Monday, October 25, 2010

2 yrs later, is Hybrid Security a reality

I posted this vision piece 2 yrs ago. I still think we are a ways from realizing this vision, but I think it still rings true....


“In the past, CIOs deployed their own self-contained application architectures on their own servers and storage systems. This old model is giving way to a hybrid application architecture that combines hosted functionality with in-house applications running on consolidated and virtualized commodity servers. We believe that this transformation will drive efficiencies across the full stack, from business processes to physical infrastructure, while increasing IT's ability to meet new demands in a rapidly changing business environment.” - Kishore Kanakamedala, Vasantha Krishnakanthan, and Roger Roberts, McKinsey Quarterly, 1

Ken Rutsky Commentary--Software as a Service (SaaS), virtualization and integrated IT appliances are creating new and powerful service delivery models for IT managers to leverage. One only needs to look at the success of SaaS companies such as and WebEx, the robust growth of integrated appliances in spaces ranging from security to data warehousing, and the meteoric rise of VMware’s adoption in the enterprise to see that all these models deliver significant “utility-like” benefits and cost savings.....

Wednesday, October 20, 2010

McAfee updates Web2.0 Story

Great stuff, follow on to 2008 work. See it here . For some marketing context behind this program, see here!

Wednesday, September 15, 2010

McAfee - ArcSight Mania! Who's Next? and What it means for Security Marketeers

BigFix, Verisign Enterprise, McAfee (see my blog -here) and now ArcSight. It seems like the number and size of security and security related acquisitions keeps accelerating. Who's next? Palo Alto Networks, Splunk, LogLogic, Shavlik, Checkpoint, FireEye, Cenzic, Proofpoint? It seems no company big, medium or small that circles around security is immune now that Intel and HP have shown a willingness to pay very significant strategic premiums for security plays.

What does this mean for Security marketers?

1) As I have always contented, one of the biggest creation of shareholder value that great marketing can provide is in positioning a company for market capitalization growth. How? Here's several ways and examples:
- By clearly articulating the customer value and uniqueness of your value proposition. Example: At Secure Computing we delivered an investor day that articulated the centrality of our TrustedSource reputation service to our strategy and product delivery in protecting against Web2.0 and emerging threats. Next day, 30% price increase. 6 months later, MFE acquisition, in a large part for the TrustedSource technology and data. Prior to that day, the investment market did not appreciate the power of this asset.

- By establishing market leadership - Jim Barksdale taught me, "If you want to be a leader, find a parade and get in front of it." Marketing's job is to establish leadership, but all too often we yell about product leadership without finding the parade. At Nimsoft, they jumped right front and center on the cloud parade and positioned as the leader in Unified cloud and datacenter Monitoring. 9 months later acquired for $350M on a 10.5x premium. (systems mgmt but close enough)

2) Partner and partner well. McAfee and ArcSight had well defined and managed partner programs. They were part of and created their own ecosystems. Also, the partner message was well integrated into the overall go to market and marketing programs. Security companies big and small do not win by living in a vacuum. Get engaged in partnering, both participating in others and in your own program, you are never too small or too big for this to matter.

3) Keep your eye on the prize - customers - Yes acquirers love technology that fits strategically into their roadmap, but they love customers more. HP loves Arcsight for their customers and the investment they have made in them. Ditto for IBM and BigFix, and Nimsoft and CA. Find, nuture and leverage your customer assets, build community and loyalty and promote the hell out of it...seems basic, but often forgotten

So, at the end of the day it still comes down to value and positioning, ecosystem and customer. No big surprises here...

And my prediction is.... well, what do you think?

Thursday, August 19, 2010

McIntel, 4 potentially disruptive outcomes

Can't help but blog on this as INTC was my first Silicon valley employer in 1992-95 and MFE my last in 2008-2009.

Here's 4 potential disruptions that I see could come out of this transaction:

1) Disruption of AV market distribution .... OK, Andy Janquith may call PCs today's horseless carraiges but there still a lotta PCs to be sold, with a lot of AV licenses to be had. Even before Intel moves AV to firmware, they can move incentives to Intel Inside, regulators notwithstanding. I worked on the I2 program at Intel, and it is a well oiled and managed machine. Intel will not be shy to use its significant marketing muscle to push MFE desktop share up.

Timeframe: Short after close
Likelihood: High
Potential Impact: Medium - with a nod to AJ

2) High perfomance silicon to MFE Network Security devices: Having access to Intel's design and build silicon might has to have the FW/IPS/Web security guys at MFE drooling. Hi perf silicon can be a real differentiator in NW security, yet I've seen little discussion of this. Bandwidth, mobility and content all lead to need for hotter silicon on network security

Timeframe: 2-3 yrs
Likelihood: High
Potential Impact: High

3) Cloud Computing Security - What is it? A wide open playing field. Owning cloud servers and network security assets makes for an interesting mix. Not sure what to expect here, but I am sure smart people are thinking about it

Timeframe: 1-3 years
Likelihood: Not sure
Potential Impact: High or nothing, one to watch

4) MacIntelafee - Remember that Intel is a major supplier to Apple. Many in IT Sec think Apple products are the next horizon of for malware and cybersecurity risk. Yes, I know ARM plays a big role in Apple, but so does Intel. And what a better alliance against Google and a way to keep MSFT honest.

