Websense Bypasses Low-Value Partners To Focus On Elite Integrators

Most channel partners don't have the time or budget to invest in the necessary training and certifications to properly deploy the myriad of so-called advanced threat detection platforms on the market today, according to Websense CEO John McCormack.

McCormack said in an interview with CRN last month that his company will rely on far fewer channel partners as it attempts to move up the market and establish a longer list of large business customers with its enterprise-grade security gateway appliances. The company added threat detection and integrated its email and web security and data loss prevention capabilities into a platform it calls Triton in 2010, but since then industry analysts say most of its business has been in the midmarket.

"Broadly speaking, I'm convinced that the root of our issues in the security industry are related to the competency level that we don't have," McCormack said. "Many partners don't have the ability to invest in the people and the training -- all the seat time just doing the work -- to be competent enough."

[Related: Private Equity Firm Picks Up Websense, Partners Not Surprised]

Sponsored post

McCormack's strategy is a winning one, according to top-level Websense certified integrator partners interviewed by CRN. VARs that couldn't provide professional services bungled some implementations, they said.

Phil Justice, vice president of cybersecurity and IT at the Newberry Group, said becoming certified under Websense's Triton Integrator Program in 2012 has resulted in deals that would have otherwise gone to resellers in the past. The St. Charles, Mo.-based consulting firm specializes in cybersecurity, digital forensics, incident response and IT support services.

The designation helps assure potential clients that Newberry Group is fully capable of not only professionally installing the equipment, but training administrators and becoming a long-term trusted resource, Justice said.

"Working with fewer customers is definitely good news for partners like us who have made that initial investment and for customers as well because there's value across the board," Justice told CRN. "There's been many times when an IT VAR resells a product and there was no professional services capability; we'll end up getting a call to help salvage a soured relationship if it wasn't done correctly. No one wants to invest in security spend and have it become shellfire."

McCormack, a Websense veteran, was named CEO last year following the company's acquisition by private equity firm Vista Equity Partners.

Websense completed its move from San Diego to its new 80,000 square-foot headquarters in Austin, Texas.

The company recently rolled out a marketplace to get customers to purchase QuickStart Implementation packages that can be deployed remotely or with little partner engagement.

The marketplace is designed to bypass partners that are not fully committed to the company and aren't investing in training and the knowledge to strike their own deals and carry them out completely, McCormack said. When deployments require an on-site team, Websense relies on systems integrators that gain certification under the company's Triton Integrator certification program. Many of the partners under the program specialize in data protection and creating secure architectures.

NEXT: Retooling Partner Mix Through Training

Websense continues to invest in training and tracks partner engagements very closely, McCormack said. Some partners don't want to make the investment in training because they are closely engaged with vendors in other technology areas and the security practice isn't the top revenue earner for them, he said.

"In advanced security you end up with too many partners that do one or two deals a year. Unless you are living and breathing this stuff every day you are not going to be successful at that rate," McCormack said. "And furthermore, I want to bring all the best practices and all the learnings from the customer environments to the next customer. You need to be able to drive a business level of engagement."

Kevin West, CEO of Brookline, Mass.-based systems integrator K logix, which specializes in security consulting and technology integration in New England, said Websense has been a good partner and interest in threat detection and data protection has increased significantly.

Vendors often trim underperforming partners or those that aren't willing or able to make a commitment, said Tom Richer, chief sales officer at New York City-based managed service provider Computer Resources of America. Websense may be in the middle of that process, Richer said.

"Every vendor should be able to find the right mix of partners that will go all in," Richer said. "The trend these days is to be partner-first because the partners are your virtual salesforce, but the right alignment needs to be there to realize the true value of the relationship."

Some of Websense's competitors agree with McCormack's new strategy.

Intel Security (formerly McAfee) focuses on elite partners that have demonstrated their commitment by gaining the required depth of security skills and embracing newer technologies, said Gavin Struthers, senior vice president of worldwide channel operations at McAfee.

"It’s upon the vendor to make that enablement available before expecting capability in the partners," Struthers said. "They still require training and shadowing in the field to get to full capability, but our experience is that some of these partners, albeit a small number, are rounded enough to handle the complexity of a new technology."

Sales engineers and services teams are typically first to embed and scale newly developed or acquired technology, Struthers said. Once an install base is established, a formal training program for partners is launched, he said.

"For a small subset of our partners, the really strong technical partners, they will be invited to our internal SE training and learn the technology before the broader partner community," Struthers said. "That has worked well for Intel Security."

NEXT: McCormack: Channel Failure Led To Symantec Victory Over Websense

McCormack recalled how Websense grew significantly abroad by leveraging its skilled global partner distribution network to deliver its data loss prevention capabilities to customers. The company struggled against Symantec in the U.S., which acquired Vontu in 2007 and then used an inside sales strategy to establish a strong install-base, McCormack said.

"In the U.S. our channel wasn't equipped to sell DLP and we didn't get that right in my opinion and Symantec said, 'It is too sophisticated for the channel, we are going to do it ourselves' and that proved to be an early winning strategy," McCormack said." They backed off of that, years later, after all the momentum, a lot of installs and a lot of trained people. Advanced security, the shared learning, the volume of it and level of sophistication is tough for the channel."

Websense is pitted against Intel Security, Symantec and Digital Guardian (formerly Verdasys) in the data loss prevention market. Symantec has remained the market share leader according to Gartner which estimates the DLP market to grow an additional 22 percent to 25 percent by the end of 2014 to reach approximately $830 million. Symantec executives said the DLP business remains strong.

McCormack also pointed to Check Point Software Technologies and its aim to continue to roll out advanced threat detection features and more capabilities into an integrated management platform for larger enterprises as it tries to gain traction in small and midsize business markets. The Israeli network security giant is battling Cisco Systems, Palo Alto Networks, and FireEye for market share dominance, but he said its channel partner ecosystem is adapting to a shift away from hardware and subscription-based services and endpoint software.

"The channel has worked very effective on stuff that is steady-state and mature, but even vendors that are 110 percent channel-centric like a Check Point -- just look at their results on new initiatives and things they have tried to push out there and you can see they have found trouble with the channel," McCormack said.

Marie Hattar, chief marketing officer of Check Point Software Technologies said the company invests in partner training, education and other enablement activities when new offerings are introduced to the market. Check Point also invested heavily in partner education last year and added reporting and appliance selection tools for partners. It also added deal registration and up to 300 support personal to handle regional logistics issues.

’Our channel partners continue to be extremely strong in the U.S. and we value those relationships deeply. They are nimble and quick, and have done a great job of ramping up on new security concepts," Hattar said. "We also invest in our partner relationships, especially in the areas of training and certification. One of the most important factors for partners at the end of the day is knowledge and we put programs in place to ensure that they have it."

Sterne Agee analyst Robert Breza told CRN that Check Point tried to blend network and endpoint together following its 2007 acquisition of data security vendor Pointsec in 2007.

"Check Point dumped it into the channel and expected partners to immediately go out to sell it," Breza said, adding that the company has since learned its lesson about coordinating the go-to-market strategy and establishing an install base. "Every network security provider is now blending together an endpoint strategy and providing an analytical umbrella and framework around it and they're doing it by engaging a separate salesforce first."