Cisco to buy Columbia's Sourcefire for $2.7B

Cisco wants firm's products, talent and deep roots in East Coast cyber hub

July 23, 2013|By Jamie Smith Hopkins, The Baltimore Sun

A marquee name in the technology industry said Tuesday that it is buying Columbia-based Sourcefire — a homegrown player in the hot cybersecurity field — for $2.7 billion cash.

Cisco Systems wants to bolster its security offerings with Sourcefire products, which protect the computers and networks of major businesses and government agencies. The Silicon Valley firm — eager to tap new talent and increase its footprint in the East Coast's major cyber hub — said Sourcefire's headquarters will remain in Columbia and it does not plan any job cuts.

Sourcefire employs more than 650 worldwide, 320 of them locally.

"We're very much looking forward to having this team continuing to innovate, continuing to grow," said Christopher Young, senior vice president of Cisco's security group. "We need this team. We need their product portfolio."

The deal comes as businesses and governments focus more and more on protecting their computer networks and data as cases of hacking and stolen data mount. There are frequent reports of data breaches and growing evidence of fresh cyber threats from hackers, criminal enterprises and foreign governments.

Cisco tops the market in network security, but its technology has fallen behind in recent years, said Rob Owens, a senior analyst at Pacific Crest Securities in Portland, Ore. Sourcefire offers cutting-edge products to a company that needs them, he said, while the much bigger Cisco can get those products to a broader customer base.

As the threats worsen, companies and governments must spend more to keep their systems safe, Owens said.

"It's a white hot field, and it's going to remain so for many years to come," he said.

The boards of both companies approved the $76-a-share deal, which San Jose, Calif.-based Cisco expects will close later this year.

The price is nearly 30 percent higher than Sourcefire's $59-a-share stock price at the market's close Monday. And the $2.7 billion price blows away a $206 million offer Sourcefire spurned in 2008.

"Definitely a very healthy valuation," said Jonathan Ho, a research analyst at William Blair & Co.

But the price — nine times higher than Sourcefire's expected revenue this year — doesn't strike him and other analysts as unreasonable for Cisco to pay.

Sourcefire is one of the leaders in detecting and preventing intrusion in computers, networks and mobile devices, with about 11 percent of the global market, according to William Blair. Cisco has a 14 percent share, just behind No. 1 McAfee.

Tech entrepreneur Martin Roesch, who started Sourcefire in his Carroll County living room in 2001, plans to remain with the merged company. Cisco said he will become vice president and chief architect of its security group.

Sourcefire's roots reach back three years before its founding, when Roesch made a network security program called Snort and put it online for free. He launched Sourcefire to develop a commercial version of the program.

Snort — downloaded nearly 4 million times— remains free and "open source," which means that a worldwide community of computer programmers can see and vet its code.

That open-source ethos made Sourcefire a tough sell to investors early on. But in recent years it's been seen as a strength — many eyes looking for holes and offering fixes, producing a harder-to-hack product even though hackers can see the code, too.

Cisco's Young told analysts Tuesday that Sourcefire's "vibrant open-source community" is part of what his company found attractive about the Columbia firm. By crowdsourcing security, Roesch was ahead of his time, Young said.

"You have my and Cisco's unwavering commitment to this community," Roesch said to open sourcers Tuesday. "Snort is now and always will be free."

Sourcefire — which has more than 2,500 customers in over 180 countries — makes its money off other products, which detect cyber threats and prevent attacks. Sourcefire's advanced malware protection, for instance, detects and blocks malicious programs that aim to burrow into computer systems and do damage from within.

Young said the anti-malware technology and Sourcefire's newest generation of products designed to prevent intrusion into computer systems will break new ground for Cisco. And where the companies' products overlap, the customer bases are largely different, he said.

Cisco — with revenues of $46 billion in its last fiscal year, compared with Sourcefire's $223 million — does a lot more than cybersecurity. It sells routers, wi-fi technology, networking services and videoconferencing products, to name a few.

But the Sourcefire acquisition speaks to Cisco's decision to make security its top priority, Young said. It's a field with ever-increasing threats.

"When this is described as a war, it's not an overexaggeration," he said. "The inability for companies, for service providers and governments to defend against this type of attack can have disastrous consequences."

Baltimore Sun Articles
|
|
|
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.