How Cisco's Sourcefire acquisition impacts its security prospects

Cisco CEO John Chambers has identified security as an area for improvement for Cisco, and the Sourcefire acquisition is a strong step in that direction.

It's interesting how the tech industry works. In late 2011, Cisco was in the midst of revamping itself, its stock was a shade under $14/share, and its investors calling for CEO John Chambers to resign. Today, as Mike Reno from Loverboy used to sing, “The kid is hot tonight, whoa, so hot tonight.” Indeed, Mr. Chambers is on quite a roll, Cisco stock is a shade under $26/share, investors are happy, the entire network product line has been revamped in the past year, and the company is creating some distance between itself and its network completion.

However, despite the momentum by Cisco, it’s hard to say the company has been firing on all cylinders. One of the cylinders that hasn’t been firing well is security. Last year, in a hot market, Cisco security sales fell 4% year-over-year. Over the past couple of years, companies like Palo Alto Networks, Imperva, and Fortinet have grabbed the media headlines in security and made Cisco security look old. In fact, on past earnings calls, Chambers actually called out security as an area that needed to be fixed and something that would be addressed in the future.

The answer to Cisco’s security plans isn’t to try and compete with every best-of-breed appliance vendor at every point in the network. It’s not reasonable and it’s certainly not sustainable. Cisco’s approaching security with an “architectural” framework called Cisco Platform Exchange Grid (pxGrid), similar with what the company does on the network side. This page [pdf] provides a more detailed look at pxGrid.

The concept behind pxGRID is that security intelligence comes from many different sources on the network – firewall logs, netflow and nbar information, and other sources including third-party sources. Cisco’s pxGrid works by aggregating all of the information together and then doing some analytics on it to provide a network-wide view of security rather than security at a single point. In some ways, one could think of this as Cisco’s “big data” security play.

It’s an interesting take on security, but one that makes sense for Cisco given the magnitude of network footprint that Cisco has in many organizations. Given the focus on taking a network-wide, architectural approach to security, I think this morning’s $2.7 billion acquisition of Sourcefire does a few things for Cisco.

In the short-term, Sourcefire gives Cisco security a shot in the arm with some best-of-breed products, particularly the next-gen firewall, and some new security talent to add to the company. From a product perspective, there is a fair amount of product overlap, particularly within the IDS/IPS market. Cisco’s share in this market has declined over the past two years, whereas Sourcefire has more than doubled. Despite the overlap, the acquisition gives Cisco some security “street cred” and makes the company more credible with regards to threat protection.

The acquisition also gives Cisco some security flexibility as the Sourcefire products are software-based. Of Cisco’s last 16 acquisitions, 14 of them have been software- or services-based, so this has been a consistent theme for Cisco for some time. The software orientation gives Cisco flexibility as to how to integrate Sourcefire into Cisco’s products, including a potential NFV play. This also opens the door to the open source community through Snort, its widely disseminated, open-source product line.

Long-term, Sourcefire provides more data, including some application control and SSL inspection capabilities to enhance its pxGrid initiative. More inputs mean more data to analyze, which ultimately means better network-wide security. Sourcefire gives Cisco that.

The 29% premium on the stock price may seem like a hefty price to pay, but Cisco needed the technology to bolster its short-term positioning and also fuel its long-term goals. So, Mr Chambers should put on his Mike Reno headband and red leather pants and sing “The kid is hot tonight,” because, as the song also states, “but where will he be tomorrow?”

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2013 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)