Cisco buys e-mail security firm for $830m

IronPort brings messaging security smarts

Cisco Systems Inc. said on Thursday that it was buying IronPort Systems Inc. of San Bruno, Calif. for $830 million in cash and stock.

The deal for privately held IronPort, which makes e-mail, Web, and security management appliances, will add expertise in spam and messaging security to Cisco's security portfolio. Cisco plans to use that technology as part of its Self-Defending Network framework, the company said in a statement. The deal is expected to close in the third quarter of Cisco's fiscal year 2007, which ends in April.

IronPort was founded in 2000 and has 408 employees. The company began as an anti-spam firm, using proprietary technology like its AsynchOS operating system and SenderBase e-mail and Web traffic monitoring network to sell high-capacity e-mail security gateway appliances that can quickly vet inbound e-mail, discarding up to 80 percent of inbound spam connections based simply on the reputation of the message's sender.

Spam, which had fallen off the enterprise security radar in recent years, has become a hot issue again, as a new breed of "image" spam has found a way around spam filters and filled up enterprise inboxes once again.

In December, IronPort released statistics from its customer installations showing a 100 percent year-over-year increase in spam message volume to 63 billion messages per day in October, 2006. Image spam accounted for 25 percent of that total, a 421 percent increase from the same period in 2005.

But IronPort has also expanded beyond spam detection into areas such as anti-spyware, Web traffic content inspection, data encryption, and compliance. The company purchased e-mail encryption firm PostX in November, adding message-level encryption to its product offerings. The company also announced a partnership with anti-spyware firm Webroot in October that combined the Webroot RockSafe E1000 SDK in IronPort’s S-Series Web Security Appliances.

As IronPort's technology expanded to meet more challenges, the company became more attractive to major enterprise IT players such as Cisco, said Jon Oltsik of Enterprise Strategy Group.

In a security market that's shifting from mere e-mail security to enterprise messaging security that includes IM, mobile devices, and policy management, Cisco needs to "climb the stack," Oltsik said. "It's not just about perimeter security," he said. “It's about network security, and that means you have to understand that traffic isn't just packets and frames."