With their bottom lines and corporate reputations at risk, many securityprofessionals, tired of being able only to react to viruses and worms, are looking for ways to prevent degradation and infection.
Worms and viruses cost organizations billions of dollars and hundreds ofman-hours. Spam has grown to represent between 60 percent and 70 percentof all e-mail, according to published reports. And even the companieschargedwith helping businesses secure their networks now are coming underattack.In April, for example, Cisco warned customers about a hole in itsWirelessLAN Solution Engine.
Indeed, current security gaps cost U.S. businesses about 5.7 percent inannual revenue, according to Omni Consulting Group. Thus, securing thenetwork would give businesses about 6 percent more funding to put towardmore profitable IT initiatives.
Since 1999, DeepNines Technologies, a San Antonio, Texas-baseddeveloper,has been offering the DeepNines Security Platform to Global 2000corporations, educational institutions and government agencies. Thecompanyhas developed a scalable, platform-independent solution that integratesanintelligent firewall, intrusion prevention, McAfee anti-virus softwarefromNetwork Associates, and forensic capture and reporting into a securityplatform that operates outside the network infrastructure, repellingattacksbefore they can affect network performance or compromise data. Theplatformruns on Sun’s SPARC, x86 and Linux offerings.
Recently, the E-Commerce Times spent time with Dan Jackson, president and COO ofDeepNines.
Before joining DeepNines, Jackson wassenior vice president of the Kinetics Group. Jackson also has heldpositionsat USFilter, Glegg Outsourced Solutions and Glegg Water Conditioning.
E-Commerce Times: So how would you describe DeepNines Technologies — your philosophyandhow you go about protecting the network?
Jackson: We’ve been around now for five years. Our overallphilosophyhas been that network security is so fragmented — not only in themarketplace,but in the overall security architectures — that we had atremendous opportunity to come in and be a cornerstone of theintegration andconsolidation requirements of network security. At the same time, we couldchangethe beliefs about where security should start. We took a different approachandsaid, “What’s the logical point to keep the bad guys out and the goodguysin?” That’s at the edge of your network — and that should include yourrouter.
ECT: How difficult has it been, then, to target potential clients sinceyou’re taking a different tack from some others in the market?
Jackson: Well, to be quite honest with you, for the first two yearseverybody said, “Hey, sounds really great. Show me. I don’t believe yourtechnology does what you say it does.” For the last two and a half tothreeyears, it’s been heavy evangelizing. Over the last 12 months, there’sbeenphenomenal acceptance. We’ve seen overwhelming growth. I think thereason ispeople are getting it.
Market share guides hacker decisions, and you’re starting to see a lotofother major software companies start to come under attack. Now hackersarenot just focused on Microsoft. We’re seeing history repeat itself ashackerstarget the other large software players. When I talk software, Cisco isasoftware player. A lot of companies on the edge are software players, soit’s a phenomenal opportunity for us.
ECT: You’ve won some pretty impressive clients recently, especially intheeducation industry.
Jackson: We just received a deal that we’re going to secure 50-plusuniversities. We’re pretty excited about where the company is going. Here’s a crazy stat: There are 28 billion maliciouspings a day. Why on earth would you want that to come on your network?
We keep it at the edge. We let the good guys in and keep the bad guysout.At the same time, now you have to take a different approach to securitybecause we believe strongly that history’s going to repeat itself withsomeof these major software providers out there. We’re starting to see somethings even with Cisco, and we’re there to support Cisco and help Ciscoandeducate the market. When you start to look at the vulnerabilities thatarecoming forward with Cisco, it is a software solution. For us, we’re heavily focused on providing security at the edge, whichtherouter was never designed to do.
ECT: So how does this translate into return on investment?
Jackson: There are a couple of different camps out there. They talkhost-based solutions and they talk network-based solutions. We’re anetwork-based solution. We’re a security platform, so we provide firewallfunctionality, IDS functionality, A/V functionality, anti-spam — all attheedge of your network. Now when there’s a vulnerability you don’t have to updatetens,hundreds or thousands of boxes. You have to update one.
When you are a host-based technology or architecture and you have100,000users, it’s going to be very, very difficult for you to outpace any oneofthe vulnerabilities out there. We believe in host-based, we believe in alayered approach, but we think your most dynamicsecurity solution should be all the way at the edge, and it should becomprehensive. Comprehensive means it has to include your router. Itneedsto protect your firewall, which is internal. If you think about it, 90percent of all companies have a firewall, but 84 percent of thecompanieshave all suffered a loss in the last 12 to 18 months. There’s a stat outthere right now that 94 percent of all CIOs say they’re at risk. Why isthat? Obviously something isn’t working.
ECT: Who does DeepNines consider its competitors?
Jackson: We compare a security platform to a multi-point securityarchitecture. There are two ways you approach value to the customer. Oneisthe resource side — the administration, the maintenance. We consider thosesoft numbers. Tolly Group recently came out with a study thatsays security platforms, from a resource and administration perspective,save on an annual basis 160 percent over multi-point products. That’s aphenomenal savings. Now you don’t have your administrators working infive different products.
The other thing is, we price our product based on bandwidth. We are notanode-based pricing model. In our security platform versus a multi-point product, we save 50 to 60 percent on a capitalexpenditure and then we save up to 80 percent on the annual maintenancesideof things. Those are real, hard, tangible dollars.
