The term “DevOps” was first coined in 2009 by Patric Debois (sometimes called the “Godfather of DevOps”), and became even more popular after Gene Kim’s novel “The Phoenix Project” was released.

There isn’t a proper definition of DevOps. As Gene Kim puts it, “DevOps is more like a philosophical movement, and not yet a precise collection of practices, descriptive or prescriptive.”

DevOps is more of a movement whereby Software Developers and Systems Operators no longer work in silos, and instead work together in providing a service, hence the term DevOps.

There are two main processes in DevOps:

• Continuous Integration – as new code is developed and tested for modules, features, or fixes, it is added to the master codebase for the entire application.
• Continuous Deployment – as new builds are created by the software developers, it is deployed into the production system.

Several benefits can be had by implementing a DevOps philosophy:

• Faster development as changes are implemented continuously and tested continuously.
• Rapid Delivery as new features are deployed as fast as they are implemented.
• Less downtime as updates are implemented in short bits so an entire upgrade is not required.
• More automation means less mundane work, and more new stuff to create. Automation is a big part of DevOps since it allows the Continuous Integration and Continuous Deployment cycles.
• Improved reliability, not only because DevOps includes continuous monitoring of systems, but also because small changes are being made, better designs can be accomplished, while errors can be quickly determined and addressed.

But there will be hurdles to implement DevOps in many companies:

• Many businesses are built on a waterfall model, where they go through big changes every so often.
• There is a need to learn new skillsets. Software development of course, but also skills in tools to help automate and test, such as Puppet, Ansible, and Selenium.
• But mostly, the challenges of getting people to do something new, and work together for that change.

DevOps will play a huge role in how many businesses move into the future, they should get ready for it. To make the move to DevOps, the thinking needs to change.

I’ll go deeper into the topic in a later post.

Original article: What is DevOps

©2025 Interxect Services Limited. All Rights Reserved.

Before you click away, let me tell you a story…

I went to a conference recently and got a few pens and a couple of Hershey’s chocolate minis. I put it in my pocket and went my merry way.

When I reached home, I pulled out the pens from my pocket only to find some brown stuff on one. My immediate thought was that it was the chocolate melted and leaked out onto the pen.

To test this theory, I licked it, and… let’s leave it at that for now.

I could have just smelt it, or not bother and wipe it off, but I chose to taste it instead.

I say this not to gross you out, but to say, that no matter how smart you may think you are, you do some really stupid things sometimes.

The same thing happens with emails with seductive subject lines. Or links that promises something good if you click it. Things that lead to only bad things for users, and your data.

You would think that incidents such as these would never happen?

After all, you’ve spent loads of time training users. You’ve handed out lots of information about being safe on-line. You’ve shared instances of breaches due to human error.

But they do.

We should know better. It should be an automatic feeling that clicking that link or opening that attachment is a bad idea.

But we do it anyway.

That is why I say that awareness training is part of an arsenal that you have to stave off malicious attacks. But there’s bound to be some human error sometime, and you have to be ready for that.

So you have to have proper and updated anti-virus and anti-malware software. You need to put in that next generation firewall protection on the corporate network, and more firewall protection on PCs. You must have properly functioning backup systems in place to protect your data.

Technology needs to get better. Law enforcement needs to be stronger.

You still need security awareness training, and if the human being was perfect, then awareness training may be all that was required to protect your data.

But we are not.

As for that brown stuff… it was chocolate. But what if it wasn’t?… EWWW!

Original article: Why we can't totally trust people with information security'">Stupid people and data security Why we can't totally trust people with information security

©2025 Interxect Services Limited. All Rights Reserved.

I recently was called in by a non-profit saying that there was an issue with their file server, and they suspected malicious intent by somebody on the inside.

After a short investigation, I found the issue was the CryptoLocker ransomware. The malware encrypted all the files in the servers, which were shared via mapped drives.

I explained that it was not sabotage by anyone, but an unfortunate mistake by one of their users.

There was little I could do as they took too long to seek help. The time to get the files decrypted had passed and they couldn’t pay the money. Their only option was to restore from backups.

What is Ransomware

Ransomware is malicious software that when executed proceeds to extort money from you in some way. Examples of ransomware include:

• Fake antivirus scanners that claim to have found malware on your PC and demands money from you to clean them up. If you don’t pay it annoys you with pop-ups or may even prevent you from using your PC.
• Fake alerts that claim that your machine has been locked by federal police for illicit content on your PC and says that you need to pay a fine.
• Encrypting ransomware is the worst of the bunch. It encrypts certain files like files in your documents folder and on mapped drives, and then demands payment to decrypt it. CryptoLocker demands a payment of anywhere from US$500 to US$1500 in Bitcoin to decrypt your files. The use of Bitcoin makes the transaction difficult to trace.

