Attached files
| file | filename |
|---|---|
| 8-K - FORM 8-K - SOURCEFIRE INC | d572711d8k.htm |
| EX-99.3 - EX-99.3 - SOURCEFIRE INC | d572711dex993.htm |
| EX-99.8 - EX-99.8 - SOURCEFIRE INC | d572711dex998.htm |
| EX-99.4 - EX-99.4 - SOURCEFIRE INC | d572711dex994.htm |
| EX-99.5 - EX-99.5 - SOURCEFIRE INC | d572711dex995.htm |
| EX-99.7 - EX-99.7 - SOURCEFIRE INC | d572711dex997.htm |
| EX-1.02 - EX-1.02 - SOURCEFIRE INC | d572711dex102.htm |
| EX-99.6 - EX-99.6 - SOURCEFIRE INC | d572711dex996.htm |
| EX-99.1 - EX-99.1 - SOURCEFIRE INC | d572711dex991.htm |
| EX-1.01 - EX-1.01 - SOURCEFIRE INC | d572711dex101.htm |
| EX-1.03 - EX-1.03 - SOURCEFIRE INC | d572711dex103.htm |
Exhibit 99.2
Sourcefire Acquisition FAQ
Confidential: Do Not Distribute Beyond Core Team
Purpose: Provide details regarding the acquisition that can be shared verbally with external audiences: customers, partners, analysts, press, and investors. A separate employee-facing FAQ is in development by Human Resources.
Communications Leads:
| External / Media / Analyst Jennifer Leggio 408-338-7668 jleggio@Sourcefire.com |
Customer / Partner Marc Solomon 650-218-0066 msolomon@Sourcefire.com |
Employee Leslie Pendergrast 954-214-9743 lpendergrast@Sourcefire.com |
KEY MESSAGES
| • | Mobility, cloud and the Internet of Everything have and continue to drastically change today’s IT security landscape, making traditional disparate products insufficient to protect organizations from dynamic threats. |
| • | Today’s security solutions require a continuous and highly automated approach to protection across the attack continuum – before, during and after an attack. |
| • | Cisco is announcing its intent to acquire Sourcefire, a leader in intelligent cybersecurity solutions. |
| • | Sourcefire delivers innovative, highly automated security, through continuous awareness, detection and protection across its industry-leading portfolio, including next-generation intrusion prevention systems, next-generation firewall, and advanced malware protection. |
| • | The acquisition of Sourcefire accelerates delivery of Cisco’s security strategy of defending, discovering, and remediating the most critical threats. With world-class research teams, increased intelligence and expanded threat protection, we believe our customers will benefit from continuous security in more places across the network. |
| • | Together, Cisco and Sourcefire will combine their world-class products and technologies to provide continuous and pervasive advanced threat protection across the entire attack continuum and from any device to any cloud. |
| • | With more than 12 years of security leadership, Sourcefire has assembled a team with deep security DNA and will expand Cisco’s security expertise. The Maryland and Washington D.C. area is widely recognized as a Center of Excellence for security innovation. |
| • | Sourcefire was founded on the premise of open source security through its Snort and ClamAV projects. Cisco and Sourcefire are committed to open source innovation. |
OVERVIEW
Market Opportunity
Today’s threat landscape is more dynamic than ever before. Rapid changes in the world around us, driven by cloud, mobility and the Internet of Everything (IoE), are significantly impacting traditional security approaches. Threats are increasingly able to circumvent traditional, disparate security products, resulting in the loss of revenue, intellectual property, reputation, and productivity.
With these disruptions, the sophistication of threats continues to grow rapidly. The Verizon 2013 Data Breach Investigations Report found that in 66 percent of the incidents investigated, it took months or even years for a breach to be discovered, up from 56 percent in 2012. This emphasizes that attacks are becoming more sophisticated and harder to detect. A new continuous security approach will be needed to constantly defend, discover, and remediate threats across the entire attack continuum.
Sourcefire is a leader in intelligent cybersecurity solutions.
