Government probes bid for Sourcefire from Check Point

Check Point’s proposed acquisition of intrusion prevention firmSourcefire is delayed at least until March 23 while the U.S.government investigates whether it wants the deal to gothrough.

The concern is that Sourcefire’s technology is used to protectcomputer assets of the Department of Defense and the NationalSecurity Agency and whether it is in the interest of nationalsecurity to have that technology owned by a foreign company.Because Check Point is Israeli-owned, the sale falls under thereview of the Committee on Foreign Investments in the UnitedStates.

Sourcefire’s founder, Martin Roesch, was the lead developer ofSnort, the open source intrusion detection and prevention softwareon which the bulk of Sourcefire’s technology is based. Sourcefire’sintrusion prevention software also receives feeds from theSourcefire RNA vulnerability assessment product that enables thesoftware to automatically prioritize decisions about blockingpotential threats.

According to published reports, the FBI and Department of Defenseobjected to the sale.

The potential risk is that Sourcefire software analyzes trafficfrom top to bottom and that capability could be used to filterinformation by whether key words appear in it, says Sam Stover, amember of Network World’s Clear Choice Test Lab and director oftesting and evaluation at the Advanced Technology Research centerat Lockheed Martin IT.

“The thing to keep in mind,” Stover says, “is that Snort does allof these things now and no one really cares. But once the companybecomes foreign owned, then it’s a big deal. Why? The applicationhasn’t changed.”

Sourcefire’s technology is not unique, according to John Pescatore,a vice president and network security expert for Gartner. “I thinkthe concern of these agencies is that by their use of thetechnology they’re ahead of the bad guys,” Pescatore says. “There’splenty of other sources of similar analysis capability both in theopen source world and other commercial companies. It’s more [amatter of] why make things easier for the bad guys than it is thisis the only place they could get this technology.”

The likelihood that the investigation will tie up the sale is about20 percent, Pescatore says, because of Israel’s strong politicalties to the U.S. “Israel is a little different than if thetechnology was going to China or India,” he says.

A source close to Check Point says no Sourcefire employees haveU.S. government security clearances, and that Sourcefire sells onlyoff-the-shelf software, not custom software for any particularcustomer. The company has no classified contracts with the U.S.government and neither Check Point nor Sourcefire has anygovernment ownership the source says.

This federal review is exactly the kind that was waived in the caseof a United Arab Emirates firm that won a contract to manageseveral East Coast U.S. ports.

The committee doing the investigation is chaired by the Departmentof the Treasury and includes the departments of Defense, State,Commerce, Homeland Security and Justice.

The committee’s report goes to the president, who has 15 days totake action or choose not to.