OpenDNS Acquisition Gives Cisco Big Security Data

Cisco announced today its intent to acquire big data security company OpenDNS for $635 million in cash.

Cisco continues to spend on security, today announcing its intent to acquire San Francisco-based OpenDNS for $635 million.

OpenDNS’ domain name system and cloud-based security services bring threat data collected from those platforms to Cisco’s security offerings.

“To build on Cisco’s advanced threat protection capabilities, we plan to continue to innovate a cloud-delivered security platform integrating OpenDNS’ key capabilities to accelerate that work,” said Cisco chief technology and strategy officer Hilton Romanski in a statement. “Over time, we will look to unite our cloud-delivered solutions, enhancing Cisco’s advanced threat protection capabilities across the full attack continuum—before, during and after an attack.”

The cash purchase of $635 million—which also includes equity awards and retention-based incentives for OpenDNS employees—is the latest security purchase made by the networking giant. The topper was the 2013 $2.7 billion purchase of Sourcefire, which was followed up by 2014 acquisitions of service provider Neohapsis and malware analysis company ThreatGRID.

OpenDNS will be run by David Goeckler, senior vice president of the Cisco Security Business Group. OpenDNS officials were not made available for comment.

The company’s flagship is its free DNS service, but has evolved into a security-as-a-service model for close to 10,000 customers where it can model, predict and block attacks based on activity it monitors on its network.

Earlier this year, OpenDNS announced NLPRank, an analytics tool that creates a threat model for detecting domains used in criminal and nation-state targeted attacks. NLPRank blends natural language processing, ASN mappings, WHOIS domain registration information, and HTML tag analysis to weed out legitimate domains from the bad ones. For example, it can analyze patterns of behavior stemming from phishing campaigns used by APT groups to gain an initial foothold into an enterprise or government agency. The tool detects fraudulent domains prior to APT or criminal campaigns launching, OpenDNS officials told Threatpost in May, pointing specifically at domains used by the Carbanak APT gang that were identified as malicious and blocked on the OpenDNS network prior to those attacks.

OpenDNS, in 2013, also made available its Umbrella Security Graph to security researchers. Umbrella analyzes attack data, providing details about sources, duration, geography and more. It was given a dry run by Kaspersky Lab during its analysis of the Red October APT espionage campaign, as well as its investigation into the Flame APT. The tool was used to determine attack attributes and locations associated with Red October, as well as identifying domains associated with the campaign.

“The acquisition will extend our ability to provide customers enhanced visibility and threat protection for unmonitored and potentially unsecure entry points into the network, and to quickly and efficiently deploy and integrate these capabilities as part of their defense architecture,” Romanski said. “This acquisition builds on Cisco’s security strategy, adding broad visibility and predictive threat intelligence from OpenDNS’ cloud platform, accessed by more than 65 million users daily.”

Suggested articles