By Nicola Leske and Nadia Damouni
NEW YORK (Reuters) - After failing to land a big acquisition in the security space last year and suffering a steady decline in market share, Cisco Systems Chief Executive John Chambers is determined to turn around his company's lagging security business - whatever the cost.
The growing expectation, from Silicon Valley to Wall Street, is that Chambers will not be able to do it with its SecureX product range, and needs to go back to the deal table to boost the business with an acquisition in the coming months.
In December, Chambers said he had granted Chris Young - Cisco's first executive for security at a senior vice president level - a "blank check" for the next two to three years to hire and acquire as he sees fit to overhaul Cisco's security business and spark a rebound.
Cisco has lost around 10 percent of its market share in network security over the past five years to smaller, more innovative rivals such as Juniper Networks Inc, Checkpoint Systems Inc, and Palo Alto Networks Inc. The network equipment company fell behind in web applications, social media and video streaming that call for more complex security protection than traditional firewalls provide.
Mike Rothman, analyst and president at security research and advisory firm Securosis, said Cisco was "years behind in terms of a lot of capabilities" and that Young "better get his M&A people in order".
Cisco is aware of the deficiency and has been actively looking for acquisitions to beef up its network security offerings for some time, three sources familiar with the matter said.
However, there are only a handful of top picks - such as Palo Alto Networks, FireEye, Sourcefire, Fortinet and Barracuda Networks - and Cisco already struck out with at least one before Chambers' "blank check" strategy.
Cisco tried snapping up Palo Alto Networks before the company went public in July 2012, but they could not agree on a deal valuation, two of the sources said.
"They tried and they were billions of dollars apart on value," one of the sources said.
The skyrocketing valuations of startups such as Palo Alto Networks or human resources software provider Workday have been out of reach for large tech companies looking to buy over the past 12 months.
Cisco and Palo Alto Networks declined to comment.
Cisco has a track record of acquiring companies - almost 160 since 1993 - to grow its businesses, most recently in software, video and wireless. Its last security purchase however dates back to 2009, when it acquired ScanSafe. But finding an affordable target now is easier said than done because good assets come with a large price tag.
"Palo Alto Networks and FireEye are the big prizes and it is hard to justify 7-, 8-, 9-times revenues to your shareholders," the second person said. Palo Alto Networks, for example, now has a market capitalization of $3.46 billion.
And FireEye's new CEO, industry veteran David DeWalt, is considering an initial public offering this year.
Rothman pointed out that SonicWall would also have been a target for Cisco but it was bought by Dell last year.
One of the sources said Cisco would also be looking at Fortinet and privately held Barracuda Networks.
Sourcefire and Fortinet declined to comment. Barracuda Networks was not immediately available for comment.
LOSING ITS WAY
Cisco's security troubles stem from its failure to keep up with new ways of hacking that target web applications, said Jonathan Ho, an analyst at William Blair.
Instead of adapting, Cisco was "resting on laurels" with legacy products in a rapidly changing market, Ho said.
Chambers, asked about the company's security offerings, has said that Cisco has the products needed to provide corporations with security for their networks, data centers and mobile devices.
Security technologies help protect Cisco routers, switches, servers and other equipment and add to Cisco's strategy of being a one stop shop for corporate IT needs.
SecureX - introduced in February 2011 - will allow firewalls, switches, routers and other products to provide protection based on users identity as well as applications and devices, Cisco has said.
Frank Calderoni, Cisco's Chief Financial Officer, promised shareholders in December that the networking company would achieve a compound annual growth rate in security of 5 to 7 percent in three to five years.
"Security is a perennial gold mine opportunity in the tech market," said Frank Gens, senior analyst at research firm IDC, who added that the opportunity was growing due to increasing usage of mobile devices and hackers developing ever more sophisticated skills.
According to IDC spending on tech security will translate into 7.8 percent revenue growth for vendors this year.
But some analysts have been critical of Cisco arguing it has had no specific SecureX products to show and suggested they are merely bundling existing security products under a new name.
Jefferies analyst Aaron Schwartz said Cisco's SecureX strategy would take years to build out to deliver what Cisco promised it could do, and would likely require additional acquisitions.
But the fact that Cisco has made security a priority is a big plus for Schwartz, who called it the "first consistent messaging that Cisco has articulated for its security business in several years".
(Reporting By Nicola Leske and Nadia Damouni in New York; Editing by Peter Lauria and Tim Dobbyn)