| • | Next-Generation Intrusion Prevention (NGIPS) – Advanced threat protection integrating real-time contextual awareness, full-stack visibility and intelligent security automation to deliver industry-leading security effectiveness and performance. Sourcefire is the leader in the Gartner Magic Quadrant for Intrusion Prevention Systems. Gartner has acknowledged Sourcefire for its ability to innovate NGIPS. |
| • | Advanced Malware Protection – A malware-defeating solution that provides visibility and control of modern threats – from point of entry, through propagation and post-infection remediation. The solution uses big data to discover, understand and stop advanced malware outbreaks, and provides continuous file analysis and retrospective security. |
| • | Next Generation Firewall (NGFW) – Sourcefire has combined a powerful NGIPS, integrated application control and firewall functionality in a universal, high-performance security appliance. |
Cisco’s Security Strategy
Cisco’s security strategy focuses on three key strategic pillars:
| • | Security Services Platform: This serves as the basis for our core architecture and is the evolution of our existing product portfolio. We are designing common policy and management across security services running on the platform and will deliver third party APIs that allow customers to derive value from future innovation in the industry. We believe leveraging a build, buy, partner approach to deliver best-in-class applications enables us to deliver the latest threat defense capabilities as part of the platform. |
| • | Cloud Delivered: Bringing together global security intelligence from the cloud with local intelligence on a customer premise to protect networks and intellectual property against advanced cyber threats. We are using the network as part of the enforcement and intelligence paradigm delivered from the cloud. Building on today’s footprint of over 22 data centers distributed globally, we are delivering one of the world’s largest cloud enforcement services for web and email – and over time will extend coverage to include application, data, and user security. |
| • | Network Integrated: This leverages the network as the core sensor base and provider of context and enforcement. There are tremendous synergies that exist between the network and security. Information feeds from the network into security systems and vice versa, which positions us well to solve key security problems. |
| • | Further, we will leverage our Advanced Services and ecosystem partners to help deliver on these strategic focus areas. Ultimately, we believe Cisco’s security architecture will be pervasive, integrated, and continuous. |
Sourcefire’s Benefit to Cisco
| • | The acquisition of Sourcefire accelerates Cisco’s security strategy of discovering, defending and remediating our most critical security threats across the attack continuum. With world-class research teams, increased intelligence and expanded threat detection, we believe our customers will benefit from continuous protection in more places across the network. Together, Cisco and Sourcefire will combine their world-class products and technologies to provide continuous and pervasive advanced threat protection across the entire attack continuum and from any device to any cloud. Sourcefire aligns well with Cisco’s future vision for security and supports each key pillar of our security strategy: |
| • | Security Services Platform: Sourcefire will be an integral part of our platform strategy as we converge security appliances, features and capabilities on to a single platform. |
| • | Cloud Delivered: We plan to use Sourcefire’s cloud services to enhance our overall cloud intelligence with file reputation and continuously deliver this enhanced intelligence across our portfolio of services and solutions. |
| • | Network Integrated: Sourcefire’s NGIPS and advanced threat protection solutions will help provide enhanced enforcement across the network. |
| • | Sourcefire couples its leading security technology with real-time visibility across the extended network that includes virtual, mobile, and endpoints to provide a new model of security that allows defenders to be more effective before, during, and after an attack. |
| • | In addition, Sourcefire’s cybersecurity solutions work not only at a point-in-time, but also have continuous capability to provide threat protection and retrospective remediation across the network. |
| • | Sourcefire leverages these capabilities in its industry-leading physical and virtual NGIPS and NGFWs to deliver unmatched protection, performance, and scale. |
| • | Having led security innovation for more than 12 years, Sourcefire has assembled a world-class team with deep security DNA that will help drive Cisco’s execution towards its security strategy. |
| • | Sourcefire strengthens Cisco’s existing security portfolio, expands our IPS offerings, and extends our threat protection and remediation capabilities to the endpoint. It also augments our world-class Security Intelligence Operations and cloud-based reputation capabilities and complements our firewall technology. |
| • | Cisco’s strength in firewall, secure access and content security combined with Sourcefire’s NGIPS and advanced threat protection will deliver a more intelligent, adaptive and automated security solution from the endpoint, to branches and campuses and into the data center. This network-integrated solution will strengthen how companies and government agencies defend, discover and remediate against advanced cyber threats. |
Customer Benefits
| • | Cisco and Sourcefire customers will benefit from one of the industry’s most comprehensive integrated security solution – one that is simpler to deploy, and offers broader security intelligence and faster time to discovery, remediation and defense. |
| • | Key customer benefits include: |
| • | Transformational threat protection capabilities with the industry’s most comprehensive Security Services Platform – the combination of Cisco and Sourcefire will help to deliver one of the most integrated, service and intelligence-rich security solutions, which substantially simplifies the complexity of security deployment and lowers security TCO, while offering best in class IPS, firewall, and web security. |
| • | Threat Awareness – the combination of Cisco’s Security Intelligence Operations and Sourcefire’s Collective Security Intelligence groups with a sensor base that includes the network and endpoints will provide customers pervasive visibility to advanced threats. |
| • | Faster time to protection from the latest threats by making intelligence instantly actionable – the combination of Cisco’s best in class IP and web network behavioral analysts, and Sourcefire’s file reputation, signature automation, and broad threat learning techniques, will offer one of the fastest security automations in the industry. |
Security and Open Source
Sourcefire was founded on the premise of open source security through its Snort, ClamAV and RazorBack projects, which have also helped propel the company’s leadership in the commercial sector. Working closely with its open source community to defend, discover, and remediate against dynamic and sophisticated threats. Sourcefire’s team and leadership in open source provide greater threat visibility through collective intelligence. Cisco and Sourcefire are committed to partnering with open source innovation to help to protect communities and organizations by:
| • | Collective intelligence and open development, which helps reduce the time to protect against advanced threats. |
| • | Creating an ecosystem of multiple contributors across geographies, companies, and communities. |
| • | Representing one of the most successful open source efforts in the industry, Snort, run in part by a community of highly sophisticated security experts. |
Open source is an effective and advanced way to address threats and Cisco will maintain and invest in Sourcefire’s open source communities, including Snort, ClamAV, and RazorBack. To date, Cisco has contributed more than 40 “givebacks” of open source software over the past three decades. Cisco collaborates with the open source community to reduce time-to-market for Cisco solutions, and to help partners develop applications designed to enhance the collaborative experience. Sourcefire’s open source expertise will help inform other open source efforts at Cisco, such as Open Daylight, which is an open source controller platform supporting Software-Defined Networking (SDN).
