Security Industry’s Stem Cell Engine
Can you imagine a time when venerable, once efficacious security products no longer accurately assess vulnerabilities, effectively block phishing attacks, fully secure email or protect networks against DDoS outages?
Guess what – you’re living in it!
Many of the smartest security executives and entrepreneurs I’ve worked with have long evinced concerns that formerly effective products have been severely out-gunned by hackers. Also, the proliferation of BYOD, social networking & recent geopolitical events (Egypt) has exacerbated this gap in America’s security profile.
But does the CIO, or division CISO decide not to buy security products until a more efficacious version becomes available? Not likely – just the opposite!
If you could read the mind a CIO considering OPEX as management prepares for a Wall Street earnings call, it might go something like this… “It kills me to spend big on products that don’t fully protect us anymore… but if we ever get infected without AV in place, the media will eat us alive, not to mention the legal ramifications”…
Given that many products no longer truly work as advertised, why still spend on them? In fact, refer back to that imaginary CIO mind reading session above, and one might infer that legacy security tech has become a protection racket…
But wait! Don’t surrender to the feeling that you got “OPEX-jacked” quite yet!
Here’s why – society depends on complex IT architectures as a Central Nervous System (CNS) to perform critical functions, and this system is extremely vulnerable to challenges affecting both enterprise & consumer security and privacy.
Pioneering work by security vendors like Symantec, Checkpoint, McAfee, NetScreen, and RSA (and all the VC portfolio companies they rolled up) provides the requisite “stem cell tissue” from which to graft future generations of tech to fight the spread of infectious hacking diseases.
Legacy products comprise the raw matter from which next-generation security startups are built. To extend the biological metaphor, Cloud Security, SaaS based Endpoint Monitoring, Advanced Threat Management and Mobile Security Startups are grown via Human Capital (entrepreneurs & investors) transplanted from mature security vendors.
A prime example of this is George Kurtz, for whom I recruited the much of his senior management team at Foundstone, and am now doing at his current company CrowdStrike, the leader in SaaS based Endpoint Monitoring (Google invests $100M). His new company leverages Cloud & Big Data Analytics to continue to innovate in much the same way that Palo Alto Networks disrupted the moribund firewall market.
So while keeping aging security tech on life support may sometimes feel like a protection racket thing, I believe it’s a smart investment / development engine needed to crank out new products to secure our future.