Just before Halloween (10/27), Cisco announced its acquisition of security analytics veteran Lancope for $453m. Given the timing of the deal, it’s fair to ask an appropriate question: Trick or treat?
There’s no debate here – treat. With the Lancope purchase, Cisco walked into the security analytics neighborhood, knocked on just one door, and grabbed a bag full of candy. Okay, enough of the Halloween metaphors, this was a very good deal for Cisco for several reasons:
Lancope was already extremely Cisco friendly. The two companies have had a close sales and marketing relationship for years and a good chunk of Lancope revenue was directly attributable to the Cisco salesforce. Heck, Cisco is a Lancope customer itself. As Cisco dedicates more resources to Lancope, it will pull StealthWatch (Lancope’s product) into even more deals, especially in geographies where Lancope had a minimal presence.
- Lancope complements Cisco’s cybersecurity strategy. Over the past year, Cisco has been pushing a strategy highlighting the network as an infosec sensor and enforcer. In other words, networks offer great security telemetry for analysis and when security issues are detected, networks can be instrumented for automated remediation as part of incident response (note: see my blog on this topic). Lancope is already tightly coupled with this strategy as it analyzes network telemetry (NetFlow, PCAP, etc.) and is integrated with Cisco technologies for network profiling and enforcement like its identity services engine (ISE) and TrustSec. In this way, Lancope can make Cisco products work more effectively and efficiently.
- Lancope adds deep network security knowledge resources. Before anyone focuses on Lancope’s payout, it’s important to recognize that the company paid its dues to achieve this ultimate goal. Lancope has been around since 2000 and remained independent and successful after many other network behavior anomaly detection (NBAD) vendors were long gone. Over the years, Lancope has built a very experienced team that knows how to instrument networks, collect telemetry, and analyze L3-7 data at a level that few can match. This skill set is a great match with Cisco managed and professional services including Neohapsis, OpenDNS, ThreatGrid, etc.
In closing, I want to add a few additional points:
- It took some guts for Cisco to get back into security management after its rise and fall with Cisco MARS a few years ago. IBM made a similar bold move when it acquired QRadar (i.e., Q1 Labs), which was IBM’s third different SIEM product at that time. With the addition of Lancope, Cisco has as broad a portfolio of cybersecurity products and services as anyone and is one of few vendors with the assets to engage in strategic cybersecurity discussions at the “C-level” with large enterprises.
- I’m not a financial analyst but in my humble opinion, Cisco’s acquisition of Lancope was a true bargain. For less than a half billion, Cisco got an installed base, revenue stream, a mature enterprise-class product, and a very experienced team. Question for Sand Hill Road: Can the $1b+ valuation Unicorns you are crowing about offer ANY of these qualities?
- I hope that this deal finally makes NetFlow analytics more ubiquitous in the cybersecurity domain as it is extremely valuable when done correctly. It’s likely that Arbor Networks, IBM, LogRhythm, and others will field more questions (as well as RFIs/RFPs) on this type of technology moving forward.