Check Point Misses Critical Opportunity

The communiques coming out of Check Point Software Technologies are optimistic. Despite withdrawing from its purchase of intrusion-prevention innovator Sourcefire, the Israel-based firewall company says it will look for other ways to collaborate with its former acquisition target.

The Bush administration last week indicated it had national security concerns about the $225 million deal between Check Point, the arguably the world's leading firewall company, and Sourcefire, a U.S.-based start-up that developed advanced technology for improving the accuracy of IPS systems.

Check Point, which brought the first commercial firewall to market more than a decade ago, needed Sourcefire for its plans to transform itself from a perimeter-focused security to an end-to-end security infrastructure.

"The challenge for Check Point is to get beyond the perimeter," says Pete Lindstrom, research director at analyst firm Spire Security. "They went out to the endpoint. Now, they have to defend the core, and when you do that, you need to look at more passive monitoring solutions."

The company isn't without an IPS product; its SmartDefense acts as a proactive intrusion-detection system, and its InterSpect appliance automates the detection and response of attacks on network segments. But SmartDefense has never evolved to become a commercially competitive IPS product and doesn't compare to more advanced technologies, such as those offered by Cisco Systems, McAfee or Internet Security Systems.

"We've decided to pursue alternative ways for Check Point and Sourcefire to partner in order to bring to market the most comprehensive security solutions," said Check Point CEO Gil Shwed in a statement.

Sourcefire was founded by Martin Roesch in 2001 as a commercial-management platform for the popular open-source IDS sensor Snort. Roesch, also the creator of Snort, took a different approach to IPS by only monitoring for traffic that was a known threat to the systems being guarded. In other words, if Sourcefire was protecting a Windows server, it would ignore all Unix and Linux attacks and traffic. That greatly improved the efficiency of IPS by reducing the number of false positives.

"With more than 1,000 enterprise customers, market leading products, an incredible management team, talented employees and some of the most seasoned investors in the industry, we truly look forward to moving forward as a standalone entity," said Sourcefire CEO Wayne Jackson in a statement. "While we maintain the highest respect for the Check Point team, we are relieved that the process has reached a conclusion and look forward to exploring our partnership opportunities."