Cisco

Just in time for irrelevance, I finally have a few minutes of airplane time to assemble my thoughts on the Cisco/IronPort merger. Overall, I think it was a smart move for Cisco, but not a good deal. $830 MILLION dollars borders on ridiculous for IronPort, who maybe booked $100 million in 2006 (which is a very generous estimate). But it won't even make a dent in Cisco's cash balance or profitability.

So what's with the price?

I've come up with three explanations for the price of the deal. First, Cisco has a set multiple on revenues that they typically pay for a security company. Sure IronPort has more top line than their typical deal, but they couldn't figure out how to unlock that cell in the spreadsheet, so they just paid the money.

Second is that IronPort found something in John Chamber's email that was "unflattering." Being the gateway provider for Cisco for years (can't tell you how many times I saw that goddamn customer slide from IronPort), these guys could have found something "nice" (in Borat speak) and used that as leverage. Yes, I'm joking.

Finally, the most likely situation is a bidding war. It seems that neither Cisco nor EMC (they bought RSA for an inflated $2.1 Billion) likes to lose a deal, even if it costs them a couple hundred extra million. What’s a couple hundred extra million between friends? I guess if you’re friends with Bill Gates or Warren Buffet that kind of holds. I suspect there was another party with a big checkbook interested (starts with a "J" and ends with a "uniper") and Cisco decided they just couldn't lose the deal.

Who looks like the smartest guy on the block? That’s easy, it’s John McNulty of Secure Computing. Relative to this price, he got a steal in taking out CipherTrust for less than $300 million. Personally, I thought CT was fairly valued and was not disappointed in the outcome - but Mr. Market says I was wrong.

Some other thoughts:

Better late, then never - Cisco is late to the content security party. Symantec has been in it for years. Secure Computing took out CipherTrust. And spam continues to grow at an astounding rate. You also have web filtering as a robust product category ready for a replacement cycle (exposing Websense to some negative fallout from this deal), so Cisco gets to play in all of these categories now, which they needed to. You have a lot of customers that like to buy everything from Cisco (even if it pisses off Dave Maynor), so now they can get their content stuff from them too.

Your reputation precedes you - A lot of folks have made a big deal of IronPort's SenderBase (and SpamCop) reputation network, which represents an effective way to block spam at the perimeter based on who is sending it. Reputation doesn't just apply to email, so having a big database of the relative "intent" of many of the IP addresses out there is a good thing. Cisco will leverage this heavily over the next few years, unless they are stupid - which they are not.

Encryption: sure we'll take some of that - IronPort had bought PostX in October for a song and a dance so now that goes along with the deal. But I suspect the secure envelope technology will get lost within Cisco, who barely understand that email is an application. The idea of statement delivery and other application level encryption is too much for Cisco to grasp right now. PGP and Voltage rejoice.

Losers

The most visible losers are the former CipherTrust shareholders, who evidently got swindled. Yes, I was one of them. But I don't play the woulda, shoulda, coulda game. Chaudhry got the deal done and in all likelihood walked away with more than Scott Weiss. Good for them, buy an airplane. That's all I have to say about that.

All but one of ProofPoint, Borderware, Tumbleweed, Mirapoint, and Barracuda are exposed. There is only one chair left and the music will probably stop by mid-year. Once Juniper makes its play, the rest of the folks are left holding the bag. If I had to bet, I'd say Juniper will take Proofpoint out. Borderware is a dark horse because the price would be significantly lower and they do have that SIP security box, which may interest Juniper - who knows a thing or two about networks.

Wherefore art thou IPO?

There is also a lot of speculation relative to whether another security IPO (after Guidance Software) will happen. Sourcefire has filed, though there is always the possibility they'll be taken out before they get it done. The UTMers - Fortinet and Crossbeam are the others frequently mentioned as IPO candidates.

I actually think both will file and one will get the deal done in 2007. Most of Big Security with Big Checkbook already has a UTM offering. Check Point could take out Crossbeam, which would make sense - but it's hard to envision who would take out Fortinet at a billion dollar valuation. Maybe when Alcatel-Lucent eats enough of whatever the French equivalent of Tums is, they'd be ready to get back into the enterprise game. Maybe Nortel. But probably not.

So I haven't given up on a Security IPO in 2007.

