While some industry watchers were surprised by the $830 million price tag that Cisco Systems agreed to pay for messaging security specialists IronPort, most analysts agree that the deal opens a range of new opportunities for the networking giant.
In addition to improving the technological underpinnings necessary to deliver the “self-defending network,” experts said that Cisco’s buyout of IronPort, announced on Jan. 4, gives it a foothold in a number of security markets.
Among the sectors that the deal allows Cisco, of San Jose, Calif., to tap into are several areas of the rapidly-expanding applications security segment, specifically around providing network-based defenses for unified communications, Web content filtering and data encryption.
While privately held IronPort, based in San Bruno, Calif., doesn’t publicly announce its revenues, most industry watchers peg its 2006 returns at somewhere between $50 and $100 million.
Even if the firm performed at the high-end of those projections, some observers may question why Cisco was willing to pay such a premium for the company, whose business is primarily built around sales of messaging security hardware.
However, the deal has more implications for Cisco than may immediately meet the eye, said Brad Adams, managing director at investment bank Boston Corporate Finance in Westwood, Mass.
“Even if IronPort is a $100 million company, those types of valuations weren’t the primary driver here; as with EMC’s buyout of RSA Security, at end of day the value of the deal is weighted more toward what they get from the technology they are buying,” Adams said. “What seems like an extraordinary valuation might make sense if you understand what they feel they have to gain.”
What Cisco has to gain, beyond additional products to feed the growth of its overall security business, are technologies that will allow the firm to move aggressively into applications security, he said. By joining that sector of the market the firm won’t just compete against its traditional rivals, such as Juniper Networks, it will begin to do battle more closely with security stalwarts such as anti-virus leader Symantec, which is also set on controlling the niche.
Industry watchers observed that while entering the applications defense space may be out of Cisco’s comfort zone, as most of its security products are focused on defending IT systems infrastructure, the acquisition will go far beyond helping the company merely filter out spam and viruses, IronPort’s best-known talents.
Click here to read more about Cisco’s acquisition of IronPort.
“Some of the more interesting pieces in this deal are the encryption technologies that IronPort bought, along with some of the content compliance tools,” said Paul Stamp, analyst with Forrester Research, in Cambridge, Mass.
“This is somewhat uncharted territory for Cisco, but it establishes a beachhead for them in some big growth areas; if they really want to get into the business of adding value to the traffic they’re processing, then getting into content and policy security is a crucial step forward.”
Stamp said that Cisco is trying to move beyond shifting of packets and involving itself more with the performance and reliability of messaging applications themselves.
Next Page: A link between messaging and the network
“If you think about the applications that everyone uses the network for, such as e-mail and Web surfing, you can’t get into the business of enabling these technologies, as Cisco certainly wants to, without securing them,” Stamp said.
Stamp said that on one hand, this deal is reflects the trend of infrastructure companies integrating security, but on the other hand it shows how Cisco is making a calculated move to rise up into the applications stack.
The analyst believes that Cisco’s ultimate goal with moving into applications security is to create end-to-end software and hardware platforms that allow companies to link messaging programs, including e-mail, instant messaging and VOIP (voice over IP) systems, with networking infrastructure itself.
While enterprises have long maintained layers of technologies to help tie their communications systems together, convergence of messaging platforms is driving demand for more integration between these types of technologies, the analyst said.
Another benefit of the merger for Cisco is gaining access to IronPort’s SenderBase e-mail traffic monitoring service, which already collects data from more than 100,000 sources to detect suspicious behavior and virus outbreaks.
The system could become far more powerful if it is linked to the millions of Cisco nodes around the world, creating a Web traffic reputation service that far surpasses the scale of any similar systems, said Peter Firstbrook, analyst with Gartner, in Stamford, Conn.
Cisco also takes over IronPort’s Web gateway appliance business, selling the hardware meant to protect enterprises from malicious traffic, and enters a market that Firstbrook has tabbed for significant growth over the next several years.
There are only a handful of relatively small vendors playing in this space today, and adding the scale of Cisco to IronPort’s existing technologies could make it a leader in the segment, Firstbrook said.
“As enterprises get better at locking down e-mail, more of them will begin looking at these types of technologies to protect Web surfing,” Firstbrook said.
Cisco executives said that they feel the IronPort deal will provide their firm with a multitude of opportunities throughout the applications security sector and that they expect the technologies acquired through the buyout to filter into a wide array of future products.
“The challenge will be prioritization,” said Jeff Platon, vice president of marketing for Cisco’s security solutions unit. “As we integrate these technologies into our existing framework, we know we can take this in a lot of different directions.”