Q&A: Vendors Of Network

1. What should VARs look for when selecting a network security vendor?

Network Associates, Mike Menegay: Since most VARs' time is very limited, they need to be selective in choosing their security vendors. The selection should be based on several criteria including industry leadership, brand strength, product quality and innovation, company reputation and stability, and channel commitment and support programs. In addition, training and certification opportunities provide a high return on investment for both security vendors and VARs.

Oculan Corporation, Luke Rindfuss: VARs need solutions that are cost-effective and solve business problems. In the small- to medium-sized business space, companies tend to be more focused on cost savings. This notion is best exemplified in the security arena, where it is next to impossible for a midsized company to hire and retain in-house security expertise. Companies are not necessarily looking for "best-of-breed" technologies - they are looking to solve business problems with technologies that are easy to deploy and administer.

RSA Security, Inc., John Worrall: VARs need to consider market leadership, the breadth of a company's solutions, and whether or not the vendor has adequate resources dedicated to the channel. Some of the most important questions a VAR should ask before selecting a vendor are: Is the vendor committed to the channel? How significant a role does the channel play in the vendor's sales strategy? What tools does the vendor make available to the channel? And, does the vendor have professional services that will complement the VAR's existing support services for complex implementations?

SonicWALL, Inc., Bill Roach: VARs should select a network security vendor that recognizes the importance of the VAR channel and rewards VARs for their efforts. Examples of rewards would be frequent communication and training opportunities, discounts and promotions, and programs such as providing channel partners with market development funds for marketing activities. Chosen vendors should also be loyal channel players. Many vendors provide lip service to the channel, but the vendors that deliver real channel benefits that help VARs sell product and make money are the ones VARs want to work with.

2. What is the most common mistake VARs make with regard to network security?

Network Associates, Mike Menegay: To alleviate a lot of unnecessary headaches, I recommend VARs focus on offering the top two to three leading brands in a specific technology. Purchasing trends have demonstrated that customers tend to buy "best-of-breed" solutions. The industry is cluttered with many security vendors and VARs trying to sell everything to everyone, but customers need to know they are purchasing and implementing the best solutions when it comes to their network security.

Oculan Corporation, Luke Rindfuss: Many VARs make the mistake of focusing on feature sets rather than ease of use and the ability to solve business problems. If we consider intrusion detection, there are many products on the market providing data and trending capabilities. These solutions do not necessarily solve customer business problems. VARs should look for security products that a typical network administrator could use. Small- and medium-sized businesses don't have security experts on staff. VARs should look for products that combine a network management system, vulnerability testing, and intrusion detection in one easy-to-use solution.

RSA Security, Inc., John Worrall: Oftentimes VARs don't take advantage of the opportunity to introduce a complete security solution. Instead of simply delivering the requested VPN (virtual private network) technology, which in itself is private but not secure, they should also be presenting customers with complementary technologies and explaining why they are necessary to construct a truly secure network architecture. Other mistakes include not becoming subject matter experts and not providing adequate services to aid customers in the implementation of complex security technologies.

SonicWALL, Inc., Bill Roach: A big mistake is assuming security is just routing configurations. Security involves network design, policy and procedure implementation, end user training, management, monitoring, and testing to make sure the security is up-to-date. Businesses need to keep in mind that their security solution is only as current as the last security breach or virus.

3. What are the hottest trends in the network security market?

Network Associates, Mike Menegay: The overarching trend driving our business is the increasing number of threats to the global business network. These threats are faster moving, more pervasive, and much more damaging. As a result, traditional security - perimeter firewalls and virus signature detection - will soon be just a small subset of what customers require. Customers want faster response times, security inside the perimeter, and a correlation of events to eliminate false positives and give them a fuller view of what is really happening on their networks.

Oculan Corporation, Luke Rindfuss: I believe there is a move toward a holistic management console. Security involves multiple tasks and multiple technologies. Customers need to stay on top of virus protection, firewalls, network and host-based intrusion detection systems, VPNs, authentication technologies, etc. The industry will continue to move toward products that consolidate disparate security technologies into a single integrated view.

RSA Security, Inc., John Worrall: The hottest trends in the network security market are technologies that support an organization's e-business strategy. This includes Web access management, identity management, e-signing, and secure VPNs.

SonicWALL, Inc., Bill Roach: The hottest trend in the security market is the need for reliable and secure remote network access. As high bandwidth becomes increasingly available and corporations become increasingly distributed, more employees will be telecommuting. These remote workers need complete access to network resources, but secure access is required to protect the company's network.