Sourcefire and Cisco Product Integration
| • | Cisco’s Security Services Platform Strategy will evolve to integrate both Cisco and Sourcefire Security Services into a common services platform to be deployed across multiple form factors, from highly scalable appliances, virtual appliances for private/public clouds, and routers and switches. |
| • | Cisco’s cloud reputation capabilities and network as a sensor strategy will expand to encompass the FireAMP capabilities across endpoints, network infrastructure devices and security appliances enabling greater protection for existing infrastructure investments to leverage the advanced threat detection capabilities offered in the cloud. |
| • | Security Intelligence Operations (SIO) will expand to leverage and integrate with Sourcefire’s experts in their Vulnerability Research Team (VRT) to provide greater security efficacy for all types of security services and more comprehensive cloud based reputation services that can be leveraged to automate threat defense across customer networks. |
Sourcefire Talent
Sourcefire was founded by Martin Roesch, the founder of open source Snort®, the world’s most widely deployed intrusion detection and prevention technology. This innovation has allowed the company to attract a breadth of talent that includes experts in the security and open source communities Sourcefire’s proven ability to develop leading products and execute in the market will significantly bolster Cisco security strategy. With more than 10 years of experience hiring and honing top security talent, they are leaders in the market in the defending, discovery and remediation of dynamic threats.
Sourcefire also is home to the Vulnerability Research Team (VRT), a group of elite security experts who work around the clock to proactively discover, assess, and respond to the latest trends in hacking activities, intrusion attempts, malware, and vulnerabilities. They develop the official Snort rules to protect Sourcefire customers and Snort users against emerging exploits before they are released.
Closing
The acquisition of Sourcefire reinforces Cisco’s commitment to providing customers with a secure, intelligent network, a key company priority. Together, Cisco and Sourcefire will combine their world-class products and technologies to provide continuous and pervasive advanced threat protection across the entire attack continuum and from any device to any cloud.
Risk
There is risk in all acquisitions and this one is no different. Potential issues arise from execution, technology, market, competitive, regulatory, and geographic risk elements. We intend to aggressively manage these risks.
TOP Q&A
| Q: | What is Cisco acquiring? |
| A: | Cisco is acquiring Sourcefire, a leader in intelligent cybersecurity solutions. |
Q: Why is Cisco acquiring a security company like Sourcefire now?
| A: | The acquisition of Sourcefire accelerates delivery of Cisco’s security strategy of defending, discovering, and remediating the most critical threats. With world-class research teams, increased intelligence and expanded threat protection, our customers will benefit from security in more places across the network. Together, Cisco and Sourcefire will combine their world-class products and technologies to provide continuous and pervasive advanced threat protection across the entire attack continuum and from any device to any cloud. |
Q: What product gaps in Cisco’s security portfolio did the business try to address with this acquisition?
| A: | Sourcefire helps Cisco expand its security architecture by adding innovative Next-Generation Intrusion Prevention System (NGIPS) and Advanced Malware Protection solutions. |
Q: What is the product overlap between Cisco and Sourcefire, and how will this be addressed?
| A: | This acquisition allows us to combine the complementary strengths of Cisco and Sourcefire to provide the most effective threat detection and prevention capabilities across our entire security portfolio. |
Q: What is the strategic importance of the Sourcefire acquisition to Cisco’s Security strategy?
| A: | Mobility and cloud are drastically changing today’s IT security landscape, making traditional disparate security products insufficient to protect organizations from dynamic threats. Today’s security solutions require a continuous and highly automated approach to protection across the attack continuum – before, during and after an attack. The acquisition of Sourcefire accelerates delivery of Cisco’s security strategy of defending, discovering, and remediating the most critical threats. With world-class research teams, increased intelligence and expanded threat protection, our customers will benefit from security in more places across the network. |
Q: Traditional corporate firewall boundaries are blurred by new cloud services, such as SalesForce.com. With this acquisition does Cisco plan to offer a new firewall solution that solves for this shift in available services?
| A: | The new norm for IT is any device to any cloud, which requires a comprehensive and continuous approach to security. Firewall functionality is just one component. With the perimeter becoming highly distributed, a more pervasive architecture is required and the functionality goes well beyond today’s NGFW. Cisco’s strategy is to build a transformational threat protection platform with a breadth of security capabilities that can be deployed in multiple form factors: appliances, embedded into the network infrastructure, virtual and from the cloud. |
Q: Why is Cisco acquiring a company that has a heavy focus on IPS?
| A: | Sourcefire specializes in threat-centric security and its innovation is not tied to a single product. Sourcefire solves real world security problems with a highly automated, agile, and continuous solution that addresses the entire attack continuum – before, during and after an attack. |
Q: Sourcefire is at the forefront of open source security products, including Snort, ClamAV and Razorback. Does Cisco plan to maintain these projects?
| A: | Cisco is committed to continued open source innovation to help to protect communities and organizations. Sourcefire’s experience in open source will help inform other open source efforts at Cisco, such as Open Daylight, which is an open source controller platform supporting Software-Defined Networking (SDN). |
Q: Does Cisco currently work with open source communities for its security solutions? What groups are we active in today?
