NEW YORK – Cisco Systems is moving quickly to integrate technology it’s gaining from buying e-mail security firm IronPort Systems.
Company officials said in interviews here about the US$850 million IronPort acquisition, which closed today, that e-mail and Web site reputation datastreams from IronPort appliances will be fed to Cisco firewalls by the end of this year, and then be extended to the company’s routers, switches and other devices in 2008.
The service checks the source of e-mail and Web sites embedded in e-mail against a database of suspicious sites IronPort calls SendBase.
In addition, early next year IronPort’s Layer 4 traffic monitor technology, which watches for spyware signatures, will also be added first to Cisco firewalls in the first quarter of next year and then to other products.
The capabilities should be able to pushed as a software upgrade to users of existing Cisco products, said Richard Palmer, senior vice-president and general manager of the company’s security technology group, under which IronPort will operate as a separate business unit.
In buying IronPort, Cisco is expanding its security offerings from managing networks to include spyware and malware data inspection to begin offering what it dubs wide traffic inspection, correlating information from several network devices.
In the interview Palmer and IronPort CEO Scott Weiss, who becomes the division’s general manager, had few details about product roadmaps beyond initially broadening the feeds from IronPort devices to Cisco devices.
However, Palmer did say that “the vision is to continue to add additional inspection technologies and capabilities” in both companies’ products. One to be added next year will be instant messaging screening, but not though an acquisition. Instead, said Palmer, it would probably be accomplished by striking a partnership deal.
Both Cisco and IronPort have management platforms for that, Palmer said.
While IronPort has been partnering longer than Cisco, Palmer said “we’re consciously building our platform so that we can accommodate third party applications and services so that to do some of this new stuff [inspecting new threats] it doesn’t have to be an acquisition.”
Weiss said the IronPort channel will remain intact. Plans for Cisco channel partners to be trained and certified to sell IronPort products are still being worked on.
Palmer and Weiss also tried to push the message that the IronPort acquisition means Cisco can offer a more end-to-end solution than networking competitors like Avaya and Nortel, or security specialists like Symantec and McAfee. Increasingly, security devices have to be integrated into the network infrastructure so they can talk to each other for the best security, they argued, downplaying point security vendors.
In Palmer’s words, Cisco’s strategy “is a harbinger of things to come in the security market.”
That found some resonance among industry analysts. In January, when the IronPort deal was announced, Gartner analyst Peter Firstbrook wrote that consolidation in the enterprise e-mail security market is now almost complete. IBM and possibly Juniper Networks are the only companies in his view that could challenge.
“Point (security) solutions are typically good for the first couple years of their evolution,” Zeus Kerravala of the Yankee Group, said in an interview. “But they’re at a point now where they need to be integrated into the infrastructure, whether it’s the network or the server farm.”
On the other hand, Cisco’s IronPort play hasn’t provoked consolidation moves by other companies yet, he said.
Most IT managers have welcomed the deal, he said. “There are some very hard core security people who believe your security infrastructure and all other infrastructure needs to remain separate. But for the most part the feedback’s been pretty good.”