 

This is it. The last Report Card. Overall, not bad for my first year back in the game. But not good either. So I'll be working to make my Incites even more "inciteful" next year. Keep on the lookout, as the new batch of Incite will arrive on January 10 and will kick off even more Days of Incite.

Incite #12 - Battle of the Titans

The big will continue to get bigger in 2006, as frenetic consolidation continues as product line breadth outweighs actual functionality. By the end of 2006, it becomes apparent that the real battle is between Cisco and Microsoft to control the architecture of networks and applications moving forward. As with other huge marketectures, users are caught in the crossfire, but 2007 will see enough additional functionality for those embracing homogeneity to see a wave of infrastructure upgrades. Vendors not strongly aligned with one of the two titans face irrelevance by 2009.

Grade: B

Incite Redux post: here

The big continued to get bigger in 2006, boy did they ever! Some of the super big technology players bought big security vendors (EMC/RSA, IBM/ISS) to remake the face of the security market. Even the biggest of the big security vendors (Symantec, McAfee, Check Point) were the subject of acquisition rumors throughout the year.

Just goes to show that “big is the new small” and will remain that way for a long time to come in our space.

But what about this Cisco/Microsoft battle I speak of in the Incite? If anything, the two technology super-powers are looking more for détente than World War III. What fun is that? Between NAC interoperability and lots of other joint initiatives, it seems that Ballmer and Chambers are singing kumbaya around the campfire.

Don’t believe it. Right now these announcements are all about maintaining thought leadership around security infrastructure until both of these vendors can deliver on their promises. Microsoft has much more to lose since they are still 18 months (optimistic case) from delivering on their next generation security architecture, which revolves around Vista and Longhorn.

Cisco is a bit closer, but they’ve still got a lot of work to do to upgrade customer networks, so all of those fancy new security capabilities will be useful. They also need another 12-18 months of upgrades and refreshes to bundle in a MARS box to drive a lot of the security intelligence that drives Cisco’s plan.

And what about everyone else? Well two of the busiest partner programs are Cisco’s and Microsoft’s, so even if it’s just to put the partner seal on their marketing collateral – pretty much every smaller company makes the pilgrimage and writes the checks to be involved in both partner programs. So everyone is aligned with everyone at this point, which means that it’s all a load of crap.

For those vendors that aren’t Cisco or Microsoft, the biggest business over the next two years will be helping customers position their networks with “tactical” technology to solve today’s problems (like visitor access and leak prevention), while providing a migration path to either Cisco’s and/or Microsoft’s architectures in a couple of years. It’s amazing, but once again we will see a lot of tactical products become strategic. Haven’t we seen this movie before?

Cisco announced their Q1 FY2007 results last night. There was rejoicing in the Street (Wall Street, that is). Lots of other folks cover the specifics of their revenue numbers and the like. That's for other Wall Street types to deal with. All I know is that they grew about the size of Juniper year over year, which is astounding growth given Cisco's size and that we have not been tele-ported back to 1999.

Reading the earnings call transcript (here), you see a bunch of interesting quotes from John Chambers. On the quarter: "It is very difficult to single out unique products in Q1 because, candidly, all of our top products did remarkably well." They did mention routers, switches and wireless, VoIP and networked home from the Advanced Technologies group.

But what about security? Interestingly enough, Cisco mentioned security grew in the "high single-digits." It is a bit interesting that security was not part of the spending orgy.

I can already hear the Cisco-haters out there saying it's because their products are not "best of breed" and the NAC Framework doesn't work. Yada Yada. The other security vendors shouldn't get complacent. Why? Because Cisco is proving that "Big is the new small" and that increasingly carriers are embracing Cisco as a "strategic partner" as the enterprise has for years.

To get a feel for what that means in the enterprise, here's another Chambers quote from the earnings call: "Today, I would say in the enterprise customers, especially the Fortune 500 around the world, maybe more than half of them use Cisco as a strategic partner, and a huge number of them standardize on us architecturally." To me "strategic partner" means sole source, or basically you need to knock the champion out to even have a chance to compete.

This is bad news for pretty much every security vendor that is not Cisco. As Cisco increasing controls all levels of the network architecture, that is going to drag along a lot of security products by default. Other vendors won't lose to Cisco because they'll never get the chance to play.