| A: | Today, Cisco is engaged in open source communities such as the Open Daylight project, which is furthering innovation in areas such as OpenStack and SDN. With the acquisition of Sourcefire, security will be an additional open source initiative for Cisco. Cisco has contributed more than 40 “givebacks” of open source software over the past three decades. Cisco collaborates with the open source community to reduce time-to-market for Cisco solutions, and to help partners develop applications designed to enhance the collaborative experience. |
| Q: | Should customers of Sourcefire’s open source products be concerned that Cisco will now have visibility and ownership of these communities? |
| A: | Open source is not new to Cisco. Today, Cisco is engaged in open source communities such as the Open Daylight project, which is furthering innovation in areas such as OpenStack and SDN. With the acquisition of Sourcefire, security will be an additional open source initiative for Cisco. Cisco has contributed more than 40 “givebacks” of open source software. Cisco collaborates with the open source community to reduce time-to-market for Cisco solutions, and to help partners develop applications designed to enhance the collaborative experience. |
| Q: | Sourcefire’s business model is largely appliance with perpetual software licenses. Will Cisco transition to this model? |
| A: | Cisco has a comprehensive set of business models that are utilized in our security business, including appliances and perpetual software licensing. Cisco also offers Term and content subscriptions within our portfolio. |
| Q: | Do you plan to use Snort® IPS signatures on Cisco appliances? Do you plan to use Cisco IPS signatures on Sourcefire appliances? |
| A: | Cisco strives to maximize the efficacy of our solutions and products. Over time we will seek to utilize the best of Cisco and Sourcefire to provide one of the most effective threat prevention capabilities across the entire security portfolio. |
| Q: | Cisco has its own proprietary code for its security solutions. Sourcefire currently deploys an industry standard language via Snort and others. How does Cisco plan to integrate Sourcefire’s signatures? Will it be a hybrid? |
| A: | Cisco will look to explore how it might expand its current security solutions by combining Sourcefire’s industry leading technology and products into future offerings, such as Snort. Upon closing of the acquisition, Sourcefire and Cisco will perform impact planning and assessment to plan for broader product/services integration and a go-to-market strategy for the combined solutions. |
| Q: | Sourcefire recently expanded its business with a new channels go-to-market strategy. Does Cisco plan to maintain these Channel partners as some may compete against Cisco’s larger, existing partners? |
| A: | After the close of the acquisition we will provide clarity on the integration and go-to-market plan. |
| Q: | How will Cisco integrate these products into Cisco’s security solutions? When do you expect them to be available on GPL? |
| A: | Timing for GPL integration has not yet been determined. After the close of the acquisition we will provide clarity on the integration and go to market plan. |
| Q: | Is this an example of Cisco losing its ability to compete and buying itself into the market and set of technologies? Does Cisco consider the past security acquisitions of Ironport and Scansafe successful? |
| A: | The Ironport and Scansafe solutions have been tightly integrated into the Cisco portfolio and remain market leading solutions. The security market is continually evolving to keep up with the changing threat landscape. Cisco’s strategy looks to build, buy, and partner across its business. Sourcefire builds on our current strategy and will strengthen our ability to continuously defend, discover and remediate against dynamic threats. |
| Q: | How is this acquisition different from IBM acquiring ISS or HP acquiring TippingPoint? Why do you believe this will be more successful than those? |
| A: | Cisco has a well-established security business that is synergistic to Sourcefire from development to go-to-market. IBM acquired ISS and integrated it into their services organization and HP had limited real security presence before purchasing TippingPoint. We believe, this acquisition will allow Cisco and Sourcefire customers to benefit from one of the industry’s most comprehensive integrated security solution – one that is simpler to deploy, offers the broadest security intelligence and fastest time to defend, discover and remediate. Together, Cisco and Sourcefire will combine their world-class products and technologies to provide continuous and pervasive advanced threat protection across the entire attack continuum and from any device to any cloud. |
| Q: | John Chambers recently made a comment that he’s given the company a “blank check” to acquire companies. Is this the beginning of a buying spree? |
| A: | We are always surveying the marketplace, watching trends, and evaluating options for partnering, internal product development, and acquisitions, with Sourcefire as the latest example of that. Corporate Development continues to drive the acquisition or ‘buy’ pillar of Cisco’s three pillars of innovation – build, buy and partner. In a rapidly developing technology landscape, we are constantly evaluating companies who have built and refined best-in-class business models, or mature/proven products and solutions in the market. We particularly look for acquisitions that capitalize on market disruption through innovative technologies and new business models. |
| Q: | Is the Sourcefire acquisition going before the U.S. Treasury /Government for review prior to close? In 2006, Israel- based Check Point withdrew their proposal to acquire Sourcefire for approximately $225M due to U.S. government approval for foreign companies to acquire U.S.-based businesses. |
| A: | Cisco does not comment on specific acquisition processes. The acquisition is subject to standard closing conditions and regulatory approvals in the United States and other jurisdictions. This transaction is between two U.S. based companies. The Committee on Foreign Investment in the United States (CFIUS) review does not apply. |
GENERAL Q&A
| Q: | How does this acquisition align to Cisco’s five priorities? |
| A: | Security is a critical component to Cisco’s five priorities and imperative to the company’s overall strategy to be the No. 1 IT company. This acquisition reinforces Cisco’s security vision of providing always on, integrated security and empowers customers to realize the benefits of a mobile, cloud enabled business. Together, Cisco and Sourcefire will combine their world-class products and technologies to provide continuous and pervasive advanced threat protection across the entire attack continuum and from any device to any cloud. |
| Q: | What market problem does this acquisition address? |
| A: | Mobility and cloud are drastically changing today’s IT security landscape, making traditional disparate security products insufficient to protect organizations from dynamic threats. Together, Cisco and Sourcefire will combine their world-class products and technologies to provide continuous and pervasive advanced threat protection across the entire attack continuum and from any device to any cloud. |
| Q: | What is Cisco’s security strategy? Is the acquisition of Sourcefire an attempt to overhaul Cisco’s security business? |
| A: | Cisco’s security vision is to provide always on, integrated security that defends, discovers and remediates against threats and empowers customers to realize the benefits of a mobile, cloud enabled business. This vision is expected to be realized through a strategic focus on three key architectural components, cloud delivered global threat intelligence, a security services platform, with full integration into the network fabric for threat visibility and enforcement. |
We are always surveying the marketplace, watching trends, and evaluating options for partnering, internal product development, and acquisitions, with Sourcefire as the latest example of that. Corporate Development continues to drive the acquisition or ‘buy’ pillar of Cisco’s three pillars of innovation – build, buy and partner. In a rapidly developing technology landscape, we are constantly evaluating companies who have built and refined best-in-class business models, or mature/proven products and solutions in the market. We particularly look for acquisitions that capitalize on market disruption through new technologies and business models. Cisco will continue to look for opportunities that contribute to the value of the network.