You can remove the first two types using tools from reputable anti-virus makers and pose little risk other than a headache.

Encrypting ransomware like CryptoLocker, however, is the most dangerous. It uses public/private key encryption, which makes decryption impossible without the private key.

The ransomware scourge is truly frightening and I saw firsthand the effect it can have. Larger organisations may have the technology to reduce the risk, but how can smaller organisation do that?

Several organisations, when faced with the CryptoLocker malware, paid the ransom. This cost less than it would to restore from backups, which can takes days, and cost thousands more in downtime and overtime costs.

All authorities say that you should not pay the ransom, even for the CryptoLocker malware.

I agree.

Paying the ransom money only encourages these criminal organisations to continue their enterprise. It also goes towards financing the development of even worse tools.

Protecting your Business

So how can organisations protect themselves from this risk?

1. Use anti-virus software as a preliminary defence. AV software offers some level of protection from known attacks. Heuristic detection for unknown attacks is also getting better. But AV may still be ineffective against new versions of ransomware software, otherwise called zero-day software.
2. Be cautious of email, even from known people, asking you to open files or run software to view something. Scrutinise grammar and salutations. For example, if someone you know consistently calls you John, but the email addresses you as Jonathon, or Mr Smith, that should raise red flags. As a default, you should not open any files unless you are expecting it, or you call the person first to verify that it is legit.
3. Change your operating system preferences to show the entire file name, including extensions. This will help you determine if a file is an executable. Executable files have .exe or .com extensions. Malicious files often come with names such as document.pdf.exe, or spreadsheet.xls.com with icons that show up as a pdf or excel file. If you “hide extensions of known types” then the files will show up as document.pdf or spreadsheet.xls, making it difficult to identify it as a malicious file.
4. Heed warnings of anti-virus software or operating systems whenever you try to open a file. With user access control (UAC) on Microsoft Windows enabled, users are prompted if they want to run a particular application. Or an AV firewall may ask if you want to allow a particular file or application to access the internet. If you didn’t intend to run a file or application, then click no.
5. Configure your firewalls and antivirus to block email attachments with executable files if it is able to. There should be no reason for executable files to be sent to you via email. If someone has to send you an executable file, let them use ftp or a Dropbox link or similar, and then call the person to find out if they intended to send you those files.
6. Train your users to recognise threats. I admit that this is becoming increasingly difficult to do. I’ve seen some examples of malicious sites that were hard to discover as such. And I’m a security expert, far less a chance for the typical computer user to figure that out. However, awareness training for users helps reduce risks of those sites that they can identify, so it’s still worth doing.
7. Avoid mapped drives. This is hard for some organisations, but many malicious applications (not just Crypto Locker) scans all local drives, and will see the mapped drive as a local drive. If mapped drives are not used, then they can’t be attacked. This is not to say that another version of CryptoLocker won’t be released that will scan the network and enumerate files, but for now, eliminating mapped drives can mitigate the risk.
8. Use the principle of least privilege. This means that users are given the privileges to only do what they are required to do, and no more. This involves the creation of “whitelists” of what applications they can run. So if they accidentally try to run a malware nothing will happen.

Beyond these steps, there is little else any organisation can do. It’s up to the authorities to take down these criminal organisations, which are often on the other side of the globe.

The internet can be a dangerous place, but you can safely use it for personal and business benefit once you take the proper precautions.

Be safe out there.

Original article: 8 things you can do to protect yourself'">Protect your business from Ransomware 8 things you can do to protect yourself

©2025 Interxect Services Limited. All Rights Reserved.

Why is the success rate of projects so dismal? There are several reasons, the top of which are:

1. Lack of user involvement.
2. Improper or changing requirements and specifications.
3. Lack of resources.

I’ve written before on how you can improve the success rates of your IT projects by engaging your end users. Now, I’ll speak about a foundational aspect that can address all areas of IT project challenges.

Many projects are often implemented ad-hoc, except within organisations with a dedicated project office that oversees major projects.

However, any organisations can benefit from similar processes, even if they lack the project management expertise or credentials.

All IT projects can be defined in clear processes that you can map inputs, activities, and deliverables to.

