Security Strategies

Cisco Slammed on Security Performance

Cisco has fared poorly in a new index ranking vendors of security products on sales performance, coming in seventh out of eight companies on recent quarterly growth.

Security sales rose just 3% in what Cisco Systems Inc. (Nasdaq: CSCO) refers to as its most recent fourth quarter (covering May to July), to $558 million, compared with the year-earlier period, according to the third edition of the HardenStance Network Security Spending Index (NSSI), which began monitoring security vendors in March this year.

Table 1: Year-on-Year Quarterly Sales Growth

Vendor ranking Vendor Q2 2017 YoY sales growth Q2 2017 sales ($M) Q2 2016 sales ($M)
1 Symantec +33% $1,175 $884
2 Palo Alto +27% $509 $401
3 Fortinet +17% $364 $311
4 Sophos +11% $142 $127
5 Check Point +9% $459 $423
6 Trend Micro +6% $318 $287
7 Cisco +3% $558 $540
8 Juniper -12% $69 $78
Source: HardenStance.

That means Cisco grew at a slower rate than Symantec Corp. (Nasdaq: SYMC), Palo Alto Networks Inc. , Fortinet Inc. , Sophos plc , Check Point Software Technologies Ltd. (Nasdaq: CHKP) and Trend Micro Inc. in their equivalent March-to-June or April-to-July quarters.

Only Juniper Networks Inc. (NYSE: JNPR) did worse than Cisco, reporting a 12% year-on-year drop in quarterly security sales, to $69 million.

Perhaps even more importantly, Cisco also performed badly when measured on sales growth in a 12-month period, coming sixth in the eight-vendor ranking.

Table 2: Sales Growth over 12-Month Reporting Period

June 2017 rank Vendor Growth in the 12 months to June/July 2017 vs 12 months to June/July 2016 12-month sales to June/July 2017 ($M) 12-month sales to June/July 2016 ($M)
1 Palo Alto +28% $1,762 $1,379
2 Symantec +21% $4,310 $3,572
3 Fortinet +20% $1,385 $1,153
4 Trend Micro +19% $1,290 $1,080
5 Sophos +11% $544 $492
6 Cisco +9% $2,153 $1,969
7 Check Point +7% $1,808 $1,689
8 Juniper -22% $301 $387
Source: HardenStance.

Revenues were up 9% in the year ending July, to about $2.15 billion, compared with the preceding 12-month period, putting Cisco behind Palo Alto Networks, Symantec, Fortinet, Trend Micro and Sophos, but ahead of Check Point and Juniper for the equivalent 12-month reporting period.

Despite its comparatively sluggish rate of growth, Cisco continues to rank as the second-biggest security vendor on total sales. But it falls a long way behind market leader Symantec, whose revenues were double Cisco's in the latest 12-month reporting period.

Known as the world's largest vendor of Internet Protocol network equipment, Cisco has made a push into the fast-growing security market as it tries to offset a slowdown at its mainstream hardware business.

But HardenStance founder and principal analyst Patrick Donegan flags concern about several aspects of Cisco's positioning in the security space, including its firewall products. "I continue to hear of customers not being happy with their firewall software," he tells Light Reading.

Donegan also calls into question some of the security claims that Cisco has made about Network Intuitive, its recently announced intent-based networking initiative.

"The ability to detect malware from a encrypted traffic stream with the whole Network Intuitive push may well have real value -- let's see what customers make of it," he says. "But certainly Cisco's initial pitching of it has had far too much of a marketing-driven 'silver bullet' ring to it -- and that's just not the real-world, incremental, risk-mitigating tone that a lot of enterprises expect from a leading security partner."

Want to know more about cloud services? Check out our dedicated cloud services content channel here on Light Reading.

Donegan broadly welcomes Cisco's focus on security but sees a risk that its bullish rhetoric will backfire.

"The core of the security strategy is fine, it makes good sense," he says. "They're just getting a bit ahead of themselves -- talking the talk quite a bit better than they walk the walk. I just don't think that's going to help them in this market space."

HardenStance's latest ranking comes shortly after Cisco was forced to defend the performance of its security business during an earnings call with analysts.

"I have zero concerns about the business -- this is a revenue-timing issue," said Chuck Robbins, Cisco's CEO, according to a Seeking Alpha transcript, after one analyst raised concern about the slow rate of growth in the security business. "We saw some of the strongest order growth in the quarter as we've seen in the last two years ... So the strength in the business I'm still comfortable with."

