March 24, 2006

Check Point withdraws from Sourcefire acquisition

Author: Joe 'Zonker' Brockmeier

Sourcefire announced yesterday that Check Point Software Technologies has withdrawn the merger filing, and that the companies would instead pursue partnership opportunities.

The merger deal was announced last October. Check Point had agreed to acquire Sourcefire for about $225 million in cash and stocks, and the deal was supposed to close in the first quarter of this year. Check Point has approximately 1,400 employees and is headquartered in Ramat-Gan, Israel. Sourcefire, the company behind the open source Snort intrusion detection system (IDS), is based in Columbia, Maryland.

Because Check Point is based outside the US, the deal required approval by the Committee on Foreign Investment in the United States (CFIUS) as well as antitrust approval of the deal, which had been received. CFIUS is the same committee that approved the controversial sale of Peninsular and Oriental Steam Navigation to United Arab Emirates-owned DP World without the additional 45-day review.

According to the FAQ posted on the Check Point site on March 23, the complexity of the CFIUS process required to merge the companies caused the companies to conclude "it may be simpler and better to pursue other partnership alternatives or take more time to work with the government."

Michele Perry, chief marketing officer for Sourcefire, says that they could not comment on the nature of the complications with the CFIUS process, but that the companies have abandoned the acquisition at this time. Perry says that they believe "all international acquisitions are being closely scrutinized at this time."

We tried to get comments from Check Point about the CFIUS process, but the company did not provide a spokesperson in time for this article. According to an article by the Associated Press, however, objections to the deal were raised by the FBI and Pentagon over concerns that the deal could endanger the security of sensitive systems in the US.

Richard Bejtlich, president and CEO of TaoSecurity and author of the popular TaoSecurity blog, says that he did not think the scrutiny of this deal was strictly political or related to the failed DP World deal.

Instead, he says there are legitimate concerns with the sale. He noted that Snort, the open source component of Sourcefire's product line, is only one piece of the company's product line. The remainder of the product line is not open source, and therefore not subject to inspection the way that open source software is. According to Bejtlich, Sourcefire gear has been approved for deployment in sensitive environments, and the fact that Sourcefire was about to be purchased by a foreign company "upset people."

Bejtlich says he is surprised that the deal fell through, and that he hasn't heard of any other companies being subject to the additional review process. Bejtlich says he thought that the deal would probably be approved, but with additional requirements that would provide access to source code for inspection. Bejtlich says it is possible the government had put forward requirements that the companies found unacceptable, or that CFIUS was dragging its feet.

Sourcefire going forward

Perry called the decision to abandon the acquisition an "amicable walkaway" and says that it shouldn't have any impact on Snort development or Sourcefire's other products. "Throughout this period, we've continued to independently develop, market, and sell our products." Perry also said the company plans to unveil a major release of its Sourcefire 3D system on Monday, and that a beta of Snort 2.6 was released this week.

Bejtlich said that the failed deal is unlikely to cause problems for Sourcefire, and suggested that the attention brought to Sourcefire by the acquisition had put the company on the map for acquisition by another security company that might want to shore up its security product line.

He also says that there is a great deal of discussion within the government on how to deal with code not developed in the US, though open source was less likely to raise red flags because of foreign contributors. "To me open source is always better than proprietary products; if it goes in a direction that you don't like, or the company goes out of business ... you always have the option to continue the product yourself, and it's completely transparent. You can review the code, or hire somebody else to do a code review for you."


  • News
Click Here!