Cisco to acquire IDS vendor Riverhead Networks for $39 million

Cisco this week announced plans to purchase privately held Riverhead Networks, a maker of security technology that protects against distributed denial of service attacks, in an all-cash deal worth approximately $39 million.

Riverhead’s products, called Guard and Detector, are hardware devices that attach to network routers. They compare traffic flows to learned profiles of normal traffic patterns, behavior, and protocol compliance to identify and mitigate a range of known, as well as previously unseen, security attacks.

With this information, the devices detect and block malicious traffic without impacting legitimate business transactions. Guard and Detector are targeted at both enterprise and service provider customers.

Cisco says Riverhead’s software will strengthen intrusion detection in Cisco’s routing and switching gear and says it intends to integrate the software into its Catalyst switches and access router platforms, as well as its stand-alone appliance.

News of the plan to acquire Riverhead follows Cisco’s March announcement that it would buy Twingo Systems, a Secure Sockets Layer VPN company, for $5 million. Cisco expects the Riverhead acquisition to be completed in April.

Riverhead was founded in 2000 and is headquarted in Cupertino, Calif., with offices in Tel Aviv, Israel. Cisco says Riverhead boasts customers that are among the “top five application vendors, media companies and financial services firms.” Riverhead has 44 employees. Cisco also had a 10% investment the company prior to the acquisition announcement. The company will become part of Cisco’s Internet Switching Business Unit, reporting to Senior Vice President Luca Cafiero.

Cisco says that the Riverhead software technology is likely to surface as a module for the Catalyst 6500 switch chassis, which also has IDS, VPN and firewall modules available. The software could also be integrated into Cisco routers as part of IOS, or on separate appliance hardware. Cisco says it is still working on the details of how Riverhead technology will be delivered and did not say when any products would be available.

The networking giant says switches and routers running Riverhead IDS technology will be able to weed out suspicious traffic at the network edge and core of an enterprise. This capability improves upon Cisco’s current IDS technology, according to the vendor, which is based on packet inspection and signature matching. With Cisco’s current IDS technology, packets are examined and matched against know attack signatures, identified by Cisco and the security community.

Riverhead’s product, available previously as a network appliance, operates by learning the patterns and behaviors of various traffic on a network — such as applications, Web and e-mail, VoIP and management traffic. The Riverhead appliance then intercepts traffic patterns that vary from the patterns it has learned.

The software can be programmed to alert administrators of these anomalies, or to block or quarantine the traffic on its own. Cisco says this method of IDS does not require constant updating required by other IDS systems, such as virus definitions or attack signature updates.

Cisco also says the Riverhead technology will be integrated into its Network Admission Control program, a multi-vendor effort — announced in November 2003 — to integrate security products into an automated system of locking out unauthorized uses, and detecting malicious network traffic.