Cisco Could Look to Dell for Security Strategy
Cisco has lost its way when in the security space and is reportedly pulling out the list of acquisition candidates to reestablish itself as a credible player. But instead of pulling out the check book quite yet, Cisco might do well to learn from others who are reinventing themselves with a security makeover.
Send to Kindle
Safe to say Cisco Systems Inc. has lost it’s way a bit when it comes to security.
For the networking firm, there are no short or easy security answers. But when you keep stumbling, it's always a good idea to look to others who seem to be making strides. In Cisco's case, that might be hardware manufacturer Dell Inc.
A Reuters report has called out the fact that Cisco has finally and somewhat publicly acknowledged its shortcomings and is furiously attempting to reverse its fortunes in the security arena. So much so that in December, CEO John Chambers granted Chris Young – senior vice president of the San Jose-based networking firm’s security and government divisions – a “blank check” for the next two to three years to spend as he sees fit to get its security prowess back in the good graces of its customers.
That will be no small undertaking to say the least. While Cisco has attempted to compete with dedicated firms such as Fortinet Inc., Check Point Technologies Ltd., and Palo Alto Networks Inc., it has often placed its much of its marketing and M&A energies elsewhere. Subsequently, security is an area that has often received short shrift.
In 2011, Cisco attempted to reestablish credibility in the security arena with its SecureX product line, a comprehensive framework that enables organizations to set and enforce security policy across an entire distributed network.
But where the networking firm has likely fallen short of the mark is in its lack of security vision, and thus, its ability to act strategically.
Cisco has historically relied on its ability to acquire firms into its fold to bolster its market relevance – almost 160 since 1993, according to Reuters. But its last security purchase dates back to 2009, when it acquired SaaS Web security firm ScanSafe, designed to equip its AnyConnect VPN and mobile clients with real-time security and threat intelligence capabilities.
With no major security purchases in more than three years Cisco has missed countless opportunities created by a rapidly evolving increasingly sophisticated threat landscape, often resting on its laurels with legacy products. And cybercriminals haven't exactly done the same.
On top of that, Cisco has been a day late and a dollar short when it has come to major deals that would have undoubtedly put it a few lengths ahead in the security space. Rumors circulated last year that Cisco was mired in talks regarding an acquisition of Palo Alto Networks before the application firewall firm went public in July 2012.
Unified threat management firm SonicWall was another potential target, but was snapped up by Dell last year.
In security, Cisco has deficiencies in almost every sub-market category, ranging from mobile offerings to intelligence-based threat analytics that detect and nab stealthy Web application attacks.
The net-net? Nimble competitors such as Palo Alto Networks and FireEye Inc. have repeatedly beaten Cisco to the punch, emerging as more relevant, timely and innovative with security offerings that tout antidotes to some of the world’s most egregious threats. And they have increasingly gained notoriety that has served to take market share from more established, but less agile, players.
Cisco’s loss? About 10 percent over the last five years, according to Reuters.
For Cisco, it’s back to the drawing board, and it’s likely brainstorming candidates that have included Fortinet, Sourcefire Inc., and privately held firms FireEye and Barracuda Networks. But the options are coming with heftier price tags -- Fortinet is valued at $3.16 billion while Sourcefire is valued at $1.31 billion -- depleting Cisco’s already shallow pool of targets. Meanwhile, FireEye, headed by former McAfee CEO Dave DeWalt, appears to be prepping for an IPO.
But instead of coming up with a series of one-off acquisitions, Cisco will need to put in some legwork at the front end if it wants to stay competitive in security. That means coming up with a comprehensive end-to-end strategy that addresses the latest security threats from all fronts throughout the entirety of the security stack. Its list will also need to include technologies that apply intelligence and analytics to current threats in multiple environments that include virtualization, mobile and cloud platforms.
In short, Cisco will need to take a few pages out of Dell’s book.
Why Dell? Three years ago, Dell hardly a blip on the security radar. But in light of its flagging hardware business, the Round Rock, Tex.-based PC manufacturer started making investments in enterprise software investments and elsewhere – identifying security software as a critical area going forward.
Since then, Dell has made a series of deliberate and synergistic acquisitions designed to address threats from all angles. Over the last two years, Dell has pulled the likes of SonicWall, SecureWorks, AppAssure, and most recently encryption firm Credent into its fold.
Granted, Dell is still digesting many of its enterprise software products, many of which have yet to sing harmoniously together. But the firm Dell is undoubtedly emerging as a credible player in the threat and security service arenas, underscored by recent launches of vulnerability assessment and Web application scanning services, a SonicWall advanced channel certification, and a series of security enablement and visibility tools that give it added reach in mobile security markets.
Cisco might do well to follow suit. That might mean holding off on an acquisition until it devises a holistic strategy to determine where and how its security purchases will ultimately fit into the stack. But, as proven with others, it might be an approach that will give Cisco the ability to someday realize cruising altitude in the security space.