This is happening today. In some recent vendor briefings, quite a few made the point that they don't lose to Cisco if the procurement gets to an eval. But the vendors next sentence is about how they aren't in enough deals. The universe of competitive deals is going to continue to get smaller.

How does this happen? Don't technology buyers know they should talk to multiple vendors? What's in play here is what a former boss of mine called the "secret yearning" back to the days of IBM ruling the world. These folks appreciated when IBM did everything. This miss it because the Big Blue made their life easier and their stuff worked good enough. Until it didn't, and then they had to adapt. They didn't like that adaptation process too much.

Cisco now gives them a feasible way to get back to the days of yore. At this point, Cisco is so well regarded at the CEO/CIO level that it's OK to just buy from them. And it isn't going to get easier to compete, because Cisco plan is to own everything that has to do with the network and then some and integrate it together. More words from Chambers: "I think what more and more people are realizing is that these products will be loosely and then very tightly coupled."

To bring that back to our world, the security products are now loosely coupled with the networking stuff. Very loosely. But if you hear the story and see the roadmap they've laid out - security is everywhere and that's when it's "tightly coupled."

Cisco will sell lots of security products because it's a network after all, and it needs to be secure. And if anything, organizationally the responsibility for network security is increasingly falling back into the hands of the networking folks. Right, that means more Cisco.

Just to be clear, I'm not a fan of sole sourcing much of anything. I think there are risks in getting everything from one vendor. But the pragmatist in me also realizes that integration reduces the cost of operating an environment and makes managing the environment easier. Especially in resource and money constrained mid-market companies.

So what's my point? Basically, Cisco has a controlling position in all aspects of networking, across most customer segments (except maybe SMB) and all geographies. Their early strength in the enterprise is leading to strength in the service provider and the service providers and retail channels will continue to drive Cisco (at least the Linksys and Scientific Atlanta operating units) into the home.

Cisco has replaced Intel as a dominant market maker. There are legitimate alternatives to Wintel now. Of course Intel is still a huge company, but they are much less influential in setting direction and just dominating the mind share of technology buyers. Microsoft is still there, but now it's Cisco as the clear other guy. As I mentioned in my Battle of the Titans Incite from January (Redux here), these two are going to fight over control of the security infrastructure. That's pretty obvious now.

And what does the mean for every security vendor that is not Cisco or Microsoft? It means you better have a good answer as to how you fit in a Cisco and Microsoft world. And that you are fighting for the minority of the market that doesn't want to go end to end with one of the dominant players.

So where are Cisco's blind spots? First they have to execute on the vision. They have laid out a pretty compelling roadmap for security, but it's not even close to being there. Customers will wait, because it's Cisco, but not forever. Interestingly enough, it'll come from one of two places.

As always, they need to be wary of new competitors with disruptive technologies. But given how long it takes to upgrade networks, I don't see that really happening. AMD is making inroads on Intel because the switching costs are low and there is no real performance impact. All of the stuff works together. Routers and switches are a tougher sell. Sure big companies usually have more than one player, but a bulk of the business goes to the leader. This is evident in routers. Juniper has done a good job of becoming the #2 in routers, but it's not like they are threatening Cisco's dominance.

More likely, it'll be some type of anti-trust action. You know the old adage: "If you can't beat 'em, they must be a monopoly, so sue 'em." I don't know from where or why someone would bring an anti-trust suit against them, but it's bound to happen. They are getting too big and too successful. In a fit of desperation, perhaps a Nortel or Alcatel move to prove Cisco cleaned their clock because they didn't compete fairly. Stranger things have happened.

You'd hope that Cisco will learn from Microsoft's and now Intel's experience dancing with that Devil, and John Chambers does spend an awful lot of time in Washington hobnobbing with influence peddlers (neither Bill Gates nor any of the Intel CEO's were particularly interested in playing that game). But how else is anyone going to find a chink in their armor?

Seriously, I'm interested in other opinions. Add a comment to the post and we can get a dialog going.

It's not a secret that I'm a fan of security awareness training. And I'm usually not one to highlight a vendor doing anything right, but when I took a look at a recent Cisco marketing piece on security awareness (and how to do it yourself), it resonated with me. So I wrote about it and listed the 10 tips in this week's NetworkWorld column.

