Cisco today turned its security strategy in a new, application-oriented direction, acquiring messaging security vendor IronPort Systems for $830 million in cash and stock.
IronPort, a five-year-old, privately held company, makes appliances for Web security and management, but it is best known for its email security appliances, which help filter spam and detect malware in large and small enterprises as well as Internet service providers. Eight of the top 10 ISPs, as well as large enterprises such as JetBlue Airways, are IronPort users.
The move is something of a departure for Cisco, which has acquired many security vendors over the years but has generally kept those acquisitions focused on targets that operate at the network level. Experts say today's move could indicate that the company is shifting its considerable weight toward a broader role in the security industry, just as software giant Microsoft has done.
"If I were a security vendor, I would be kind of nervous," says Rob Enderle, president and founder of Enderle Group, an IT consultancy.
Is Cisco about to become an 800-pound gorilla in the security space? "I would argue that we've been one for a while now," laughs Jeff Platon, vice president of security marketing at Cisco. "We just haven't been throwing our weight around that much."
Cisco moved past the network-only security niche some time ago, with the acquisition of security management vendor Protego and the introduction of the Cisco Security Adapter, Platon says. While Cisco's NAC effort and the new CSA products target the end point, the IronPort acquisition takes it up the application stack, he notes.
The IronPort deal demonstrates that Cisco is not discriminating between network security, application security or end point security. "Customers have been telling us for some time now that those distinctions only make the whole problem more complex," he says. "They want to be able to solve problems across all of those boundaries."
Cisco called the acquisition a "natural extension" of its security portfolio, which includes threat mitigation, policy control, and security management. The company plans to integrate the IronPort technology into its Self-Defending Network framework, according to Richard Palmer, senior vice president of Cisco's Security Technology Group.
"Using the network as a flexible platform to integrate IronPort's technologies, Cisco will be able to build new security applications as customers' demands evolve," Palmer said.
Some experts are skeptical that Cisco will be able to broker a successful marriage between network security and messaging security.
"The acquisition makes Cisco look good on paper, but the reality is that in the security space, there have been very few true integrations after an acquisition," says Ira Winkler, author of The Spies Among Us. "[The acquisitions] end up being point products that vendors can more easily sell. It makes it easier to [buy] for the end users, but rarely does the functionality become easier to install and maintain."
"It's true that IronPort's SenderBase network and database provides insight to global email patterns in a way that could make Cisco networks react in real time to emerging threats," says Robert Richardson, editorial director at Computer Security Institute. "It's an interesting possibility, but it's not something that automatically follows from the acquisition."
But Enderle sees the IronPort purchase as part of a bigger vision. "This appears to be an attempt to do network security more comprehensively than I've ever seen done," he says. "Spam and attacks on email systems are a good deal of the traffic problem that companies are experiencing today."
Tim Wilson, Site Editor, Dark Reading