SonicWall's Matt Medeiros Plans For A Better 2010

SonicWall CEO Matt Medeiros sat down with Channelweb.com to discuss the growth of virtualization, the impact of the weak economy and what forms future attacks will take. Here are a few edited excerpts.

Looking back on 2009, what kind of year would you say it was?

I'm actually very encouraged about the year. Our revenue suffered like everybody else's. What didn't suffer is our market share. We grew market share consistently throughout the year. So I think we're one of the very few companies that can even look at 2009 and say that through Q1, Q2, Q3 and even Q4 our market share growth was there.

It was also a year of transformation for SonicWall. We changed our entire support organization in 2009, so we now have 100 percent of our support done internally by people that are badged and tagged and wearing a SonicWall uniform and answering the phone everyday as our employees, and not going through a third party at all.

We introduced some incredibly good technology this year around our UTM [Unified Threat Management] products for our TZ platform especially, completely refreshed. Our SSL PVN platform is completely refreshed throughout the entire price curve; our email security product platform has completely been refreshed.

I think that 2009 was also a year where, without exception, we've been successful in the enterprise campaign that we've put forth at the very end of 2008. So if you look at last quarter's results, about 40 percent of our revenue came from midtier, enterprise, government accounts that we wouldn't have had the opportunity to even go after and pursue in the years before because we just didn't have the product offerings. I'm actually feeling pretty good about 2009. But like others, I'm happy to see it come to an end.

Where is SonicWall in the virtual space and do you plan to enhance your virtual offerings in 2010?

So, first of all I think there's still a great debate going on if virtualization is going to mean a substantial lowering of costs. We can certainly show you examples from where it is no less expensive, perhaps even more expensive, than the investments that would have been traditionally met. We believe virtualization is a very important part of what companies will be looking toward just as cloud services will be. So, yes, we do participate. And I think that what we've done is we've educated our channel partners on how they become the virtual service providers through our technology. So we have many channel partners that are hosting e-mail services for their end customers by utilizing our e-mail technology. We have many customers that are hosting SSL VPN solutions by again utilizing our technology for their end customers. We have partners that have deployed UTM services that host and manage them through our global management system for their customers. So I think that oftentimes people forget that SonicWall's been virtualizing this technology for years because of the business model that we kept.

Virtualization has its strongest play in the enterprise market. What if your enterprise customers start demanding more of it?

We're there to support the virtualization effort. Today we protect quite a few virtual installations. Virtualization still requires communication from point to point. It still requires the fact that you've got to have some level of gateway device that's talking to both points. The fact is that I think a lot of our growth last year, particularly in the UTM area, has been based on virtualization. As I mentioned before, I do think that virtualization's been a great growth story for us, for aiding not only virtualized environments as I mentioned. You don't need the hardware, you don't need the software. We can just develop a client that's on your PC and you all of a sudden have a spam-free environment on your e-mail. You don't have any products sitting in your sight to make that happen. It's a virtualized environment. I think we're doing quite well in that area.

How is the enterprise push going? Forty percent of your business is not SMB. Do you expect that number to expand in 2010?

This has probably been more predominant based on the current economy. I think SMBs are having a very difficult time. So we haven't moved from SMBs. We're expanding into enterprise midtier, and government. Our focus is clearly on the SMB market. It still is the lion's share of our revenue. And what we also noticed is that there are so many of our enterprise customers that have remote branch offices, distributed networks that require smaller solutions than just the data center or, if you will, at the CIO's office, where you might consider the data center of most enterprises. So I would say that we are hitting the price points throughout the scale of technology, whether it be a small network or whether it be an expansive data center. And I think you're going to continue to see SonicWall push at both ends. One of the best products we introduced last quarter was our new TZ flagship product, the TZ 200 and 100 products selling substantially more than what we were last year at this time, in the terms of unit sales. Great evidence that with great technology, there are buyers for that technology. Many of those buyers are enterprise-class customers supporting their branch offices, their remote offices, smaller subnets within their network.

Do you expect to see growth there?

