Cisco pushes IronPort smarts to firewalls

Exec says company wants to ‘leverage the footprint of firewall and switches to better inform customers’

Cisco Systems will begin offering IronPort's security filtering tools to its firewall customers after the networking giant's acquisition of the company closes on June 25.

On tour to evangelize the benefits of the buyout to media, analysts and customers, top Cisco security executives and IronPort Chief Executive Scott Weiss said that the combined company will move quickly to create a software upgrade package that will provide content filtering functionality and behavioral reputation intelligence into the networking market leader's 2.5 million existing firewall systems.

Once the deal closes on Monday, Weiss will assume a role as a senior security marketing executive with Cisco, he said.

The for-pay security add-on derived from IronPort, which has maintained a San Bruno, Calif. headquarters, will allow customers to employ what the company has dubbed as "wide traffic inspection" at the firewall, arming users with more comprehensive network traffic analysis tools, the executives said.

The content filtering package represents only the first of many opportunities borne of San Jose, Calif.-based Cisco's $830 million buyout of the firm, said Weiss and Mick Scully, vice president of product management at Cisco's Security Technology Group. 

"The e-mail and Web filtering capabilities we bring into Cisco's self defending network vision will allow customers to do more granular filtering of traffic traveling across ports that have traditionally been left open by firewalls," Weiss said. "Today, most threats are coming into the network as links embedded in e-mail messages; putting this type of intelligence at the firewall will increase its efficacy in stopping those attacks."

Through blending the malware-distribution data gathered by IronPort's SenderBase IP address reputation service into Cisco's Adaptive Security Appliance (ASA) firewalls, the devices will become more dynamic security filtering gateways that can detect a far greater number of potential attacks before they enter the network, the companies claim.

"As Cisco takes what it has been doing at the network layer and adds content awareness, customers will be provided with a whole new set of traffic monitoring abilities," said Scully. "This is a new business model for us, but we believe we can take advantage of the fact that content filtering has traditionally been a highly-fragmented market."

Scully estimates that the firewall market currently represents a roughly $5 billion annual sales opportunity. By integrating content filtering, which Cisco projects as a $2 billion per-year market that is growing at 30 percent per year, the executive said that the massive networking and security firm expects its products to serve a $10 billion per-annum segment sometime around 2011.

For its part, Weiss said that IronPort is expecting to report growth of 70 percent for its current fiscal year, pushing its revenues over $200 million.

After moving to integrate the filtering specialists' tools into its firewall business, Scully said that Cisco would begin adding IronPort's technologies into its Integrated Services Router (ISR) products.

"We'll be integrating IronPort's content and e-mail filtering technologies into our switching and routing products over the next several years," said the colorful Cisco security executive. "This is a strategy that reaches beyond the current wave of Web 2.0 technologies and services oriented architecture technologies into the next decade and beyond as customers demand more integrated security features."

Weiss said that another immediate benefit of the merger will be an opportunity for Cisco to expand its abilities to provide data leakage prevention (DLP) protection at the network gateway.

"We'll be looking to leverage the footprint of firewall and switches to better inform customers about many different aspects of security," he said. "Anything we can add to what Cisco is already doing has a network effect, and there will be a lot of opportunities for us to help companies monitor for malware and even look into issues such as data leakage prevention."

At least one industry analyst said that the IronPort acquisition dovetails nicely with emerging customer demands to look at patterns in IP traffic to eliminate malware attacks such as botnet programs -- without having a negative impact on their overall network performance.

"When you look at reputation services, if you know who the people are who are sending out spam or malware, there's a big opportunity to filter-out a lot of unwanted content at the gateway," said Andrew Jaquith, analyst with Boston-based research firm Yankee Group. "To do that you must have visibility into the actual flow of data, and that's what Cisco and IronPort should be able to provide."

Selling additional features and services to existing customers is a sensible place for the two companies to begin their joint efforts, but their new products will need to prove their efficacy at stopping threats such as botnets which remain problematic for many large enterprises today, to gain wide acceptance quickly, the analyst said.

"If you know that certain IP ranges are harboring botnets, or see something within the company network trying to communicate with those addresses, you have a pretty good clue that you've got a problem," he said. "That's one of the best potential uses for tying-in visibility into external reputations and correlating that with things going on inside the network."

Jaquith believes that IronPort's technology will find its way into many of Cisco's routing and switching products over the next several years, and he cited the ability to leverage reputation-oriented information about what types of Web sites endpoint devices have visited in Cisco's network access control (NAC) technologies as another potential benefit of the merger.

"Cisco really wants to be thought of as a security player, and for them to do that, it means they needed to move up the stack a couple of layers and start looking at e-mail and layer seven type-applications, they really needed to play in that space," the analyst said. "It's a mature market, and Cisco picked a strong company to help plant its security flag a little deeper."

Join the discussion
Be the first to comment on this article. Our Commenting Policies