By: Pete Robertson, Principal Consultant

In December 2023, Cisco announced their intent to acquire Isovalent, a cloud-native network and security startup, whose expertise significantly bolsters Cisco’s ability to address the ongoing challenges and complexities of operationalizing and securing modern applications – especially in multi-cloud environments.

Cisco’s Recent Cloud Plays

In the early days of cloud, the established industry giants (including Cisco) struggled to evolve and find relevancy as Amazon Web Services, Microsoft Azure, and Google Cloud Platform began to rapidly win enterprise customers. Many early offerings from Cisco were attempts to extend successful on-premises solutions into the cloud with limited success and little adoption.

But over the past year, Cisco has indicated (by their acquisitions) a clear and exciting shift in strategy to address cloud challenges with solutions built for the cloud – not retrofitted. In early 2023, Cisco acquired Valtix, a cloud network security company. The Valtix technology was incorporated into Cisco’s portfolio and is now available as Cisco Multicloud Defense, offering a SaaS control plane for securing and observing multi-cloud IaaS (and some PaaS) workloads. Next came Lightspin, a Cloud Security Posture Management (CSPM) solution that Cisco acquired in March to help deliver prioritized and contextualized remediation recommendations in highly dynamic environments with ephemeral workloads. Multiple acquisitions were made in the data analytics and generative AI space, capped off with Cisco’s announcement of their intent to acquire Splunk, the long-term leader in cybersecurity, controlling the majority market share of enterprise SIEM and SOAR solutions. Together, these acquisitions position Cisco to build a robust cloud-native portfolio capable of addressing complex networking challenges while delivering consistent security and deep visibility.

The Impact of Isovalent

So, where does Isovalent fit? Containers have become a de facto standard for modern app development, but container-based environments are complex to deploy, scale, and manage. Orchestration platforms such as Kubernetes are used to simplify operations. While platforms such as Kubernetes do most of the heavy lifting, when it comes to networking, container environments need multiple network services provisioned to successfully function. Recognizing that there are multiple ways of doing this, and that customers have a wide variety of requirements, the Cloud Native Computing Foundation (CNCF) launched the Container Network Interface (CNI) project to develop a standard framework to allow container orchestration platforms – not just Kubernetes – to make calls to different network providers via a plugin. Isovalent’s most widely adopted software is the open-source CNI plug-in known as Cilium.

Cilium differentiates itself from other CNIs by leveraging eBPF (extended Berkeley Packet Filter) to run programs in privileged space (like the underlying Linux Kernel on which all container platforms run). This affords Cilium the ability to dynamically program the Kernel for highly performant network services, including the visibility and security of traffic being passed at that layer. Due to these advanced capabilities and the developer community’s consensus on its simplicity, Cilium has become a popular choice of CNI, displacing earlier CNI offerings such as Calico and Flannel. It has also become the CNI of choice in several widely adopted hyperscaler PaaS offerings, such as Azure’s Managed Kubernetes Service (AKS), Amazon’s Kubernetes On-Premises service EKS Anywhere, and Google’s Kubernetes Engine (GKE).

This is where Cilium is exciting. As a widely adopted CNI, it can provide advanced services such as multi-cloud container networking, where apps are distributed across different container platforms and clouds (whether multi-cloud or hybrid). Isovalent has also leveraged eBPF to develop transparent security observability and real-time runtime policy enforcement in a solution known as Tetragon. AHEAD is watching closely to see how Cisco intends to integrate Tetragon into the broader security portfolio, as the possibilities are compelling.

But why stop at container networking? Using eBPF to enhance the capabilities and performance of any Linux-based Cisco solution is on the table. Routers, SD-WAN, firewalls, etc. could all potentially benefit from the application of eBPF.

However, the announcement of the intent to acquire Isovalent also begs some questions. While Isolvalent offers a revenue-generating enterprise version of Cilium that includes technical support services and Tetragon, Cilium itself is open source and the code is part of a graduated CNCF project.   That means that Cisco does not own the rights to Cilium as it exists today and will not be able to monetize it in the same way that they do with AppDynamics, ThousandEyes and (we assume) with Splunk. They certainly can (and likely will) fork the code to develop a commercial version with integrations with other solutions in the Cisco portfolio, but Cisco has committed to maintaining the open-source version. The developer community is not so confident. When Microsoft acquired Helm under similar circumstances, the open-source project quickly became stagnant. There is concern open-source Cilium will have the same fate.

No Shortage of Opportunity

Many enterprises are struggling to mature their modern application security. Others want greater visibility into traffic flows and network paths within a single cloud, let alone multicloud. If Cisco can successfully combine the deep cloud-native networking visibility Cilium provides—with the code level context that AppDynamics affords and Splunk can correlate—they will have an impactful tool that is highly sought after by enterprise customers. Combine that with the ability to consistently enforce security policy in the cloud at both the app and cloud infrastructure layers through the consolidated capabilities of Tetragon and Cisco Multicloud Defense, and Cisco has a powerful, cloud-native offering that will resonate well with SecOps teams who are seeking more advanced and granular controls than merely virtualized firewalls sitting in a centralized VPC or VNet.

As industry leaders in digital transformation with expertise in multi-cloud networking, security, modern apps, and data analytics, AHEAD can help accelerate app modernization by leveraging cloud-native solutions from our partners like AWS, Microsoft, and Cisco. To learn more, get in touch with us today.