With Michelle Dickman, president of TriGeo.
Question: Is there a qualitative, as well as quantitative, difference between the enterprise and SMB security markets?
Dickman: Absolutely. Some companies have a small IT staff, and the company says to one person, "You are the security guy to boot." I met a guy at a conference and he said, "We are sick to death of CA and IBM shoving their enterprise security products stuff down our throat." The big vendors want to say that they have the mid-tier market technology. They take enterprise stuff and clip a bit off. What these folks need to realize is that these companies need different technology.
Question: What are the key differentiators?
Dickman: Gear has to be priced appropriately. I don't care if it is the best thing since slice bread, if it's too expensive, we've priced ourselves beyond the reasonable limit of customers' budgets. Secondly, it has to be deployable in a reasonable amount of time. In some cases, the big vendors say it's a six-month implementation. They mean six months before anything. SMBs expect a quicker ROI. Thirdly, it can't turn into shelfware. It has to be something that provides a benefit from early on. Sometimes, an SMB gets wowed by the big companies and they buy gear. Then they realize they have to hire five more people and that kills it right there.
Question: Is the way in which SMBs approach security vendors changing as well?
Dickman: One of most interesting trends we've seen in the last three years is the sources of information opening up for them. There are publications and sites that target mid-tier. Before, they had to look at CA, Microsoft, Cisco. These conferences, magazines and sites changed how to find vendors specifically for the mid-tier. They have raised the visibility of the mid-tier.
Question: From a technical point of view, what is the difference between security SMBs and enterprises can support?
Dickman: [SMBs] have no visibility. I had an IT director of a pretty good size — but SMB level — hospital in the southwest say to me that he comes in every day and feels like he is putting a bullet in the chamber and saying, "Is today the day someone breaches the network?" He had no visibility into the ocean
underneath his security tools. The ocean is data in the log files. You take things like firewalls, routers, switches. They are very linearly focused. They don't know what happens at the OS level, or from the AV standpoint. For example, worms on a workstation will start bouncing SMTP traffic off the firewall. At the very same time, those worms are trying to get on the server with admin privileges, while trying to stop the anti-virus software from functioning. It all happens at the layer below the top of the ocean. Unless oversight is at the OS, firewall and AV level, you've got to pull it all together [manually]. These folks don't have resources to look at one log file, not to mention all the log files. At the big companies, they have people to do that at the security operations center. There are people at GM and other big companies whose job is to look at anomalous events.
Question: Are vendors recognizing this?
Dickman: It's just beginning. Websense, SonicWall and other companies have SMB products, and this is new. Even McAfee and Juniper are starting to say they are creating mid-market initiatives now. I also heard that multiple times from IBM. We integrate these type of technologies, and are seeing more and more.
Question: How is it selling to the mid-market?
Dickman: I am a huge fan of the mid-market. They are the biggest market. They are also the most consistent buyers, especially when times are tough and bad things are happening. Then, they are more consistent than the Fortune 1,000 or the Global 2,000. The saying among mid-tier companies is that we don't date vendors, we marry them. There is a relationship. Big companies are going to cut and run for a few bucks. But with the mid-tier, you do right by them and they shout about you from the rooftops.
Question: Are the SMBs recognizing the importance of proactive security?
Dickman: That's an interesting trend. We are seeing how increased security can impact bottom dollar. One guy said that one of the reasons he called us is that he had a virus infect every one of his servers. Every server was down for four days. They are spending more looking for business continuity.
Question: Compliance is closely related to security. What do you tell customers about that?
Dickman: Good security should make you compliant. You shouldn't get security software to become compliant. If you have good security in place, compliance comes out of that.
This Executive Briefing originally appeared in a weekly report from IT Business Edge.
This was first published in July 2007