Chris Young, senior vice president in Cisco's security group, acknowledges that Cisco and Sourcefire compete in IDS/IPS, which Cisco often includes as part of its ASA firewalls. He says he is precluded at this time from discussing specific strategy in IDS/IPS and NGFW until after the acquisition is completed. Once the deal is finalized, Cisco plans to put forward a product road map that would include these product and service topics.
Cisco's Young did say that today the company wants to buy Sourcefire for its core technologies (including FireAMP) and threat-research expertise. Cisco is considering how to integrate FireAMP threat detection into security products such as Cisco ASA firewalls and Web security gateways, he says.
Young also says Cisco, which is growing more open in integrating third-party products into its products, was more than ready to take up the banner of open-source IDS. Sourcefire's Roesch is expected to be named vice president and chief architect for Cisco security, and he "will be driving a lot of the strategy around Cisco's portfolio," Young says.
For his part, Roesch in a conference call with Wall Street analysts said discussions between Sourcefire and Cisco leading up to today's announcement had convinced him there's "a great deal of synergy" and that the two companies share "similar cultural ideals." Sourcefire brings 2,500 business and government customers in 180 countries, and it has a strong presence in the Washington, D.C. ,area where it has federal government customers.
Analysts are buying in so far.
"It's a good acquisition for them because there were questions around Cisco security," says Zeus Kerravala, principal at ZK Research. "They can't win the security wars by being a better appliance vendor than all the others at every point in the network."
Sourcefire will help Cisco fill out pxGrid, a framework the company announced last month for allowing third-party developers of security applications to add capabilities to Cisco Identity Services Engine (ISE). ISE is designed to provide policy-based, context-aware security for Cisco networks.
Third-parties will be able to add capabilities to ISE that allow the appliance to share network context information user ID, type of device, access method, access media, privilege level with other systems in the IT infrastructure and then allow those systems to instruct ISE on what remediation actions to take on Cisco network elements, if warranted. Cisco plans to submit pxGrid to the IETF and other standards organizations early next year as an industry-sanctioned framework for injecting context-aware security and remediation into networks.