| Q: | Can you explain Sourcefire’s technology or product offerings? |
| A: | Sourcefire is a leader in intelligent cybersecurity solutions. Its Next-Generation Intrusion Prevention (NGIPS) provides advanced threat protection that integrates real-time contextual awareness, full-stack visibility and intelligent security automation to deliver industry-leading security effectiveness and performance. Sourcefire leverages these capabilities as the foundation of its Next-Generation Firewall (NGFW) solution as well, to deliver unmatched performance and scale. The company’s Advanced Malware Protection offering includes a malware defeating solution that provides visibility and control of modern threats – from point of entry, through propagation and post-infection remediation. The solution uses big data to discover, understand and stop advanced malware outbreaks, and provides continuous file analysis and retrospective security. |
| Q: | Can you provide an example of how the Sourcefire’s technology works in real life? |
| A: | One of Sourcefire’s long-standing NGIPS customer’s is a leading U.S.-based electrical power utility that was challenged with regular attacks from advanced malware. Its existing endpoint protection product was detecting and eliminating some threats, however, the recurrence frequency and unexplained network activity indicated that it wasn’t providing a view of the full infection, nor identifying and eliminating its root cause. The company’s sophisticated response team spent a significant amount of time investigating suspicious activity. FireAMP, Sourcefire’s advanced malware solution for endpoints, mobile devices and virtual, working in conjunction with the NGIPS solution, allowed the response team to track suspicious activities back to the core threat, the specific executable, tracking unusual communications back to specific devices and system processes that are responsible. FireAMP also provided visibility into the source of the infection, so that measures were taken to eliminate its recurrence. This visibility into the full extent of the infection, allows the threat to be eliminated and its root cause addressed. By using FireAMP, the company is able to reduce a multi-day investigation and remediation to a matter of hours. |
| Q: | How does the acquisition of Sourcefire fit with Cisco’s push to a more software and services model? |
| A: | Sourcefire offers a combination of appliances, subscriptions and virtual capabilities to their customers, which is in line with the way Cisco offers capabilities to the security market. |
| Q: | What is Sourcefire’s current go-to-market strategy (pre-acquisition)? How have they obtained the customers that they work with currently? |
| A: | Sourcefire targets the Fortune 1000, the Global 2000 and government through a network of channel partners and service providers. |
| Q: | Is Cisco’s acquisition strategy successful? |
| A: | Yes. Cisco’s acquisition strategy has been successful and has delivered positive returns on investment. Over the past 15 years, we have completed many acquisitions that have shown strong financial performance overall, and have strategically placed Cisco as a leader in new markets capturing new innovation trends. Over the last five years, new markets have contributed about one-third of Cisco’s total revenue. Acquisitions have made up the vast majority of our entry into new markets. |
| Q: | How do acquisitions complement Cisco’s new brand direction “Tomorrow starts here” and the “Internet of Everything”? |
| A: | Enterprises and Service Providers are increasingly focused on connecting the unconnected – process, people, data and things – and with the Internet of Everything (IoE), the need for a more intelligent network is even greater. Cisco continues to pursue our innovation strategy to build, buy and partner, to best position us in our priority markets moving forward to strengthen the network and solve our customers’ most pressing challenges. The Internet of Everything requires protection via a continuous, integrated and highly automated approach to protection across the attack continuum – before, during and after an attack. |
| Q: | Where is Sourcefire located? |
| A: | Sourcefire is headquartered in Columbia, MD, a center of excellence for security innovation and talent. |
| Q: | Do you plan to maintain the Sourcefire headquarters in Columbia, Maryland? |
| A: | Yes. Cisco is committed to expanding its presence in the Columbia, Maryland, and Washington D.C. area. |
| Q. | Will Cisco retain the Snort brand? |
| A: | Yes. Over time, Cisco plans to expand its current security solutions by combining Sourcefire’s industry leading technology and products into future offerings, such as Snort. Upon closing of the acquisition, Sourcefire and Cisco will perform impact planning and assessment to plan for broader product/services integration and a go-to-market strategy for the combined solutions. |
| Q. | Will the Sourcefire products become part of the Cisco brand? |
| A. | Together, Cisco and Sourcefire will bring a comprehensive security architecture to the market. As such, it is important that we brand those products in a way our customers recognize. After the close of the acquisition we will provide clarity on the integration and go to market plan. |
| Q: | Who are Sourcefire’s customers? |