Well we certainly hope to. We're spending an awful lot of money on R&D to satisfy what would be the return of the growth in the SMB. Hopefully it will happen in 2010, as well as in enterprise and midtier. Expect SonicWall next year to introduce new technologies in that area. I think that you'll find some of the stuff that we have currently in beta will be industry-leading technology. I take no exception to that comment. I think that you're going to see some really interesting technology coming out of SonicWall.

How does SonicWall and the security industry anticipate being impacted by the stimulus?

Governments around the world are investing in cybersecurity, not just for their own government systems but for the people of other countries. What we see as stimulus is still money that's going into the banking industry, the financial industry. That really isn't changing any of our business. What we need to see is the federal government stepping up and taking ownership for programs that are meaningful for small businesses. Every recession, the way out of it, is on the backs of small businesses and small business creations. This government has got to understand, this administration has got to remind itself of that and start putting programs in place to make that happen. If they do that, I think SonicWall's going to be the recipient of that. We're still No. 1 in small business solutions relative to security.

What about in terms of health care?

No matter where you are, no one should have access to your information. What I can tell you is that health care has been a very important part of some of our success. We have the process in technology that aids in complete packet inspection. Health care really enjoys that as technology has woven itself throughout all of health care. These massive files for radiology are being sent across the world so a specialist in radiology can read those files and that can be done securely. How are you going to do that? How are you going to read that file with the right level of provisions of security? Most technology won't let you do that. Not without human intervention that says, yes, I'll let a file this big pass through my network. You do that, you're vulnerable. So, SonicWall is actually doing quite well in that area of health care.

SonicWall last year initiated some financing programs to help some of its smaller partners. How successful were those and are those new programs still in place? Do you see those programs being needed in 2010?

So what we did is we started working with other channel partners, Ingram Micro, Tech Data, and what we found was a way to leverage financial. And again, this gets back to the fact that very few small businesses have access to credit. So how can we eliminate that as a problem for the small reseller? And we were able to develop several packages that seemed to have been doing quite well, and I would say was another catalyst on Q3 sales for small businesses. Those programs are still in place. I think that all these programs are going to be needed. Some people will need the support of these programs; some people will find different means. But the important thing is that we remain very flexible to our reselling community, and this is one of the ways that we could be seen as being more flexible than a lot of others out there.

Next: Medeiros Predicts Types Of 2010 Security Attacks What's the attack of choice in 2010?

What we think is going to be very unique in 2010 is you're going to start to see attacks coming in very different forms than just data attacks. If you looked at your network, I'm willing to bet there's a tremendous amount of video activity that's on your network. That people are utilizing YouTube whether you're publishing a video, whether you're doing some sort of videography and using the Internet as a medium for transmission or creation, there's more of that that's going on today than ever before. We think video and voice because we start to truly see people now reach this level of convergence. We're on a typical bandwidth, you might see a third being on data, a third being on voice and a third being on video. We think the level of exploitation on video and voice are going to be very predominant -- and perhaps more dangerous. When I think about it we've all taught ourselves not to put things in writing. We told ourselves, at some point that will always become history. It's always there forever. So today, it's easy to leave a voicemail message that might be far more complete and far more informative than what someone might be willing to put in writing. But if I'm stealing that VoIP file, that voice file, boy I've got access to information that perhaps I wouldn't have even got if I was the best data criminal. Video, I think that again just look at the pervasiveness of YouTube. It's a form of entertainment. Remember, if you're a cybercriminal, what do you want to go after? The masses. So you starting hitting what the masses are doing. ' "Santa got stuck in the chimney" is a great little video, well let's go attack that.' Cause there's a lot of eyeballs that will probably get stuck on that YouTube video.

Do you see larger companies adopting UTM, or is it something that will stay relegated to the SMB?

Yes, absolutely. The data is very clear. The growth in UTM has not been limited to just SMB. In fact, if you look at our economy and you just look at the metrics, UTM still represents 75 percent of all sales at SonicWall, and 40 percent of our business was done with midtier and enterprise customers. And one of the biggest buyers of UTM solutions from SonicWall at the enterprise level was the federal government this quarter. This myth is somebody needs to call foul on the fact that enterprises don't use UTM. They do.

