Cloud Security Heats up as Sourcefire Pays $21M for Immunet

Sourcefire, a publicly-traded network security company famous for its open source network intrusion detection system called Snort, has acquired cloud-based security startup Immunet for $21 million in cash.

It’s an impressive win for Immunet’s CEO Oliver Friedrichs, a serial entrepreneur who helped found several old-world security companies like SecurityFocus, which was bought by Symantec in 2002, and Secure Networks, which was acquired by McAfee. Immunet only raised one round, a series A of about $2 million, led by Altos Ventures. Clearly, the company was onto something.

The deal may be small, but it could be a precursor to more deals in 2011, a year that a lot of people expect to finally — FINALLY — see real, meaningful innovation in business software. Immunet’s product represents a dramatic new way of detecting malware in an industry that has mostly stagnated among a few large, slow growing players. It uses collective user intelligence and technologies like machine learning to detect and thwart new kinds of threats that cloud-based enterprises and online-all-the-time consumers face. Among other things, Immunet pioneered an interesting approach to use crowd-sourcing to detect how viruses are spreading between friends. Zach Nelson, CEO of Netsuite and a McAfee alum, is on Immunet’s board. (As a side note and more evidence that Wall Street is getting bullish on Internet-based business software, Netsuite’s stock hit a two-year high today as well.)

Immunet’s approach is interesting– and, according to Sourcefire, valuable– because security is one of the biggest reasons companies are loathe to turn all their business units over to the cloud. The company paid $17 million of the deal at closing, and will pay $4 million over the next 18 months as Immunet delivers on product milestones for its enterprise version, currently in production.

Sourcefire’s stock– which has mostly recovered after dramatic swings in the past 52 weeks– was up slightly on the news. Sourcefire isn’t the only one eyeing a disruption in online security: Dell took another step into the corporate software world with its acquisition of a security-as-a-service company called SecureWorks announced yesterday.