Timeframe - Hmmm
Likelihood - High that something happens
Impact - Time will tell

This acquisition will be very interesting to watch. One thing I can tell you from personal experience is that the companies are a very good cultural fit. Disrupt away, we will all be watching!!!

Tuesday, August 17, 2010

NEWSFLASH - PCI Drives security product categories, HUH, what's the news???

The 451, which I think does great work, put out a report today entitled; "The chosen few: has PCI anointed nine 'winning' technologies (and a lot of losers)?"

Wow, this article is OLD news. Security marketers have been glommed hard onto PCI for what, 4 years??? Every IT buyer knows this, and I'd venture to say that 90% of all the PCI pitches are essentially the same story, with the same punchline, "buy my product and meet this requirement".

The PCI standard is a good baseline, and many organizations pass the audit and stop there. Anyone who is serious about security will meet this audit easily, because to protect yourself today, you've got to do MORE than is in the spec.

HOWEVER, that will never stop every vendor from positioning themselves as a checkmark. OK, we got that, congrats you are on the list, now why should I replace my current with yours, or buy you for the next implementation, I hope the story has a bit more depth than "pass PCI requirement x.y and y.z"

Monday, August 9, 2010

A Rose by any other name is still a ...firewall??? Or the category of 1 problem...

Security marketers are constantly, more so that other Enterprise software marketers, faced with the "category" problem. Often heard as "yeah, but which magic quadrant are you in?"

Security is an odd bird, most purchases, for better or worse, are motivated by one of two things:

1) Compliance check box - ie "best practices"
2) Post incident panic

In the first case, the PCI spec or the NERC Guidelines or the competitive benchmarking say I must have x,y,z in place, where x,y, and z are typically a firewall, AV and IPS. In the second case, I have all of these, but I still got "breached" or had a data leak or major attack. Whatta surprise!

The reality is, that we are in the insurance business, and the risk trade off is often made in the short term time horizon. There is much value to debating the maturity of buying and why a more enlightened approach by CISO is needed, but at the end of the day, the above behavior has been a constant observation of mine over the last 15 yrs in this industry.
The big aha, is that if you don't fit into an established category, you are fighting an uphill (though not unwinnable) battle...

Here's a few examples of those who navigated this well

1) Fit into a round hole - Palo Alto Networks. Strategy: We are the next gen firewall. What Palo Alto did well was to not fight the fight, they leveraged their founders credibility to say "Yes, you need a firewall, but it's time to take a new approach to this check mark" The beauty of this approach is that it allows for early adopters to pave the way and push through the org. Palo Alto did a lot of things well, and this piece was critical

2) Drill a new hole: Vontu. Strategy: Privacy leaks are in the news big time, create a new category to respond to them. Vontu led a group of aggressive start-up to establish DLP. They did this by becoming thought (and product leaders) in a nascent space. Few have worked the influence game better. In addition, they went after new $$s from compliance driven budgets, NOT from IT security. Because of this, they could sit next to x,y and z without threatening them.

And one that has struggled: IM messaging. These products from companies such as Facetime, Barrucuda, and others failed to separate their value prop from x,y and z, in this case Secure Web gateways and web filtering. Because the category just never caught on with buyers, the products never penetrated past niche plays. Contrasted to DLP, the amount of customer (and shareholder value) created was significantly less.

Why did IM Messaging struggle compare do DLP in establishing a category. For me, the biggest thing was timing, while DLP had the fortune of compliance mandate and high profile privacy leaks, IM messaging never was as fortunate. Luck or planned??? HMMMM....

So, at the end of the day, look for one of the two buying drivers, and if you are going to drill a new hole, make sure it's clear of existing in the mind of the market, but do so with caution. I like replacement strategies better, but both can work wonders if done well... Whichever direction you take, do so with eyes wide open to the challenges of either....


Thursday, August 5, 2010

Why Checkpoint (and Cisco and Fortinet and PAN) Should Take Notice of McAfee...

(Disclaimer: I previously ran product Marketing for Secure Computing and McAfee Network Security so has some bias, though hold NO market positions in any of the companies in this blog)

In Sept of 2008, days before the market collapse, Secure Computing accepted an all-cash offer from McAfee. In November, the deal closed. Many wondered what the future of Sidewinder, one of the oldest, but arguably most secure and revered product in the market. In less than 2 yrs, we now have the answer, with McAfee Firewall Enterprise V8.0. 8.0 is a BIG release, even if it only does some of what was announced. Application and user awareness, ePO integration and more make this a big product.

Next generation firewalls are coming hard and fast into the market, led by the innovative and disruptive Palo Alto Networks. Fortinet and others also have some level of this capability, and you can bet that network players Cisco and Juniper are not far behind.

With 8.0 , McAfee has fired a broad shot across the bow of the firewall market. Sure, lotsa questions remain, everything from performance to IPS on 8.0 and its impact on the OTHER McAfee IPS product line, to can McAfee win the love of the channel. However, this is a shot to be reckoned with. McAfee has a $500M+ Netsec business and wants more.

A bit more on IPS. The market seems to be saying this...1) IPS is part of the Next Gen FW 2) IPS provides compliance level protection 3) We need more innovation for threat prevention (witness the recent SNORT NRG initiative.) Now, I see this convergence as a leaving a wide open space for Next generation threat prevention at the NW level, a product that protects against today's browser based attacks, not the network probes of the past. Who/What will emerge to fill that gap?? That's a post for another time...