Cisco Acquires Security Services Firm Neohapsis

Cisco Systems is driving a stake further into the security market, announcing the acquisition of a Chicago-based security consulting firm with broad risk management, compliance and infrastructure-delivery services.

The company said it intended to acquire privately held Neohapsis in a deal to tap into the growing market opportunity for a broad range of managed and professional security services. In a blog post announcing the deal, Cisco corporate development chief Hilton Romanski said the advisory firm will be merged into the Cisco Security Services organization headed by Bryan Palma, who serves as senior vice president and general manager there. The acquisition is expected to close in the second quarter of fiscal year 2015.

"This will help our customers overcome operational and technical security vulnerabilities, achieve a comprehensive view of their risks, take advantage of new business models, and define structured approaches for better protection," Romanski wrote.

[Related: The Art Of Acquisition: Buying Into Managed Services]

Sponsored post

Cisco Systems has been building out its threat detection services arm around monitoring customer network traffic. It launched a managed threat defense service in March, which combines analytics, hardware and software to detect threats and provide guidance on how to address issues. The company is building its portfolio around its $2.7 billion Sourcefire acquisition, which gives it both intrusion prevention and advanced threat detection capabilities at the endpoint. It also acquired ThreatGrid, a New York-based company with an established base of clients in the financial sector that use its dynamic malware analysis services.

Cisco's move to bolster its security services arm is part of a broader trend of vendors adding services capabilities. FireEye established a services vision earlier this year with its $1 billion acquisition of Mandiant, giving it incident response and deeper engagements with its customer base. In October, British defense industry giant BAE Systems said earlier this month it is acquiring SilverSky to integrate its cloud-based email and managed security services into its portfolio. Larger technology firms are responding to customer demand for security services and trying to get ahead of competitors in plucking talented professionals, said Rick Holland, a principal analyst at Forrester Research.

"Organizations just don't have the resources, and they are seeking outside help for assistance with security incidents and establishing or maintaining their security programs," Holland told CRN. "Cisco and other vendors see the opportunity to deliver those security services; they realize that their customers are struggling just like everyone else."

Partners with strong professional and managed security services practices can, and do, compete head-on with vendors and other established providers, said Jon Sargent, president of Norfolk, Va.-based security services firm Padlon. Sargent, who was previously with a firm that partnered closely with Cisco Systems, said the acquisition is a good one for Cisco, which is trying to reap growth from the rapidly growing market for security services. Sargent's firm specializes in penetration testing, security auditing and software security. It also does some implementation work.

"My costs are lower, so we are more competitive costwise when we compete head-to-head with other players," Sargent said. "Vendors want an in-house option if their customer requires deeper services, and that makes sense, but we are dealing with customers who trust us for a broad range of security services."

NEXT: Buying Into Security Services

Forrester predicts double-digit growth in the security services market driven by increased adoption of security outsourcing by small and midsize businesses. Leaders in the space, which include Dell SecureWorks, Hewlett-Packard, IBM, SilverSky, Solutionary and Symantec, have added, or are building out, deeper security analytics and threat intelligence services.

Organizations face increased challenges when they deploy new security technology but don't address the management and incident response activities associated with it, said Ben Goodman, president of 4A Security. There is logical overlap with partner services capabilities, but partners that have an established base of clients are also addressing the customer demand.

"At the end of the day, it's always going to be a business case, and customers want to derive value out of the security investment they have made," Goodman said. "For Cisco, they have such a broad portfolio that security is integral to nearly every part of their portfolio and they are seeing the need to provide services."

Regional managed services and security services vendors remain potential acquisition targets, according to Forrester. Tokyo-based Nippon Telegraph and Telephone (NTT) has been steadily building out its services in the U.S. The company acquired Omaha, Neb.-based MSSP Solutionary last year. Deloitte added monitoring and threat intelligence to its consulting services through its acquisition of Vigilant.

Symantec also is building out its services capabilities with the introduction of an Advanced Threat Protection service that combines its DeepSight threat intelligence with its managed security services. Check Point introduced ThreatCloud for threat intelligence and managed services.

In addition, IBM acquired Internet Security Systems (ISS) in 2006, establishing its security services practice. Competitor HP picked up managed security services through its acquisition of appliance maker ArcSight in 2010. Verizon acquired CyberTrust in 2007 to establish its managed security services and recently introduced broader network threat detection services. AT&T acquired VeriSign Security Consulting in 2009. And Dell acquired SecureWorks in 2011 for managed and professional security services.