| A: | Sourcefire is a leader in intelligent cybersecurity solutions and is transforming the way global large- to mid-size organizations and government agencies manage and minimize security risks. With 2500+ customers in 180+ countries, Sourcefire solutions are deployed in nearly all Fortune 100 companies, 42% of the Global 500, and across all U.S. military branches and in large civilian government agencies. |
| Q: | Who are Sourcefire’s competitors? |
| A: | Sourcefire’s primary competitors are large companies such as Intel/McAfee, IBM ISS and HP/TippingPoint. |
| Q: | Why didn’t you buy Palo Alto Networks, FireEye or other similar security companies? |
| A: | Sourcefire specializes in threat-centric security. Its leading innovation in Next-Generation Intrusion Prevention Systems (NGIPS) and Advanced Malware Protection solutions enable a combination of world-class products and technologies that is more advanced than its competitors and their disparate security offerings. Sourcefire’s approach to real world security problems is synergistic with Cisco’s vision of defending, discovering and remediating |
| threats across the entire attack continuum. Sourcefire is also located at the heart of the Maryland and Washington D.C. area, which is widely recognized as a Center of Excellence for security innovation and will expand Cisco’s presence in the region. |
| Q: | How does the acquisition of Sourcefire support Cisco’s current security efforts in SDN with Cisco ONE? |
| A: | Sourcefire’s software approach to product development complements Cisco’s ONE controller. Sourcefire’s innovation, open source commitment and collective community intelligence, provides opportunities to further execute on Cisco’s security efforts in software-defined networking (SDN) with Cisco ONE. Sourcefire’s open model is similar to the construct of SDN, and the two companies combined will allow for faster onboarding of security capabilities. Cisco believes that the advancements in SDN will be matched with innovative security software that has the capability to address the entire attack continuum – before, during and after an attack. |
| Q: | Does the proposed acquisition of Sourcefire mean Cisco will be closer to PRISM? Was Cisco involved in PRISM? Was Sourcefire? |
| A: | No. PRISM is not a Cisco program and we did not participate in the program. Sourcefire also did not participate in PRISM. Cisco complies with the laws and regulations of the countries in which we operate, and will only provide information to governments in valid circumstances that are required by law. Cisco does not monitor communications of private citizens or government organizations anywhere in the world, and does not customize equipment for specific customers to facilitate the surveillance of users. |
| Q: | When will the acquisition close? |
| A: | The acquisition is expected to close during the second half of CY2013; however, the close date is subject to customary closing conditions and regulatory review. |
| Q: | Who served as the external legal counsel for each party? |
| A: | Fenwick & West for Cisco. Morrison and Foerster for Sourcefire. |
SALES Q&A
| Q: | How will the transaction between Cisco and Sourcefire benefit customers? |
| A: | The acquisition of Sourcefire accelerates delivery of Cisco’s security strategy of defending, discovering, and remediating the most critical threats. With world-class research teams, increased intelligence and expanded threat protection, our customers will benefit from security in more places across the network. Cisco and Sourcefire customers will benefit from the combination of world-class products and technologies to provide continuous and pervasive advanced threat protection across the entire attack continuum and from any device to any cloud. |
| Q: | As a Cisco sales person, may I engage with Sourcefire on sales opportunities now? |
| A: | No. Today, we are announcing our intent to acquire Sourcefire. Cisco’s acquisition of Sourcefire will require approval from antitrust enforcement agencies. While antitrust review is taking place, there are strict legal limits on how Cisco and Sourcefire can engage. |
Until we close the acquisition, Cisco and Sourcefire remain independent companies and continue to compete against each other. During this period, there must be no engagement between the Cisco and Sourcefire field sales teams, including: no joint sales calls or customer meetings, no price/term negotiations on behalf of the other company, and no Cisco-Sourcefire sales team meetings or communications, including no joint planning sessions.
Cisco and Sourcefire sales teams may meet separately with customers to share our vision and deal rationales. A customer facing presentation has been created for your use; this presentation may not be edited or changed in any way.
| Q: | Will Cisco continue to offer Sourcefire’s solution on a standalone basis? |
| A: | We are not able to make any announcements at this time with regard to product development and roadmap. Once we have closed the acquisition, further details will be provided. Cisco and Sourcefire customers will benefit from the combination of world-class products and technologies that provide continuous and pervasive advanced threat protection across the entire attack continuum and from any device to any cloud. |
| Q: | What happens to existing Sourcefire purchasing agreements and maintenance contracts? |
| A: | Cisco plans to continue to work with customers already in contract with Sourcefire. |
Q: What happens to the existing open source communities?
