BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

Security Startups Challenge IBM

Following
This article is more than 8 years old.

Recently, hackers have broken into corporate information systems and cost at least one CEO his job.

This shows how much times have changed. After all, for decades CEOs could shift responsibility for such failures onto their heads of data processing who in turn tried to secure their jobs by buying from IBM

Sadly for the technology executives, it was hard to hold onto their jobs for more than two years.

But in the last few years, this dynamic has changed. For example, last year Target's CEO Gregg Steinhafel lost his job -- in part because hackers stole 40 million credit card numbers and 70 million addresses -- leaving Target with an estimated $1 billion in costs related to the hack.

Not only are CEOs vulnerable but the traditional safe haven -- buying from IBM -- is no longer seen as an insurance policy. Instead of buying an all-in-one solution from IBM, a Boston-area venture capitalist argues that companies want best-of-breed point solutions to their information security problems.

As ironman competitor Jeff Fagnan, a partner at Atlas Ventures, explained, "IBM struggles to sell security solutions because companies want to buy from best-of-breed vendors like cyber-attack defender, FireEye, network security vendor,  Palo Alto Networks , endpoint security provider, Bit9 + Carbon Black, and application security supplier,  Veracode . Companies want to buy from vendors with security in their DNA."

IBM disputes this conclusion. IBM spokesperson, Michael Rowinski, said, "The overall security market opportunity is moving to integrated, analytics-driven approaches that protect all parts of organization, including people, data, applications and infrastructure. IBM is a leader across all these segments - including software and services - and continues to gain share and outpace our competition."

IBM argues that it is growing faster than the industry. "For example, Gartner's just-released data shows IBM gained share in Total Security Software, growing +3X the market.  And our IBM Security Services business is recognized by IDC as the clear leader," argued Rowinski.

And IBM believes that its growth proves that customers want a company to tie all the pieces together. As he explained, "Our growth is evidence that an integrated portfolio comprised of best-in-class software and services is what customers are looking for versus having to stitch together a variety of unproven technologies into their security operations."

You may have heard of Fireye -- its revenues soared 163% to $426 million in the last year -- and Palo Alto Networks -- its stock has more than doubled in the last year while sales have risen 51% to $598 million.

Bit9 + Carbon Black and Veracode -- in March it filed still-private paperwork for an initial public offering -- are Atlas portfolio companies. "Our companies are stealing market share from IBM because customers want more heterogeneity," said Fagnan.

Veracode was spun out of Symantec in 2005 after the technology was "put on a shelf," according to Fagnan. He declined to comment on Veracode's financial condition citing "the quiet period."

The two founders of Bit9 sold their company, Okena, to Cisco Systems in 2003 for $154 million -- "Its technology provides endpoint security to protect against viruses that can enter via desktops, laptops, and mobile devices. It works like the human immune system. Bit9 is growing at 100% year on year with 400 employees and will probably do an IPO in late 2015 or 2016," said Fagnan.

Big companies like IBM and Hewlett Packard have tried to compete by making acquisitions. "IBM has made five or 10 acquisitions and the consolidation continues. But do customers want that? No. They go with next generation technology providers like FireEye," explained Fagnan.

He argues that the big companies do not want to offer customers these next generation products because of their public-reporting responsibilities. "If IBM tried to offer a product like FireEye's it would cannibalize its installed base. And that would hurt its reporting metrics," explained Fagnan.

Eric Schurr, Bit9 + Carbon Black's chief marketing officer, argued that his company does not encounter IBM in bids for its endpoint security solutions. "We don’t see them in enterprise or SME deals or hear about them in conversations with our customers with respect to the endpoint," said Schurr.

Moreover, Bit9 + Carbon Black sees a general trend towards customers opting for best-of-breed point solutions. Noted Schurr, "Generally, we’re told by security teams that they prefer to acquire their tools from multiple best-of-breed vendors rather than from one because that’s how companies get access to the latest innovations."

He continued, "The security problem is a hard one – adversaries are sophisticated and patient, and are continually evolving the threats they launch to stay ahead of the technology being created to stop them. More specifically, different attackers use different tools and techniques, and each vendor approaches security from a different angle. Therefore the combination of products from multiple best-of-breed vendors provides better protection that buying everything from one vendor," Schurr concluded.

Moreover, Fagnan believes that public companies can't attract the top talent required to build the best products. "The best technologists don't want to work in a large enterprise," argued Fagnan.

Schurr believes that companies like IBM are not keeping up. He said, "In my opinion, in the security market or other technology markets, you will continue to see the broad portfolio players, like IBM, challenged by emerging specialists who are typically better at pushing the envelope on innovation."

As CEOs face the possibility of a massive hacking attack, the choice of security vendor could increasingly determine whether they get to keep their jobs.