Along with some other vendors in this space, Cisco's security strategy has been fueled largely by takeover activity over the last few years, including the $293 million acquisition of CloudLock in June 2016 and a $452.5 million takeover of Lancope in late 2015.

Donegan says acquiring a security portfolio, including a number of leading-edge companies, doesn't automatically make for a leader in security. "Buying up a quarter of Bordeaux's vineyards doesn't make you a sommelier. It doesn't even mean you're a great wine merchant," he says. "It just means you own a load of real estate in the south-west of France."

— Iain Morris, Circle me on Google+ Follow me on TwitterVisit my LinkedIn profile, News Editor, Light Reading

HardenStance 9/18/2017 | 4:08:56 PM
Re: can not see All of the large and medium sized security vendors derive the large majority of their revenues from enterprise verticals other than the telecom sector. Most of them view telecom as just one of the several - five or six - unique industry verticals that they serve.
HardenStance 9/18/2017 | 4:05:50 PM
Re: can not see The HardenStance Network Security Sales Index (NSSI) puts together a sample of eight of the largest security vendors and tracks their sales figures as published in their quarterly earnings reports.

Focusing on eight of the largest security players the NSSI provides a pretty robust indicator of how fast the market in security hardware and software is growing using irrefutable data. Hence the very long list of mostly smaller vendors that aren't included.

The NSSI also provides objective benchmarking as to which among the eight security vendors are doing well - and which are doing not so well - relative to peers.

There's a link to full report in Iain's article.

Look for the next edition in December. 

Patrick Donegan (HardenStance). 
bosco_pcs 9/18/2017 | 8:03:10 AM
Re: can not see Probably Iain can answer this better but the vendors mentioned here are in the enterprise space with large piece of the pie. The only one I don't know too much is Sophos but becaue it is more Euro-centric. And some like Kaspersky not mentioned probably because they don't have the metrics and/or too small. I can think of niche providers like CyberArk, Barracuda, Rapid 7 etc.

Additionally, I think Intel (am a shareholder) has mismanaged McAfee into obsolescence. Now that it is in the hand of private equity, who knows what its future hold. It stands in contrast with Symantec, after jettisoning Legato and buying Blue Coat and then LifeLock, it is riding high with the Equifax hack
kq4ym 9/18/2017 | 7:42:33 AM
Re: M&A Cisco seems to have been the recipient of lots of criticism in recent quarters and while they've certainly mertied some, it's still an open question of how their earnings and sales may perform in the future. But they have their work cut out for them to move forward despite sometimes not so good numbers.
CEO03637 9/12/2017 | 10:20:48 AM
can not see Hi, nice article. But I can not see McAfee there ? Is this becasue they are not on NASDAQ ?
HardenStance 9/7/2017 | 4:01:13 AM
Re: M&A Consolidation has already occurred at a pace (as you mention) and still has a considerable way to go.

At the same time, new entrants are pouring into the cyber security market at (an even faster) pace.

In part, buyers are still looking to the big guys to do the consolidating for them. But in parallel we're also starting to transition to more of a global cloud provider model featuring a smaller number of larger cyber security platforms into which multiple independent security software vendors rapidly integrate and hence proliferate rather than being swallowed up by one of the big boys.

Momentum Partners, for example, state that in Q2 VC activity in the cyber security space "saw a tremendous increase while M&A activity declined through 2Q17". They report total announced cyber security M&A volume in Q2 totaling $509M across 25 transactions which they describe as "a significant decline".

The sign of things to come. 
bosco_pcs 9/6/2017 | 1:31:54 PM
M&A Nice writeup but the devil is in the details.

Case in point, while I am a shareholder of SYMC and nice to see its sales growth, it is only fair to point out there is no break out of organic v. acquisitive growth. 

That said, CSCO has been buying growth for as long as I can remember, so it may not be an excuse. Also, while CSCO's business is more diversified, one of its goals is to dominate the security space. 

Upshot? Security is ripe for consolidation. SYMC CEO said so, even after the two big transactions in Blue Coat and LifeLock. So CSCO may have to stop pandering shareholders for a while and start making meaningful acquisitions
HardenStance 9/6/2017 | 10:58:21 AM
headline and body text Wouldn't have been my first choice of headline, Iain, but nice piece notwithstanding that.
Sign In