Sourcefire and Q1 Labs team up, Immunet integration rolls ahead

The partnership means customers can use Sourcefire's Real-time Network Awareness (RNA) within the QRadar platform to track network behavior and identify vulnerabilities.

. What's this?

By , Senior Editor

January 25, 2011CSO

Sourcefire and Q1 Labs are teaming up to integrate Sourcefire's Intrusion Prevention System (IPS) with QRadar Security Information and Event Management (SIEM), a move designed to give customers a wider, deeper look into network security events.

Martin Roesch, Sourcefire's founder and CTO, talked to CSO about the partnership yesterday, along with such other topics as the company's recent acquisition of Immunet and how its technology will bolster that of Sourcefire, most famous for its open-source Snort IDS tool.

Under the agreement, Q1 Labs will join Sourcefire's Technology Partner Program and Sourcefire will join Q1 Labs' Security Intelligence Partner Program. Customers will be able to use Sourcefire's Real-time Network Awareness (RNA) within the QRadar platform to track network behavior and identify vulnerabilities. Customers will also be able to configure the Sourcefire IPS eStreamer feature to forward critical threat intelligence, including intrusion events, impact flag alerts and Real-time User Awareness (RUA) events to QRadar for analysis, correlation and archiving.

Tom Turner, senior vice president of marketing and channels at Q1 Labs, said of the partnership, "Organizations need the threat correlation and analysis capabilities to proactively safeguard their systems before an attack, and integrating Sourcefire's threat and network visibility with QRadar will allow users to have that ability."

Also see "Cloud security strategies: Where does IDS fit in?"

The partnership is the latest in what has been a busy period for Sourcefire. Earlier this month, the company announced it was buying Immunet for $21 million in cash, which included $17 million paid at closing and $4 million expected to be paid over the next 18 months.

Roesch said the Immunet integration is moving along quickly. "We had been working with Immunet to integrate ClamAV technology with Immunet technology for close to a year so we established a technical working relationship awhile back," he said. "Our engineering teams were already working well together."

Sourcefire had already said it will retain all full-time Immunet personnel, including founders Oliver Friedrichs, Alfred Huger and Adam ODonnell. Immunet employees will join Sourcefire within the office of the CTO.

"Sourcefire is the perfect company to accelerate Immunet's path to market," said Oliver Friedrichs, Immunet Founder and CEO. "Sourcefire secures organizations and individuals worldwide with advanced network security technology. Adding an internet-scale, advanced cloud platform catapults Sourcefire into a leadership position in endpoint protection as well."

Case study: Harvard's network surveillance center puts Q1 Labs' QRadar tool to the test

Roesch said all the recent activity is part of Sourcefire's larger drive to serve a wider audience.

"Driving us now is the re-emergence of client-side attacks, coupled with server-side attacks that have been around forever. We're strategically working on a better defense for that," he said. "We don't want to be seen as just an IDS vendor. We want to be seen as a company with all the major technology needed for today's threats."

Read more about network security in CSOonline's Network Security section.

Other stories by Bill Brenner

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
RESOURCE CENTER