October 17, 2005

Check Point's acquisition of Snort's parent has some users worried

Author: Stephen Feller

Check Point Software Technologies and Sourcefire have a history of working together, but last week's announcement that Check Point plans to acquire Sourcefire has some open source users a bit nervous.

Check Point, pending regulatory approval, is expected to complete the Sourcefire acquisition early in the first quarter of 2006 for about $225 million, according to the company's Manager of Technical Marketing Andrew Singer.

Sourcefire is the company behind Snort, an open source network intrusion detection system (IDS). Snort, first released in 1998 under the GNU General Public License (GPL), has attracted a strong community of users. Sourcefire and Check Point say that the project will continue as it has, with Snort being developed and released under the GPL.

"There's no reason for us to do anything but continue to try to build that community," Sourcefire Chief Executive Officer Wayne Jackson said. "It's a great source of goodwill for us [and] it's a huge network of security expertise. We want to make sure that folks are reassured with regard to the open source nature of Snort, and both companies' continued interest in keeping it both open and best of breed."

Still, a change in owners makes some of Sourcefire's product's users anxious. The snort-users mailing list lit up with comments after the announcement was made, with a mix of responses from developers in the Snort community. Some users are voicing concern for the future of the community as it now exists, specifically worrying Check Point could stop releasing Snort as an open source product, especially in light of the move by Tenable Network Security to not release Nessus 3.0 under the GPL.

Other users are more optimistic. "Even though I have had some serious doubts about this, all in all, Sourcefire and Checkpoint will become better because of this," wrote Theo Stout. "Somewhere, someplace, the Pig will be stronger. I suppose we all just have to get used to such a large company being involved with Sourcefire."

Aside from the predictable mix of responses, from "the sky is falling" to those closer to Stout's optimism, several users noted that even if future Snort releases are not open source, current and older versions already are available under the GPL.

"With the actual sources one can start a fork," wrote Dirk Geschke. "I guess there are enough smart coders out there to continue the project on an open source basis. But before this will happen we should wait what happens next and decide then."

Sourcefire's founder said in a letter to users last week that Snort will remain free, as the software continues to be distributed under the GPL. "The community continues, as always, to be important to us as a group of people who use the code pervasively throughout the entire Internet, report on problems and make suggestions and contributions to the project," founder and chief technology officer Martin Roesch said. "Check Point is very excited about continuing Sourcefire's involvement with the open source community."

Singer said Check Point would benefit greatly from having Sourcefire and the Snort community to work with as the company adds to its unified security architecture and network intelligence, providing attack definitions and intrusion detection technologies.

"In addition, we gain solutions which immediately bolster our internal solutions line of security products and also really enhance overall our portfolio of network security solutions," Singer said. "We're very impressed by the Sourcefire people, and we very much look forward to making them a part of the Check Point family."

For Sourcefire the acquisition is an opportunity to operate on a much larger scale and in many more places, Jackson said. After the sale is approved, the company will contribute directly to systems worldwide, as opposed to focusing mostly on North America as they have been.

Jackson said he believes Sourcefire can offer Check Point a lot to improve its products, and each of the companies will continue their product lines as they are now -- possibly making the sale more merger than acquisition.

"They're obviously very successful, which means that we'll all now get to be a part of a true market leader," Jackson said.


  • Security
Click Here!