“All roads lead to Rome” is a turn of phrase that you’ll often hear invoked in political or business conversations to convey the idea that inevitably every debate comes back to the same points -- and that finding the ultimate solution to a problem tends to come back to consideration of a few established ideas.
Tom Kellermann, our VP of Security Awareness, likes to use it himself to describe ubiquity of potential routes that attackers can use to access organizations’ sensitive data.
The history behind the saying is pretty significant. The Ancient Romans’ ability to rule such a huge empire so successfully for so long was in many ways based on its commitment to building the most direct, high-quality roadways leading to wherever its soldiers and tradesmen needed to be – allowing Roman rulers to remain in closer communication with their constituents and more deeply entrenched in far-off markets than otherwise would have been possible.
One need only consider the sizeable mark that Roman culture continues to bear on our contemporary culture, and the fact that remnants of these roads can still be found in modern day Italy, almost 2500 years after their construction, to appreciate just how much foresight these people truly had in engineering their world.
While hardly as historically significant, growing a security software business in today’s economic environment demands a similar ability to understand the most effective path to get your company, and its products, into the right position to expand your influence and market presence. Luckily for Core Security, the current cyber-security environment is paving many of these routes to market even as you read this blog post.
Traditionally, Core has used one primary avenue to market – the direct market for annually licensed software, through which it has almost exclusively engaged with and sold to customers via one-to-one interactions. For many years, as Core has evangelized not only automated penetration testing to potential customers, but also this form of security self-assessment itself, this was the most effective way to find organizations with the right strategy and people in place to appreciate the critical value that our products provide.
However, as a range of different factors have aligned recently, it’s become clear that a handful of new boulevards are leading organizations to our corner of the vulnerability management map. Even better, these paths to a wider set of prospective customers for Core are being architected by others than ourselves.
One of the most gratifying examples of this change is among our partners in the vulnerability management arena, notably providers of scanning technologies. Whereas only just one year ago we were being told by some of the market’s leading scanner vendors tools that they saw few drivers for integrating of our respective technologies, we now have top-ranking firms in the network and Web applications scanning segments actively seeking agreements to do so.
Makers of log management and patch management tools are also looking to build new relationships with Core.
In a similar shift, we’re also seeing a noticeable change in our conversations with managed service providers. Like the scanning crowd, while many of the people we’ve traditionally spoken to about partnerships in this market have long understood and recognized the intrinsic value of penetration testing, they weren’t convinced it would become a significant area of growth among their customers.
Now these same companies are coming back to Core based on an understanding that the current climate of cybercrime and government legislation is driving more people to establish or expand pen testing programs than ever before. Both companies hungry to use CORE IMPACT solutions inside their own consulting practices, and those seeking to package our products with other complimentary technologies for resale to their customers are telling us that they’re seeing significant demand for penetration testing solutions.
Finally, as solutions delivery models evolve, we’re hearing from enterprise customers that they see promise in versions of our products made available over emerging architectures such as SaaS and cloud-based services. While we haven’t committed to any particular strategy in these arenas, it’s always exciting to hear from users that they’ll soon be looking to companies like Core for innovative new security testing capabilities.
Of course, Rome wasn’t built in a day, and it will take time to turn all these plans into busy thoroughfares. But the destinations where we will be expanding as a business are becoming increasingly clear, and our roadmap is already well defined.
While others have wondered if it were the case, our contention that automated penetration testing is one of the most important security programs that organizations must use to protect themselves from electronic attack has never wavered.
All roads lead to Rome.
-Mark Hatton, CEO