In a bid to further broaden its product offerings beyond core Internet gear, Cisco Systems said Thursday it would buy security software maker IronPort in a deal valued at US$830 million.
Cisco said the cash-and-stock purchase would enable it to extend its “self-defending network” approach to include protections against spam, spyware and other threats that find their way into networks via various forms of messaging and Web services.
Based in San Bruno, Calif., privately held IronPort was founded in 2000 and specializes in appliances and related software to handle security for messaging, solutions that wrap in enterprise spam and spyware protection.
“We feel there is enormous potential for enhanced e-mail and message protection solutions to be integrated into the existing Cisco Self-Defending Network framework,” said Richard Palmer, senior vice president of Cisco’s Security Technology Group.
“Using the network as a flexible platform to integrate IronPort’s technologies, Cisco will be able to build new security applications as customers’ demands evolve,” he added.
The deal marks Cisco’s attempt to move from the core network infrastructure into the field of application security.
Cisco could find traction if it convinces enterprise customers to build up network security. Because more companies are relying on messaging across multiple platforms — using instant messaging and e-mail to mobile devices as business tools, for instance — the messaging security market is expected to grow rapidly in the coming years.
Patrick Peterson, vice president of technology at IronPort, told the E-Commerce Times the deal is ideal for his company because it will enable it to “keep our own ‘special sauce’ and independence, and at the same time give us resources to alter the scale of what we can attack.”
Immediately after announcing the deal, IronPort engineers “came up with 200 things we could do to link into Cisco’s products,” Peterson said.
“The Self-Defending Network initiative of Cisco is tremendously broad in scope and gives us all sorts of places to play,” he explained. “It may be that some of our security systems that run on appliances can be shifted into routers and servers.”
Cisco can also leverage data IronPort generates about network activity to identify problem areas. “Security has been a big push of Cisco’s for several years,” Peterson added.
Whereas IronPort’s first target was e-mail security and has since rolled out a Web traffic security platform, it believes it will eventually offer a family of security gateways for various types of traffic, including instant messaging and VoIP. Having Cisco’s resources will dramatically cut the roll out time for each new offering.
“Where before we may have figured it would take two or three or four years to get significant market penetration, now we may be talking about six or nine or 12 months,” Peterson noted.
During 2006, Cisco announced nine acquisitions, though most were valued at less than $100 million. By contrast, in 2005, it made a major splash by agreeing to pay $6.9 billion to buy Scientific-Atlanta, the maker of set-top boxes for cable systems, as part of a major push by Cisco to become more of a video infrastructure provider.
Other recent buys have focused on security, including the $51 million purchase of SyPixx Networks, which enables video surveillance systems to link into networks.
Cisco has a history of entering new markets via acquisition, notably using its $500 million buy of Linksys to become a major force in home networking tools. That deal was all but perfectly timed to coincide with the rise of home WiFi networks and the growing popularity of portable computers over desktops.
The IronPort buy may also be well-timed, with the sheer volume of messages being processed by business networks growing by leaps and bounds.
Cisco plans to retain most of IronPort’s 400-plus employees and will continue to run the company as a distinct division from its current headquarters, with Weiss as its president.
Cisco has long been a major provider of network security products and services, and now is adding application-specific security through IronPort.
IronPort had about 7 percent market share in the anti-spam space last year, according to research firm Gartner, giving Cisco a direct competitor to Symantec and others in the security space. That market is projected to grow at a rate of more than 40 percent per year.
The rise of interest in using IP networks to carry voice and messaging traffic has highlighted some of the inherent security vulnerabilities in that technology, Gartner analyst Ray Wagner told the E-Commerce Times.
“Adding security to VoIP traffic will be a major thrust of security and network vendors this coming year,” Wagner said.
The security space has been consolidating for years and saw another burst of merger-and-acquisition activity during 2006, when IBM bought Internet Security Systems for $1.3 billion in October, and EMC dished out $2.1 billion to take over RSA Security.