ECT: I understand you not only provide demo units, you’ll also send outatechnical person to show prospective clients how the technology works?
Jackson: When you’re evangelizing a technology that nobody else hasgot right now, our sales cycle is a little bit longer but the benefits we’re getting arephenomenal.
ECT: What are some of the markets you focus on?
Jackson: We’ve had a focus on education because we felt if we coulddemonstrate to the marketplace that we could sit in the wildest ofenvironments — that we could deal with a32,000-student university all the way down to a 1,500-student university — itwould demonstrate scalability, it would demonstrate true securityfunctionality. At universities there are no personalfirewalls,no A/V updates out there and you would not believe the spike in trafficandthe spike in malicious traffic when school comes back in service.
From there, we have a very heavy focus in Federal, telecommunicationsandfinancial. Our revenues are 37 percent in education, 29 percent infederal,16 percent telecommunications and the rest is more of a hodge-podge.
ECT: But you also are looking for clients outside those four largeverticals?
Jackson: Absolutely. We have vertical-based sales team and we also havegeographical-based teams. We won’t walk away from a deal.
ECT: And you’re also a big Sun partner?
Jackson: We’ve been working with Sun since our inception. When we firstcameout, our solution was not invisible: It had a MAC address. We wanted tobeon a secure platform, so that’s why we chose Sun. Since then, we’vebecometruly invisible — we have no IP address, no MAC address, we neverterminatethe stack. So we focused on Sun because of their performance,thereliability of their hardware platform and their operating platform. We’re an integral part now of theiroverall security architecture. We signed a reseller agreement with Sunintheir fourth quarter, and we’re just now getting a kick-off in their Q1.
ECT: Does that then mean that Sun resells DeepNines’ platform or doesyoursolution go through Sun’s indirect channel?
Jackson: They resell DeepNines’ Security Platform, and they’re helping totake us to their channel because we are 100 percent Sun. If we get adeal,Sun gets a deal. We’re really starting to enjoy the benefits. In theeducation marketplace, we’re the number one or number two securitypartner. It’s very hard for a company of my size to get that kind ofexposure, but Sun made that commitment to us.
Sun is very channel-friendly. When the channel deals with us, they knowwe’ll be working directly with them. There’s a lot of value to becreatedfor them. It reduces conflict. I focus heavily on the Sun channel. Idon’thave to work with anyone else, so I can be very focused. A company ofoursize, you have to be focused to be successful. You can’t be all thingstoeveryone.
ECT: When you’re talking to existing or prospective clients, what aresomeof their major concerns?
Jackson: I think the primary concern is that they have so much stuffcomingat them. They’ve dealt with so many technologies. I don’t want to throwstones or anything, but IDS came in. People came and spent a ton ofmoneythere, but it didn’t solve their pain. It didn’t remove any of theirheartache — it actually increased it. There are a lot of people out therejustsitting back, waiting to see what will happen.
ECT: Do clients have to rip out their existing infrastructure if theyinvestin DeepNines’ platform?
Jackson: No. We’re a good Cisco partner. I know we highlighted someissuesaround Cisco.
ECT: But they did happen.
Jackson: They are real issues. They’re real vulnerabilities and theyhavereal market share. Our technology doesn’t require any customer toabandonhis Cisco strategy. There’s a lot of Cisco equipment out there. Thereare alot of companies trying to get you to abandon your Cisco strategy. We’recomplementary to Cisco. We get rid of vulnerability, create a lot ofvalue but, at the same time, you don’t have to abandon your Cisco strategy.
It’s the same thing with Check Point firewalls or IDS technologies. Weeliminate the false positives, false negatives. We get rid of the badstuffand allow the layered approach to really secure the network.
ECT: How many patents does DeepNines hold?
Jackson: We have 18 patents pending. We’ve been notified we’re going togetour first and most major patent, and we’ll hear in the next 45 to 60days.
ECT: Why is DeepNines’ technology so different from other solutions outthere?
Jackson: We don’t just focus on the known. Our technology focusesonthe unknown. We’re going to prevent an attack or mitigate the effects ofanattack. The biggest thing we try to do is improve on meantime tomitigate.If you have a fragmented security architecture you’re going to have averyhard time improving your mean time to mitigate. Those attacks go soquicklythrough your network.
ECT: Obviously, even if a worm or virus doesn’t infect anetwork,fighting off the intruder can decrease the network’s performance.
Jackson: Absolutely. Believe it or not, we actually deal with a lot ofverylarge customers and if there is a new virus or worm out there, theyunplugthe network. I’m not talking a small organization; I’m talking about acompany with 100,000 users. They’re costing corporate America hugeamountsof money. If we can reduce that fragmentation, get to the edge of yournetwork, protect and add an invisible layer of protection, we’re addingalot of value to your network.
ECT: How did you get involved with DeepNines?
Jackson: Sue Dark actually founded the company. I was one of the firstangelinvestors involved in the company. I’m a technology guy by heart andhavebeen fairly successful in building businesses — a lot of smallcompanies that have become large companies — and I thought security was sofragmented that it provided a tremendous opportunity.
Security is going to be a $155 billion market place. The largest playersonly have 1 percent market share. There’s no major, dominant player. Ifyouremain focused and carve out your niche, you can be a viable player.