Check Point Software Technologies on Tuesday announced an agreement to acquire privately held NFR Security, a maker of intrusion-detection and -prevention systems, for approximately US$20 million.

Gil Shwed, founder and CEO of Israel-based Check Point, indicated the firm has plans to incorporate NFR's Sentivist IDS and IPStechnologies into the Check Point line of firewall, VPN and security management products. Check Point also plans to continue to offer stand-alone IDS and IPS products based on NFR's product line with the Check Point InterSpect internal security gateway.

"We will integrate NFR's technologies into our unified security architecture to provide the industry's broadest and best-managed security solutions," Shwed said, adding there is no timeline for doing so.

The acquisition of Rockville, Md.-based NFR Security, founded a decade ago by IDS pioneer Marcus Ranum, follows Check Point's failure earlier this year to complete the acquisition of IDS and IPS vendor Sourcefire. That deal ran into opposition from the multiagency federal Committee on Foreign Investment in the United States(CFIUS), whichobjected to Sourcefire, whose systems are used in the U.S. military, being acquired by a non-U.S. firm.

Check Point said it already has obtained regulatory approvals related to NFR Security and expects the deal to close by year-end.

"We have passed through a similar process with CFIUS," said Shwed, who added Check Point already has received CFIUSapproval for buying NFR Security.

Shwed said he didn't understand entirely why NFR Security received CFIUS approval but Sourcefire did not, but he added it simply might have to do with the "political situation" a year ago when Check Pointapplied to be approved to buy Sourcefire. "A year ago, they wanted more time to work with the issues," he noted.

NFR Security, which has 22 employees, does not publish figures related to its earnings. While not discussing NFR Security's exact earnings, Shwed acknowledged NFR isn't a big money-maker, but "it isn't losing money. It's at least breaking even." Shwed said the majority of the employees are expected to join Check Point.

Check Point expects NFR Security products to be available on the Check Point price list and via resellers early in the first quarter of 2007. The Sentivist IPS works at speeds from 100Mbps to 4Gbps, with a 10Gbps product expected to be available next year.

Gartner analyst John Pescatore said the NFR Security acquisition is clearly a replacement for the failed merger with Sourcefire.

Check Point buying NFR Security "makes sense," said Pescatore. "Check Point definitely needed the intrusion-prevention capabilities. They have what they called InterSpect, but it wasn't working in the market. They weren't succeeding in IPS."

In contrast, Check Point competitors including Cisco and Juniper already have been building IPS into their firewalls, said Pescatore.

NFR Security was one of the last of the traditional IDS vendors to get into intrusion prevention, Pescatore pointed out. But NFR Security's products and technologies, while not widely deployed, are well respected.

Pescatore said the merger between Check Point and NFR Security will probably work out well because NFR Security has good technologies that can be combined with Check Point's strength in firewalls and management.