Cisco announced this morning that it plans to acquire Equal, a cloud-native security and networking startup that should fit well with the company’s core networking and security strategy. The companies did not share the purchase price.
Isovalent helped develop eBPF, a core open source technology that gives developers deep knowledge of the operating system layer, typically Linux, but also Windows, while Cilium, another open source project created by the startup, gives visibility into cloud native applications. Tetragon is the company’s open source security visibility component.
Tom Gillis, senior vice president and general manager of Cisco’s Security Business Group, says that the combination of these three elements used to be provided by a hardware device, but in the cloud world it is increasingly driven by software. “In a cloud world, there are still boxes in there somewhere, but it’s abstracted under layers and layers of software. And so eBPF and Cilium provide that visibility into the cloud world,” he told TechCrunch.
In particular, this includes being able to see exactly what is happening as an application interacts with the network and being able to determine whether or not it looks normal. “What it allows anyone to do is provide a very high level of visibility into the inner workings of an application. So when a small container talks to another container, Cilium can intercept and see that traffic, and it can also see the inner workings of the operating system itself,” he said. “So this becomes a platform that allows us to provide connectivity, as that particular cluster should talk to that particular cluster, yes or no. But also security inspection, like what are they talking about? Makes sense; Does this thing make sense?’
It’s worth noting that Cilium is the default connectivity and security component for Google Kubernetes Engine, Google Anthos, and Amazon EKS Anywhere. It is also used by large enterprises such as Adobe, Bell Canada, Capital One, Datadog, Palantir, IKEA and Sky.
It’s always difficult when a big company buys a startup based on popular open source projects like this, and it could potentially cause disruption to both the community and the big companies that depend on that software. Isovalent has key roles in Cloud Native Computing Foundation (CNCF) and eBPF Foundation, where they are also major code contributors. But Gillis says it’s in everyone’s best interest for open source pieces to thrive as a standard going forward.
“For that to happen, Cilium and eBPF need to thrive, and so the community needs to continue to embrace them because the ubiquity of the standard is what makes it so powerful,” he said. Gillis sees it much like Kubernetes, which was created by Google and then open sourced. “I often say it’s the Kubernetes of the data path. It allows it to be an open standard that everyone can participate in, it allows everyone to innovate on top of this platform and create amazing products,” he said.
Jeetu Patel, executive vice president and general manager of security and collaboration at Cisco, said it’s important for companies to work together on security. “One of the challenges we’ve said is the real enemy [in security] It’s not your competitor, it’s the [common] opponent. And we need to make sure that we stay open in that market and co-innovate, and I think open source is probably one of the best models to co-innovate with,” Patel said.
Cisco was familiar with the company even before today’s announcement, having participated in the company’s $29 million Series A in late 2020. The startup added a $40 million Series B in 2022 with Cisco also participating along with other strategic investors such as Microsoft, Google and Grafana Labs.
Cisco has been extremely profitable this year, with this representing the company’s eleventh acquisition, its fifth security-related. The biggest by far was the $28 billion Splunk deal announced in September.
That deal is expected to close sometime in the second quarter of next year (the company’s third quarter of its fiscal year).
