Updated: Cisco Systems moves to buy OpenDNS for £405m

The news that Cisco Systems intends to buy OpenDNS for $635 million (£405 million) raises questions about the company's strategy regarding cloud and IoT security.

Updated: Cisco Systems moves to buy OpenDNS for £405m
Updated: Cisco Systems moves to buy OpenDNS for £405m

OpenDNS is known for its free service which promises to filter content and prevent malware attacks for web users. To use it, they simply point their computer or router domain name service at OpenDNS.

It has attracted 65 million customers since it was founded 10 years ago. Since then, it has expanded its service to encompass the corporate network market, working with other security companies and packaging itself as software-as-a-service.

Cisco said the acquisition fits with its new Security Everywhere approach of merging security into the network by adding broad visibility and threat intelligence from the OpenDNS platform. OpenDNS is expected to enhance Cisco's current cloud security offerings.

Hilton Romanski, Cisco chief technology and strategy officer said, "OpenDNS has a strong team with deep security expertise and key technology that complements Cisco's security vision. Together, we will help customers protect their extended network wherever the user is and regardless of the device."

He added that it plans to continue to innovate a cloud-delivered security platform which will exploit OpenDNS' key capabilities to accelerate Cisco's development. Over time, it will look to unite cloud-delivered solutions.

The acquisition of OpenDNS – in which Cisco had invested – is being driven by the growth of the Internet of Things (IoT) which is expected to reach 50 billion devices by 2020. This will create a new wave of opportunities for attackers to breach networks.

The quicker customers can redistribute a solution, the quicker they can detect, block and remediate emerging security threats – the main selling point of OpenDNS's software-as-a- service (SaaS) model.

Michael Khouw, market analyst at The Street, said of Cisco, “The company has been doing a lot of things right, shifting increasingly from hardware to software and cloud-related initiatives. It has decent (and growing) margins.”

Ian Trump, Security Lead at LogicNow, believes OpenDNS is a good product which addresses one of the fundamental protocols that is used and abused by cyber-criminals, namely DNS.

“This is a smart play by Cisco, especially as they force themselves into a SME/SMB market with their Small Business line of products. OpenDNS is a favourite of managed service providers and an easy security win to implement,” Trump told SCMagazineUK.com.

“With the increasing use of encryption in internet connections, looking inside encrypted packets with a certificate man-in-the-middle technique has become increasingly unpopular, especially among privacy advocates. One thing that cannot be hidden, though, is DNS activity. While the packet contents may be encrypted, the source and destination address can't be. This is a good move by Cisco to help fight cyber crime,” he added.

Daniel Druker, chief marketing officer at Zscaler, said this acquisition is another sign that the days of security appliances are numbered due to the “unstoppable growth of cloud computing, mobility and the Internet of Things”.

He said: “The 1990s idea of using security appliances installed in some data centre to protect an employee who today in 2015 is on their laptop sitting in a coffee shop doing their work on the cloud simply no longer makes sense.”

The Forrester Wave on SaaS Web Security Q2 2015 report, issued on 26 June, says that the traditional appliance-based security market is being disrupted and it's clear that Cisco gets this, Druker said.

However, his praise of Cisco contained a caveat: “Cisco says their strategy is to bring together multiple cloud-security solutions into a single platform. The problem is that appliance vendors don't understand that you cannot magically join multiple cloud services. Imagine your Internet traffic trying to hop from cloud to cloud to cloud for security inspection – what a disaster. You can't just plug different cloud computing infrastructures together with wires like you can boxes. You need to build integrated cloud-based security platforms from scratch.”

And he added: “We are standing at a pivotal point for security. Within the next three years, on-premises deployments will become the exception, not the rule. Only those that can adapt to a cloud-based SaaS platform will survive the storm.”