The Information Security Arms Race and Its Impact on Operational Models

As security products enter the market, they move through a series of phases along their adoption curve. At various points in this lifecycle we have noted that opportunities present themselves to both the buyers and the sellers of these technologies. New businesses and business models begin to emerge as companies take advantage of these opportunities and begin exploiting the trends to their advantage.

In this article, we will explore each of the stages in this lifecycle and highlight the areas where we have seen the most activity around particular opportunities. As with all of our research, we will bolster our commentary with examples and sub-references which will follow in future articles.

Introduction

New security products entering the market often take a significant amount of time before they move to widespread adoption. This is partly due to the education that is needed of the market, both in terms of understanding the threat the product is designed to counteract, but also to understand the technology itself. Many of the more complicated products on the market today (SIM, SEM, DLP, etc.) have taken years to educate the market and drive an understanding of the threats (either external or internal) that their products are crafted to address.

This educational process also extends into the care and feeding of the product itself. As we saw with early versions of SIM technology, a small army of database experts were needed to keep the early generation of products from buckling under the loads many organizations were putting on them. Obviously, this increased labor burden puts enormous pressure on the ROI for the solution as a whole, which could explain the high rate of “bleeding edge” technologies that never gain sales traction outside of highly specialized markets.

Adoption

As the products mature, they tend toward simplification, at least in the beginning. They improve their installation mechanics, add “out-of-the-box” benefits to show immediate (or at least quicker) ROI, they may also make user interface (UI) enhancements to ease usability.

It is during this stage that most companies are at their most responsive in terms of listening to customers and incorporating feature requests and usability enhancements into the product development stream. This is partly driven by expansion into other markets; some vertical and some horizontal, where the vendor’s education message has not yet reached (or may never fully reach).

The vendor experiences increased adoption rates outside of their core market, largely due to the improvements made in their early beachhead accounts and the feedback that they have brought back into the product development cycle.

It is during this phase in a product’s lifecycle that it starts the slide toward commodity status. This is driven just as much by the decrease in complexity as it is by the sophistication of the market; two goals that the vendor was striving for earlier in the lifecycle, but which now threaten their business.

Commodity

As the product shifts to broadly accepted commodity status, the vendor comes under increased pricing pressures. They tend to support this trend however, through sales tactics such as deep discounting, bundling with newer products, longer term contracts (to achieve lock-in), and other maneuvers that continue or even accelerate the move to commodity status.

In many cases, the market as a whole starts to lose its luster, much as we have seen with the traditional anti-virus market in the past couple of years (and which we will return to later in this article). In an effort to combat shrinking margins, you will often see new versions of the product come out that are targeted specifically at the least sophisticated markets that the vendor can manage. These markets are typically present in smaller enterprises who also feel the pain of increased labor pressures which (hopefully) the vendor has driven out of the product before tackling this market.

It is along this part of the curve, the grey area between broad adoption and commodity status, where we find the first hints of new opportunities emerging. One interesting business model we have seen

develop in this phase is that of “enhanced open source”, whereby a vendor will build a product around an existing open source technology and help flatten the often steep learning curve of these technologies. This can be done within the community around the product, often by its founder, such as in the case of Marty Roesch and Sourcefire being built around his open source IDS Snort. Similarly, we find an open source project gets ‘adopted” by a fledgling company, as was the case with Renaud Deraison and Nessus, his open source vulnerability scanner, getting picked up and incorporated into Tenable’s product suite.

The other model, and one that is frequently at odds with the open source community, is when a company builds technology and services around an open source project without directly contributing to the project. This creates even more conflict (and confusion) in the market when the project founder, or their new corporate custodian, begins to enter the market themselves. Perhaps the most famous of cases was when Ron Gula, Tenable’s founder and CTO, moved to close source the Nessus engine and extract license fees for signature updates from the companies leveraging the technology in their own offerings.

Rebound

Rebounding, if it occurs at all, is usually through the acquisition and integration of complimentary technologies that prop up the original offering’s flagging license revenue. For example, Symantec purchasing Sygate, then bolting it onto their anti-virus platform and rebranding the whole affair as “endpoint protection”.

Concluding Remarks

At each phase in a product's complexity, there are opportunities. As we begin to present examples of products we are all familiar with, we will be pointing out where the opportunities lie and how best for all parties (buyers, resellers and vendors) to take advantage of them.

Recommend this article...

Comment

Only registered users can write comments.
Please login or register.