Cisco Security Cloud adds Isovalent for multi-cloud networks
The commercial backer of open source networking and security projects Cilium and Tetragon comes under Cisco's control for cloud-native network security.
Cisco's Security Cloud will fold in Isovalent's cloud-native networking products, which use a Linux kernel utility to automate multi-cloud network security and observability.
The acquisition for an undisclosed sum this week follows Cisco's 2020 investment in the company, co-founded by one of the creators of the Cloud Native Computing Foundation's (CNCF's) Cilium Extended Berkeley Packet Filter (eBPF)-based networking project. Two years later, Google, Microsoft and open source observability vendor Grafana also invested in the company's Series B funding round. Isovalent users included Adobe, Bell Canada, Capital One, Datadog, Palantir, IKEA and Sky, according to a company press release. Managed Kubernetes offerings from major public cloud providers including Google Kubernetes Engine, Google Anthos, and Amazon EKS Anywhere had adopted the Cilium container network interface (CNI) as a default.
Cilium reached graduation status within CNCF in October. Isovalent also created a network security and observability project and product, Tetragon, based on Cilium and its Hubble observability component, which reached version 1.0 in October.
In both cases, project maintainers touted Cilium as a simpler alternative to service mesh in cloud-native networking that doesn't require sidecars to be deployed and managed within Kubernetes clusters. Instead, network policies and observability can be managed within the Linux kernel using eBPF with minimal performance overhead. Because Cilium supports both Linux and Windows operating systems, it can be used to manage Kubernetes environments alongside more traditional virtual and physical servers without having to dig into underlying network details.
All of this adds up to strong appeal for Isovalent and its open source projects in multi-cloud network security and visibility, according to a Cisco blog post.
"A credible hybrid, multi-cloud network security capability is fundamental to easing operational complexity for our customers," wrote Tom Gillis, senior vice president and general manager of Cisco's security business group. "Cisco and Isovalent will build on … Cilium and Tetragon to create multi-cloud security and networking capabilities … from the branch office to the data center, to the public cloud, using one continuous mesh."
Meaningful multi-cloud in the enterprise
Enterprise multi-cloud management has been a common practice in IT for more than four years, but over the last two years, enterprises began to use multi-cloud more meaningfully, according to research by TechTarget's Enterprise Strategy Group (ESG). A 2019 survey of 438 IT professionals found that 76% used more than one cloud service provider, a number that jumped to 90% when 321 respondents were surveyed in 2021. Within those groups, there was another shift: in 2019, just 22% of 302 respondents said they spread their spending on cloud infrastructure evenly across multiple providers, but in 2021, a 63% majority of 149 respondents said they did so.
"We are seeing people using multi-cloud in a more meaningful way," said Bob Laliberte, an analyst at ESG. "As a result of that, IT gets a lot more complicated."
Isovalent also potentially solves a strategic problem for Cisco as it catches up with cloud-native tech, said Shamus McGillicuddy, an analyst at Enterprise Management Associates (EMA).
"Cisco is long overdue to attack multi-cloud networking head-on," he said. "They and other incumbent networking vendors have left that space to the startups."
But amid growing enterprise interest in multi-cloud management as well as in reducing its complexity, IT pros should expect further consolidation similar to this acquisition, according to analysts.
"Every networking and firewall vendor needs to be looking at how they can support cloud-native and service mesh-type architectures," said John Grady, an analyst at ESG. "With Palo Alto Networks introducing a containerized firewall a while back, Juniper has one as well, and now Cisco makes this move -- the trend is clear."
Macroeconomic conditions also make further industry consolidation likely in 2024, said Umesh Padval, venture partner at Isovalent investor Thomvest Ventures and a member of Isovalent's board of directors.
Isovalent received investment despite a general decline in VC tech funding in 2023, Padval said, but that hadn't been true for many startups.
"Public market companies now have their valuations growing, because of [growth in] the market in the last three or four months," he said. "But private companies may not be able to raise money, so there'll be more M&A next year."
The sidecarless security debate
Isovalent's Cilium Service Mesh was the subject of technical debate during KubeCon + CloudNativeCon Europe in April, as service mesh competitors critiqued the security of its sidecarless approach to Kubernetes network management. Experts at Linkerd backer Buoyant and Istio backer Solo.io said that the Linux kernel isn't the right place to terminate mutual Transport Layer Security connections, for example, and that a fully sidecarless approach didn't offer strong enough separation between workloads. Others in the Cilium camp pointed out that similar arguments had been made about virtual machines and containers, which hadn't stopped their adoption by enterprises. And Istio and Solo.io straddled the line between sidecars and sidecarless with the Ambient Mesh project, which launched in September 2022.
Sidecar proponent arguments are technically valid, which means that sidecarless multi-cloud network security requires further layers of defense to fill in some gaps, according to analysts.
"Those concerns aren't without merit, but security companies always have to stay ahead of the bad agents," said Patrick Moorhead, founder, CEO and analyst at Moor Insights and Strategy. "There are no perfect security solutions indefinitely, and it's up to vendors and enterprises to stay one step ahead for perimeter, expulsion, and [to] clean up defenses."
The relative simplicity of eBPF-based tools for multi-cloud networking will likely boost the appeal of Cisco Security Cloud with Isovalent, regardless, said EMA's McGillicuddy, citing a 2023 EMA survey of 217 application delivery professionals that found 3.7% use a service mesh to handle external access to Kubernetes services, while 66.8% use an ingress controller deployed as a container.
"The [sidecar security] argument may be legit, but enterprises are speaking with their wallets," he said.
All eyes on Cisco's integration plans
Cisco's own products could shore up any eBPF-based network security gaps, said Torsten Volk, an analyst at EMA.
"Operating at the kernel level and establishing Level 2 network connections is a capability that has to be handled with care, from a security, health and performance standpoint," Volk said. "Cisco is positioned to figure this out and add these kernel-level capabilities to [its] ACI, Tetration, Intersight, Meraki, and also, AppDynamics. This acquisition can become the source of significant differentiation for Cisco if they can retain the Cilium team and get them to help with the integration."
That might be a big "if" given Cisco's integration track record of acquisitions such as AppDynamics in 2017, which drew criticism from analysts over its slow execution before Cisco launched its Full-Stack Observability product line this year.
"We've seen some localized success of eBPF security approaches, but as the critics say, there are some pretty serious gaps to be filled, and that means development work contributed back to open source software spaces," said Shaun Mouton, principal software engineer at Mastercard. "Cisco has the potential to do right by the community, but we haven't really seen them take on something like this recently that I can think of."
Cisco also plans to support Isovalent's open source projects and intends to create an independent advisory board to help steer Cisco's contributions to them, according to Gillis' post.
There could also be friction between the network, security and observability groups at Cisco as they work on overlapping products in this realm, Laliberte said.
"Splunk is going to be its own business unit, security is working as its own unit, and from the network side, we've seen the Cisco Networking Cloud, where they're trying to bring everything together," he said. "But it remains to be seen what level of integration will occur between them."
Beth Pariseau, senior news writer at TechTarget, is an award-winning veteran of IT journalism. She can be reached at [email protected] or on Twitter @PariseauTT.