An IT project will have the four basic stages:

1. Plan – At this stage, the project is initiated, and requirements are analysed and documented. A scope of work and/or a high-level design is created on what is to be implemented.

2. Design – The requirements and high-level design are used to create lower level technical design documents that detail the hardware, software, and configuration changes required. Implementation and test plans are also created to ensure quality.

3. Implement – Low-level designs and implementation plans are then used to install the new hardware, software, and configuration changes required in the environment. The test plans are used to ensure quality. Documentation is created, along with training if necessary, to use the new systems implemented.

4. Deliver or Operate – The documentation and training is used to continue to operate and maintain the new infrastructure. The project is then closed.

There is an overarching phase of management of both project activities and quality assurance.

The system has been used by many companies, all calling it something different and even splitting out parts to create many parts.

Many software and hardware vendors use a derivation of this in their “infrastructure lifecycle” methodologies, such as the Cisco PPDIOO Network Lifecycle and the Microsoft Operations Framework. These are all similar, with phases either split off or joined and each with its own special flavours, but the activities are pretty much the same.

I refuse to call it a lifecycle, which gives the idea that these projects go on in perpetuity. Instead, I leave it linear and at the end say that there is some sort of “continuous improvement” taking place, which may then spawn other projects.

This is shown diagrammatically in the figure below along with the associated inputs, activities, and outputs of each phase.

The benefits of using such a structure in your projects are many:

• It gives tangible deliverables at the end of each stage so that everyone knows what to expect.
• It develops a deliberative style to thinking about the designs and the possible challenges they will face.
• It determines the resources required for each stage as you progress.
• It reduces failure of parts, as each proceeding phase develops from the preceding phase.
• It allows a process of deeper thinking as you progress through the project.
• It allows division of labour, so you can hire people with certain skills to handle specific parts where you lack the expertise.
• Teams are a part of the process and share in the learning.
• End-users play their part in the process and can be updated on the progress.
• It makes financing easier since you can determine costs as you progress through each stage, helping you to manage cash flow.
• Quality assurance is built in, helping a project to meet its objectives and reduce risks.
• Project management methodologies can be easily integrated with the process.

Can you see how using such a process will help address those top issues that cause failures of IT projects?

Using an implementation methodology will allow any IT project to be implemented with greater success and bring greater returns to any business. This is the same process that I use to successfully deliver all of my projects, and it will work for you too.

If you would like to know more about how you can use this methodology in your business, please contact me.

Original article: Improve the outcomes of your IT projects by using a design and implementation methodology

©2025 Interxect Services Limited. All Rights Reserved.

The Bleeding Heart Bug

The Heartbleed bug (CVE-2014-0160) was publicly disclosed on Monday and affects specific versions of the OpenSSL application. OpenSSL is a generally used open-source implementation of the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) Cryptographic method and is used on about 66% of all public websites. The bug has been present in the software since December 2011.

The bug is not a weakness in SSL/TLS itself, but rather is bug in OpenSSL implementation of it that can potentially allow attackers to access the unencrypted data stored within a server’s memory. With enough data, an attacker can find out your server encryptions keys, your passwords and any other information passed over the communication. The attackers can then use the compromised keys to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

Who are vulnerable?

Because of the widespread adoption of the OpenSSL software and the ability to be attacked without leaving a trace, it means that we are all vulnerable because you can’t tell if your data has been compromised.

Not only websites are vulnerable, as many hardware and software vendors implement use OpenSSL in their products. Cisco and Juniper has listed advisories warning of the bug in their products.

What should you do?

All businesses, website owners and users of affected services should take action on this bug.

Step 1: Determine if any of your servers may be affected.

You can use the check script on Filippo Valsorda’s web site to check your public services.

Check with vendors if any of your internal services may be affected.

C|NET has a list of the top 100 sites around the web to determine if they have been patched or may be affected

Website owners with their sites on hosted services should check with their service provider if they have taken action on the bug and if they were ever vulnerable.

Step 2: Patch services for which you are able to patch yourself.

These include any owned servers or virtual servers that you use, or internal, private servers or devices.

Step 3: Re-Key your SSL Certificates

This involves regenerating and reinstalling the private keys on your servers. While the risk may be small, the fact that you will not know if your key was compromised, this is a recommended precautionary step.

Step 4: Change your passwords

It’s important that you change any passwords that you may have on any of the affected systems AFTER you have patched OpenSSL and re-keyed your certificates. Doing so before you performed the prior steps means that if your keys were compromised, an attacked would be able to discover your new passwords.

