Cisco goes deep into network security with Lancope acquisition

Cisco forks over $452.5 million for security company Lancope to gain greater insight into events on the network

Cisco goes deep into network security with Lancope acquisition

Cisco continues its shopping spree to bolster its Security Business Group, scooping up network security company Lancope.

Cisco plans to integrate Lancope’s StealthWatch suite with its current security portfolio to give organizations better visibility in what is happening in their network. Lancope specializes in security intelligence, threat visibility, and network behavior analytics. Lancope’s team will join Cisco’s Security Business Group.

Cisco knows Lancope well, as the two companies have had a strategic partnership for several years. Under the terms of the deal, Cisco will pay $452.5 million, as well as "retention-based incentives" for Lancope employees who join Cisco. This acquisition is not only about technology -- it also involves talent, said David Goeckeler, senior vice president and general manager of Cisco’s Security Business Group.

“Lancope has been part of Cisco’s security solution for many years through a successful commercial relationship, and now we are coming together as one team,” Robert Salvagno, head of Corporate Development and Cisco Investments, said in a blog post announcing the acquisition.

The Security Everywhere initiative is the result of the rise of the Internet of things and the shift toward a digital economy, Cisco officials said back in June, when the initiative was announced. The goal is to add security throughout the network, from systems running in the data center to the campus networks and reaching to the cloud and the endpoints in the hands of users. There are three core principles: providing enterprises with real-time visibility and understanding of the behavior of every device on the network, tools to better identify threats, and an integrated architecture bringing different capabilities together.

Lancope’s capabilities will provide organizations with more information about what is happening on the network as well as big data analytics to understand each piece of information and to identify threats. Cisco gains contextualized threat intelligence via Lancope’s analytics platform, which would expedite both detection and response time. Enterprises need to minimize dwell time, or the time attackers spend in the network after the initial intrusion, to protect data assets from being stolen.

“The addition of Lancope to Cisco’s Security Everywhere initiative adds a critical network-based sensor for greater visibility into in-flight threats,” said Doug Cahill, a senior analyst covering cyber security at Enterprise Strategy Group.

Cisco has been busy on the acquisition front recently. The networking giant announced plans to acquire data analytics technology developer ParStream for its data and analytics group earlier this week. On the security front, Cisco bought cloud-based security platform OpenDNS for $635 million, security consultancy Portcullis, and security advisory company Neohapsis. And that’s 2015 alone. Cisco spent $2.7 billion for Sourcefire in 2013 and ThreatGRID for an undisclosed sum in 2014.

The acquisition is an “interesting” one, said 451 Research’s Dan Raywood, as Lancope is not in behavioral analytics, threat intelligence, or forensic investigation, the three most dynamic areas at the moment for IT security. But it complements past security deals as it would sit well with visibility and white/blacklisting from OpenDNS and threat intelligence from ThreatGRID; in addition, it would provide good services to Portcullis when all the deals are done.

Lancope provides network visibility and OpenDNS provides visibility in the cloud, said Goeckeler. Insights gleaned from Lancope’s technology could be applied to the OpenDNS platform to apply controls on what employees cannot do. Portcullis and Neohapsis beefed up Cisco’s security services and consultancy, which drives the company’s focus on an integrated architecture.

“We don’t want just more products. We want to integrate them into an architecture to drive automation and efficiency,” Goeckeler said.

"Real-time visibility and understanding of the behavior of every machine or device on the network becomes critical in adapting the ability of enterprises to identify and respond to the next wave of cyber threats," Salvagno wrote in the blog post.

Copyright © 2015 IDG Communications, Inc.

How to choose a low-code development platform