Next generation firewall, IPS and anti-malware, anti-virus capabilities could be coming together soon. IPS vendor Sourcefire (NASDAQ:FIRE) announced that it is acquiring privately held anti-malware vendor Immunet for $21 million in cash.
Immunet develops cloud-based anti-malware capabilities for consumers. The two companies have been partners for several years with the joint ClamAV for Windows Desktop solution that debuted in March of 2010.
The deal will bring Immunet’s cloud-based anti-malware capabilities under Sourcefire’s leadership with the promise of new enterprise security technologies to come soon.
“It used to be that if you had IPS, you were cool and no one could get into your servers, now it has changed and we’re morphing too,” John Burris, CEO of Sourcefire said during the company’s analyst conference call. “Next gen firewall is really about application control and awareness and this (Immunet) was something that made total sense with advanced persistent threat client side attack, and how it fits into Razorback.”
Razorback is an open source project effort led by Sourcefire that is designed to be an integrated security event framework to correlated threat and attack data. Sourcefire is also in the process of moving into the next generation firewall market as an extension of its traditional IPS business.
The Immunet technology goes beyond Sourcefire’s network threat focused approach with a focus on what they refer to as advance persistent client side threats. Sourcefire CTO Martin Roesch noted that the Immunet approach is different than traditional anti-malware vendor solutions. Roesch said that Immunet’s technology was designed to work side-by-side with existing anti-malware solutions to provide an additional layer of security.
“This is doing detection in the cloud as well as adding management features with the enterprise product that we’re anticipating,” Roesch said. “So if you look at why anyone would want to change or augment what they already have, the (Immunet) agent is lighter and there is less overhead for moving around signatures updates.”
Roesch added that the Immunet solution also provides improved efficacy over traditional anti-malware solutions thanks to the cloud. He explained that by using cloud scale data mining and machine learning techniques, the system is better at detecting malware than an approach based only on a classic desktop signature.
As part of an integrated solution, the Immunet technology will help Sourcefire to identify rapidly evolving and highly targeted malware attacks.
“You’ll be able to do things with this technology that no on has been able to do before, you’ll be able to monitor the execution of any file across an enterprise and characterize it,” Roesch said. “75 percent of malware that is picked up is unique to one machine – it’s polymorphic malware and these guys can see that.”