Consolidating for security
Cisco Systems' acquisition this week of security firm WheelGroup signals the rapid convergence of the networking and network security industries.
The deal also may accelerate the already-evident consolidation of Internet security vendors by forcing them to bulk up, perhaps bidding against networking companies moving into security.
And because of WheelGroup's widespread partnering, the deal could force companies looking for "intrusion detection" software, WheelGroup's forte, and a technology that detects hacker attacks on corporate networks, to reevaluate their plans.
"We believe that security will be a natural expectation of the network infrastructure," said Tony Jennings, WheelGroup's CEO, echoing Cisco's own rationale for the $124 million acquisition. "Customers will expect that basic functionality [to be] in the infrastructure and for it to be transparent."
That could spell trouble for Internet security firms with standalone products, potentially speeding up the merger and acquisitions spree among security companies that is already underway.
Analysts say Cisco's acquisition also puts pressure on networking rivals 3Com (COMS), Bay Networks (BAY) , Ascend (ASND), and Cabletron (CS).
It also may force the hands of Internet Security Systems, a WheelGroup competitor that filed last month for an initial public offering, and Check Point (CHKPF), the leading firewall firm.
"We are going to move to a different order of magnitude for acquisitions," predicts Ted Julian, an industry analyst at Forrester Research, who floats the idea that IBM might even buy a company like Check Point, despite Check Point's $1 billion market valuation. Check Point would not confirm IBM discussions on an acquisition.
"Today there is not a security market--it's only a subset of the networking market called security," added Fred McClimans, CEO of research firm Current Analysis, saying security is no longer just add-on hardware or software for a corporate network. "Security becomes just another component in the routing, switching, operating system, and virtual private network (VPN) architectures."
Networking hardware and its complex software are natural places to put security because they control access to corporate networks--a security-aware router, for example, can keep the bad guys off a corporate network altogether.
Already Cisco offers a firewall, both hardware and software versions, and is licensing VPN technology from RedCreek. Ascend, too, has a hardware firewall, though it doesn't show up on the firewall market-share charts. Bay and 3Com have deals to build Check Point firewall software into their networking hardware.
Cisco, as the market leader with a long history of buying and integrating new technologies for its routers, is now pressuring networking rivals to respond to its WheelGroup deal. Cisco is upfront about its long-term strategy for WheelGroup's intrusion detection technology.
"Short term, we think there's still a lot of room for standalone products for about 24 months," said Michael Safly, the Cisco business development manager who put together the WheelGroup deal. "The effort to include intrusion detection in the infrastructure, to make it fundamental, isn't trivial."
But clearly that's where Cisco is headed with intrusion detection, and by extrapolation, with other security technologies.
In the Internet security space, the WheelGroup deal immediately affects ISS and its IPO. It must explain to Wall Street investors why its standalone software--which commands 35 percent market share today, according to Aberdeen Group figures--can survive in the long term as Cisco and other giants move in.
Indeed, ISS has issued a careful statement on the Cisco-WheelGroup deal, despite being in its Security and Exchange Commission mandated "quiet period" before its stock offering.
"Unless you have a dominant position, you cannot survive in this [security] market," ISS stated. "Based on Cisco's historical approach to networking, this will be another point product in the Cisco catalog."
Check Point echoed that line: "Cisco has made several acquisitions in an attempt to catch up," spokeswoman Emily Cohen said. "They are attempting to create another patchwork answer to things by slapping different products from different entities together. But there's no management of anything."
Despite that slam, Check Point's own strategy recognizes the coming together of networking and network security. The company now has three product lines: its flagship FireWall-1, a VPN product called SecuRemote, and a "bandwidth management" offering called FloodGate-1, which prioritizes who gets to use limited bandwidth on a corporate network.
In an announcement due Monday, Check Point intends by year's end to combine FireWall-1 and FloodGate-1 into a single product, a clear sign of the coming convergence. Still missing from Check Point's arsenal: a network management product.
Industry observers remain puzzled why Check Point hasn't itself pulled the trigger on an acquisition. Cohen acknowledges discussions with a wide variety of potential partners but says the right deal hasn't come around yet.
Other security firms have moved faster. Last year Trusted Information Systems (TISX), another firewall vendor, bought Haystack Labs, an intrusion detection software firm.
Also, firewall vendor Raptor Systems has been snapped up by security vendor Axent (AXNT) . And encryption software pioneer Pretty Good Privacy was purchased late last year by Network Associates (NETA).
Network Associates itself is the biggest sign that the network and security worlds are converging--it was created last year in the merger of antivirus firm McAfee and Network General.
Network Associates last month introduced CyberCop, its intrusion detection software--based largely on WheelGroup's technology. Cisco and WheelGroup say the acquisition won't hurt their relations with Network Associates, which even hints this week's deal might deepen its already-cozy ties to Cisco.
"We've been pretty positive about the merger," said Chip Messec, director of product management in Network Associates' security division. "They have validated intrusion detection as a viable way to protect networking and that's a mantra we've been chanting for the last year now."
Messec characterized Cisco's emphasis as "protecting the pipes in the network," while Network Associates "manages the pipes" as well as the applications that go through them.
"There will be complementary products, and there may be some overlap," he acknowledged.
Still to be heard from on the convergence issue are other major providers of network management software: IBM's Tivoli division, Hewlett-Packard (HPW), and Computer Associates.
Reporter Ben Heskett contributed to this story.