Interviews

In January, Cisco announced plans to acquire IronPort Systems, maker of communications security appliances, citing synergies between Cisco's threat mitigation, communications, policy control, and management products and IronPort's messaging and Web protection products. This acquisition won't be like most of the ones Cisco makes, says Scott Weiss, the founder and CEO of IronPort, because IronPort won't be integrated into the networking giant but operated instead as a separate unit.

Weiss says Cisco is treading carefully into the messaging security space because it's a new area for the company, but IronPort has been in business since 2000, selling Web and e-mail security appliances to organizations. Cara Garretson recently spoke with Weiss about the $US830 million Cisco acquisition -- expected to close next month, where e-mail security is going and yes, why spammers are so much like dogs.

How do you see Cisco and IronPort's products fitting together?

Strangely enough, the plans are not to integrate the two companies: We're one of three out of Cisco's [approximately] 130 acquisitions that will not be integrated into the mother ship. And I think that bodes well for our customers, at least in the short term. Cisco is walking slowly in this market, mainly because it's a bit different from some of the other security markets . . . it's not just a piece of network gear, we're selling services on top of the boxes we sell. Cisco's plans, which have been publicly disclosed, are that IronPort is not going to be just another product line of Cisco. Cisco [intends to] 'build a center of gravity' around IronPort, so we'll keep operating as an independent business unit, and the plan is potentially to bring in more acquisitions and products under the IronPort moniker.

So what does the acquisition mean for enterprise customers?

Cisco is very strong in the firewall/VPN area, and the firewall as a device does a really good job of locking all the doors. That said, there are two doors left wide open for communications, Port 80 and Port 25. I look at IronPort as saying 'The doors are open, but now we've put a layer of airport security there -- we've got a scanner, and we're only letting in and out what's needed.' So on the Web port and e-mail port, that fills a more granular level of security for those communication holes.

A few acquisitions of messaging security companies have been made in the past year in addition to this one. Does that say something about where is the function of e-mail security headed? Is it meant to be integrated with other products and not a stand-alone product?

I do think e-mail and Web security may merge, or become different facets of a similar category. When you're protecting against threats in your organization, whether they be viruses or spyware, they can come through either protocol. So, as the people putting these threats together become more sophisticated and start blending those threats, I think the defenses also need to be blended.

[Vendors] just doing e-mail will need to get into the Web business. When you [secure] what's coming into the building and what's leaving the building, the competencies you need are for both [Web and e-mail], so I think there are a lot of synergies there to be leveraged.

But you can take from the fact that Cisco wanted to keep us separate that we're not going to be part of a switch or router or firewall per se, it's just a different class of solution.