Earlier this year I covered Check Point's attempt to purchase Sourcefire. Well, Check Point bought another vendor -- NFR -- for $20 million. Talk about market valuation; Sourcefire's sale price was $225 million. NFR is also down to 22 employees, according to the press release. Although the FAQ says
Check Point intends to continue to sell, support, and develop an independent NFR Security product line.
I doubt that will last. It doesn't make sense to buy the technology but not integrate it into Check Point's firewalls, and then discard the separate box.
At this point it seems we're left with the following IDS/IPS vendors:
Let's see how that relates to the idea that all network security functions will collapse to switches. The first four sell switches, so I expect them to lead that drive. The fifth (ISS) is owned by IBM, who is more interested in services these days. I expect IBM will discontinue or sell off that product line, following Symantec's lead, to focus on services.
I don't think McAfee's prospects are good. I think Microsoft will eventually crowd out the anti-virus/anti-malware/anti-spyware/NAC/host defense market. All host-centric security will collapse into the operating system. That knocks out a huge chunk of McAfee's product line. This is really going out on a limb, but I could see McAfee being sold off in pieces, with Microsoft acquiring host-centric assets, Cisco or another switch vendor buying Intrushield, and IBM acquiring the services part.
Where does this leave Sourcefire? If they eventually do go public, I think they will still end up being purchased by someone -- maybe Cisco. At some point Cisco will realize their IDS is not that great, and they will buy better technology. The Feds will see Cisco as a perfectly acceptable suitor and will approve the deal.
Returning to Check Point, they will probably be acquired by a switch vendor at some point too.
Did I miss anyone? I don't count all the vendors repackaging Snort.