Cisco Lands Denial-Of-Service Security Vendor

Cisco Systems is adding yet another information-security vendor to its tool belt. It said Monday it plans to acquire Riverhead Networks, a privately held startup that's best known for software that defends networks against distributed denial-of-service attacks. Cisco will pay about $39 million in cash for Riverhead. The deal is pending typical closing conditions, but Cisco says it's expected to be finalized by the end of the company's third quarter.

Riverhead's software works by studying network traffic and then develops profiles for "normal" traffic-behavior patterns and compliance with network protocols. The software then works to block any traffic it deems malicious. Riverhead competes with security vendors dedicated to protecting network traffic, including Arbor Networks Inc. and Mazu Networks Inc.

Riverhead Networks was founded in 2000 and was known then as Wanwall. Its launch followed several successful high-profile denial-of-service attacks against major Internet properties, including CNN.com, eBay, and Yahoo.

Riverhead is the latest in a string of recent security-vendor acquisitions for Cisco as the maker of network equipment continues to aggressively round out its security portfolio to fulfill its promise of a "self-defending network." Earlier this month, Cisco acquired another security startup, Twingo Systems Inc., for about $5 million in cash. That deal is expected to close by the end of next month.

Twingo Systems makes software that helps secure remote-computing devices that connect to company networks through Secure Sockets Layer VPNs. The software also deletes data that could pose security and privacy risks from end-point devices, including E-mail file attachments, cookies, Internet history, and temporary files.

These acquisitions follow several others Cisco has made in recent years. In January 2003, Cisco acquired intrusion-prevention software maker Okena Inc. in an all-stock deal valued at $154 million. And in October 2002, Cisco acquired little-known Psionic Software Inc. for $12 million in cash. Psionic was a maker of software designed to help reduce false alerts that often plague intrusion-detection systems.

Despite much of the hype from security vendors surrounding recent E-mail viruses, for the past couple of years large companies have been reporting a decline in the costs they endure from E-mail-borne virus attacks. And in last year's annual Computer Security Institute/FBI Computer Crime and Security Survey, the 251 companies that responded to the survey reported about $27 million in losses from virus attacks, down from nearly $50 million in 2002. But the costs associated with denial-of-service attacks leaped from roughly $18 million in 2002 to roughly $66 million in 2003.