Comment What Sourcefire Currently Does (Score 3, Informative) 38
Disclaimer: At $DAYJOB, I work on managed security services using Sourcefire, but this is my own personal commentary, not that of my employer.
Sourcefire's primary product line takes Snort, wraps it in hardware appliances, and adds a lot of management tools that you can use in an enterprise or managed services environment. This past year, they've added a firewall capability to compete with Palo Alto* and the UTM vendors like Fortinet - in addition to basic firewall support they've got application identification, so you can do things like allow users to read Facebook but block Facebook games, and you can also do things like URL censorship and known-bad-site blacklisting. They've also been buying up other companies like ClamAV and Immunet, so they've got feeds of malware site identification, and are starting to integrate that with the firewall/IDS as well as continuing the host-based versions.
Cisco's IDS/IPS offers have been pretty lame the past few years, but they've got decent firewalls, so we'll see how those product lines play against each other. (I don't know what Cisco's doing in Anti-virus and cloud malware detection these days.)
Sourcefire's hardware at the low end is basically Linux box appliances, and at the high end they're doing a bunch of hardware acceleration. Their largest single box will handle 10 Gbps of inspection, and they can cluster up to four of those to support 40 Gbps. There's not much competition up at the high end - McAfee may have come out with a 10 Gbps follower to their previous 5 Gbps box, and Juniper has some boxes that are bigger but are mainly firewalls with some limited IPS capability. If you've got existing Snort on Linux, Sourcefire does also sell connection tools to integrate with their management systems.
*The term "Next Generation Firewall" means "whatever Palo Alto's marketing says it means", but is at least firewall plus application identification. I've heard that Cisco tried to buy Palo Alto last year.