Government probes Check Point's bid for Sourcefire

Check Point's proposed acquisition of intrusion prevention firm Sourcefire is delayed at least until March 23 while the U.S. government investigates whether it wants the deal to go through.

The concern is that Sourcefire's technology is used to protect computer assets of the Department of Defense and the National Security Agency and whether it is in the interest of national security to have that technology owned by a foreign company. Because Check Point is Israeli-owned, the sale falls under the review of the Committee on Foreign Investments in the United States.

Sourcefire's founder, Martin Roesch, was the lead developer of Snort, the open source intrusion detection and prevention software on which the bulk of Sourcefire's technology is based. Sourcefire's intrusion prevention software also receives feeds from the Sourcefire RNA vulnerability assessment product that enables the software to automatically prioritize decisions about blocking potential threats.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Check Point's proposed acquisition of intrusion prevention firm Sourcefire is delayed at least until March 23 while the U.S. government investigates whether it wants the deal to go through.

The concern is that Sourcefire's technology is used to protect computer assets of the Department of Defense and the National Security Agency and whether it is in the interest of national security to have that technology owned by a foreign company. Because Check Point is Israeli-owned, the sale falls under the review of the Committee on Foreign Investments in the United States.

Sourcefire's founder, Martin Roesch, was the lead developer of Snort, the open source intrusion detection and prevention software on which the bulk of Sourcefire's technology is based. Sourcefire's intrusion prevention software also receives feeds from the Sourcefire RNA vulnerability assessment product that enables the software to automatically prioritize decisions about blocking potential threats.

According to published reports, the FBI and Department of Defense objected to the sale.

The potential risk is that Sourcefire software analyzes traffic from top to bottom and that capability could be used to filter information by whether key words appear in it, says Sam Stover, a network security consultant and a member of the NWW Lab Alliance.

"The thing to keep in mind," Stover says, "is that Snort does all of these things now and no one really cares. But once the company becomes foreign owned, then it's a big deal. Why? The application hasn’t changed."

Sourcefire's technology is not unique, according to John Pescatore, a vice president and network security expert for Gartner. "I think the concern of these agencies is that by their use of the technology they're ahead of the bad guys," Pescatore says. "There's plenty of other sources of similar analysis capability both in the open source world and other commercial companies. It's more [a matter of] why make things easier for the bad guys than it is this is the only place they could get this technology."

The likelihood that the investigation will tie up the sale is about 20%, Pescatore says, because of Israel's strong political ties to the U.S. "Israel is a little different than if the technology was going to China or India," he says.

A source close to Check Point says no Sourcefire employees have U.S. government security clearances, and that Sourcefire sells only off-the-shelf software, not custom software for any particular customer. The company has no classified contracts with the U.S. government and neither Check Point nor Sourcefire has any government ownership the source says.

This federal review is exactly the kind that was waived in the case of a United Arab Emirates firm that won a contract to manage several East Coast U.S. ports.

The committee doing the investigation is chaired by the Department of the Treasury and includes the departments of Defense, State, Commerce, Homeland Security and Justice.

The committee's report goes to the president, who has 15 days to take action or choose not to.