Security Vendors Need To Work Together To Beat The Ultimate Competition – The Attackers
As one of the hottest markets in IT, security also is one of the most competitive. At the same time, however, success depends on the cooperation of all players—large and small, legacy and startup.
"This security industry needs to come together," said Michael DeCesare, CEO of ForeScout Technologies.
That won't happen by big players like Symantec, Cisco Systems, McAfee or IBM buying up large swaths of the security market, DeCesare said. Customers are demanding innovative, best-of-breed startup solutions, as well as legacy platforms, he said. That means both sides of the market need to work together, and integrate with one another, for the ultimate benefit of the customer.
"It has to be done by collaboration," DeCesare said. "We have to figure out some way for there to be some level of collaboration."
Cupertino, Calif.-based ForeScout integrates its products with a number of security vendors. George Kurtz, CEO of Crowdstrike, one of the companies whose products integrate with ForeScout, said integration such as this is key because a single vendor can't own every piece of the security puzzle on its own. Instead, security vendors need to specialize in what they do best, whether it's one product line or a collection of them, in the same way doctors specialize in different practice areas, he said.
"My selling point to a customer is: I don't want to be your single pane of glass. … In today's environment, we realize that we're one piece of the security ecosystem. … We think we're an important piece, but we want to be able to work with that entire ecosystem," Kurtz said.
Its the customers themselves that are demanding integrated offerings, said Haiyan Song, senior vice president of security markets at Splunk. That's a shift that has caused Splunk to adapt the way it goes after the security space, rolling out what it calls Adaptive Response, a framework with a common interface for security data and response in multivendor environments.
But integration isn't just for startups. It's also a necessity recognized by the large, legacy vendors. Executives from legacy players Symantec and McAfee said the need for industry integration and collaboration is driving their push to establish themselves as security platform players, enabling their own offerings to integrate with third-party vendors in a way that adds value above and beyond the parts alone.
"The cybersecurity problem is bigger than any one company," said McAfee CEO Chris Young. That's why McAfee has chosen to pursue an open platform approach that acts as a "connective tissue" for third-party vendors and its own technologies, he said.
"We believe as an industry we've got to come together to solve the problem. There are areas where we compete, but there needs to be more cohesiveness," Young said.
"One thing I love about our industry is that, yeah, there are a lot of companies and there's a lot of competition, but generally speaking people believe in the mission of cybersecurity and what we're trying to do here that's bigger than any individual company. It's bigger than any individual person. That's a shared goal, that's a shared mission from any of us," he said.
Symantec President and Chief Operating Officer Michael Fey said an integrated approach is something all security companies need to get on board with because, ultimately, the competition is the attackers -- not each other.
"Unlike the rest of IT, where you see companies competing against themselves driven by innovation and ROI, we're driven by innovation and ROI in the attack landscape. [That] measure for us really creates an interesting dynamic. … I think about the attackers a whole lot more than I think about my competition. At the end of the day, if I don't do a good job beating them, then it doesn't matter what my competitors do," Fey said.
For solution providers, this move toward integrated security presents a significant opportunity, vendor executives and solution providers agreed. Vendors can provide the building blocks, but the solution providers and the systems integrators are the ones who will help customers piece those solutions together, Splunk's Song said.
"I think the channel partners are going to play a big role in delivering that last mile to the customers," Song said.
Jason Eberhardt, vice president of strategic alliances at Chicago-based security consulting firm Conventus, said having a balance in the market of larger, platform companies, such as Symantec, and emerging startups allows partners to have a "holistic security posturing." It is up to solution providers to help customers find that balance, he said.
"At the end of the day, it's my job to always be constantly evaluating and looking for the best solutions for customers. Our whole job is to understand that," Eberhardt said.
Deb Gannaway, principal of Tampa, Fla.-based DG Technology Consulting, said customers will win if they have the option of a variety of solutions that are truly integrated. For partners, there is a huge opportunity to help customers choose the right pieces and have the solutions implemented correctly, she said.
"This is such a good, exciting time for partners to really step up and be that go-to partner. … This is the time that you really need to go out there, show up, and step it up for clients with your vendors," Gannaway said.