From Startups to Standouts: Crafting Cybersecurity Platforms That Last
Daily Use, Deep Impact, Value Creation, Integrations.. Ingredients of success to build a successful cybersecurity product
Hello, Cyber Builders 🖖
This week, I'm excited to discuss issues I’ve often seen when chatting with startup founders and PMs. I've noticed a trend of many focusing on creating super-narrow products.
These are often envisioned as solutions that enhance a specific aspect of cybersecurity or merely complement existing systems. While I understand the challenges startups face in positioning themselves in such a competitive landscape, I believe this approach might be limiting.
Cybersecurity product managers and startup founders must focus on other criteria, such as being different, increasing daily usage, and smoothly integrating into other products.
In this post, we'll explore:
The Strategic Dilemma for Cybersecurity Startups: Whether to complement existing platforms or create standalone solutions that redefine market norms.
Differentiate and Don’t Build Copycat Products: Palo Alto Networks’ positioning when it launched in 2005 and why value creation is paramount.
The Importance of Daily Engagement: Integrating cybersecurity products into users' daily workflows enhances their utility and secures their position as indispensable platforms.
The Strategic Dilemma: Complement or Compete?
When building a cybersecurity startup, one of the first strategic decisions you'll face is whether to define your product as a complement to existing platforms or to aim to become a standalone platform.
This is a tricky question. 🤯
On one hand, when you start, you naturally want to achieve customer adoption quickly. You're entering a landscape where potential clients have invested heavily in their security infrastructure, with deployed solutions like endpoint security, firewalls, and complex systems such as CTI and SIEM.
In this scenario, proposing to replace one of these established tools is foolish. Telling potential customers that your solution is superior and that they should "erase and replace" is unlikely to be a winning strategy. Not only does it pose a significant risk for customers, but it also overlooks the complexity and integration efforts involved in such a shift.
On the other hand, positioning your startup as just another layer that pulls data from these existing platforms to provide additional insights is limiting. While this may seem like a safe play, it restricts your growth potential and doesn't truly distinguish your product in a market teeming with data aggregators.
So, how can startups navigate this issue?
I am not pretending to have a perfect answer for all products. However, I think part of the solution focuses on complementary value creation, daily usage, and smooth integration.
Differentiate and Don’t Build Copycats Products
Startups must stop creating another authentication system to replace passwords or another governance, risk management, and compliance (GRC) software risk getting lost in the crowd. To truly stand out, it's crucial to identify and address the new risks and threats that emerge with evolving technologies and user behaviors.
Consider the example of cloud cybersecurity, an area still insufficiently tapped despite its pressing demand. Europe spends billions of euros on services such as AWS, Google Cloud, and other cloud providers, each with specific vulnerabilities requiring dedicated solutions.
How many Cloud security startups emerged from the EU in the last 5 years? Too few.
Cybersecurity opportunities reside in new technologies and applications, such as IoT, AI, and cloud. These are where the next cybersecurity platforms can be built, and differentiated technology can create value.
Back in the day… Palo Alto Network launched
Palo Alto Networks launched in the 2000s as a “next-generation firewall”. At the time, their value proposition was revolutionary. Most firewall products were performing stateful inspections above the 1Gbps mark. In this press release from 2007 (LINK), PAN changed the state of the market:
The PA-4000 Series offers an ability to detect more than 400 applications and protocols at its initial release. It also includes a rich networking foundation and a familiar GUI-based policy management editor. Deployed as a complement to existing firewalls or as an eventual replacement for them, strengths of the PA-4000 Series include:
Accuracy: In-line deployment and App-ID classification identifies all application traffic, across all ports, all the time – including SSL-encrypted traffic and emerging Web-centric applications
Policy: Unified, graphical visualization of all applications on the network delivers centralized policy definition and enforcement based on detailed user, group and application-level categories. This enables better management of approved applications while providing real-time prevention of malicious threats and application vulnerabilities.
Performance: A purpose-built, high performance network platform with dedicated processing for all major functions provides total control of good and bad traffic with up to 10 Gbps throughput, ensuring no performance degradation.
When PAN launched, they brought a new value proposition, features, and a new vision for network security around application visibility and filtering with their famous App-ID.
You can notice the “In-line” keyword in the press release. Why is it important? Palo Alto's sales tactic at the time was NOT to “erase and replace” the customer firewall.
Even with a top-notch value proposition, it was too risky for enterprises to switch and potentially break their production. So PAN had a very easy-to-adopt positioning: let’s first deploy the product as a sensor, sniffing traffic and providing visibility and analytics.
It enabled them to be adopted quickly by customers, and over time, they moved to “in-line” deployment, ripping out the competitors' “firewalls.”
The Importance of Daily Usage in Cybersecurity Platforms
Many security products, while adopted, are underutilized. These tools often function merely as "snapshots," providing visibility or sounding alarms but not becoming integral to daily operations.
There is a significant gap between having a customer and cultivating a user—a distinction that can define the success or failure of a cybersecurity product.
Any cybersecurity startup should aim to become a part of the user's daily workflow. Products that achieve this usage level are not just tools; they become platforms where users log in daily, interact with the system, and perform critical job functions. This daily engagement is crucial because it transforms how products are perceived and used.
It has many benefits:
User Adoption and Satisfaction: When users interact with a platform daily, they become more proficient with its features. This familiarity breeds satisfaction and loyalty.
Recurrent Revenue and Reduced Churn: Daily usage is a crucial indicator of customer value. Products that are used daily are less likely to be cut when budgets are tightened.
Continuous Feedback and Improvement: Regular interaction with the platform provides feedback, allowing developers to fine-tune and adapt the product.
Focusing on daily usage is more important than trying to ripe existing products. In the case of PAN, the App-ID framework and their innovative web interface - I feel old, but in 2005 most security tools were heavy Windows applications - helped their users to troubleshoot connectivity issues or understand where the expensive bandwidth costs were used for business or non-business reasons (e.g games, media, e-commerce, etc..)
Integration with IT and Security Tools is Material
Seamless integration with other tools (data sharing, improving configuration, and ensuring a smooth user experience) cannot be overstated.
A well-integrated platform can automatically pull relevant information from existing systems, helping to streamline the setup process and reduce the time and effort required to get the security environment up and running.
Moreover, new cybersecurity products must be capable of sharing data easily with other systems. It feels obvious, but as discussed in the latest articles, integration, and data-sharing capacities are some of the most important selection criteria in RFP.
Conclusion
Startups (and new products launched by established companies) face a positioning challenge when they launch.
Focusing on building platforms that are used daily, provide unique value, and integrate seamlessly will make them indispensable tools within the industry.
The path from a simple security product to a comprehensive, integrated platform isn't easy. It is very hard.
The good news is that there is a lot of slack space to build. Go on, Cyber Builders!
Laurent 💚
PS: If you want to know more, how I build products at CyGO Entrepreneurs, the first European Cybersecurity Venture Studio, drop me an email!