Security marketers are constantly, more so that other Enterprise software marketers, faced with the "category" problem. Often heard as "yeah, but which magic quadrant are you in?"
Security is an odd bird, most purchases, for better or worse, are motivated by one of two things:
1) Compliance check box - ie "best practices"
2) Post incident panic
In the first case, the PCI spec or the NERC Guidelines or the competitive benchmarking say I must have x,y,z in place, where x,y, and z are typically a firewall, AV and IPS. In the second case, I have all of these, but I still got "breached" or had a data leak or major attack. Whatta surprise!
The reality is, that we are in the insurance business, and the risk trade off is often made in the short term time horizon. There is much value to debating the maturity of buying and why a more enlightened approach by CISO is needed, but at the end of the day, the above behavior has been a constant observation of mine over the last 15 yrs in this industry.
The big aha, is that if you don't fit into an established category, you are fighting an uphill (though not unwinnable) battle...
Here's a few examples of those who navigated this well
1) Fit into a round hole - Palo Alto Networks. Strategy: We are the next gen firewall. What Palo Alto did well was to not fight the fight, they leveraged their founders credibility to say "Yes, you need a firewall, but it's time to take a new approach to this check mark" The beauty of this approach is that it allows for early adopters to pave the way and push through the org. Palo Alto did a lot of things well, and this piece was critical
2) Drill a new hole: Vontu. Strategy: Privacy leaks are in the news big time, create a new category to respond to them. Vontu led a group of aggressive start-up to establish DLP. They did this by becoming thought (and product leaders) in a nascent space. Few have worked the influence game better. In addition, they went after new $$s from compliance driven budgets, NOT from IT security. Because of this, they could sit next to x,y and z without threatening them.
And one that has struggled: IM messaging. These products from companies such as Facetime, Barrucuda, and others failed to separate their value prop from x,y and z, in this case Secure Web gateways and web filtering. Because the category just never caught on with buyers, the products never penetrated past niche plays. Contrasted to DLP, the amount of customer (and shareholder value) created was significantly less.
Why did IM Messaging struggle compare do DLP in establishing a category. For me, the biggest thing was timing, while DLP had the fortune of compliance mandate and high profile privacy leaks, IM messaging never was as fortunate. Luck or planned??? HMMMM....
So, at the end of the day, look for one of the two buying drivers, and if you are going to drill a new hole, make sure it's clear of existing in the mind of the market, but do so with caution. I like replacement strategies better, but both can work wonders if done well... Whichever direction you take, do so with eyes wide open to the challenges of either....
Thoughts?