Cisco announced their intention to acquire Sourcefire for $2.7 billion dollars this week in a somewhat surprising move given their relatively recent divestitures in well-known and adopted Cisco security products. Examples such as the end-of-life of the Monitoring, Analysis, and Response System (MARS) and the continued deteriorization of the Cisco IPS/IDS product the Adaptive Security Appliance (ASA), which itself was a re-engineered and re-branded IDS that came through the acquisition of the Wheelgroup in 1998, had many believing Cisco no longer wanted to invest in their presence in the security market. In retrospect however, these were also indicators as to why acquiring a company like Sourcefire was necessary for Cisco. While the acquisition may have shaken many of the Sourcefire loyal, in time, if done correctly, this acquisition could be a great step forward for the community as a whole and may have been a necessary one for the advancement of Sourcefire in general (and certainly one for Cisco).
Perfect Timing for Sourcefire
Sourcefire is a security community pillar functioning as a community organizer, open-source pioneer, and provider of leading security products. However, the industry is rapidly moving towards a newer iteration of security capabilities (I refuse to say Next G*&$#ation). Sourcefire has struggled with shifting OEM suppliers as well as major upgrades to their flagship product (I’m still holding my breadth for that Snort 3.0 release date). Furthermore, in recognition of the move to the next iteration of security products, Sourcefire has made investments into Next Generation (*cringe) Firewall technology and malware protection. However, these jumps are costly and difficult to make for vendors the size of Sourcefire. Especially considering that the market currently consists of largely focused niche vendors like Palo Alto in the realm of NGFW and FireEYE in malware protection.
The collective result could have left Sourcefire in a rather precarious position with their core market of IDS/IPS, still existing, but rapidly shrinking and finding themselves in direct competition with already established industry leaders in emerging markets. While this precarious position was anywhere near being that of signaling significant decline for Sourcefire, it would have been difficult to continue the rapid growth it has enjoyed in previous years.
Of course having maturing products in a breadth of segments can assist an organization in growing despite more mature products on the market from niche vendors if the larger organization has more mature sales channels to help rapidly grow their install base. This however, is not an arena where Sourcefire is particularly strong. While Sourcefire enjoys solid penetration in the US government space and in various east coast enterprises, Sourcefire on the whole has struggled to achieve deep market penetration west of the Mississippi, let alone on a global stage versus market competitors in virtually every realm Sourcefire competes. All these elements combined to form the perfect time for Sourcefire to accept an acquisition offer. Far from desperation, at the peak of their abilities but facing potential hazards ahead and in need of a partner with brand recognition and strong sales channels.
Cisco Getting Back in the Game
While some analysis is required to understand why Sourcefire would need a Cisco type partner for growth, understanding why Cisco needs Sourcefires requires virtually no analysis. Sourcefire represents a clear opportunity for Cisco to get back into the security market in a big way. Though, given Sourcefire’s $2.3 billion market cap, $233.1 million 2012 earnings and years of continuous growth it is by no means a cheap opportunity ($2.7 Billion dollar acquisition!). That said, Cisco can provide the sales channel, and (non-security) executive-level brand recognition that Sourcefire currently lacks to continue growth. In addition, the Cisco brand opens up two key demographics that Sourcefire previously did not play as well in. The first is in the realm of inexperienced network administrators and architects not familiar with security vendors who put a lot of faith into the Cisco brand. The second is board room personalities, who, though interested in security, likely are not keenly focused on security in general. For top level executives, it must be noted that security is typically a small line item versus their companies overall expenditures. Having the ability to introduce and influence these decision makers to be more aware of security is invaluable for a pure-play company like Sourcefire. The influence that Cisco can assert in this realm is heavily assisted by looming US Federal Government influence on private sector businesses to ensure a better baseline for security (see the Executive Order on Improving Cybersecurity). It is not unlikely that, as these political forces continue to raise awareness and push senior-level decision makers to adopt more comprehensive security practices, that they will turn to giants like Cisco to help them get their businesses there (but that’s a whole other story).
Of course much of Cisco’s success will lie in the balance of whether or not they can appease the Sourcefire community with high-quality solutions and maintain the strong open-source following of Sourcefire and more particularly Snort, which I would argue has allowed Sourcefire to be highly competitive with frankly less sophisticated engine in the IPS/IDS market (referring to Snort 2.x engine versus McAfee or IBM). The real question is whether or not Cisco will be able to capture the passion of the security folks within Sourcefire as Sourcefire has been a refuge for many passionate security folks. While much of the community of passionate security professionals outside of Sourcefire have found themselves in a diaspora, Sourcefire has remained relatively potent with top-tier folks in research, development, marketing, and decision making. The result of this potency of passion for security has resulted in leadership in virtually every sector they operate, despite the challenge of being a standalone pure play. Sourcefire has set a high standard for marketing, product development community leadership, , and delivery. In order for Cisco to get their moneys worth out of this $2.7 billion acquisition, it is imperative that they capture that passion and cultivate it into market leadership.
How to Capture the Passion
It’s simple. Fund development, encourage innovation, support research (even if it’s controversial), retain top-level visionaries, and promote elitism (make those involved feel like they are a part of something special) while humbly continuing to build an external community. Of course these things are easy to evangelize when strictly focused on security. The true challenge Cisco faces is whether they will be able to meet these goals while of course recognizing that Sourcefire, though an industry mogul for security, currently would account for less than a 0.5% of Cisco’s annual revenue. If however, in the face of adversity, Cisco can manage to capture the passion of Sourcefire and properly integrate Sourcefire into the Cisco family, Cisco will certainly be a force to be reckoned with long into the future.