Feds Kill Check Point's Sourcefire Bid

Caffeinated Geek writes to tell us The Register is reporting that Check Point Software has removed their bid to buyout rival software company Sourcefire following objections from the FBI and the Pentagon to the Treasury's Committee on Foreign Investments. From the article: "Federal agency objections to the security software tie-up center on the implementation of Sourcefire's anti-intrusion software 'Snort' by the Bureau and Department of Defense, AP reports. In private meetings between the panel and Check Point, FBI and Pentagon officials took exception to letting foreigners acquire the sensitive technology."

But it is freely available to anybody

[andy314159pi]

But snort is freely available to anybody right now:

http://www.snort.org/ [snort.org]

Not about the technology per se

[einhverfr]

It is about support contracts and how much information about DoD infrastructure they want a foreign firm to have. This is far more of a serious and legitimate issue than the sale of the operation of a few cargo cranes to a Dubai firm.

The issue is that the DoD is very serious about controlling the amount of access foreigners have to their infrastructure and information on that infrastructure. I have it on very good authority that some DoD divisions are moving away (at a cautious rate) from Microsoft technologies precisely due to their difficulty in avoiding having their tech support calls routed outside the US. However, this is probably all I can say on this board.

closed source

[Casca]

So um, anyone have a problem with the fact that Checkpoint NGX is closed source firewall software, that quite a few government sites use? It doesn't bother them that there could be a backdoor waiting for the "secret Israeli shutdown code" in every Checkpoint firewall in the world?

Re:But it is freely available to anybody

[DJCacophony]

It's a specific implementation of snort, not just the code. If it was just the code, the company wouldn't be selling it, and another one wouldn't be buying it.

Open source!= public.

[wiredog]

The GPL only requires that you provide source code if you provide the binary. So if you do a version for $SecretAgency, with $SecretStuff in it, then you only have to provide the source to $SecretAgency. Not to the general public.

Re:But it is freely available to anybody

[DJCacophony]

Sourcefire sells snort as part of a system. See here [sourcefire.com].

Re:closed source

[chill]

Check Point firewalls are prohibited in a lot of government departments, including the Pentagon and most of the DoD. There are exceptions, of course.

Re:irrational fear?

[vitamins]

To clarify snort is to sourcefire what fedora is to redhat enterprise linux. (I forget what I got on my SAT.) So the developers of snort are trying to make some money by marketing a pre built platform "SourceFire". Also I have heard that even though Check Point is used by many fortune 500 companies it is not used by the U.S. Government because it is developed in another country.

Re:irrational fear?

[RyanCowardin]

Snort is open-source.... SourceFire makes money off the other things they've created to work with/around Snort...

Quoted from here [isp-planet.com]

"Roesch sees Snort and Sourcefire as two different solutions aimed at distinctive markets. "The idea of Snort was to give people the best free, open source intrusion detection system we could, and we were pretty successful at that," he said. "The idea of Sourcefire is to say, 'Okay, we've got good intrusion detection technology: let's add everything else people need to use these systems effectively in large organizations.'"

And that's not to say that large organizations can't use Snort without the backing of Sourcefire. Roesch says some of the biggest companies in the world use Snort. Sourcefire just adds the manageability along with ease of use and deployment that many enterprise customers are looking for in an intrusion detection system.

Sourcefire's OpenSnort Sensors cost $9,995 each, and the OpenSnort Management Console costs $19,995. Various service contracts are available, ranging from a platinum level with around-the-clock support to a standard contract with per-incident support and e-mail discussion list access. Training on Sourcefire's products is also available. Training on IDS and forensic analysis in general is planned for the near future"

Also, the Federal Information Security Management Act [sourcefire.com] might have a lot to do with this decision as well:

"The Federal Information Security Management Act (FISMA), Title III of the E-Government Act of 2002, outlines requirements to secure Federal information. Each Federal Agency, including contractors or other organizations who work with the agency, must develop, document, and implement an agency-wide information security program. Detailed guidance and recommendations are provided by the National Institute for Standards and Technology (NIST) encompassing all aspects of information security."

A different view on things

[brennz]

I have read more BS in these threads than anywhere else in recent memory.

So, I'll in you on the truth.

Foreign nations are actively seeking to get their hands into US classified govt sites, to get the underlying information which they want DESPERATELY. Israel, France, China, Russia - they are the most aggressive.

A few years back I was working for DOD. Someone was trying to make a sales pitch for equipment they wanted to sell us, for use in classified environments. They claimed to be a US company.

My boss asked me to look into the company and get back to him. It took a few hours, but I found exactly what I think he already suspected.

The company was a US company in name only. The entire company was infested at the upper levels by former intelligence personnel from one of the above countries already mentioned. Most of their company also, was in this foreign country too. Only a small amount of sales ppl actually were in the US for the company.

They made a huge amount of factual misrepresentations, trying to trick us.

When the US govt says no, there is normally a reason behind it, or active intelligence efforts supporting their rationale. Don't believe some moronic reporter with shit for brains that is labelling something as "protectionism".

This will contribute to inflation of the USD

[Serveert]

All these foreigners collect dollars by selling products/services, and when they try to use these dollars - with the Dubai ports deal or this case - they are rejected by the US Government.

So essentially foreigners are stuck with 'funny money' which they cannot use as true currency. Sooner or later they will wake up, sell dollars en masse and opt for another currency after they realize they have been had. They've been giving us commodities and services while we give them monopoly money.

Re:A different view on things

[RyanCowardin]

And just to rehash history... it's not like Israel has EVER tried to spy [cnn.com] on the US [msn.com] before or anything.

When the government does business with a US company, it's a heck of a lot easier for the administration to send someone over to said company threatening, "Hey, we don't like what you're doing! Keep it up and we'll happily send your entire company on a quail hunting trip with Dick Cheney!" It just doesn't have the same affect on a foreign owned company, unfortunatly.

Re:This will contribute to inflation of the USD

[Serveert]

I also didn't mention CNOOC (Chinese oil company) not being allowed to purchase Unocal for $18.5 billion, keep in mind they outbid Chevron.

http://www.washingtonpost.com/wp-dyn/content/artic le/2005/06/23/AR2005062302065.html [washingtonpost.com]

There are a lot of US dollars on the sidelines waiting to invest in the U.S. Although these deals, amounting to billions, seem insignificant, you should account for all the others looking at what is happening, looking at their billions in reserves and scratching their heads wondering what to do with all this monopoly money. If they attempt to use USD in a meaningful way, investing in America vs buying things, they would raise the eye of the US Government hence they just sit on their reserves and sooner or later they'll get wise to the charade, the only question is when will this happen.

You guys dont get it

[Anonymous Coward]

The israelis have been busted multiple times messing with equipment sold to US govt and law enforcement.

Look at AMDOCs and Comverse Infosystems.

While snort is open source, Sourcefire retains EDITORIAL control over what goes into the source tree and complete control over the closed source sections of code in their appliances.

This is not about technology but about what potentially could be backdoor'd - just like how the israelis got busted wiretapping the wiretap equipment supplied by Comverse.