Check it out: http://www.networkworld.com/columnists/2006/092506rothman.html

 

As we resume the NAC series, let's take a look at how the BigCo's (Cisco, Juniper, Microsoft, Trusted Computing Group) are collaborating in the NAC market to magnify their impact. For this post and the architectural discussions as well, I'll be referring heavily to a series of posts that John Gallant of NetworkWorld has done on the topic.

In his first post (http://www.networkworld.com/weblogs/vortex/2006/011732.html), John sizes up the NAC opportunity and scopes out the players. John's observation about the amount of collaboration in this early market is spot on. NAC is different than most other markets that we've seen and he sums it up very nicely in this quote:

"...in this fight there is not only the customary clawing for high ground and accumulation of weapons (technology, marketing hype, etc), there is also an extraordinary alliance-building effort underway - one that involves virtually every major player in the IT eco-system as well as dozens of smaller companies."

NAC really touches all aspects of the network, so many of the big vendors realized pretty early on that homogeneity is not reality (despite Cisco's best efforts) - so some level of cooperation is required. Even if these are clearly collaborations of convenience (alliteration alert :-), they are important. Any vendor that comes to market with an architecture that requires wholesale upgrade and cannot provide a customer-controlled migration will have a limited chance for success.

Also interesting about this intro is that John jumps to Phase 2 as I described in NAC Attack, Part 1 almost immediately. He pays very little attention to the endpoint admission part of NAC that is really driving the market. I think this is a little misdirected only because Phase 2 (flow control) is hard, much harder than endpoint admission. So I think we'll see folks opt for the path of least resistance initially and build towards the holy grail of real-time automated policy (my Phase 3).

Finally, if I'm looking for areas to build on what John has written, he doesn't include Symantec or McAfee in his series, only assessing the big networkers and Microsoft. Last time I checked, both of the big security players had strategies here. Symantec bought Sygate mostly for the NAC technology and McAfee has been building on its EPO (enterprise policy orchestrator) functionality to add NAC-like capabilities. I won't dive deep into these two until later, but they do exist and they do plan to play in the NAC space.

John wraps up his piece assessing the level of Barney partnerships that each group (or vendor) has announced. Again, these are clearly partnerships of convenience and if you read between the lines you should get a feel for how the battle is shaping up. But, don't be confused about Microsoft and Cisco collaborating closely on paper. Let's be very clear about the fact that both are fighting for control of the enterprise infrastructure and this collaboration is not long lived. Microsoft is not going to have a product widely deployed enough to matter until 2008, so they need Cisco to legitimize their plans. Cisco has a product now and knows that Microsoft doesn't - so there is no benefit to them of telling Microsoft to pound sand yet. But they will, it's just a matter of time.

Next up, I'll assess how John sizes up Cisco's strategy.

It's on folks. The battle for the campus infrastructure begins anew. Network Access Control will become the catalyst for a generational upgrade of the LAN switching infrastructure. I'm sure John Chambers is doing his best Dr. Evil impersonation saying, "just as we expected."

Today, ConSentry announced a new line of LAN switches that integrate a lot of their stand-alone NAC functionality in a low cost switch form factor. Release here. This is the first, but it won't be the last. I've already spoken to two other vendors that have updated LAN switching products with lots of security mojo almost ready to go, and there will be more. There always is.

Why is this interesting to customers? First, many of the existing switches are getting tired. Well not really, they move bits just fine. But a lot of the new functionality that integrates security into the core of the network fabric cannot be run on the older switches.

The interesting aspect of this is that some start-ups are going into one of Cisco's strongholds, which are switches in the closet. Is Cisco really exposed here? The answer is no. Cisco has a very good story about why the switches should be upgraded, and upgraded to Cisco hardware at that.

Cisco's only blind spot is price, but I still expect them to get a bulk of that business. But there are lots of other tired LAN switches that are vulnerable and a lower cost alternative will be pretty interesting to them.

I can definitely see how an Extreme and/or Foundry (or even 3Com of the walking dead) add new security capabilities to their switches, selling into their existing base of "anyone but Cisco" customers. But what chance does a start-up have to even move the needle against Cisco?

Basically not much. But that's not the goal. Remember, "big is the new small" and we know that Juniper, probably Symantec and even some smaller public companies like F5, Sonicwall and ISS need to be in the closet. They cannot maintain any kind of enterprise security presence without having equipment in all the enterprise domains, which includes the wiring closets.

