Sourcefire

Sourcefire, Inc was a technology company that developed network security hardware and software. The company's Firepower network security appliances were based on Snort, an open-source intrusion detection system (IDS). Sourcefire was acquired by Cisco for $2.7 billion in July 2013.

Background
Sourcefire was founded in 2001 by Martin Roesch, the creator of Snort. The company created a commercial version of the Snort software, the Sourcefire 3D System, which evolved into the company's Firepower line of network security products. The company's headquarters was in Columbia, Maryland in the United States, with offices abroad.

Financial
The company's initial growth was funded through four separate rounds of financing raising a total of $56.5 million from venture investors such as Sierra Ventures, New Enterprise Associates, Sequoia Capital, Core Capital Partners, Inflection Point Ventures, Meritech Capital Partners, and Cross Creek Capital, L.P.

In 2005, Check Point Software attempted to acquire Sourcefire for $225 million, but later withdrew its offer after it became clear US authorities would attempt to block the acquisition. The company completed an initial public offering in March 2007, raising $86.3 million. In August of the same year, Sourcefire acquired Clam AntiVirus. Sourcefire rejected an offer of $187 million in May 2008 from security appliance vendor Barracuda Networks, who had offered to pay US$7.50 per share, amounting to a 13% premium of their then-current stock price. Sourcefire announced its acquisition of the cloud-based antivirus firm Immunet in January 2011.

Revenue for the fourth quarter of 2012 was $67.4 million compared to $53.2 million in the fourth quarter of 2011, an increase of 27%. Revenue for the year ending December 31, 2012 was $223.1 million compared to $165.6 million for 2011, an increase of 35%. International revenues were $74.4 million, up 77% over 2011. As of December 31, 2012, the company's cash, cash equivalents, and investments totaled $204.0 million.

Sourcefire received SC Magazine's 2009 "Reader Trust" award for best intrusion detection and intrusion prevention system (IDS/IPS) for Snort and Network World's "2009 Best of Tests" award for the Sourcefire 3D System. The company placed in the "Leaders" Quadrant in the 2012 Gartner Magic Quadrant competition for intrusion detection and prevention system appliances, and received ICSA Labs' certification for the full line of Firepower (formerly 3D) appliances. Sourcefire was given a top "recommend" rating in 2012 for fastest and most accurate IPS detection from NSS Labs. Firepower was also ranked by NSS Labs at the top of their 2012 "Security Value Map" in security effectiveness and total cost of ownership.

On July 23, 2013, Cisco Systems announced a definitive agreement to acquire Sourcefire for $2.7 billion.

Firepower
The Sourcefire Firepower line of appliances are designed to form part of a layered security defense. They can be deployed as:
 * Next-Generation Intrusion Prevention System (NGIPS), with network visibility into hosts, operating systems, applications, services, protocols, users, content, network behavior and network attacks and malware.
 * Next-Generation Firewall (NGFW) with NGIPS, incorporating access and application control, threat prevention and firewall capabilities
 * Next-Generation Intrusion Prevention System with integrated:
 * Application control
 * Malware protection
 * URL filtering


 * Advanced Malware Protection Appliance for dedicated inline network protection against advanced malware.

Advanced Malware Protection
Sourcefire Advanced Malware Protection (AMP) offers malware analysis and protection for networks and endpoints using big data analytics to discover, understand and block advanced malware outbreaks, advanced persistent threats (APTs) and targeted attacks. AMP enables malware detection and blocking while provisioning continuous analysis and retrospective alerting, using Sourcefire's cloud security intelligence.

Advanced Malware Protection can be deployed inline via a product key on NGIPS, dedicated AMP Firepower appliance or on endpoints, virtual and mobile devices with FireAMP.

Snort
Snort is an open source network intrusion prevention and detection system utilizing a rule-driven language, which combines signature, protocol and anomaly based inspection methods. Developed in tandem with the Snort open source community, its developers claim it is the most widely deployed intrusion detection and prevention technology worldwide.

Immunet
Immunet uses the cloud virus definitions along with virus definitions from Clam AntiVirus which is an open source (GPL) anti-virus toolkit primarily used on UNIX operating systems designed for e-mail scanning on e-mail gateways. It provides a number of utilities including a multi-threaded daemon, a command-line interface scanner and tool for automatic database updates. The core of the package is an anti-virus engine available in a form of a shared library. Immunet was provided in two versions, Free and Plus.

As of June 10, 2014, Immunet Plus is no longer available, replaced with Immunet Free, supported by Cisco.[8]

Sourcefire Vulnerability Research Team
The Sourcefire Vulnerability Research Team (VRT) was a group of network security engineers which discovered and assessed trends in hacking activities, intrusion attempts, and vulnerabilities. Members of the Sourcefire VRT include the ClamAV team as well as authors of several standard security reference books  and articles. The Sourcefire VRT is also supported by the resources of the open source Snort and ClamAV communities.

The group focuses on developing vulnerability-based rules to protect against emerging exploits for Sourcefire customers and Snort users. The VRT has provided zero-day protection for outbreaks of malware, including Conficker, Netsky, Nachi, Blaster, Sasser, Zotob, Nachi among others. The VRT also delivers rules that provide same day protection for Microsoft Tuesday vulnerabilities, develops the official Snort rules used by the Sourcefire 3D System, develops and maintains the official rule set of Snort.org, and maintains shared object rules that are distributed for various platforms in binary format.

Following the Cisco acquisition of Sourcefire in 2013, the VRT combined with Cisco's TRAC and SecApps (Security Applications) group to form Cisco Talos. "Talos" was officially coined in usage in 2014, followed by its trademark, and was announced at Blackhat that year.