March 22, 2004 1:54 PM PST

Cisco buffers defenses with security buy

Cisco Systems announced on Monday that it will buy hardware start-up Riverhead Networks for approximately $39 million in cash, its second security acquisition in less than a month.

Technology from Riverhead should help the networking giant beef up its intrusion prevention offering. The Cupertino, Calif.-based start-up makes devices that protect enterprise and service provider networks from distributed denial of service (DDoS) attacks.


Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.


DDoS attacks flood networks with millions of packets, causing servers and routers to freeze. These attacks can wreak havoc on enterprise and service provider networks and cause significant loss of productivity and down time. Riverhead's technology, which identifies traffic patterns by comparing traffic flows, can quickly and accurately identify these attacks, helping mitigate a broad range of problems. For example, because many worms and viruses are distributed through mass e-mails, the Riverhead technology could also help prevent those types of attacks, too.

Cisco said the acquisition fits in well with its announced security strategy. The company, based in San Jose, Calif., has recently been adding to its existing portfolio with products that extend security from end to end. These products are designed to help networks identify threats; react appropriately, based on risk level; isolate infected endpoints; and reconfigure network resources in response to an attack, according to Cisco.

The announcement of the Riverhead deal comes two weeks after Cisco said it would spend $5 million to acquire Twingo Systems, a maker of virtual private networking (VPN) technology.

Some analysts say Cisco still has some holes to fill in its security portfolio.

"I think it's important that Cisco is recognizing that intrusion prevention is important," said Richard Stiennon, a security analyst at Gartner. "But the Riverhead product doesn't offer a complete solution."

Stiennon said Cisco still lacks key intrusion prevention technology. Riverhead's devices must allow some amount of traffic to get through to the network in order to learn traffic patterns and determine which streams are likely to be from an attacker. Stiennon said Cisco still needs technology that will stop the very first packet containing a virus or worm from entering the network.

Stiennon and other analysts, including Jeff Wilson of Infonetics Research, believe that Cisco will continue to look for start-ups in this area to round out its lineup.

"I'd expect (Cisco) to look at companies with products in the higher layers of security," Wilson said. "Security gateways that do deep packet inspection and intrusion prevention are likely candidates."

Security has been a hot area for acquisitions this year. In February, Juniper Networks, Cisco's key network gear rival in the service provider market, announced that it would buy NetScreen Technologies, a firewall and VPN gear maker, for $4 billion. But analysts believe that the NetScreen acquisition will likely be the exception rather than the rule in the future.

"There are plenty of small start-ups out there, but I don't think there are any others that will go for $4 billion," Wilson said. "They'll all be much smaller, like this one."

Cisco said in a statement that it expects the Riverhead deal to close in its fiscal third quarter of 2004.

 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.