If you are a service user and don’t run any services yourself, find out from the provider if they were vulnerable and if they patched their services (or use the check script in Step 1).

Don’t Panic

While the bug is serious, it’s important to not panic. Keep a clear head and follow the steps.

For more information about the bug and to keep updated check out heartbleed.com.

Original article: Don't let it ruin your day'">The Heartbleed Bug: What is it and what to do about it Don't let it ruin your day

©2025 Interxect Services Limited. All Rights Reserved.

What does an MSSP do?

MSSPs provide a variety of services, such as:

• Security monitoring – monitoring of firewalls, intrusion detection/prevention systems (IDS/IPS), system logs, etc.
• Managed Spam Services – scanning of email for Spam and malicious content
• Managed Storage Services – services such as backup/restore, archiving for compliance purposes, or disaster recovery services.
• Threat Intelligent – aggregate warning system based on feedback from multiple end-users.
• Compliance auditing – auditing for compliance with government or other regulations
• Vulnerability assessments and Penetration testing – scanning and testing of systems for vulnerabilities
• Managed Network Services – monitoring of networks for performance and outage issues
• Identity and Access Management – services allowing authentication across heterogeneous systems, while maintaining compliance requirements

MSSPs are growing, and Gartner believes that the Managed Security Services (MSS) market will be worth US$2.1b in 2013, and projected to reach US$3.1b in 2013.

My concerns on IT Security Outsourcing

Firstly, let me mention my concerns about outsourcing the IT security function.

1. Accidental/Intentional leaking or theft of secret information by agents of the MSSP. This is my greatest concern, although it probably has the lowest chances of happening. Contrary to popular belief, few security professionals or agencies are willing to risk their reputations to steal or leak data, but it can happen (think of Edward Snowden). A MSSP may have access to a lot of systems and data, and does pose a risk. Capturing this risk can be difficult, as you can monitor for unauthorised access, but how do you monitor for access to data that the MSSP has to access to perform their duty?
2. The MSSP goes out of business. Don’t think that this can’t happen, because it has happened before, and it will happen again. What happens when your MSSP goes dark, do you have a contingency? Without the experience in-house, and the time it would take to find another MSSP, you will be placed in a very risky situation.
3. The MSSP fails to perform as expected. So you have a breach, and customer data is purloined, while your MSSP was supposed to be monitoring for intrusions. Who is held responsible? You can outsource your activities, but you can’t outsource your responsibilities; you are ultimately accountable for securing your systems.

Are there advantages?

There are several advantages of MSSP.

1. Lower cost. This is often the main advantage cited by enterprises for going with an MSSP, but, I warn you, should not be the only reason for outsourcing. Because of economies of scale, a MSSP can charge a fraction of what it would take to outfit your organisation – hardware, software and people – to provide the services provided by the MSSP.
2. Greater expertise. Because a MSSP may be specialised, they are more likely to have a higher calibre of security professional within their team. Additionally, because they are exposed to the systems of other organisations, they can develop best practices that they could then use for your organisation.
3. Greater intelligence. Again, the MSSP has data coming in from several organisations, and are in a position to capture events before they strike your enterprise. They could even develop new ways of analysing data to improve detection of threats.
4. Greater scalability. The service of an MSSP can be scaled up or down with little effort of the organisation.

Can you have your cake and eat it too?

Now, you have to admit, those are pretty good advantages. So how can you get those advantages while addressing the risks?

Firstly, build your own capabilities. To discover possible leaks or attempts mean that you must have the skills necessary in-house to do that. This team does not have to be big – 1 or 2 persons – as the bulk of the operational work will be performed by the MSSP. The in-house team will be responsible for managing the IT security systems, and ensuring that the MSSP is on the up and up.

Secondly, keep your IT security management in-house. Outsource the monitoring and testing activities such as monitoring of system logs and IDS/IPS systems, and vulnerability and penetration testing, but keep the management and configuration of systems being monitored or testing with your in-house staff.

Thirdly, build a relationship with the MSSP and audit them regularly, to ensure that they have the proper policies in place and that they are following them. Also, check their audited financials to look out for red flags pointing to a failing business model.

Lastly, build your service level agreements and payment contracts based on performance. That is, that your MSSP must perform to a certain standard to get remunerated for their services. These standards must be SMART – Specific, Measurable, Attainable, Realistic and Time-Related – and reasonable. Remember, that when negotiating with an MSSP, that this is a partnership, not a battle; always aim for win-win.

