Sourcefire Targets Next-Generation Firewalls
Sourcefire expands IPS capabilities and takes aim at next-generation firewall market for 2011.
Sourcefire is a vendor best known for its Intrusion Prevention System (IPS) technologies and its leadership of the Snort open source IPS. But while the IPS market remains a growth sector for Sourcefire, the company is now also gearing up to take aim at the market for next-generation firewall technology as well.
The move towards the firewall market comes as Sourcefire (NASDAQ:FIRE) reported solid third quarter 2010 financial earnings of $36.2 million, a 32 percent year-over-year increase. The firewall initiative could serve to expand the addressable market for the company, as well as to stave off competition from rivals into its core IPS business.
Sourcefire CTO Martin Roesch explained to InternetNews.com that there has been some confusion in the market around next-generation firewalls. Next-generation firewall technology is defined as having a stateful packet inspection with application control, with IPS at a minimum.
"We decided to enter space since we see market opportunity there and we think we have a lot to say on the subject," Roesch said.
A recent report from Infonetics Research has forecast the IPS market to be worth $1.2 billion by 2014, and the sector was reportedly worth $800 million in 2009. Roesch noted that he expects the next-generation firewall market to be at least as big as the market for IPS in the years ahead.
With its core IPS technologies, Sourcefire has built its business starting with open source technologies as a base. But for the next-generation firewall effort, open source technology will not form the foundation.
"We are building the firewall from scratch in-house. We are not using an open source firewall for the basis of this," Roesch said. "At this time we have no plans to produce additional open source projects others than the projects piloted by Sourcefire now."
"The utility of the classic firewall is becoming increasingly limited as time marches on," Roesch said. "Just because you block the entire Internet except for port 80 -- these days it means you're not blocking anything, since everything is tunneled over HTTP. HTTP is the new TCP."
Roesch added that many enterprises are now questioning the value of their firewalls, which is where the concept of next-generation firewalls is emerging. The next-generation firewall adds in application visibility features to help control and monitor application traffic.