There are a few immutable facts regarding online security these days: 

• The frequency and sophistication of cyber attacks is increasing
• As a result of the advent of the cloud, the virtualization of work and bring your own device (BYOD) the number of vectors of vulnerability has and will continue to increase exponentially
• The perimeter is no longer a boundary or an obstacle to those with malicious intent
• Traditional approaches to security are inadequate
• IT has lost and/or is losing control and needs to get it back
• Security is now about improved awareness and visibility as well as being proactive as well as reactive

While Wall Street weighed in early with the opinion that Cisco was paying a premium, driving Cisco stock down a little (0.16 percent) at the close of trading, upon reflection after hours trading indicates that upon reflection this is a deal where the supposed premium is justified. 

The fact of the matter is that online security, as the headlines and commentary trumpet almost every day, is not only a lethal threat to organizations of any size and to governments, but has risen to the very top of the priority list of CEOs and CFOs worldwide after years of being an area of little interest to all IT professionals. Cisco, already endowed with a robust security portfolio, is keenly aware of this intense interest and was also cognizant that it had some product gaps which Sourcefire nicely fills.

In announcing the acquisition, Cisco correctly points out that the complexity of risk management in an increasingly online world means being able to offer IT the tools they need to, “provide continuous and pervasive advanced threat protection across the entire attack continuum – before, during and after an attack –and from any device to any cloud.” Sourcefire, with its product suite of highly automated security solutions, provides continuous awareness, threat detection and protection, including next-generation intrusion prevention systems, next-generation firewalls and advanced malware protection. In short, it fills in the gaps. 

Addressing the threat continuum is the thing

As noted above, the expansion of the number of vulnerable vectors, combined with the advanced nature of the threats and the inability of traditional disparate solutions to keep up with the bad guys, has caused a watershed moment for IT in terms of its role and ability to help manage risks. Cisco’s strategy of defending, discovering and remediating advanced threats is all about providing best-in-breed, easy to deploy and manage advanced capabilities to address the entire continuum of threat lifecycles. This stretches from preparedness, to real-time awareness to fast remediation. It means arming IT with the ability to be proactive as well as reactive.

The commentary on the deal from Cisco and Sourcefire are instructive as to why Sourefire and why now.

"‘Buy' has always been a key part of our build-buy-partner innovation strategy," said Hilton Romanski, vice president, Cisco Corporate Development. "Sourcefire aligns well with Cisco's future vision for security and supports the key pillars of our security strategy. Through our shared view of the critical role the network must play in cybersecurity and threat defense, we have a unique opportunity to deliver the most comprehensive approach to security in the market."

"The notion of the ‘perimeter' no longer exists and today's sophisticated threats are able to circumvent traditional, disparate security products. Organizations require continuous and pervasive advanced threat protection that addresses each phase of the attack continuum," said Christopher Young, senior vice president, Cisco Security Group. "With the acquisition of Sourcefire, we believe our customers will benefit from one of the industry's most comprehensive, integrated security solutions – one that is simpler to deploy, and offers better security intelligence."

"Cisco's acquisition of Sourcefire will help accelerate the realization of our vision for a new model of security across the extended network," said Martin Roesch, founder and chief technology officer of Sourcefire. "We're excited about the opportunities ahead to expand our footprint via Cisco's global reach, as well as Cisco's commitment to support our pace of innovation in both commercial markets and the open source community."

Buying now

As a long-time Cisco observer, I can remember back to the very earliest Cisco analyst events where CEO John Chambers always mentioned that the company’s focus regarding acquisitions is driven by listening to customers and giving them the solutions they need when they need them. He has never been shy about making moves to acquire critical assets the company either could not develop organically in a timely manner, or were not on the roadmap yet became critical needs as market changes dictated. Sourecfire thus follows in a long tradition and the timing is important here. 

As I have stated in several articles, we live in what I call “The Age of Acceleration.” It is an era where the only constants are change and the speed at which it is accelerating. Fortunately, or unfortunately, security has become the poster child for just how fast things change. The latest studies from a variety of security vendors all point in the direction that things are and will get worse. And, while there is a debate about what to secure, when, where and how—albeit a function of which vendor of what type of solution sponsored the report—security spending is increasing. Plus, every new cyber threat story stokes the fears of C-levels. The good news is that it has resulted in more holistic evaluations by multiple organizational stakeholders as to how to come up with a better strategy and the right set of tools to detect malicious activities and defend themselves.

A very strategic acquisition

Another market driver, aside from the obvious need to mitigate risk, is the desire of IT to end what I have called “IT Anarchy.”  They want more sophisticated tools to anticipate and see what is going on, provide centralized control and be the right solution for whatever the problem. They need the ability to respond quickly and effectively and to mitigate risks through the ability to enforce appropriate policies and rules and know in real-time when anomalies occur. They want to regain control of there environment because their control is viewed as the best way to mitigate risk.

What is also driving the market is IT’s desire to have fewer “throats to choke.” They want to shorten the trusted vendor list which is something Cisco understands very well. Hence, the acquisition of Sourcefire is a very strategic one. It makes picking Cisco as a strategic security vendor and not just a network vendor who has security solutions that much easier.

The deal comes with the usual disclaimers. The acquisition is expected to close during the second half of calendar year 2013, subject to customary closing conditions and regulatory reviews. Cisco expects it to be slightly dilutive to non-GAAP earnings in fiscal year 2014. Prior to the deal closing, Cisco and Sourcefire will operate as separate companies, and upon completion of the transaction Sourcefire employees will join the Cisco Security Group led by Christopher Young.

Is this the start of a trend where large networking companies pickoff security companies? The answer is obviously a function of the capabilities the hunters already have along with the ingenuity and traction of the hunted. 

That said, the security industry consensus is no one vendor has all of the puzzle pieces for managing people, devices, the applications those devices use, the content they access and the networks they rely on, industry restructuring is not just an option but appears to be highly probable. In fact, Cisco could still be a hunter. You can be sure that how Cisco continues to evolve the coverage of its security blanket is already the talk of boardrooms around the industry be they hunters or potential targets. This literally is a shot that has been heard around the world.