SAN FRANCISCO—At last years RSA Conference, executives with anti-malware specialists Sophos said the company was intentionally flying under the radar as they put their finishing touches on a new integrated security strategy. One year later, company leaders maintain that the firm is not only putting that plan to work, but beating its larger rivals out of deals.
The roadmap that Sophos leaders adopted, and are hawking at the ongoing RSA Conference 2007 being held here Feb. 5-10, is one that expands on the firms roots as a provider of anti-virus applications and pushes it into a provider of integrated enterprise security tools.
In addition to its traditional endpoint anti-virus software, Sophos has launched a series of messaging and network security appliances, and announced its first NAC (network access control) authentication system on Feb. 6.
Built on this expanded product portfolio, Sophos claims to have increased its business in North America by 50 percent during its fiscal 2006, which will end in March 2007, and company officials say that almost 100 percent of those deals involved the replacement of technologies made by Symantec and McAfee, the longtime IT security market leaders.
As the company, which was founded in Oxford, U.K. but has established a secondary headquarters in Burlington, Mass., has focused more on the North American market and widened its technology footprint over the last twelve months, customers have begun to respond, said Ron OBrien, senior security analyst at Sophos.
"All you have to do is look at Symantecs most recent earnings and McAfees changing strategy to see that those firms are in a state of transition, while were providing a vital set of integrated technologies that enterprises are buying to replace those companies products," OBrien said. "If theres a three-horse race in security today, particularly in North America, were becoming the third one to watch."
The executive concedes that Sophos is still dwarfed by its larger rivals, but said that issues of scale wont keep it from competing in the market segments it has targeted. Another advantage touted by the firm is the tight integration it has established between its products, something the bigger vendors are struggling with as they try to bring many more products and acquired companies under a single umbrella, he said.
OBriens pitch might sound like little more than good marketing, if not for some industry watchers who have taken notice and say the executive isnt merely blowing smoke.
In one of their most recent security market reports, analysts at Forrester Research charted Sophos as a leading provider of integrated security technologies, specifically in the integrated anti-malware and endpoint security sector.
Natalie Lambert, who authored the report for Forrester, based in Cambridge, Mass., said that Sophos has not only arranged a strong package of technologies—and effectively integrated them from a management perspective—but also begun to convince enterprise customers that they can become a vital security partner in helping to address emerging security problems and prepare for future product additions.
"Symantec and McAfee still have leading technologies, and when you talk to their customers thats why they do business with those vendors. But Sophos is doing a very good job of positioning itself as a strategic business partner and there are a lot of companies looking for that type of relationship in security these days," Lambert said.
"Anyone can create functionality or a product, but people seem to love the relationship they have with Sophos; theyve got a great strategy and it appears to be working."
While the range of technologies offered by Sophos doesnt approach the wide array of anti-malware and network defense tools marketed by Symantec and McAfee, or even security newcomer Microsoft, the provider is doing a good job in the segments in which it plays, and should continue to enjoy success if it can continue to foster its tight-knit customer relationships, she said.
Lambert isnt completely convinced that Sophos wont get scooped-up by a larger vendor looking to add to its spate of capabilities, including major IT platform providers such as Cisco Systems, but theres also the chance that the security vendor will continue to widen its presence through new products and acquisitions, and will take on its larger competitors in more markets.
"I think they can continue to take business from rivals in certain markets; the technology and the strategy are there and appear to be working," she said. "They wont displace Symantec and McAfee in a lot of enterprises, but they should continue to grow."
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.