The 4 kinds of cybersecurity customers

Depending upon whom you believe, there are roughly 800 to 1200 companies selling cybersecurity products and services to end customers. Yes, the cybersecurity market is forecast to be around $70 billion this year, but that’s still a lot of vendors.

Now, there are point product specialists, managed services firms, and enterprise security vendors all competing for the same dollars. So how can any company stand out from the crowd? In my opinion, each security vendor must determine where its products and service fit among four distinct buyer types:

1. Security-centric buyers. This traditional security buyer evaluates and purchases security products and services based upon discrete needs and budgets. As such, security-centric buyers tend to look for best-of-breed products from vendors with strong cybersecurity experience. Startups with strong cybersecurity chops are welcome to this club but purchasers also maintain a “rip-and-replace” mentality rather than any type of long-term allegiance. Vendors like Bit9 + Carbon Black, Cylance, Check Point, FireEye, Fortinet, Palo Alto Networks, Symantec, and Trend Micro come to mind here. Note that security-centric buyers will have some role to play in EVERY cybersecurity product and services deal.
2. IT infrastructure-centric buyer. In most cases, IT infrastructure vendors extend their reach into security to appeal to their customers and traditional buyers. Cisco is a good example with network security products, ditto for Dell with its secure endpoint program. In some cases, newer vendors will add security functionality on top of IT infrastructure. For example, Data Gravity has added secure access controls and analytics to its storage appliances. In the past, vendors could use their IT infrastructure-centric buyer relationships to circumvent the security team, but no longer. In today’s market, cybersecurity professionals’ role goes beyond defining product requirements, as they are much more involved in the actual selection process. It is also worth noting that today’s IT infrastructure is often virtual rather than physical, so successful vendors need the right software-defined services, not just hardware appliances. 
3. IT initiative buyer. Think of things like secure software development, secure data centers, IoT security, etc. These initiatives have to span across people, process, and technology, making them more complex and resource-intensive. Professional services firms have a distinct advantage, as part of the challenge here is systems integration and training. On the customer side, a senior person will likely have ultimate responsibility for the whole project enchilada. Because of this, cybersecurity vendors must have the appropriate scale, skills, and project management chops to succeed here.
4. Business-centric buyer. Corporate boards, CIOs, and CISOs who sit at the top of the customer organization demand more from cybersecurity vendors than threat intelligence reports and pretty reports. Aside from security efficacy, business-centric buyers want to work with vendors that can help them improve operational efficiency and align risk management capabilities with new IT projects for business enablement. To win here, cybersecurity vendors need broad product/managed services portfolios, partner ecosystems, integrated architectures, enterprise scale, and strong professional services skills to piece everything together.

A few additional points:

• True enterprise-class cybersecurity vendors must be able to compete in hand-to-hand combat for deals with security-centric buyers AND sell top-down at the business-centric buyer level. There are only a few vendors that can do this today (i.e. Cisco, IBM and perhaps a few but not many others).
• The most exciting IT infrastructure-buyer opportunity I see is for hybrid heterogeneous cloud security. There are a few vendors with a current catbird seat here including Illumio, Splunk, Trend Micro, and vArmour. IoT security will also be pretty interesting.
• Integrated cybersecurity orchestration platforms (ICOPs) like Cybersponse, Invotas, Phantom Cyber, Resilient Systems, and ServiceNow could become the glue (i.e. automation, integration, orchestration, etc.), making them an important part of each of these segments.