Shostack + Friends Blog Archive


10-second MBA, por favor?

I have read repeatedly, most recently at Bejtlich’s blog, that with the IBM-ISS and now Secureworks/LURHQ deals, Counterpane “must” be looking to get bought out. Why? As with management consultancies, could there not be room for a boutique that does one thing really well? Help me out, here.

4 comments on "10-second MBA, por favor?"

  • Iang says:

    Right, consolidation is the phase we are in. In the current turmoil in the market for silver bullets, nobody really knows what is likely to work, so it is totally necessary for a supplier to be capable of selling all products. See Bruce Schneier’s recent report of “losing the war in security.” Also, see RSASecurity’s dramatic purchasing spree over the last 1-2 years, emerging perhaps as the leading supplier to FIs of tools they didn’t have 2 years back.
    Eventually it will settle down to a new set of best practices. (Then, after a while, the best practices will come under challenge from a new group of innovations, which are likely to sprout and grow under the established players noses.)
    The question for Counterpane or any boutique supplier is to find the big player that has that particular hole. If they don’t find a match, they’ll have to sell out to a non-match, at a suitable loss of premium. They’ve probably missed the boat to grow into one of the broad-range suppliers.

  • nowen says:

    I doubt that Counterpane is feeling pressure to merge due to ‘market pressures’. The two parties that matter here are 1. existing customers and 2. the next customers. If their existing customers feel like they need some bigger company to manage their security or if potential customers feel the need to go with a bigger company, then they should merge. I doubt that is happening, mainly because I see a benefit in having a separate company doing managed security.
    I would think they face pressure from their venture investors who have put in $74 million and whose funds may be reaching their end of life.
    My guess on RSA’s strategy is that they wanted the banks as customers to combat Vasco’s strong presence in that market and Passmark’s product was weak from a security perspective, so they also bought Cyota. RSA has a pretty poor history of managing acquisitions, but we probably won’t get to see much on these buys now that EMC has swallowed the package.

  • Gunnar says:

    There is always room for boutiques (I certainly hope so), in this area, though, there would seem to be a lot of operational cost and infrastructure to support.

  • Re: nowen — you got it. Counterpane is undoubtedly under the same financial pressure that is also squeezing (some say killing) Cybertrust. Not seeing Counterpane mentioned with other “leading” MSSPs must be rough for them.

Comments are closed.