So…

At first I was extremely wary of outsourcing IT security functions. I still take the position that if an organisation is able to, then it is preferable to have an in-house IT security team for all aspects of IT security. But the more that I look at the services that MSSPs provide, and the benefits that enterprises can obtain, there is a strong case for outsourcing some aspects that an organisation is unable to undertake.

Original article: There may be advantages to be had after all!'">Should you outsource your IT Security? There may be advantages to be had after all!

©2025 Interxect Services Limited. All Rights Reserved.

Whenever I ask prospects this question and they tell me, “No!” – and most prospects do say no – I laugh heartily… in my head of course.

Breaches have now become an almost inevitable part of data networks. You can’t prove a negative, so you can’t say that you’ve never been breached, but that you’ve never discovered one… yet. Or perhaps they have conveniently defined what a data security breach is so that they don’t have to call a breach as one.

A data security breach is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an unauthorised individual. This unauthorised individual could be a malicious attacker, or an internal employee, and you should be monitoring for both.

You would find though, that many enterprises are not monitoring for internal breaches, and focus on external attacks. However, external breaches are becoming increasingly difficult to detect. The Trustwave 2013 Global Security Report found that 64% of the attacks on those surveyed took more than three months to contain, with 14% taking up to 2 years, and 5% even longer. The Verizon 2013 Data Breach Investigations Report found that the discovery of 66% of breaches of those surveyed, took months or more.

Targeted attacks are some of the most difficult, as the attackers are willing to invest both time and money for a much larger payoff. These attacks, often called Advanced Persistent Threats (APT), may take place over several days, weeks or even months and use evasive techniques to avoid detection with the aim to create a connection that they could continually siphon information from the infiltrated network. And don’t believe that these attacks cannot happen to you, as SMEs are also being targeted.

The problem is that current technology may not be enough to discover these attacks, because they take place over a long period of time, the traffic may seem benign, or for the most, a nuisance. Security Information and Event Management (SIEM) software was supposed to help with this, but it may not be enough. Security Analytics now offers the best promise for detecting these attacks as they analyse vast amounts of data to alert on possible security events, but it’s still a developing technology.

For now, your best protection is to follow standard security practices such as defence-in-depth, the principle of least privileges and keeping your systems updated and patched. Also train your users to practice safe computing.

So next time someone asks if your data has ever been breached, if you’ve never discovered one, say, “We’ve never found any evidence of a data breach!” To say otherwise would be lying.

Original article: Think hard before you answer that question.'">Have You Ever Had a Data Breach? Think hard before you answer that question.

©2025 Interxect Services Limited. All Rights Reserved.

A friend of mine recently quipped, “Do people still depend on firewalls for security?” I think he was alluding to the idea that the firewall plays a far lesser role in protecting your network as it once did. But it still does play a role.

The firewall is still your network’s first line of defence from outside threats. However, with security threats evolving, they are becoming harder to block at the firewall level. Even though a threat may not be advanced, it may be hard to discern from harmless activities. For example, how can a user determine a malicious PDF file from the harmless ones? The same goes for network traffic, how can a firewall determine malicious web traffic, from harmless ones? Intrusion detection and prevention systems (IDS/IPS) were developed to counter these attacks and were either additional devices or modules in firewalls.

But the IDS/IPS were always considered and configured separately from the firewall. Then enter the Next Generation Firewalls (NGFW). The NGFW was coined by Gartner Research and has a defining feature of the IDS/IPS features being integrated within the firewall and not as an add-on. Specifically, Gartner defines a NGFW as having the following minimum features:

• Standard first-generation firewall capabilities such as packet filtering, network address translation (NAT), stateful inspection, etc.
• Integrated IPS rather than co-located services. Someone configuring rules on the firewall should also be able to configure the IPS at the same time without going to another module.
• Application awareness and full stack visibility so that it’s able to discern the different services within an application regardless of the port that it operates on.
• Security intelligence whereby it may use an external database to help make optimal blocking decisions.
• Supports upgrade paths for new techniques to address future threats.

I don’t know why they call it the next generation firewall. What would they call the generation that comes right after? The next next generation firewall? Or perhaps NGFW2? Anyway, that’s beside the point.

I also buy into this view that this is where firewalls should be evolving. NGFWs don’t only have the ability to simply threat protection, but also to speed up inspection due to its single pass nature (traffic is inspected once, not inspected by the firewall, then passed to the IPS for inspection).

I got into a heated discussion with a Fortinet engineer about NGFW and UTMs (Unified Threat Management) devices. I said that while UTMs may have a place now, the NGFW is where enterprises should be heading. He said it sounds like I’ve been brainwashed by Palo Alto Networks. I haven’t, but I like the direction that they are heading.

Palo Alto has the advantage of not having a legacy product and starting with a fairly blank slate. They are disadvantaged by a lack of maturity. But they are a new kid, and I think the technology has a lot of promise.

With threats constantly evolving, and with such a large attack space for internal networks, we need to re-evaluate the ways we protect our data networks. We shouldn’t get rid of the firewall, but we need to alter the way it functions all together to protect us from new threats. NGFWs gives us new hope for the firewall and for protecting our perimeter.

Seriously consider NGFWs for your next firewall upgrade.

Original article: How firewalls are changing to fight against new threats'">The Evolution of the Firewall How firewalls are changing to fight against new threats

©2025 Interxect Services Limited. All Rights Reserved.

The recently released “Understand the State of Data Security and Privacy” report found that 36% of data breaches were caused by inadvertent misuse of data and 35% were caused by malicious internal users. Last year, those figures were 27% and 12% respectively.

I usually take all of these figures here with a pinch of salt, but I do know from experience that enterprises take a lax attitude when it comes to internal security. The main issue in this case seems to be a lack of training in security awareness and policies. The report stated that 42% of the respondents had received training on how to remain secure at work, and only 57% said that they were aware of the security policies of the company. Educating users on how to approach computer use and to protect themselves from cyber-threats is necessary.

There has been voices denouncing the effectiveness of training users in computer security, such as here and here. But this is a fallacy and it supposes that the training is the be all and end all of IT security, but it’s really just intended to be another layer of defence. IT Security is about reducing risks, and that’s what user education is for.

Some advantages of user awareness education are:

• It helps users to be vigilant about computer use and possible security risks
• It can be a low effort, high impact way of protecting your data
• It may improve the relationship between users and IT if done right
• It can be transformative as users take the lessons to other facets of the organisation or even their lives

I won’t claim that user education is some sort of magic bullet, but it can be a useful weapon against data breaches.

There is another part of the Forrester report that is worth mentioning – that IT departments tend to think to tactical about IT security, choosing instead to focus on technology, such as anti-virus and data loss protection (DLP), to protect against inadvertent actions of users. Even security awareness training for users is a tactic all in itself. What companies need to have is a strategy for protecting their data.

The framework that Forrester defined seems like a good place to start, as it is similar to other frameworks I’ve seen and used. At a high level:

1. Classify your data and define which ones you wish to protect.
2. Determine how data is being used and what mechanisms are available to protect it.
3. Implement the protections.

Remember that your data is a valuable asset, if not the most valuable asset, to your organisation and you must protect it.

What do you think? Do you believe that your company will benefit from security awareness education, or do you think that money and effort is better spent elsewhere? Chime in below.

Original article: And you should not take them for granted!'">Humans are the Weakest Links in IT Security And you should not take them for granted!

©2025 Interxect Services Limited. All Rights Reserved.

Sourcefire also has in its portfolio next-generation firewalls and advanced malware protection solutions.

Cisco hopes to improve it’s security solutions with the new acquisition, although I am not very clear as to how. At the moment, I am tending to believe that this is an acquihire, for Cisco to gain Sourcefire’s strong cadre of security experts.

My concern now is what will happen to the open source solutions that Sourcefire currently provides. Snort and Clam AV have proven very popular within the security industry. Snort especially is used in many solutions to provide excellent IDS/IPS to networks. Fortunately, because it’s open source software (OSS), it can be forked to create another product based on the code, but without the right support may just languish.

Cisco used to be very open contributing greatly to the open source community, and still continues to once it deals with open standards, but from my own observations, I see Cisco closing avenues where there is direct competition. On the plus side, Cisco may have some technologies that will improve their current security offerings, so customers who are into Cisco may benefit.

I’ll adopt a wait and see approach for now, but I expect stocks of Cisco to rise with this acquisition.

Read Cisco’s announcement of the acquisition here.

Original article: Hopes to Bolster Security Strategy'">Cisco to Acquire Sourcefire, the Makers of Open Source Snort and Clam AV for $2.7B Hopes to Bolster Security Strategy

©2025 Interxect Services Limited. All Rights Reserved.