Cisco users upbeat about security direction

Cisco Systems hasn't always gotten a positive response over its security efforts, the best example being the backlash it suffered after trying to stop researcher Michael Lynn from showing off a Cisco IOS exploit at the 2005 Black Hat conference. But when it comes to the company's more recent moves to integrate security into its product line, customers are optimistic.

The networking giant last week finalised its acquisition of Internet security gateway appliance vendor IronPort Systems for $830 million in cash and stock, and will add IronPort's email and messaging security features into its security product set. Cisco said the acquisition is also a major step forward in the evolution of Cisco's Self-Defending Network initiative.

The IronPort acquisition reflects the larger trend of consolidation in the IT security market, as standalone security vendors struggle to survive and big IT infrastructure providers use acquisitions to integrate more security into its product development lifecycles. In the last month, for example, HP has announced its acquisition of SPI Dynamics and IBM has announced its purchase of Watchfire .

While IT professionals have lauded the smoothness of some acquisitions, such as the merging of Internet Security Systems (ISS) into IBM and the merging of CipherTrust Inc. into Secure Computing Corp., they say they've watched other vendors buy up good security technology only to let it languish.

But Cisco users interviewed in recent days say they're not concerned. They're generally pleased with Cisco's security efforts and believe the vendor will handle the IronPort integration with care.

"I read on Cisco's Web site that some of the reputation technologies IronPort uses to determine if data is legitimate or not are going to be integrated into the IOS and firewall feature-set," said Stephen Escher, network security manager for the Hilton Grand Vacations Company in Orlando, Fla., in an email exchange. "Any additional tools that Cisco provides to examine network data from an upper-layer perspective is useful for network engineers."

Escher's IT infrastructure includes Cisco technology and he is largely happy with the vendor because its products have proven reliable and compatible with the Windows, Apple MacIntosh and Unix-based machines his company also uses. His only criticism is that Cisco products like the Monitoring, Analysis and Response System (MARS) and Access Control Server (ACS) could use better visual interfaces.

Security acquisitions: Cisco bolsters security with IronPort buy: Cisco Systems agreed to buy Internet gateway security vendor IronPort Systems Inc. for $830 million. Will HP do the right thing with SPI Dynamics? Some users say they've watched other vendors buy up good security technology only to let it languish and hope HP won't make the same mistake. Watchfire will help IBM build application security: Analysts have been pushing the Security 3.0 concept this week at Gartner's IT Security Summit, and one analyst says IBM's acquisition of Watchfire illustrates the trend. IBM to acquire Internet Security Systems: Once its $1.3 billion purchase of ISS is complete, IBM says the organisation will run as a separate business unit. IBM will also develop and sell ISS' Proventia appliances.

As for the vendor's efforts to acquire and integrate security technology, he said, "I would rather have a large solution instead of a bunch of smaller [security] vendors who may or may not be there a year from now; not to mention having to support all the different systems."

Eric Nooden, information systems manager for Rockford, Ill.-based Rockford Gastroenterology Associates, does not have a Cisco-based infrastructure as Escher does. But he said he's generally a fan of the company's technology and is planning to incorporate Cisco products into his network in the future.

"We are waiting for our current firewall to die before we move to Cisco's new line of firewalls and security products," he said in an email exchange. "For the last three years I have requested the new firewall and security software and it has been approved, but with the understanding that his firewall has to die or have an unfixable security hole before he can get the new toys."

Nooden also supports the trend of big IT vendors like Cisco using acquisitions to improve their security, and believes Cisco will handle the IronPort integration properly.

"If you look at past purchases of Cisco, specifically Aironet, I think they will handle the [IronPort] acquisition well," he said. "In the beginning, all of Cisco's wireless bridges were rebranded Aironet products. If you purchased a 340 bridge, you had the chance of getting either a box with Aironet branding on it or Cisco's. The 350 Bridge was a smooth upgrade from Aironet to Cisco."

Cisco executives promise an equally smooth transition with IronPort.

"We've lost none of our engineers [in the acquisition]," Scott Weiss, former CEO of IronPort and now general manager of the IronPort Business Unit, said during a recent meeting with editors of SearchSecurity.com and Information Security magazine. "We're not merging IronPort into Cisco. We'll still have the same team, the same office and I don't think the culture is going to change. We're keeping the band together."

Mick Scully, vice president of product management in Cisco's Security Technology Group, promised a seamless integration in which IronPort's talent base is retained and more investments are made in the company's technology. Scully noted that one of the things Cisco looks for when making an acquisition is the talent of the company in question. He added that there has been very little turnover after past acquisitions.

IronPort, based in San Bruno, Calif., was founded in 2000 and has 3,000 customers. Its 400 employees are expected to remain on board and the company will continue to run as a separate business unit in Cisco's Security Technology Group.