013

|title=Dark Reading Article

|date=2009-01-30

|access-date=2009-12-11

}} Netsky, Nachi,{{Cite web

|url=http://www.thefreelibrary.com/Sourcefire(R)+Protects+Users+from+Exploits+Against+Microsoft+Tuesday...-a0169667038

|title=The Free Library Article

|year=2007

|access-date=2009-12-11

|archive-date=October 20, 2012

|archive-url=https://web.archive.org/web/20121020125919/http://www.thefreelibrary.com/Sourcefire(R)+Protects+Users+from+Exploits+Against+Microsoft+Tuesday...-a0169667038

|url-status=dead

}} Blaster, Sasser, Zotob, Nachi{{Cite web|url=http://www.encyclopedia.com/doc/1G1-135220661.html

|title=Encyclopedia.com Article |date=2005-08-17

|access-date=2009-12-11}} among others. The VRT also delivers rules that provide same day protection for Microsoft Tuesday vulnerabilities, develops the official Snort rules used by the Sourcefire 3D System, develops and maintains the official rule set of Snort.org, and maintains shared object rules that are distributed for various platforms in binary format.{{Cite web|url=http://www.microsoft.com/security/msrc/collaboration/mapppartners.aspx

|title=Microsoft Security Response Center Partners

|website=Microsoft

|date=

|access-date=2010-07-06}}

Following the Cisco acquisition{{cite web| url = http://www.cisco.com/web/about/ac49/ac0/ac1/ac259/sourcefire.html| title=Cisco Completes Acquisition of Sourcefire| date=2013-10-07| website=cisco.com |access-date=2014-06-18}} of Sourcefire in 2013, the VRT combined with Cisco's TRAC and SecApps (Security Applications) group to form Cisco Talos.{{cite web | url = https://talosintelligence.com| title=Cisco Talos| date=2018-01-19}} "Talos" was officially coined in usage in 2014, followed by its trademark, and was announced at Blackhat that year.

{{portal|Free Software}}

• Antivirus software
• Intrusion detection system (IDS)
• Real-time adaptive security

{{notelist}}

{{reflist|30em}}

• {{official website|http://www.sourcefire.com/}}
• [http://www.snort.org/ Snort homepage]
• [http://www.clamav.net/ ClamAV homepage]

{{Antivirus software}}

Category:2001 establishments in Maryland

Category:Computer security software companies

Category:Software companies established in 2001

Category:American companies established in 2001

Category:2013 mergers and acquisitions

Category:Free software companies

Category:Software companies based in Maryland

Category:Companies based in Columbia, Maryland

Category:Companies formerly listed on the Nasdaq

Category:Cisco acquisitions

Category:Software companies of the United States