This article can also be found in the Premium Editorial Download "Information Security magazine: How to dig out rootkits."
Download it now to read this article plus other related content.
"If there are 700 security companies, 80 percent are doing less than $10 million in revenue. How viable is a company in the $15 million to $20 million niche? What happens if it goes out of business?" Chatterjee asks. "The beauty of it is, it's important to be in a space no one else is in and give companies the right solution. In security, organizations are still willing to take a chance; they don't want to mess with security. They'll buy from a small company as long as the solution is unique and solves a problem no one else solves."
That argument is not unlike other standalones. "Sometimes I refer to our strategy as the Starbucks strategy," Chen says. "We sell coffee. We sell very good coffee. We don't sell fried chicken or pizza."
Blinded by Size
Houghton Mifflin's Cote says security organizations have to be strategic about their investments and not necessarily flinch every time an IBM snaps up a security stalwart.
"If you come up with a better mousetrap, people pay; it's a function of the free market," Cote says, offering the example of the antispyware market, which was dominated by smaller security companies like PestPatrol, Webroot and even open source projects like Spybot Search & Destroy. "Bigger companies completely dropped the ball, and smaller companies, they were there. They were better products and were supported. You're going to continue to see that entrepreneurship. Big guys don't have that vision."
Big guys do have buying
"It's a function a standalone cannot provide," Rothman says. "For a company looking to consolidate vendors and simplify purchasing and management, they may be better served dealing with a bigger company."
Leverage is something that can be gained from a relationship with a smaller vendor as well.
This was first published in September 2007