Cisco's latest security acquisition launches a threat correlation engine that adds new messaging event-monitoring capabilities to the firm's next-generation appliances.Messaging security specialist IronPort Systems announced the availability of its newest malware and event reporting system on Jan. 23, introducing the technology that will reside in its next-generation gateway filtering appliances.
The company described the technology as an "insight and action" reporting system that can help enterprises gain better visibility into security incidents and policy compliance in order to improve network defenses and ease regulatory audits.
IronPort is also touting the technologys extensible architecture, which it says will support integration with other network reporting tools such as Hewlett-Packards OpenView platform, easing the installation of IronPorts Web and e-mail security appliances into enterprise data centers.
Company officials said compliance requirements, in combination with the rapidly increasing volume of e-mail and malware, are creating serious headaches for IT administrators as they attempt to manage disparate systems that address different elements of enterprise security.
By providing additional reporting tools that can help streamline operations and provide more accurate security incident data, IronPort said its appliances will be able to serve as more centralized management systems in addition to warding off e-mail and IM-borne threats.
The company said it designed the security reporting system to have a unified framework for both Web and e-mail gateways, allowing users of multiple IronPort products to improve their ability to create comprehensive Web security reports regarding malware threats, Layer 4 traffic monitoring, client activity, and Web reputations of e-mail senders and Web sites.
The system also promises more detailed and current e-mail security reports for incoming mail, individual user activity, virus outbreaks and compliance violations. IronPort said the virtual "threat correlation engine" has the ability to track hundreds of different details to produce an integrated set of data that can guide IT administrators as they review and change policies.
The reporting engine can additionally be used to analyze organizations top individual e-mail senders, along with network spam volume growth and details of virus outbreaks, the company said.
For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.
"The reporting system forms the core of [future versions of the companys] E-Mail Security Monitor and its counterpart, IronPort Web Security Monitor, for our Web security appliances," said Tom Gillis, senior vice president of worldwide marketing at IronPort, based in San Bruno, Calif. "Its real-time reports on spam, virus, reputation filters, mail operations and more are all available in a matter of seconds."
IronPort said the reporting system was designed to be utilized by organizations with up to 100,000 users or more, but the same technology will go into products for smaller customers. The system also offers an API for exporting reports to other security and compliance applications.
On Jan. 4, IronPort announced that it had signed a deal to be acquired by networking giant Cisco Systems for $830 million, and the event reporting system could someday find a way into Ciscos NAC (Network Admission Control) security products.
While some industry watchers were surprised by the high price that Cisco agreed to pay for IronPort, most analysts agree that the deal opens a range of new opportunities for the networking market leader.
In addition to improving the technological underpinnings necessary to deliver the "self-defending network," experts said the deal gives Cisco a foothold in a number of security markets, including the rapidly expanding applications security segment, specifically around providing network-based defenses for unified communications, Web content filtering and data encryption.
While privately held IronPort doesnt publicly announce its revenues, most industry watchers peg its 2006 returns at somewhere between $50 million and $100 million. Even if the firm performed at the high end of those projections, some observers may question why Cisco was willing to pay such a premium for a company whose business is primarily built around sales of messaging security hardware.
However, the deal has more implications for Cisco than may immediately meet the eye, said Brad Adams, managing director at investment bank Boston Corporate Finance, in Westwood, Mass.
Click here to read more about what the IronPort acquisition will mean for Cisco.
"Even if IronPort is a $100 million company, those types of valuations werent the primary driver here; as with EMCs buyout of RSA Security, at end of day the value of the deal is weighted more toward what they get from the technology they are buying," Adams said. "What seems like an extraordinary valuation might make sense if you understand what they feel they have to gain."
Other industry watchers echoed those sentiments. "Some of the more interesting pieces in this deal are the encryption technologies that IronPort bought, along with some of the content compliance tools," said Paul Stamp, an analyst with Forrester Research. "This is somewhat uncharted territory for Cisco, but it establishes a beachhead for them in some big growth areas; if they really want to get into the business of adding value to the traffic theyre processing, then getting into content and policy security is a crucial step forward."
Check out eWEEK.coms for the latest news, views and analysis on servers, switches and networking protocols for the enterprise and small businesses.
IT Infrastructure 
