As part of our end-of-year series of M&A analysis, we look at the deals that mattered in 2011 and assess the prospects for the next 12 months in the enterprise security sector. Where will we see acquisitions, and who might be involved?

(Read the full report here – subscription required)

Sunnyvale, California-based AlienVault has brought in a new management team to help drive the next stage of its growth. The company has announced Barmak Meftah as the new president and chief executive officer, and Roger Thornton as chief technology officer. Meftah previously served as chief products officer at Fortify Software. Thornton incubated and founded Fortify at Kleiner Perkins Caufield & Byers, serving as its chief technology officer and on the board of directors. Julio Casal, AlienVault cofounder and the former CEO, will serve as general manager of the new MSSP business unit, and Dominique Karg, AlienVault cofounder and the former CTO, will lead the OSSIM community as chief hacking officer.

As we detailed in our April long-format report The Cyber-Security Playbook, the greater intrusion sector is composed of two iterations of intrusion-detection system (IDS) technology, built with two distinct threat paths in mind – the network and the host – referred to as network intrusion detection systems (NIDS) and host intrusion detection systems (HIDS), respectively.

IDS technologies have been around since the early 1980s, and were invented to detect anomalous behavior and misuse from a network-centric perspective. These software applications were traditionally deployed to detect external network-traversing threats in a similar fashion to the way airborne warning and control systems and radar arrays were leveraged to provide early warning of conventional military attacks. IDS technologies were born out of a need to provide the same early-warning indicators as traditional defensive technologies, but spread atop a relatively new and somewhat indefensible technological battlefield.

When most people speak of ‘open source intrusion detection,’ however, they immediately think of the venerable Snort IDS project. What most don’t know is that there are several other projects in active development that provide much of the same functionality – and some with even greater features.

(Read the full report here – subscription required)