Sourcefire may resurrect Check Point

By Joel Snyder
Network World, October 31, 2005

Original Article on Network World Web Site

Soon after he helped found Sourcefire in 2001, I met with Marty Roesch, the company's CTO. Roesch also is the architect and lead developer of Snort, an open source intrusion-detection sensor. One of the first things he said was, "We will not fork Snort" - that is, make two versions, one open source and the other proprietary to give Sourcefire a competitive edge. Instead, the company would go with the same open source sensor available to everyone and build on top of Snort to make an enterprise-ready intrusion-detection system.

Thus, Sourcefire's mandate: Build the infrastructure needed to wrap around a detection engine like Snort and put together an IDS, with emphasis on the "system" part.

I've been watching Sourcefire carefully since 2002, and what impresses me most about the company is the astonishing creativity and sharp focus of the entire team. Starting nearly from scratch, Sourcefire has aimed to compete with huge, established players in the network security business, such as Internet Security Systems. And while most of the other players have fallen by the wayside or been sucked into product-destroying mergers with big vendors, Sourcefire keeps churning out new products and ideas.

Which brings me to Check Point. When I first saw Check Point's firewall in 1995, it was an instant winner in my Network World competitive firewall test - and continued to win for years. Check Point understood firewall management and deployment in a way that no other company did. Firewall-1 had a "wow" factor that told me Check Point was serious about understanding and solving the problems of firewalls. Fast-forward to 2003, and the story is not so sweet. Check Point had continued to extend Firewall-1, but this was not the exciting and innovative company of 1995. It was competent and had a good product, but creative and innovative? Not from my point of view.

Check Point has since come out with three new products: an intrusion-prevention system, an SSL VPN and a security event management tool. It bought Zone Labs. So there's been action. But none of the new products has inspired the wow factor that I saw in 1995.

This is why Check Point and Sourcefire are such an exciting marriage. Check Point needs to regain creativity and refocus on doing interesting things to solve its customers' problems, and Sourcefire has that by the bushel. The Sourcefire team has taken great ideas and turned them into products in record time with very limited resources. If Sourcefire's energies can be integrated into Check Point, the potential is incredible.

Meanwhile, Sourcefire has its own lacunae. The company has products, but they're missing pieces - things that Check Point does very well. And Sourcefire can certainly benefit from the mature marketing, distribution, quality assurance and support infrastructure of an established company such as Check Point. If this marriage works, expect great things from Check Point - again.