Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

4/27/2009
05:14 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Security Vendors Offer More Freebies, Deals To Existing Customers

Under increasing budget constraints and intensifying threats, organizations are asking their vendors for free, enhanced features and better deals -- and they're getting them

Security customers are asking their vendors for more new features for their existing products at little or no cost as they struggle to balance smaller or flatter budgets with ongoing compliance requirements and a constantly changing threat landscape.

Several vendors at last week's RSA Conference acknowledged that many of their customers, now faced with tightening budgets and, in some cases, loss of manpower from layoffs, are asking for freebie feature upgrades to their existing installed security tools. And the vendors are obliging to hold onto their customer base and survive the downturn.

"It's a buyers' market," says Nick Selby, vice president and research director at The 451 Group. "About eight months ago, simultaneous with the real market crash, [large] customers started demanding more from their vendors. By now, even the less proactive customers are holding vendors' feet under the fire."

Selby says organizations are asking for a higher level of support and additional features. "In larger organizations, they are demanding and getting concessions from vendors for free software, free gear, upgrades, and more seats," says Selby, who declined to name those organizations. "This is absolutely a trend."

Some of the announcements at RSA were about new, free features for existing tools. IBM ISS was one vendor last week that announced major upgrades to some of its security gear at no extra cost to its existing customers. Among a series of product announcements, IBM rolled out a Web application firewall feature for its Proventia IPS products that combines IBM's Rational AppScan vulnerability scanner and the Web application firewall. John Pirc, senior product manager for IBM ISS's network business line, says intrusion prevention systems (IPSes) are evolving into more inline devices mainly due to regulatory pressures.

It's not a "rip and replace" situation anymore for organizations, Pirc says. "They are trying to reduce appliance sprawl," he says. "You will see us add more features to it."

The IPS, which historically has been slammed by some security experts as a dead-end technology, is enjoying a resurgence as a multifunction network device. "It provides value and a big bang for the buck," The 451 Group's Selby says.

He says most vendors had previously been offering and negotiating special deals with some customers on an ad hoc basis, but the more sweeping upgrades announced during the past week aimed at all existing customers "is a sign of the times."

The downward pressure on the price of endpoint solutions, for instance, is helping customers score some good deals, as well. Endpoint commoditization by Google and Symantec, for example, is making the per-seat price very low, Selby says. "There's real downward pressure on the mainstays of security," he says.

Paul Zimski, vice president of solution marketing for Lumension Security, says these days the firm's customers are looking for ways to save money and be more productive in their security operations. And Lumension is looking at more ways to deliver that: "This is the time to stay entrenched -- and to bring in new technologies," Zimski says. "Our long-term plan is to upgrade features and modules...The endpoint will be the delivery mechanism for other services.

"I believe strongly that customers are looking to consolidate solutions and IT investment anywhere they possibly can right now. It's going to be important that vendors be aggressive in delivering incremental value by providing additional capabilities and modules to existing platforms."

Lumension's big news at RSA was that it had signed a deal to purchase Securityworks, a Dallas-based provider of compliance and risk management solutions. Shavlik Technologies, meanwhile, announced it had added Sunbelt Software's VIPRE antivirus and antispyware engine to its patch management product, Shavlik NetCk Protect 7. The company says it will provide that upgrade to its existing NetCk Protect customers "at very little or no additional cost."

For security vendors, "It's a matter of treading water and riding this out," The 451 Group's Selby says. Selby is also bullish on security mergers and acquisitions: "It's a fantastic time to buy security assets," he says. "Vendors are looking for opportunities to grow, and there are tremendous opportunities."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message. Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
GitHub Named in Capital One Breach Lawsuit
Dark Reading Staff 8/14/2019
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
The Flaw in Vulnerability Management: It's Time to Get Real
Jim Souders, Chief Executive Officer at Adaptiva,  8/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5034
PUBLISHED: 2019-08-20
An exploitable information disclosure vulnerability exists in the Weave Legacy Pairing functionality of Nest Cam IQ Indoor version 4620002. A set of specially crafted weave packets can cause an out of bounds read, resulting in information disclosure. An attacker can send packets to trigger this vuln...
CVE-2019-5035
PUBLISHED: 2019-08-20
An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An attacker c...
CVE-2019-5036
PUBLISHED: 2019-08-20
An exploitable denial-of-service vulnerability exists in the Weave error reporting functionality of the Nest Cam IQ Indoor, version 4620002. A specially crafted weave packets can cause an arbitrary Weave Exchange Session to close, resulting in a denial of service. An attacker can send a specially cr...
CVE-2019-8103
PUBLISHED: 2019-08-20
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation ...
CVE-2019-8104
PUBLISHED: 2019-08-20
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation ...