Cisco to buy security start-up

Networking giant will pay $65 million for Protego Networks, which makes software that aggregates data about threats.

Marguerite Reardon
Marguerite Reardon Former senior reporter
Marguerite Reardon started as a CNET News reporter in 2004, covering cellphone services, broadband, citywide Wi-Fi, the Net neutrality debate and the consolidation of the phone companies.
2 min read
Cisco Systems continues to enhance its security capabilities through acquisitions.

On Monday, the company announced plans to buy privately held Protego Networks, which makes software that aggregates and correlates information about security threats, for $65 million in cash. The deal is expected to close by Jan. 29, the end of Cisco's fiscal 2005 second quarter.

Cisco has focused on adding security capabilities to its product line for more than a year now. Last year, the company unveiled its Network Admission Control (NAC) program, a security architecture that combines virus scanning with network policing to keep attacks from entering the network in the first place. From the beginning, Cisco has relied on acquisitions to assemble the pieces necessary to make the architecture a reality. In fact, the critical "trust agent" software in the NAC architecture that sits on users' PCs and communicates with the Cisco policy server came from its acquisition in 2003 of Okena.

Cisco is still pulling together the necessary pieces. In October, the company bought Perfigo, a start-up that develops network access control products. In March, it announced it was buying Twingo, which makes technology for Secure Sockets Layer virtual private networks. The technology is being incorporated into Cisco's WebVPN product.

Cisco says it's confident that Protego's technology will fit nicely into its portfolio.

"The acquisition of Protego further emphasizes Cisco's commitment to network security, and (Protego's) leadership in security monitoring, threat management and mitigation complements our ongoing work in security," Richard Palmer, vice president in Cisco's Security Technology Group, said in a statement.

One of the biggest problems network managers face is making sense of all the security warnings and alerts they get when an attack is detected. Protego has developed software that aggregates these alerts and security threat notices.

But the company's PN-MARS product takes security event management a step further. The software is designed to be aware of network topology. As a result, it can trace attacks through the network and send out new security rules on the fly to firewalls, Ethernet switches or IP routers to kill the attack.

Protego's product is not entirely unique. Several other companies also sell products that aggregate security warnings and alerts. Some of these products, from companies such as NetForensics, ArcSight and Network Intelligence, also support remediation capabilities.

It's easy to see how Protego's technology complements Cisco's existing product portfolio. In fact, the two companies have already been working together. Protego is currently a member of Cisco's AVVID partner program, and the companies have been working together to sell security products to customers.

There are other ties among the two companies. Both of Protego's founders came from Cisco. Imin Lee, Protego's CEO, led development of Cisco's next-generation policy management product. Partha Bhattacharya, CTO of Protego, was architect and technical lead for several of Cisco's security products, including Cisco's firewalls, IP routers, virtual private network gear and intrusion detection devices.

Protego was founded in 2002 and has 38 employees. Cisco plans to retain the entire Protego team, which will be integrated into its Security Technology Group.