[Dshield] Check Point acquires Sourcefire

Johannes B. Ullrich jullrich at euclidian.com
Fri Oct 7 14:56:02 GMT 2005


Hernandez, Moses wrote:
> Joel, 
>   One of my biggest Concerns in evaluating IPS is not just architecture
> but is in the R&D of Vulnerabilities and Signatures available. How great
> is Sourcefire at providing signatures for the product? There are many
> companies that have a great R&D and are an "Intrusion Prevention"
> company so they make it a point to be on top of the latest threats,
> would you consider Sourcefire a company like that? If so I think that's
> exactly what checkpoint needed and probably one of the biggest reasons I
> never purchased or recommended an Interspect solution to a company.

I will respond to this for Joel: The Sourcefire research team is
probably one of the best in the industry. I do know a couple of the
people in person, and they do know packets like nobody else. Also, they
are well connected in the community, making sure that they are on top of
the latest issues.

I do think that Checkpoint got a great deal when they purchased
Sourcefire. From what I can tell from the outside, Sourcefire is a well
run company, and likely making money (if not, at least they have a good
number of customers). Over the last couple years, they have grown well
beyond Snort with proprietary systems like RNA.

Now it remains to be seen what Checkpoint does with Sourcefire. I think
a lot of it will depend on how they will manage the open source community.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://www.dshield.org/pipermail/list/attachments/20051007/f2ded877/signature.bin


More information about the list mailing list