- Cisco has acquired three startups in the past week, including cybersecurity firm Kenna Security.
- At this week’s RSA Conference, Cisco execs said they sought out startups with strong data tools.
- That’s because security companies “need to become data companies” to survive, an exec said.
- See more stories on Insider’s business page.
In order to survive in a rapidly shifting industry, security businesses need to focus on data more than software.
That’s the rationale Cisco security executives gave as they laid out the future of the tech giant’s security business, which caters to over 250,000 customers and brought in $3 billion in revenue in 2020. Cisco has been on an acquisition spree, closing deals on three startups in the past week — including the cybersecurity firm Kenna, which was acquired for an undisclosed amount.
At this week’s RSA Conference, Cisco execs said the company is planning to use its recent acquisitions to better use the data it gleans from its massive customer base. While Cisco already markets security software that alerts customers about potential intrusions by hackers, the company plans to build out tools that use AI to process huge swaths of data from customers’ devices to get better at identifying trends and predicting attacks.
The cybersecurity industry is booming, with billions of dollars in revenue and venture capital flowing into enterprise security firms in the past year. President Joe Biden signed an executive order last week in the wake of a spate of attacks on government agencies that will require companies to log and report more data about their cybersecurity, which is expected to funnel even more spending into the industry.
Cisco selected Kenna as an acquisition target in part because of its sophisticated data analytics tools, senior vice president and general manager of Cisco’s security business group Gee Rittenhouse told Insider and other media outlets during a press conference on Monday. The company also bought networking software startup Sedona Systems and event software firm Socio Labs in the past week.
Kenna previously raised nearly $100 million from investors including Sorenson Capital, Citi Ventures, Bessemer, and US Venture Partners. Its latest funding round in 2019 valued the company at $320 million, according to Pitchbook data.
“We are very much moving from a content business into a data business,” Rittenhouse said. “Now we’re able to give this team [from Kenna], which is very good at risk-based analytics, a broader database. Now they can see data from a much larger portfolio.”
Cisco CEO Chuck Robbins echoed that strategy during a keynote presentation at RSA on Monday, adding that Cisco’s position selling networking and telecom equipment enables the company to collect unique data that shine a light on how cybercriminals operate.
“We have so much information about how users are navigating our technology infrastructure,” Robbins said. “We need to take data from all of those interactions and continuously authenticate those users going forward.”
Execs said the company’s priority will be to continue to build out SecureX, its enterprise-security software that offers automated threat detection and passwordless authentication. Deeper data insights made possible by recent acquisitions will likely be licensed to customers through a “premium version” of SecureX, Rittenhouse said.
It’s the latest move in Cisco’s broader strategy to take advantage of its sheer size to compete with smaller firms in the growing $135 billion security industry. Microsoft, another tech giant, similarly uses its wealth of customer data to inform its security tools. (While Microsoft boasts over 400,000 security clients, Rittenhouse says Cisco still considers itself the largest enterprise security provider, on the basis that Microsoft’s numbers include all Azure users, while Cisco’s 250,000 security clients specifically license SecureX.)
Patel also said that while Microsoft has access to data from customers who run its software, Cisco believes that it can gather insights from network architecture in a way that Microsoft can’t.
“There are a few players in security that are going to actually have a fair amount of visibility across different kinds of users,” Patel said. “We happen to have the unique advantage of knowing the network [and] knowing the user.”
In the years to come, Patel expects that other security companies will ramp up investments in their ability to analyze wide swaths of customer data.
“Security companies are in the future going to need to become data companies rather than just software companies,” Patel said. “We’re reaching the tipping point where more and more companies are saying, ‘Hey, we physically can’t manage this level of data complexity.”