When a Firewall Won't Cut It


NetVision CEO Todd Lawson believes customers need more


If all goes according to plan in 2003, then this should be the year in which security sales take off. In fact, according to our State of the Market issue last month, more than one-third of solution providers believe security will be the fastest-growing part of their businesses in 2003.

Already, more than half sell some type of security solution. Most sell antivirus software, if not firewall solutions or intrusion-detection software. But is that really enough to adequately protect your customers?

A growing number of security product vendors say no. And they're developing solutions for everything from security-reconnaissance to enterprise-access management to content filtering to biometric authentication and beyond. Their mission this year: to persuade you that Check Point, Network Associates, RSA and Symantec don't have everything needed to protect customers. That, of course, won't be easy given the breadth of products those giants have. Symantec alone has more than 80 products for users of all shapes and sizes.

NetVision, an Orem, Utah-based company that develops network security policy-management solutions, epitomizes one of the many up-and-coming security software companies that hopes to win your business in 2003. Founded in 1996 by three former Novell developers, NetVision approaches intrusion detection somewhat differently than others. Rather than focus on developing a host-based solution or a pure network, perimeter-based solution, NetVision instead believes there's a need for a third tier of solutions geared around securing the directory. It's an innovative approach, but one that requires some explaining. The NetVision Policy Management Suite, for example, includes four components: Global Event Services, DirectoryAlert, ServerAlert and Synchronicity. Each is an interesting technology in its own right, but NetVision wants to convince VARs and users, alike, that they need all four if they want maximum protection from attacks.

That may take some doing, given the number of similar-sounding pitches VARs and customers receive each week. Think NetVision's directory approach is unique? Then consider OpenNetwork Technologies. The Clearwater, Fla.-based company, which is a year older than NetVision, purports to have "the industry's first and only directory-enabled architecture" for securing Web resources.

If you hope to make the most of the opportunity surrounding security this year, then you will have to be able to distinguish between the NetVisions and OpenNetwork Technologies of the world,and fast. You'll need to know where they overlap, where they are incompatible and where they stand out. You'll also have to know which vendors are struggling. Some companies are bound to fold, their dreams unrealized. Others, including NetVision, may hold on or even prosper. NetVision, for one, saw sales jump 30 percent last year to roughly $7 million. It has "lived off what we could kill" for four years without turning to outside funding, Lawson says.

To break from the pack, the company wants to enhance its architecture and better support J2EE, C++ and other standards. It also wants to better integrate with existing directory options, and shift its business from one that relies on direct sales to one that uses a leveraged model. Already, it's making progress with partners. As of last March, just 2 percent of the company's sales went through outside allies. By the end of 2002, when NetVision announced the addition of three dozen new channel partners, that figure rose to 40 percent. Within two years, it could be 80 percent, Lawson says.

Still, for every security company that makes it this year, there's bound to be plenty more that don't. Before you get dazzled by any niche player, do your homework.