Mar 2, 2011

Redefining the security gateway

This week I'm at the Pacific Crest Emerging Technologies Summit in San Francisco. And security is hot.

Apparently, enterprise IT buyers are not the only ones interested in information security products. Investors - institutional, hedge funds, private equity, etc - are all trying to read the tea leaves of the marketing soup being slung by security vendors. It's a stark contrast to the crowds at BlackHat and Defcon. These investors want to understand which companies will outperform or under-perform their competitors in the marketplace. While they clearly posses great knowledge about the financials of these companies, several are admittedly struggling to understand the technology table-stakes and differentiators required to compete. Increasingly, they're realizing they need to understand the security tech a little better in order to formulate and justify their investment thesis. I'm fielding questions like: Why do we need new security gateways? What is application control about? How are enterprises buying/using the technology? Can opensource security compete? Which approach will win? Which companies have products vs. platforms? With 20 to 40 competing companies in security market segments, surely not all of them can 'perform' and survive long term as stand-alone entities.

In a few hours I'll be tackling some of these questions on a panel with some of the leaders in network security - Barracuda, Fortinet and Sourcefire. This should be a good debate, and we'll have to follow up with some of those larger players who aren't represented, like Check Point, Cisco, HP/TippingPoint, IBM/ISS, Juniper.