So basically, folks like ConSentry are teeing up the exit strategy. Sooner or later Juniper is going to realize their strategy does not get them where they need to be. So their choice is to buy a Foundry or Extreme (and bring the checkbook because that's a multi-billion dollar deal) or take out a start-up with some interesting technology.

Customers should be excited by this. Not because they need to upgrade their switches, though that does tickle the fancy of more than a few network/security admins. But we are going to see serious price competition on these "secure ports" and further commoditization of standard ports.

So thanks to ConSentry for getting the ball rolling. We are going to see a lot of this in the near term, and my early prediction is that the most over-hyped product of RSA 2007 is going to be the "security switch."

Per George Ou's posting (http://blogs.zdnet.com/Ou/?p=174), Cisco has joined the 21st century and will now support standard USB and memory in the form of compact flash. Amen to that. Any vendor that thinks they can get away with gouging customers with 10-50x the price of open market memory or disk is delusional.

Why? Customers are on to the game. They understand that it's more efficient for vendors to use standard builds for most security equipment nowadays. Unless there are specific proprietary chips, odds are the box is pretty much a standard computer that uses standard piece parts. And those with proprietary stuff better sell a lot of boxes because it's hard to get economies of scale with 1000 units compared to Intel, who sells hundreds of millions.

I've learned this hard way. I once ran a program to upgrade installed base appliances. We were running a "special" that would provide an upgrade for $2000 to go from 500 MB to 1 GB of memory on the appliance. Suffice it to say, that promotion went over like a LEAD BALLOON and customers were pissed. So we ended up having to backpedal and give away the memory upgrade. It certainly wasn't the best promotion I've ever run.

So, it's good to see Cisco reading the writing on the wall, and customers out there - do not stand for this crap. You have a ton of choices and if a vendor is trying to stick it to you, threaten to go elsewhere. The vendors will always try to push these outrageous "upgrades" because a portion of their customer base will bite at full price. Don't you be one of them. 

Coming across a product review of NFR's latest intrusion prevention device started the gears turning in my head. That's always dangerous. If you read the review (here) and believe the reviewer, NFR has strong technology. Not sure how the reviewer thinks a $13k sensor is going to appeal to SMB customers, but I digress.

As I read the review, I kept thinking "who cares?" It's not like anyone is really going to buy something from NFR at this point in the game. Yes, that is being unfair, but life is not fair. Get over it.

In all seriousness, IPS is a very mature technology. Some products work marginally better than others, but all of the leaders tend to do the same stuff with relatively similar performance. So, at this stage of a market's evolution, how can company viability NOT be at the TOP of critical selection criteria?

Did we not learn anything during the deflation of the Internet bubble? To refresh your memory, countless numbers of organizations had a ton of fancy looking and expensive doorstops when scads of vendors went belly-up. So why take a chance on a company that may not be around 3 months from now? The answer is you don't unless there is something truly innovative and category breaking.

In IPS, I'm hard pressed to get a feel for what that would be. It's true that Sourcefire did bring significant innovation to the table (3 years ago), but that was by consolidating a number of functions roughly associated with IPS. And we know how that story will end with CheckPoint taking the viability issue out of play. That is as long as the US Commerce Department doesn't decide to make an idiotic stand because they are pissed off about that UAE ports deal.

Not to just pick on NFR, but TippingPoint runs the real risk of ending up in the same boat. They were a pioneer in the IPS space, but their parent company (3Com) is as sick as a Stage 3 cancer patient. How long before customers start worrying that 3Com is going to take TippingPoint down with the ship? I say 2 more quarters unless the new guy at 3Com can turn it around pronto.

It's just easier to go with Cisco or Juniper or McAfee or CheckPoint/Sourcefire or ISS. Big is the new small.

To be clear, I AM NOT a start-up hater. I love the innovation that comes out of start-ups. As long as a new category solves a real problem in an innovative way, then end users will take the risk. But once a category matures, there is no place for risky start-ups. The downside is not worth it. In mature markets, viability MUST be at the top of your selection criteria list.

 

I've been a bit under the weather today, so I've been building up some venom and now it's time to rant. Still digging out from RSA, I came across a press release from 3Com, "3Com Chief Technology Officer Unveils Bi-Planar Network Vision." It just got me going. What the hell is a bi-planar? It sounds like something Bob Villa would use to build a bench, not a new vision for networking.

