Today, Cisco announced the acquisition of OpenDNS, a cloud-based web security company for a cool $635M. This acquisition is an interesting step for Cisco, and solidified something we have suspected for quite some time. Cisco, is serious about security and security analytics.
Now, for full disclosure, Anitian did provide some analysis for this acquisition. So this blog entry will only discuss public information.
Starring Martin Roesch
Cisco’s security acquisitions are interesting, because they are not going after traditional security software companies. SourceFire was their last big purchase, but since then Cisco has become a lot more savvy about who and what they acquire. Moreover they are showing a mature, forward-thinking strategy.
We credit Martin Roesch’s influence here. It is obvious from those of us on the outside, that Marty is not just some division head with a nice office. They have not only given him command of their security products, they are actually listening to him. This acquisition shows real strategy, not just “gimmedat market share!” which Cisco was notorious for doing in the past
Marty’s RSA keynote this year was also insightful (which I wrote about in our RSA blog entry from that day). While some people might have found it boring, I heard genius happening. Real innovation and ingenuity is dull at first. This is partially because we lack a frame of reference on which to judge the new ideas.
Log. Data. Repeat.
OpenDNS was not about content filtering or web security. Sure, they make a great product. Their DNS services have been the geek’s choice for nearly a decade. We have used OpenDNS for years and always recommend them to clients. It is a reliable and extremely effective service.
However, it is also free (at least for basic services). Freeware usually makes the money guys lose interest and wander off to their squash games and rowing tournaments. It is difficult to make money when your primary product is free. Unless you are the master of taking free to market, Martin Roesch. It was Marty’s name and Snort’s influence that got those money guys back to the table. But that was not the only thing that brought the polo-wearing investment bankers back in the room.
While OpenDNS might not have the most profitable business model, they do have one thing that is extremely valuable: gobs of rich, delicious data. School districts and colleges all over the world use OpenDNS because it is affordable. Who always gets hacked first? Schools. OpenDNS’s data is exceptionally useful, because it can be easily turned into highly valuable threat intelligence. The kind of threat intelligence that can make a NGFW product work better.
Yep, that four letter curse word you just heard echoing through the streets of Santa Clara came from the halls of Palo Alto Networks. Fortinet will say the same thing, but they need time to engineer it into an ASIC.
Cisco is going to mine all that DNS data for threat intelligence and build themselves a security analytics platform. It is the same reason they bought ThreatGrid, SourceFire, and others. Cisco wants to play the Security Analytics game. And when they play a game, you have no choice but to play along.
Furthermore, OpenDNS is also a cool company. Their RSA presentation on analytics and data visualization was captivating (which we wrote about here). It was the reason I go to RSA. To see smart people doing cool stuff. Now those guys work for Cisco (or they will). That means there are more smart people inbound to Cisco. Again, Cisco is not merely acquiring cool technology, they are acquiring cool people. In today’s world, smart people are more valuable than smart technologies. Because smart people build intelligent things. And Security Analytics is all about intelligence.
Wait, Cisco? What?
What amazes us, is how Cisco has turned around this ship, when they really did not have to. Cisco has consistently trailed on innovation, but they did not have to be innovative. Cisco has had the luxury of lying back on its brand name and zealous channel to maintain market share and rake in cash.
But then Palo Alto Networks happened. For better or worse, Palo Alto pushed everybody to greatness. When people saw how this startup company could out-innovate everybody, well they wanted a piece of that. The endless cycle of breaches also helped fuel this as well.
Now, here we are a few years later and Cisco is on the edge of tomorrow. They are not only fielding competent products, but innovative ones as well.
Of course, it is not all perfect. The FireAmp product needs work. And Marty’s visions from RSA, while fundamentally sound and innovative, need to be polished into something real. Cisco, also has a history of grandiose ideas that never go anywhere, such as their “self defending network” messaging from a while back.
Cisco’s acquisitions, like many others happening right now, are all about Security Analytics. This market continues to form. Cisco will need some other technologies to be a real player. They need a logging platform. Splunk, ArcSight, and Accelops are all potential targets. AlienVault has been getting attention lately, which is good, they could use a good scrub.
Cisco, Raytheon, Blue Coat, Palo Alto, Fortinet – they’re all fighting for the Security Analytics market. All these companies are poised on the edge of tomorrow, the question is, which ones know the future, and which ones will get eaten by the aliens?
Cisco has the power, resources, and now brains to be a formidable player here. We could be heading for a Raytheon-Cisco battle royal. The good news is, that battle will have no losers. We may all win from this.