There are some interesting industry dynamics going on in the cybersecurity market. Just a few months ago, Symantec bought Blue Coat, taking a private company public and forming a cybersecurity industry colossus in the process.
Now two other historical cybersecurity powerhouses are heading in the other direction and going private. When the Dell/EMC deal was approved this week, industry veteran RSA became the security division of the world’s largest diversified private technology company. Not to be outdone, Intel and partner TPG are spinning out McAfee as an independent private company.
The good news for both companies is that the market for cybersecurity products and services is quite healthy, and large customers are looking for enterprise-class security vendors with integrated product suites, managed/professional services, and business process experience to partner with. Cybersecurity vendors like Cisco and IBM that fit this description are doing quite well in the enterprise so McAfee and RSA (as well as Forcepoint, Palo Alto Networks, Symantec, Trend Micro, and a few others) could join this exclusive club.
Yup, there’s potential for McAfee and Symantec but it won’t be easy. Here’s my two cents on each company and its prospects in the days ahead:
McAfee needs to prove that it's back in the game. If you know McAfee, you realize that it has a lot of good things going for it. Over the past few years, McAfee has redesigned its products for integration with middleware glue such as its Threat Intelligence Exchange (TIE). It also has a new agentless version of its endpoint security coming soon that includes EDR capabilities. McAfee is quietly doing well with DLP and developed a good security solution for cloud-based workloads.
While these are all positive developments, McAfee has kind of disappeared from the cybersecurity market over the past few years as it streamlined its focus, divested businesses (i.e., network security), and churned through the organization. As McAfee concentrated on internal issues, it took its eyes off its customers and the overall cybersecurity market at large. Meanwhile, many senior McAfee executives have found new homes.
Coming out of the private equity gate, McAfee must:
- Hand hold and schmooze its customers. Many feel neglected or have no idea where McAfee plays these days and the competition couldn’t be more aggressive. McAfee needs to get its large customers on board as soon as possible.
- Double down on sales and marketing. The McAfee message has been lost over the past few years. McAfee needs to bolster its marketing programs and articulate a clear and cogent strategy far and wide.
Dell must demonstrate that it is serious about cybersecurity and RSA. After the EMC deal was announced, Dell quickly deflected questions about RSA and never really articulated a plan for EMC’s security division. Now that the deal is complete, Dell and EMC are busy messaging about digital transformation and cybersecurity. Good messages with little depth.
On the positive side, RSA does have assets for security analytics, identity and access management, anti-fraud, and governance/compliance. That said, RSA has suffered massive attrition over the past year and many of these business units have been steadily shrinking. While Dell may message digital transition, the fact remains that RSA’s profits tend to come from two venerable businesses that were around long before any notion of cloud computing: SecureID and the RSA Security Conference.
Dell spun out SecureWorks and recently followed up with a similar strategy for SonicWall. In the meantime, Dell has never shown any willingness to create a real cybersecurity business unit a la Cisco and IBM.
Perhaps RSA has changed Dell’s thinking around a comprehensive cybersecurity strategy. If this is truly the case, Dell must invest in RSA with sales and marketing dollars while recruiting and rebuilding the RSA team. If not, Dell investors would be best served by selling off RSA assets or the whole bag of shells.