11 Comments

Ross, another addition: it’s my opinion that we have too many cybersecurity vendors because customers are constantly asking for ‘point products’ that address specific ‘point problems ‘…. Most customers don’t have a holistic view on cybersecurity and therefore they just choose a pint product every time they face a problem!

Expand full comment

100%, definitely one of the challenges. I'd say the problem goes both ways: while many customers as you say don't have a holistic view of security, an equal number of vendors are all to happy to preach that all you need it is X where X is what they are offering :)

Expand full comment

I think personnaly it’s possible to have a hollistic view of what has to be done (by following the PPT principle) and in the same time like to have « point products » that will address specific problematic(s). I will take one example: if I need a tool to do CDR on attachment files into the corporate emails, I will go ask to a specific player simply because I will know that it will be its core business and not an additional feature just putted in into another product. There are many examples of that.

What I would like to say here is, point products are not evil when they are used for what they are thought about and certainly when they are easy to implement and integrate with other tools.

Expand full comment

100%! The way I think about it - there will always be companies that specialize, and those building more generic solutions across different use cases. In most cases, it will come down to making smart buying decisions. What I don't believe is going to work is stitching 200 tools into one monster-architecture.

I am dreaming about the world where data is aggregated in one place, and different tools "plug" into that common fabric and do what they can do best without duplication. Something informed & enabled by the data gravity I've discussed before https://ventureinsecurity.net/p/game-of-thrones-in-cybersecurity

What do you think?

Expand full comment

Interesting, I agree with you regarding the possibility to finally have too many products to manage in the end, it’s definitely something to be careful in.

I know that it’s not exactly the kind of tools you suggest, but what do you think of the CAASM product like Axonius, Sevco or Armis, I mean not them specifically but the idea behind ?

Expand full comment

Good question, Audry! One thing I try to stay away is recommending or sharing my opinion on specific tools - I'll recuse myself here :) There are many great sources out there that analyze specific market categories :)

Expand full comment

Great article Ross. There are many vendors chasing many problems yet a large number of security incidents could be prevented with basic hygiene. And as Fred points out, most organization from SMBs to F500 struggle to prioritize security investments relative to enterprise risk. The paradox of choice is real.

Expand full comment

True. Any time we talk about security, it's tempting to get into generalizations - like "most issues are because of X and many companies can do Y". In reality, every company's risk profile is different, and so is its environment, business operations, stakeholder groups, etc. So while there is certainly a need for technical solutions, solving the problem effectively shouldn't start with technology. The paradox of choice is real, indeed, and so is the temptation to get a "magic tool X where you can just press a button and activate safety shield" ;)

Expand full comment

Hi Ross, another very inspiring and truth telling piece ! Although I do have a question about the "18 pure-play cybersecurity companies listed on the US stock exchange", some of the companies are not included in it , such as IronNet, Cyren, is there any standard they don't fit?

Expand full comment

Thanks Bruce, that's a great comment! Frankly, these slipped away my attention - great find. Any others you'd include to the list?

Expand full comment

So far that's all I got :) I do notice there are some cybersecurity related ETF( such as CYBR,HACK,BUG) and all seems to have over 30 companies in their baskets, but might not be pure cybersecurity.

Expand full comment