"We looked broadly at all the major players ... Sourcefire fit perfectly," Cisco's business development chief Hilton Romanski said in an interview.
Cisco has made it a priority to improve its security and is pushing to offer multiple security capabilities in hardware, software and cloud. Sourcefire is strong in intrusion detection and protection appliances, which is one of the higher growth segments within security.
More acquisitions should be on the way in the tech security sector, which Research firm IDC has said spending this year should generate 7.8 percent revenue growth for vendors.
"We view this morning's news as 'game changing' for the cyber security space as we expect a surge of consolidation to take place over the next 12 to 18 months," Daniel Ives, a tech analyst with FBR Capital Markets, said in a research note.
He added that larger technology players such as IBM, Juniper, Symantec, and EMC could look to acquire smaller security players to help drive growth given the high priority security has in IT spending.
Brian White, an analyst at Topeka Capital Markets, said Dell and Hewlett Packard could also be seeking to expand their security offerings, and the Sourcefire acquisition could be the beginning of more transactions.
Potential targets are smaller, more nimble companies that provide up-to-date network security to combat advanced hacking attacks. Security protection needs have grown more complex with the proliferation of web applications, social media and video streaming.
Cisco said the deal should close during the second half of this year, and it expects the acquisition to be slightly dilutive to non-GAAP earnings in fiscal year 2014.
Cisco Chief Executive John Chambers said in December that Young had a "blank check" to overhaul the business.
RBC Capital Market analyst Mark Sue said in terms of acquisition targets "product, platform, channel integration will be important for Cisco, which has yet to be the customer's first choice for security".