A: Cisco and Sourcefire are committed to partnering with open source innovation to help protect communities and organizations by:
| • | Collective intelligence and open development, which helps reduce the time to protect against advanced threats. |
| • | Creating an ecosystem of multiple contributors across geographies, companies, and communities. |
| • | Representing one of the most successful open source efforts in the industry, Snort, run in part by a community of highly sophisticated security experts. |
| Q: | In what countries are Sourcefire’s products sold today? |
| A: | Today, Sourcefire’s products are sold and shipped to a number of countries around the world. A majority of Sourcefire’s revenues come from the U.S., but about one third is derived outside of the U.S. |
Q: Who should Sourcefire customers contact about Sourcefire sales and services?
| A: | Between now and when the acquisition closes, Cisco and Sourcefire will continue to operate as separate companies. Existing Sourcefire customers should continue their established relationships with Sourcefire for sales and services using the same contact details (i.e. phone numbers or emails). |
Partner Q&A
| Q: | Cisco and Sourcefire share some partners. Will these partners continue to sell Sourcefire Products as they do today? |
| A: | It is our hope that our partners will continue to lead with the combined portfolio based on customer requirements. |
| Q: | I’m a Sourcefire Partner and signed up in part because it differentiated me from Cisco VARs. How can I compete now? |
| A: | Your Sourcefire partnership is still in place. The acquisition of Sourcefire reinforces Cisco’s commitment to providing customers with a secure, intelligent network, a key company priority. Together, Cisco and Sourcefire will combine their world-class products and technologies to provide continuous and pervasive advanced threat protection across the entire attack continuum and from any device to any cloud. Sourcefire partners are a big part of achieving this vision. Cisco recognizes Sourcefire has a great channel, and we are excited to continue working with you to build the business. We expect your prior experience with Sourcefire will give you a leg up in competitive sales, and that the Cisco brand will help you bring the product line to more customers, closing bigger deals faster. |
| Q: | Will the Sourcefire products be sold via the existing Cisco Channel? |
| A: | Cisco will commence targeted enablement of our Channel Partners post acquisition close and continue to rely on the extensive network of partners that Sourcefire has built. If you are a Sourcefire customer, please continue to use the normal sales channel that you are accustomed to. |
| Q: | What is the long term channel offering for Cisco and Sourcefire channel partners? Over time, will Cisco partners be enabled to sell Sourcefire solutions, and will Sourcefire partners be enabled to sell Cisco solutions? |
| A: | The long term offering for Cisco and Sourcefire partner programs is not yet defined. Following the close of the acquisition, the Sourcefire partner program will be evaluated to develop an integrated channel program. At that point, Cisco expects that Sourcefire products will be available on Cisco’s pricelist, allowing qualified partners to be able to sell both Cisco and Sourcefire joint offerings. |
| Q: | Before an integrated partner program is launched, can Cisco partners sell Sourcefire solutions, and can Sourcefire partners sell Cisco solutions? |
| A: | Until the acquisition closes, Cisco will only engage its partners to sell Cisco, and Sourcefire will engage its channel partners to sell Sourcefire. If a partner does not want to wait for an integrated partner program (sometime after the close) to sell both product lines, then Cisco partners wishing to sell Sourcefire must be authorized by Sourcefire, and Sourcefire partners wanting to sell Cisco must be authorized by Cisco. |
| Q: | As a Sourcefire (insert titles) my channel partner is certified to sell both Cisco and Sourcefire. May I engage this channel partner on Sourcefire planning and/or opportunities now? May I work with my Cisco counterpart to begin joint planning with our joint channel partner? |
| A: | No. In situations where a channel partner is certified to sell both Sourcefire and Cisco, you may only engage that channel partner to sell Sourcefire, and you may not engage with that partner on Cisco products in any way. |
Similarly, you may not engage with Cisco employees in any way. While antitrust review is taking place, there are strict legal limits on how Cisco and Sourcefire can engage.
Until we close the acquisition, Cisco and Sourcefire will remain independent companies. During this period, there must be no engagement between the Cisco and Sourcefire field sales teams (either directly or through channel partners): no joint sales calls, no joint planning sessions or customer meetings, no price/terms negotiations on behalf of the other company, and no Cisco-Sourcefire sales team meetings or communications.
Cisco and Sourcefire personnel can separately meet with common partners & customers and discuss the nature and benefits of the acquisition.
SERVICES Q&A
| Q: | Will Cisco support the existing installed base of Sourcefire customers? |
| A: | Yes, Cisco will support the existing installed base of customers within the framework of their existing contracts. Excellent service and support is a priority at Cisco. |
| Q: | What can customers expect with regard to their previous Sourcefire software licenses and support contracts? |
| A: | Current Sourcefire customers should continue to use the same process for support on installed Sourcefire products. Any changes to the process will be communicated to customers. Cisco looks forward to a smooth integration process. |
| Q: | Can the Sourcefire service contracts be renewed, and if so, for how long? |
| A: | Cisco will continue to honor the existing contracts to the existing Sourcefire products via Sourcefire support. In the coming months, Sourcefire and Cisco will perform impact planning and assessment to plan for broader services integration and a go-to-market strategy for Sourcefire products/services. Cisco will communicate any migration plans to Cisco support and contracts when they are available after the acquisition closes. |
CUSTOMER Q&A
| Q: | Will customers be impacted by these actions? |
| A: | Cisco has announced its intent to acquire Sourcefire. This process requires regulatory reviews and approvals. During the announce to close timeline, both companies will operate independently. Upon close, Cisco is committed to promoting a seamless integration for customers. |
| Q. | Do you expect any disruptions in services? |
| A: | Cisco is committed to promoting a seamless integration for our customers. |
| Q: | What types of customers purchase Sourcefire products? |
| A: | Sourcefire is a leader in intelligent cybersecurity solutions and is transforming the way global large- to mid-size organizations and government agencies manage and minimize security risks. With 2500+ customers in 180+ countries, Sourcefire solutions are deployed in nearly all Fortune 100 companies, 42 percent of the Global 500, and across all U.S. military branches and in large civilian government agencies. |
| Q: | What will happen to my current Sourcefire account team, will I need to start working with someone new from Cisco? |
| A: | Until the acquisition closes, we are separate and independent competing companies and as such, we cannot meet jointly with you or with each other. You should continue to work with your Cisco account team and partner on Cisco offerings; similarly, you should work separately with your Sourcefire sales and partner teams on Sourcefire offerings. |
Following acquisition close, your Sourcefire’s sales and partner teams will remain intact and at that time may collaborate with your Cisco account team.