What happens when the economy starts to recover? Will they go back to using point solutions?

Why would you spend more of your budget on a more expensive solution that doesn't do half of what a UTM can do? I think we are caught in this absolute fantasy of a story that somehow enterprises don't use UTM. They use them every day. We sell a substantial amount of UTM in the enterprise. Branch offices, remote offices and at the data center. Even when the argument gets played out, they say 'the first thing is that, well, a branch office or remote office, I understand of course, but not at the data center.' Hold on, they do. Tell me one vendor that's not selling the UTM solution. Cisco sells the UTM solution. Check Point claims to sell the UTM solution. Juniper sells the UTM solution. Fortinet does, WatchGuard does, SonicWall does, who doesn't? Whom do they all sell to? So we've got to get away from this idea that SMB and enterprise are somehow different. I have never once met any kind of malware that is prejudicial to size. You are a small company; you will only get a small virus. A midsize company only gets a midsize virus, and I'm in the big enterprise, [so] I get a big enterprise virus. What type of logic is that? It's dumb. And I think that there's a group of people that want to promote the idea that UTM is not enterprise-worthy.

So what do you say to that?

It's not true. So who's promoting it? People who create the word UTM, that didn't have a vested interest in the term. Or didn't have a client base that they really wanted to see use it. That it can be done a different way.

Speaking about other companies selling UTM, one of your competitors (Fortinet) recently went IPO. What's SonicWall's take on that?

Congratulations. We really think it's great that Fortinet did go public. They'll have some financial benchmarks now. The good news is that we still think that we are far better value for performance than Fortinet's. Clearly from a financial standpoint, the market needs to recognize the substance of our financial performance. The other thing is, quite frankly, it's good that they did go public so we can get real data. And that they have to act like a public company.

Are you saying they didn't act like a public company?

I'm just saying that when you don't have to report quarterly numbers, it's not all that important. It's not all that important to understand what you say about your market share. What you say about your selling price. I'm not saying that they did anything wrong. That's what I would do, too, if I was operating as a private company. I don't need to tell anybody what I'm doing. I'll just go run my business. I think when you're a public company, all of a sudden you have a different level of invested constituents that want some answers. And those answers may not be all that important to the technology, but it may be very important to the financial investor that's invested in your company.

Now that they're an IPO, are they a more formidable threat?

I don't think the threat changes. We're a public company -- the fact that there's a level of awareness that my customers get. They see that we're working profitably. They know that we're investing in R&D, not just talked about, but they know it. They see it in the numbers. They see the cash that we create every quarter. And that we can continue to reinvest in those technologies. Those are very good assurances that any customer would want to have. So by going public I think that they bring a level of public data and awareness that their customer base probably didn't have before now. Does it change now whether they're a good or bad company? Every quarter is a different drill.

What is the outlook for 2010? SonicWall's sales revenues fell in 2009. What measures is SonicWall taking to prevent that from happening in 2010?

Our surveys at the beginning of the year predicted that 2010 was going to be a flat, to slightly up year over 2009. And this is back in a survey that we did in the March time frame to midtier enterprise CIOs. The good news is that they seem to be a little bit more willing to spend than what was earlier predicted. But surveys we've come to know don't mean a thing. If some uncertainty happens, whether it is here in the United States or globally, I think people are in a far more fearful way. People either directly or indirectly are more cautious, and that caution is what we have. What piece of information is going to put everybody in a stall pattern? I don't know what that is.

Do you see the security spend going down this year?

Not at all. The security spend is going to go up. Our second half of the year survey says that it's going to go up better than what we thought. It could go as high as 10 percent. Security is still top of mind for every CIO. So it's the most important thing that people are talking about in IT. So we're not only in a great place, meaning people know they have to continue to repatriate and spend on their security solution, we see investments being taken and actually planned for throughout 2010. But the fact still remains that the world is very uncertain. The first and most important reaction perhaps for all of us is that we take a step back and study it a little bit more and a little bit longer before we make that commitment. That's the level of uncertainty. Are we going to see better spending in 2010? I sure hope so. Are we planning for it? The answer is yes.