This brings me to one of the most important lessons I learned in 8 years on the marketing side. It has very little to do with what you say, it's how you say it.

Now 3Com has lots of challenges, and clearly they have to figure out how to differentiate in a world dominated by Cisco, and candidly, a "Bi-Planar" network vision is not the answer. It's indecipherable and once they start talking about control planes and connectivity planes, my head explodes. I'm pretty sure it's not the head cold I'm trying to beat down either.

Here are some more great sound bites from the release:

In a Bi-Planar Network, purpose-built network control nodes provide the full access, attack, and application control that switches and routers cannot fulfill. These intelligent network control nodes are capable of fine-grain IP flow classification and policy enforcement, and are deployed seamlessly, cost-effectively, and with no change to existing routers, switches, or applications. 

Huh? Now compare that to Cisco's "Self-Defending Network" architecture. See what I mean? You can understand what they are talking about. It's easy to grasp. Bi-Planar Network, not so much.

As evidenced by 3Com's lame attempt at pushing their new vision, it's easy to snipe at Cisco, but much harder to bring forward a compelling and understandable vision. All of you vendors out there, if you want to win the title, you need to knock the champ out.

 

As much as I hated Bill Gates' keynote at RSA on Tuesday, I loved John Chamber's pitch. I get that the bar was low after seeing Gates, Coviello and McNealy on Tuesday, but Chambers could have given Tom Peters a run for his money. Here are the top 5 reasons his pitch rocked:

1. He spoke the language of business - Clearly many of the RSA attendees are security practitioners, but Chambers did not speak down to them. He spoke about the business of networking and why security was so important. It's a key message for all security professionals to grok. The message was clearly about relating security to enabling productivity improvements, as opposed to security to avoid the downside risk of attack.
   
   
2. He told us so - Chamber's repeatedly referred back to his projections in the 90's and early 2000's about security needing to be built into the infrastructure and how Cisco's roadmap and architecture reflect that. They were right, and he wasn't afraid to gloat a bit. The message here was clearly about Cisco earning the right to define the next vision of security because they called the last one correctly.
   
   
3. He nailed that vision thing - Speaking of vision, Cisco's message is focused around consistent and integrated security embedded into the fabric of the network, which enables those continued productivity improvements. From endpoint device to carrier cloud, Cisco's mantra is the network infrastructure provides a security capability that can react in the face of attack. There was no question about where they think the industry needs to go and it was a very cohesive story. Again, the anti-thesis of Microsoft's vision, which felt so tactical, yet is 3-4 years out - best case. Cisco's seems very strategic and most of the pieces will be in place this year.
   
   
4. His demo was tight - Of course, there was a demo of new stuff, but it was introduced in a way that made the business benefits very clear and showed the power of integration. The concocted scenario made the "dangers" of not using Cisco's stuff everywhere very clear. And even more significantly, Chambers was involved. He stood right next to the demo guy and asked good questions to reinforce the points he wanted to get across.
   
   
5. He put on a command performance - Chamber's is a maestro in front of a crowd. He spent less than 25% of the time on the stage, continually strolling through the crowd. He made eye contact with the attendees and seemed very accessible. He made it seem like there was no other place he'd rather be. The southern twang in his voice didn't hurt either. Very down home and accessible. Everything that Bill Gates was not.
   

Now, I get that providing this much praise for a speech is uncharacteristic for me. But Cisco's message had everything that was lacking in Microsoft's. Whereas after Microsoft's pitch, customers still need to figure out what to do today to solve today's problems. Chambers made it clear that Cisco is poised to provide tomorrow's answers today.

To be clear, I don't really believe all the hype. Cisco's strategy is largely designed to ensure the millions of switch and router ports around the world are upgraded ASAP and to further tighten Cisco's chokehold on the enterprise network. Their security platform is still very heavy and will require more than one forklift to bring in all the new equipment that is required to make it work.

Clearly Cisco still has a lot of executing to do and must deliver on the capabilities of the vision even for those heretics for whom homogeneity is not an option. They also need to clean up their non-existent Identity Management plan, since their main competitors (HP at the low end, Juniper at the high end, and Microsoft from the application side) have made identity prevalent within their security strategies.

But Chamber's keynote showed why no one gets fired nowadays by going all in with Cisco.