Cloud-native is where the deals are. Last week, Cisco announced a deal to buy Valtix, a startup offering a cloud-native firewall. A few days later, Hewlett Packard Enterprise (HPE) announced its own plans to buy Axis Security, a secure services edge (SSE) provider. Neither company disclosed the terms of the acquisitions, both of which are pending regulatory and shareholder approvals.

Both deals highlight how both companies are interested in cloud-native security capabilities and are filling the gaps in their respective product portfolios. Even so, analysts described both deals as being incremental.

“I see both of these acquisitions primarily as gap fillers,” says Mauricio Sanchez, research director covering network security, SASE, and SD-WAN at Dell’Oro Group. “HPE filled a larger gap by purchasing Axis, while Cisco got some interesting IP.”

HPE Adds SASE to SD-WAN

HPE plans to incorporate Axis Security’s SSE capabilities with its existing SD-WAN and network firewall offerings (from its Aruba division) to create a secure access service edge (SASE) offering. SASE provides the function of secure web gateways (SWS), cloud access security brokers (CASB), firewall-as-a-service offerings, and zero-trust network access (ZTNA) tools. Dell’Oro Group forecasts that spending on SSE, which consists of SD-WAN and SASE, will increase fivefold by 2027, when revenues top $60 billion.

HPE Aruba gained its SD-WAN offering to accelerate network connectivity to branch offices with its 2020 acquisition of Silver Peak. But until now, HPE lacked a SASE offering. “If HPE can execute well on that acquisition, it brings them back into the game for a broader SASE play,” says Omdia senior principal analyst Fernando Montenegro.

“With Axis, HPE is now able to say they are an end-to-end SASE vendor versus offering just the networking [SD-WAN] piece,” adds Sanchez. “The security element is where the action and money are, so by getting Axis, HPE can double their SAM [served available market] in one go.”

However, Axis is a small company with a limited market share, Sanchez warns. “HPE got the technology solution but not the market share,” he says. “They will have to battle it out with the large goliaths, like Zscaler and Palo Alto.”

Sanchez thinks HPE will steer midsize enterprises toward Axis.

Cisco Will Build a Cloud-Native Firewall

As for Cisco, Valtix engineers will join the networking giant’s Security Business Group, “where they will work closely to integrate into our Security Cloud portfolio and accelerate our path to delivering a seamless experience in securing workloads across multi-cloud environments,” said Raj Chopra, senior VP and the group’s chief product officer, in a blog post.

The Valtix position is that virtual appliances are not well-suited for multicloud and hybrid environments, a sentiment shared by Omdia’s Montenegro.

“The challenge with deploying virtual firewalls in cloud environments is they don’t integrate as well with the rest of the clouds,” Montenegro says. “You want your network security component, the firewall, to understand how elastic your underlying environment is and to potentially do more than a traditional firewall, which is what Valtix is bringing to Cisco.”

Valtix’s advantage over virtual appliances is that it offers automated orchestration and provides visibility by supporting the integration of cloud provider APIs, the company says. It centralizes and consolidates network security by provisioning distributed enforcement points across Microsoft Azure, Amazon Web Services, Google Cloud Platform and Oracle Cloud Infrastructure. Valtix also offers a web application firewall (WAF), which Valtix says can protect cloud workloads, and it provides low-latency TLS decryption at scale.

Dell’Oro Group’s Sanchez views the Valtix deal as more of an acquisition of intellectual property rather than a “fully baked, market-competitive solution.” Sanchez says that Cisco is behind some of its competitors, such as Palo Alto Networks and Zscaler, in providing a cloud-native security offering.

“Palo Alto, as Cisco’s archnemesis in network security, has successfully monetized both virtual cloud firewalls as well as injecting themselves into the CNAPP market with Prisma Cloud,” he says. “Cisco has been largely on the sidelines. Cisco has a lot of catch up to do, and Valtix does help it incrementally. However, they need to do more, whether it be stitching the various products, like AppDynamics, Tetration, Kenna, together with Valtix to have a go at the CNAPP market, or leverage Valtix to invigorate Firepower [Cisco’s next generation firewall — NGFW — line) to finally give Palo a run for its money in the cloud.”