Cisco Systems’ move last week to acquire Sourcefire, a Columbia-based cybersecurity firm, could be a harbinger of similar deals to come, as firms seek to bolster their ability to ward off threats in an evolving world of smartphones, tablets and other Web-enabled gadgets.
The Washington area could be a beneficiary of the new round of dealmaking, as many of the companies specializing in cybersecurity took root here in the aftermath of the Sept. 11, 2001, terrorists attacks. The metropolitan area now teems with cyber firms clustered in Northern Virginia and around the National Security Agency at Fort Meade in Anne Arundel County.
“These things only used to happen on the West Coast. This was homegrown, right from the state of Maryland,” said Larry Letow, chairman emeritus of the Tech Council of Maryland and president and chief operating officer of Convergence Technology Consulting, an information technology consulting firm based in Glen Burnie. “It’s going to have a tremendous positive effect.”
Indeed, the deal for Sourcefire, valued at $2.7 billion, was validation for some of the region’s technology chops. With 650 employees, Sourcefire specializes in open-source software that helps automate the process of detecting when someone is trying to break into a computer network.
The public company brought a bit of whimsy to that geeky chore. It playfully called its chief product Snort, and each year handed out calendars filled with cartoon images of its mascot, an angry looking pig.
“Everybody’s realizing there’s a good amount of money in cybersecurity. When you drop that kind of money on a product, you’re not fooling around,” Letow said.
Increasing threats worldwide prompted the acquisition, Cisco Senior Vice President Chris Young said during a call last week to analysts, explaining that the advent of mobile devices, cloud computing and social media have created new entry points for cybercriminals.
In the past few years, Cisco has completed a series of other security-related acquisitions, including San Francisco- and London-based security firm ScanSafe for $183 million, and Czech artificial intelligence firm Cognitive Security for an undisclosed amount.
Cisco said it expects the deal, which has been approved by both companies’ boards, will close by the end of the year. The San Jose-based company plans to keep Sourcefire’s core engineering team in Columbia.
“We’re committed to the region’s success in solving the cybersecurity problem,” Young said. “We want to continue the partnership [with the region] we have today.”
John Prisco, president and chief executive of Triumfant, a 150-person cybersecurity firm based in Rockville, said the deal should catalyze further consolidation of the industry.
Cisco’s cybersecurity acquisitions are an “attempt to kind of knit security into the fabric of the network,” Prisco said.
Not all cybersecurity firms handle attacks in the same way — Triumfant, for instance, specializes in protecting each device connected to a network, whereas Sourcefire protects the network itself. It could take years for large tech firms to build an ultimate cybersecurity solution involving all these approaches, Prisco said.
Once the deal is completed, the next challenge is to fully integrate Sourcefire’s software, staff and culture into Cisco’s, said Gartner analyst Greg Young.
“It’s a concern we shared with the Cisco team from the get-go — how are we going to do this and keep what’s special, interesting, unique and powerful about Sourcefire?” Martin Roesch, Sourcefire’s founder and chief technology officer, said in an interview.
For instance, will Cisco maintain Sourcefire’s commitment to open-source software, which depends on others sharing and collaborating on improving the code.
So far, Roesch said, Cisco executives have assured him they would like to incorporate more open-source software models. “What I was really worried about was getting swallowed up in a 70,000-person company,” he said.
“I think most people still think the hotbed for technology including cyber is still out in Silicon Valley,” Roesch said. The latest deal “signals that the Mid-Atlantic region — the Maryland, Northern Virginia area — is one of the centers of excellence, as Cisco put it, for the U.S. and cybersecurity. There’s a lot of opportunity for people who are in the field, for people who are thinking of starting companies in the area, the talent infrastructure and knowledgeable people there.”