| Q: | Some of Cisco’s product offerings overlap with Sourcefire’s product offerings – what do I buy now? |
| A: | Cisco and Sourcefire primarily have complementary offerings, although there is a small area of overlap. After the close of the acquisition we will provide clarity on the integration and go-to-market plan. Cisco’s Security Services Platform Strategy will evolve to integrate both Cisco and Sourcefire security solutions into a common services platform to be deployed across multiple form factors. Detailed product integration plans and roadmap will be released subsequent to completion of all necessary regulatory reviews and approvals. You can be confident that Cisco is committed to customer success and long term investment protection. |
| Q: | I am a Sourcefire IPS customer and very comfortable with Sourcefire’s security vision and approach. How will this approach evolve under Cisco? |
| A: | Sourcefire brings deep security expertise and market leading solutions to protect against advanced threats. Sourcefire’s security approach of tracking threats through the entire attack continuum before, during and after an attack is a strategic fit to Cisco’s defend, discover, and remediate approach. Cisco is acquiring Sourcefire because Sourcefire’s technology and talent are an important component in evolving our security strategy. Together, Cisco and Sourcefire will combine their world-class products and technologies to provide continuous and pervasive advanced threat protection across the entire attack continuum and from any device to any cloud. |
| Q: | I am a Sourcefire customer and prefer to maintain a focus on Open Source and SNORT. What is Cisco’s plan to ensure that SNORT flourishes once Sourcefire is part of Cisco? |
| A: | Sourcefire was founded on the premise of open source security through its Snort and ClamAV projects. Cisco and Sourcefire are committed to partnering with open source innovation. Sourcefire’s experience in open source will help inform other open source efforts at Cisco, such as Open Daylight, which is an open source controller platform supporting Software-Defined Networking (SDN). |
Q: What will happen to existing supplier contracts such as Netronome?
A: We will continue to honor existing supplier contracts and work with our suppliers to ensure delivery of existing products to market.
Additional Information and Where to Find It
In connection with the proposed acquisition by Cisco Systems, Inc. (“Cisco”) of Sourcefire, Inc. (“Sourcefire”) pursuant to the terms of an Agreement and Plan of Merger by and among Sourcefire, Cisco, and a wholly-owned subsidiary of Cisco, Sourcefire will file a proxy statement with the Securities and Exchange Commission (the “SEC”). Investors are urged to read the proxy statement (including all amendments and supplements) because it will contain important information. Investors may obtain free copies of the proxy statement when it becomes available, as well as other filings containing information about Sourcefire, without charge, at the SEC’s Internet site (http://www.sec.gov). These documents may also be obtained for free from Sourcefire’s Investor Relations web site (http://investor.sourcefire.com/) or by directing a request to Sourcefire at: Sourcefire, Inc., 9770 Patuxent Woods Drive, Columbia, MD 21046.
Sourcefire and its officers and directors and other members of management and employees may be deemed to be participants in the solicitation of proxies from Sourcefire’s stockholders with respect to the acquisition. Information about Sourcefire’s executive officers and directors is set forth in the proxy statement for the Sourcefire 2013 Annual Meeting of Stockholders, which was filed with the SEC on April 24, 2013. Investors may obtain more detailed information regarding the direct and indirect interests of Sourcefire and its respective executive officers and directors in the acquisition by reading the preliminary and definitive proxy statements regarding the transaction, which will be filed with the SEC.
Forward-Looking Statement
This written communication contains forward-looking statements that involve risks and uncertainties concerning Cisco’s proposed acquisition of Sourcefire, Sourcefire’s expected financial performance, as well as Sourcefire’s strategic and operational plans. Actual events or results may differ materially from those described in this written communication due to a number of risks and uncertainties. The potential risks and uncertainties include, among others, the possibility that the transaction will not close or that the closing may be delayed; the reaction of our customers to the transaction; general economic conditions; the possibility that Sourcefire may be unable to obtain stockholder approval as required for the transaction or that the other conditions to the closing of the transaction may not be satisfied; the transaction may involve unexpected costs, liabilities or delays; the outcome of any legal proceedings related to the transaction; the occurrence of any event, change or other circumstances that could give rise to the termination of the transaction agreement. In addition, please refer to the documents that Cisco and Sourcefire file with the SEC on Forms 10-K, 10-Q and 8-K. The filings by Sourcefire identify and address other important factors that could cause its financial and operational results to differ materially from those contained in the forward-looking statements set forth in this written communication. Sourcefire is under no duty to update any of the forward-looking statements after the date of this written communication to conform to actual results.