Can Cisco Ride Sourcefire to Cloud Supremacy?

Cisco today announced one of their bigger acquisitions—security specialist firm Sourcefire.  The move is likely linked to the trends in security that I’ve seen in our surveys—most recently the spring survey published in Netwatcher just a few days ago.  It’s also likely to be another Cisco shot at Juniper, whose enterprise strategy is heavily linked to security.

Enterprises have generally had a bit of trouble accepting the idea that security was a problem the network should solve.  For years, they rated it as a software issue even as publicized security breaches illustrated that hacking was a big problem for everyone.  Why?  Because they saw this is an access security problem, thus a software problem.  This view was held by about three-quarters of businesses through the whole last decade.  What changed things was the cloud.

As cloud computing became more a strategic issue, businesses started thinking about security differently.  That started with a dramatic increase in the number who recognized multiple security models—network, access, software.  In just 2 years the number of businesses who saw security as multi-modal increase sharply.  The number who say that cloud security is a software issue fell by 10% in just the last year and there was a significant increase in the number who saw cloud security as a network issue.

For somebody like Cisco, this is important stuff.  If network-based security is linked to cloud adoption, then Cisco clearly needs to be on top of network-based security if it hopes to achieve and sustain cloud differentiation.  Given that Cisco’s main cloud rivals are not network companies, Cisco’s best offensive play would be a holistic network strategy that included security.

That’s particularly true given rival Juniper’s reliance on security for enterprise engagement.  Juniper hit its peak of strategic engagement in security just at the time when network security was about to go on a tear, and surprisingly they lost ground steadily as security-in-the-network was gaining.  Cisco, who dipped a bit in influence in response to stronger Juniper positioning a couple years back, suddenly gained.  I think that can be attributed to Cisco’s taking a more holistic approach to “network” and “security”, something that the Sourcefire acquisition could easily enhance.

There’s also a strategic shift to be considered here.  With operators pushing for virtual appliances, security is an obvious target, and hosted security is also an element in rival Juniper’s plans for SDN and NFV.  Cisco wants to focus both the SDN and NFV debates on expanding higher-layer network services and capabilities, in the former case through APIs like ONEpk and in the latter by introducing more hostable stuff.  Sourcefire could offer both those options.

What isn’t clear at this point is whether Cisco would create or endorse a “structural” connection between security and SDN.  If you do application-level partitioning of cloud data centers—as opposed to purely tenant-driven partitioning—you have the potential for creating access control by creating application-to-worker delivery conduits at the SDN level, meaning that only workers or groups of workers with explicit rights could even “see” a given cloud app.  This is a logical path of evolution for SDN security, but it might be seen to undermine Sourcefire’s model of more traditional IDS/IPS.

One thing for sure; Cisco is viewing IT and networking ecosystemically, a luxury that UCS gives it.  For all of Cisco’s enterprise rivals, there will be a significant challenge in matching that vision.  HP has both servers and networking, but its presence is more in the data center than in the WAN and it’s not been successful in getting traction on its SDN approach.  IBM OEMs its network gear and has been losing strategic influence in all things network.  Juniper needs a superstrong security and data center story, but security has lost ground over the last two years and their data center strategy has been muddled by poor QFabric positioning.

Cisco beats HP and Juniper in security influence even not considering Sourcefire.  IBM and Microsoft still lead Cisco in security influence, but obviously a shift in focus toward network-based security would benefit Cisco and hurt both its higher-rated rivals.  Even now, Microsoft leads Cisco by less than 10% and IBM leads by about 25%.  We could see Cisco take the number two slot by next spring, I think, and threaten IBM a year later.

Security is a big budget hook, the thing that has gotten more investment each year despite economic conditions.  If it can be made to pull through a larger network portfolio, which I think is possible, then it could cement Cisco as undisputed network leader in the enterprise network, and go a long way toward establishing Cisco as the player to beat in private clouds too.

I think the only solution for rivals is to get way out in front of Cisco on the SDN and NFV aspects of security.  Cisco will likely tread softly in creating revolutions in either space because of the impact it could have on their broader product lines.  Since all Cisco’s rivals have a much smaller market share in network equipment, they could afford to poison the well overall just a bit, in order to gain market share in the leader.  Will they do that?  It’s possible, but remember that none of Cisco’s enterprise rivals have been able to position their way out of a paper bag so far.  Cisco has already gained more in security influence than any competitor.  They could do more, still.

Leave a Reply