Handicapping Enterprise Security Vendors

Huge opportunity for enterprise security leaders to become multi-billion dollar businesses over the next few years

horse race start gate

In the course of my average work day, I try to read all the cybersecurity news I can. I came across a very good article in Forbes that looks at the cybersecurity opportunities for companies like IBM, Cisco, Dell, and others. The article points out that the market for cybersecurity products and services is estimated at $77 billion today, growing to $120 billion by 2020. That’s a lot of firewalls, AV software, and identity tokens!

Since I agree with some of the author’s points and disagree with others, I decided to post my own thoughts on my list of leading enterprise security vendors.

  1. IBM. Quietly, IBM has become an indisputable cybersecurity leader, with revenue of just under $2 billion and a strong mix of strong products, SaaS, and professional services. Given IBM’s customer base, it is not surprising that the company has a fair number of sales people and field engineers that can have cybersecurity strategy discussion with CIOs, CISOs, and even business executives. IBM does have a few gaps in its portfolio, but it has the resources to either acquire or partner where necessary. If IBM has a weakness, it is that its cybersecurity business is a small fish in IBM’s pond so it doesn’t get the category leadership kudos it should in Armonk or in the market. Too many cybersecurity professionals still think of IBM security in terms of identity management, application testing, or mainframe tools which is a crying shame. To double or triple revenue by 2020, Ginni Rometty and other executives need to give the IBM security division more resources and complete independence from the mother ship. 
  2. Cisco. The networking giant also brings in around $2 billion in revenue. Since the Sourcefire acquisition in 2013, Cisco has made a series of excellent purchases in areas like managed security services (OpenDNS), security services (Neohapsis), malware analytics (ThreatGRID), and network security management (Lancope) giving the company as comprehensive a portfolio as anyone. Like IBM however, Cisco security is a blip in its overall business, but the current (Chuck Robbins) and former (John Chambers) CEO have pledged their commitment to the security business unit. While Cisco used to sell security on the back of big networking deals, times have changed. To increase security sales Cisco security needs to match its product and services strength with its own independent enterprise-class sales and marketing. Finally, Cisco customers have long memories so the company must maintain its patience as it works with security customers who may still hold a grudge about the Catalyst security blades they purchased back in 2006.
  3. Dell. This is where I disagree with Forbes, as I look at Dell as a long shot to join the multi-billion cybersecurity club. SecureWorks is killing it in managed security services and is poised to IPO. Outside of SecureWorks, however, Dell does not have the product portfolio, business unit focus, or security-centric salesforce to go toe-to-toe with Cisco and IBM. RSA Security could bridge this gap, but Dell hasn’t given any hints to suggest that this is in the cards. We’ll see.
  4. Symantec. Yes, Symantec has taken its lumps over the past few years, but it still has lots of great assets and will come out of its Veritas separation with bags of cash for acquisitions. I also like the executive team that Symantec assembled – Oracle people understand software architecture and tech industry execution – skill sets that Symantec sorely needed. Symantec’s Cybersecurity Services (CSS) could become a billion-dollar-plus business unit on its own given the global cybersecurity skills shortage and its existing assets but it needs additional marketing resources and more enterprise-class sales managers to spread the word.
  5. Trend Micro. This is a company with far better resources, products, and services than most people know – especially in high-growth areas like cloud security and advanced malware prevention/detection. Trend does very well in Asia and Europe, but not North America. Some additional enterprise-focused sales and marketing spend and strategic investments could push Trend revenue beyond $2 billion. 
  6. Intel Security. Still goodness here, but also lots of internal decision-making. For example, McAfee grabbed Stonesoft in 2013 thinking that it would combine Stonesoft’s innovative NGFW with McAfee’s well-established IDS/IPS business to become a network security leader. Two years later, Intel Security sold off the Stonesoft assets to Raytheon. Big changes like these make enterprise buyers nervous so the jury is still out.

A few thoughts on other candidates to join the list. Check Point has great technology but the world still perceives it as a firewall company so it too needs a sales and marketing booster shot. FireEye understands today’s cybersecurity challenges and solutions as well as anyone but is currently engaged in a distracting dogfight with Wall Street. Palo Alto Networks is an execution machine and has all the right qualities to grow revenue beyond $1 billion but to do so, it needs a broader portfolio of products and services. Raytheon Cyber Products also has potential with Stonesoft, Websense and its quest to take its government cybersecurity chops to the private sector. Other federal integrators have strong cybersecurity resources but remain limited by their Washington-centric view of the world.

By 2020, one of these vendors could have cybersecurity revenue in excess of $5 billion, the market is there for the taking. 

Copyright © 2015 IDG Communications, Inc.

22 cybersecurity myths organizations need to stop believing in 2022