Four different customer profiles to consider when selling cybersecurity products and services Credit: Thinkstock Depending upon whom you believe, there are roughly 800 to 1200 companies selling cybersecurity products and services to end customers. Yes, the cybersecurity market is forecast to be around $70 billion this year, but that’s still a lot of vendors.Now, there are point product specialists, managed services firms, and enterprise security vendors all competing for the same dollars. So how can any company stand out from the crowd? In my opinion, each security vendor must determine where its products and service fit among four distinct buyer types:Security-centric buyers. This traditional security buyer evaluates and purchases security products and services based upon discrete needs and budgets. As such, security-centric buyers tend to look for best-of-breed products from vendors with strong cybersecurity experience. Startups with strong cybersecurity chops are welcome to this club but purchasers also maintain a “rip-and-replace” mentality rather than any type of long-term allegiance. Vendors like Bit9 + Carbon Black, Cylance, Check Point, FireEye, Fortinet, Palo Alto Networks, Symantec, and Trend Micro come to mind here. Note that security-centric buyers will have some role to play in EVERY cybersecurity product and services deal.IT infrastructure-centric buyer. In most cases, IT infrastructure vendors extend their reach into security to appeal to their customers and traditional buyers. Cisco is a good example with network security products, ditto for Dell with its secure endpoint program. In some cases, newer vendors will add security functionality on top of IT infrastructure. For example, Data Gravity has added secure access controls and analytics to its storage appliances. In the past, vendors could use their IT infrastructure-centric buyer relationships to circumvent the security team, but no longer. In today’s market, cybersecurity professionals’ role goes beyond defining product requirements, as they are much more involved in the actual selection process. It is also worth noting that today’s IT infrastructure is often virtual rather than physical, so successful vendors need the right software-defined services, not just hardware appliances. IT initiative buyer. Think of things like secure software development, secure data centers, IoT security, etc. These initiatives have to span across people, process, and technology, making them more complex and resource-intensive. Professional services firms have a distinct advantage, as part of the challenge here is systems integration and training. On the customer side, a senior person will likely have ultimate responsibility for the whole project enchilada. Because of this, cybersecurity vendors must have the appropriate scale, skills, and project management chops to succeed here.Business-centric buyer. Corporate boards, CIOs, and CISOs who sit at the top of the customer organization demand more from cybersecurity vendors than threat intelligence reports and pretty reports. Aside from security efficacy, business-centric buyers want to work with vendors that can help them improve operational efficiency and align risk management capabilities with new IT projects for business enablement. To win here, cybersecurity vendors need broad product/managed services portfolios, partner ecosystems, integrated architectures, enterprise scale, and strong professional services skills to piece everything together.A few additional points:True enterprise-class cybersecurity vendors must be able to compete in hand-to-hand combat for deals with security-centric buyers AND sell top-down at the business-centric buyer level. There are only a few vendors that can do this today (i.e. Cisco, IBM and perhaps a few but not many others).The most exciting IT infrastructure-buyer opportunity I see is for hybrid heterogeneous cloud security. There are a few vendors with a current catbird seat here including Illumio, Splunk, Trend Micro, and vArmour. IoT security will also be pretty interesting.Integrated cybersecurity orchestration platforms (ICOPs) like Cybersponse, Invotas, Phantom Cyber, Resilient Systems, and ServiceNow could become the glue (i.e. automation, integration, orchestration, etc.), making them an important part of each of these segments. Related content analysis 5 things security pros want from XDR platforms New research shows that while extended detection and response (XDR) remains a nebulous topic, security pros know what they want from an XDR platform. By Jon Oltsik Jul 07, 2022 3 mins Intrusion Detection Software Incident Response opinion Bye-bye best-of-breed? ESG research finds that organizations are increasingly integrating security technologies and purchasing multi-product security platforms, changing the industry in the process. By Jon Oltsik Jun 14, 2022 4 mins Security Software opinion SOC modernization: 8 key considerations Organizations need SOC transformation for security efficacy and operational efficiency. Technology vendors should come to this year’s RSA Conference with clear messages and plans, not industry hyperbole. By Jon Oltsik Apr 27, 2022 6 mins RSA Conference Security Operations Center opinion 5 ways to improve security hygiene and posture management Security professionals suggest continuous controls validation, process automation, and integrating security and IT technologies. By Jon Oltsik Apr 05, 2022 4 mins Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe