Security firms struggle as one-stop shops

Last year's conventional wisdom about Internet security may no longer be the most viable strategy for vendors.

2 min read
Last year's conventional wisdom about Internet security just cost Jeff Waxman his job.

Waxman, chief executive of security vendor Secure Computing, resigned today after his "one-stop security shop" strategy led to a Wall Street warning that the company's revenues last quarter would be down at least 57 percent from a year ago.

Waxman had Secure Computing pursuing the old conventional wisdom: Build a suite of security products so corporate customers can buy everything from one company. Two other companies pursuing the same strategy, Network Associates and Axent, also have reported lower revenues in earlier quarters.

"There is little evidence at this stage in the market that the one-stop shop is viable," said David Breiner, a Volpe Brown Whelan analyst who has a neutral rating on Axent.

"Companies don't attack security problems that way," Breiner added. "They solve one problem at a time." Thus Breiner has a buy recommendation for Internet Security Systems, which makes intrusion-detection software to set off alarms if hackers attack--and nothing else.

So indeed, industry belief is shifting back to products that will give security companies a competitive advantage. Last month, Secure Computing announced that it was changing gears to scale back its product line under new CEO, John McNulty.

In the "best of breed" vs. "security suites," ISS and Check Point, the leading firewall software maker, have pursued a strategy of doing one thing well, and their financial results have fared better than the others.

The end-to-end security suite approach is a remnant of the days when firewalls--which set up external walls to keep unauthorized users away from sensitive information--were the best-known and most popular form of security software. At the time, in 1997, four companies competed in the category: Check Point, Secure Computing, Raptor, and Trusted Information Systems.

All went public, then found Wall Street worried that they couldn't grow their revenues fast enough as one-product companies. That sparked mergers and acquisitions, with Raptor selling to Axent, TIS to Network Associates, and Secure buying other companies to broaden its product line. Check Point largely stood pat, relying on partners for other security technologies that work with its options.

The pendulum began to swing back late last year when Forrester Research analyst Ted Julian published an influential report titled, "Security Suites: Dead on Arrival."

"Today, suites are nothing more than point products cobbled together," Julian wrote in November. "By the time vendors properly integrate them, a shift in Fortune 1,000 security buying patterns and security requirements will conspire to make monolithic suites irrelevant."

Today, he pointed to another sign of the changing firewall market--that hardware vendors such as Cisco build firewall capabilities into routers.

"The erosion of the firewall cash cow means they struggled to reach their number," Julian said.

Network Associates said today that it's sticking with its suite strategy, even though it hurt their earnings last quarter. The company blamed slower sales on Y2K worries among buyers and longer selling cycles, something Julian had predicted.