Security Startup Boom: Solution Providers Place (And Hedge) Their Bets

Security startups may come and go, but what does that mean for a solution provider who has to balance finding the next best technology to protect its clients with investing time and capital in a relatively green company?

With more than 500 startups exhibiting at the most recent RSA Conference alone, placing those bets means solution providers have to think and act less like a solution provider and more like an investor, said Art Coviello, former RSA executive chairman and current venture partner at Rally Ventures.

"You have to worry about what kind of companies are going to be successful in the long term and [solution providers] have to be able to support the winners just as investors do because there's so much competition for mind share with the end user customer that unless you spot the winner you are going to be trying to sell something that [won't be around for very long]," Coviello said.

[Related: Skyrocketing Valuations: Is Security Startup Funding About To Head Back Down To Earth?]

On the one hand, many new startups offer tantalizingly high margins for partners willing to take a leap of faith and jump on board, said Orion Hindawi, co-founder and chief technology officer at endpoint security startup Tanium. However, he said smarter, long-term partners seem to shy away from the fixed cost needed to milk those high margins and instead pick and choose only a few startups that they have carefully vetted regardless of margin.

Hindawi said he recommends the latter approach as it avoids getting "a lot of egg on your face" from customers as technologies come and go. For a startup like Tanium, that means being prepared to answer a lot of tough questions from potential new customers, he said.

"I've been very impressed with the diligence that some of our partners are applying," Hindawi said. "I think it's a great message because they don't want to sell stuff [that doesn't work] even if their customers want to buy it. ... That's because they don't want to poison the business for the next potential sale. ... You don't go back to a restaurant where you've gotten food poisoning a couple of times."

Solution providers seemed to agree, with all of those CRN spoke with saying that they carefully chose viable startups to work with and hedged their bets in their portfolio against their failure. Peter Verlezza, CEO of New Haven, Conn.-based SMB Networks, said he likes to seek out startups that have shown a full commitment to the channel and is particularly attracted those with a white-label offering that can launch it into a new market.

"There's a commitment there, but we aren't fully committed," Verlezza said. "It gets us into the space that we want to be in, but if they were to disappear tomorrow we can still stay and still be in this space." SMB Networks most recently added a security training startup called Breach Secure Now to its lineup, Verlezza said.

Other solution providers such as Optiv Security (formerly Accuvant and FishNet Security) are hedging their bets in a different way. As the largest pure-play security solution provider in the market, Dan Wilson, executive vice president, partner strategy, said Optiv uses its scale and breadth of portfolio to both dive into new markets and bring on new startups, but also change course if it doesn't work out.

"We're in a nice spot because we're not utterly dependent on one technology provider or another and we're able to pivot as we see the market move," Wilson said.

Ultimately, it comes down to playing that key trusted adviser role, said Rally Ventures' Coviello. He said solution providers who want to succeed should focus on their own vision and choose startups from there, instead of building a vision around the latest and greatest technology.

"You should, first of all, have a point of view on the technologies that you think will be successful and find a couple of companies that meet that criteria," Coviello said. "I wouldn't start with a company, I would start with my own point of view."

PUBLISHED SEPT. 29, 2015