CRN Interview: John McNulty, Secure Computing

CRN: How well as a company is Secure Computing doing?

McNulty: One of the things that we're very proud of is our performance, our growth and our predictability. We've hit our guidance on the bottom line or exceeded it for 18 quarters in a row through some very tough times. Over that period of time, we've grown substantially faster than the marketplace. If you look at our revenue, in [the fourth quarter] of 2003, we did more revenue than we did in the full year of 1999. If you plot that, it's about a 40 percent growth rate per year, which is at least three times faster than the market as a whole over that period of time because I think arguably in the 2001-2002 time frame the market overall might have shrunk. Our guidance this year is that we'll grow 30 percent.

CRN: Given all the competition in this space, is the market due for a shakeout?

McNulty: You've got an enormous number of security startups, and there's maybe 20 significant security public companies. We're certainly not the smallest; we're certainly not the biggest. I think we're well-positioned with superb products, and there will be absolutely a whole lot of those startup companies that disappear. Some of them I think will be acquired. Others will be almost the walking dead. And others will simply disappear because you can't have 38 players in one specific niche and expect that they're all going to succeed. We're going to see a lot of change and evolution in that marketplace, and every year it's going to get more competitive. Our mindset is, don't look back, somebody is gaining on you.

CRN: How much effort are you putting into making Secure Computing more visible?

McNulty: That's something we're trying to improve upon thoroughly. And there's good news and the bad news. The good news is we're growing some good brand names, but bad news is the company is not known, but I think we're doing better. When I joined the company in 1989, we had 15 products and the strategy was kind of thrown against the wall to see what sticks. One of the things we determined very quickly after I arrived was we couldn't have that many products; we needed to focus on a few things and do them better than anyone else. By the end of 1999, we eliminated 12 of the 15 products to focus on the three products we have today: the Sidewinder G2 security appliance based on the Sidewinder firewall; the SmartFilter Internet management tool, which has been complemented with our acquisition of M2H2; and then the third product is our Safeword premier access offering. The interesting thing to understand is that the products have name recognition much better than Secure Computing. But again it's something I think we're working on and tying everything together.

CRN: How much opportunity is there to cross-sell across the three product categories?

McNulty: In 2004, 45 percent of our revenue should come from the firewall segment, 30 percent to 35 percent from the filtering area and then the remaining 15 percent to 20 percent from Safeword. One of the things that I think is a tremendous resource for us is our customer base. We have over 11,000 customers today. We picked up a little bit over 2,000 with the acquisition of N2H2 in 2003. That 11,000-customer base is a tremendous resource for us to go in there and sell second and third products to. That's just a tremendous opportunity for our channel partners. As we move 100 percent through the channel except for the 50 named accounts--as our channel comes up to speed in working with these customers--I think they're going to absolutely help us and find that there's some gold close to the surface in selling second and third products to those folks. We're putting together a very complete channel program that will, in fact, go into that direction. We've already done it with our own sales organization, and we intend to be addressing it with the channel as we evolve our new strategy this year.

CRN: How a big a role does the channel play today with Secure Computing?

McNulty: If you look back at our history, we started going to market entirely through the channel effectively in 1999. In 2000, we did 25 percent through the channel; in 2001, we did 45 percent through the channel; in 2002, [we did] 55 percent and last year about 65 percent through the channel. You're always going to have exceptions. That's why we have 50 named accounts that we sell to directly. That's the way they want to buy. But for the rest of the world, we need the channel.

CRN: How do you differentiate Secure Computing from your rivals in the firewall space?

McNulty: The first and most obvious differentiation between Secure Computing and Cisco [Systems], Check Point [Software Technologies] and Netscreen is that from the ground up we're an application-layer firewall with full proxy capabilities. You have to protect the application layer in order to have confidence in the integrity of the information and of the applications themselves. The thing that's changed over I'd say about the last 20 to 24 months has been a tremendous increase in the awareness of the need for application-layer firewalls. Now the bigger vendors are coming to play in our field, in our ballgame, and we literally wrote the book in application-layer security. But the whole scenario changed. We can also talk about application layer security with great performance, with easy out-of-the-box configurability. At the same time, we also announced the capability to run in a hybrid mode. You can use it as a packet filter or use stateful inspection of the application.

CRN: How do you position Secure Computing to the end customer?

McNulty: I've never seen a product that hit the center of the bull's eye of what the market needs and what the channel needs and has been asking for better than our Sidewinder security appliance. It's an all-in-one box. If you think about the problems of the enterprise security, the burden on the IT organization has increased rather dramatically. There is a very significant amount of frustration from that in the fact that they are managing up to eight different hardware platforms with maybe 15 different software players. Trying to become expert in the installation, the administration, the management of those things on an everyday basis is pretty tough. The toughest part comes when something doesn't work and you have a dozen-plus hardware software vendors that point their fingers at each other. What we brought to market in the Sidewinder security appliance is an all-in-one solution that can provide the world's best firewall, and on top of that firewall you can provide antivirus, antispam, URL filtering, e-mail filters, intrusion-detection and intrusion-prevention capabilities all on the same box.

CRN: How quickly are we going to see more convergence in the security space?

McNulty: I think we're coming together very quickly. A fundamental belief we have is that the best approach to security in the enterprise starts with authenticating the user at the moment of contact with the network regardless of how they touch the network. Once they have access and once you've authenticated them, the task of ensuring bulletproof security is made a whole lot easier because you know who they are and you know what they're supposed to do.

CRN: How closely will security and network management be coupled in the future?

McNulty: Network security and network management will come together. It's kind of silly when you step back and look at the huge enterprise that has a big network operating center that fundamentally is their systems management software running and telling the network mavens what's happening in their network. And then somewhere else in the building they'll have a security operating center that is looking at the same fundamental typography but from a security perspective. Hopefully, that will be a great cost savings for our customers and give us some opportunities to evolve our products along the lines of systems management.

CRN: So what should solution providers remember most when they think of Secure Computing?

McNulty: We really have had an intense focus that says every release has to bring not just performance and better features, but be a better fit for the channel and their needs. It has to be a product that they can sell and support and make money on along with us would add great value for the customer. We've really evolved over the five years through evolution rather than revolution. We're excited about it because not only do we now have channel-ready products but I think they're best-of-breed channel-ready products.