Security Strategy, Plan, Budget

Does the size of the vendor really matter?  

Start-up vs. large vendor

As a female cybersecurity professional, I've had the privilege of learning from various experts in the industry, including CISOs, investors, business executives, developers, and security vendors ranging from early-stage start-ups to the most established enterprises in the security space.

Having founded a cloud security company in January 2022 following a six-year career in product leadership roles at Palo Alto Networks, I have gained a unique perspective on the contrasts between working with early-stage security start-ups and established security vendors. At both companies, I helped build groundbreaking security products, collaborated with thousands of customers, and took part in complex organizational processes. When considering security vendor options, it's essential to keep in mind the five critical elements that can make all the difference, regardless of their size. 

  • Speed of innovation: Palo Alto Networks has become one of the more innovative companies in cybersecurity, continuously creating new product categories, including the inception of extended detection and response (XDR), which I was a part of. However, it's critical to recognize that large enterprises face challenges in quickly responding to customer needs because of the complexities of supporting diverse environments. On the other hand, smaller start-ups have the advantage of being nimble and unrestricted, allowing them to create and expand ad-hoc capabilities more easily. The hunger for innovation in these early-stage start-ups gives their team (from the engineers, product managers, and researchers) the opportunity to invent new capabilities with minimal resources and red tape. While larger vendors like PANW are undeniably innovative, it’s hard to compare with the speed at which early-stage startups can innovate. 
  • Flexibility and agility: This speed and ease let these smaller start-ups stay agile enough to respond quickly and efficiently to customer needs or change course when changes are required. Steering a start-up is like driving a speedboat – changing direction becomes as easy as tipping the steering wheel. Large vendors are more like cruise ships and changing course becomes a long-winded, hefty endeavor that requires the input of countless decision-makers for smooth execution. While the flexibility and agility of start-ups are often their strengths, there's a potential downside to consider. Constantly shifting directions every day can make it challenging to maintain a consistent vision, and that's where larger organizations excel. It’s critical to strike a balance between being nimble and focused on a clear path for building a successful business and earning the trust of customers and partners. 
  • Reputation: There’s no doubt that customer trust often heavily gets based on a company’s reputation. When walking into a meeting with a new customer for the first time at PANW, there was already a sense of trust on the customer’s side just by virtue of the company’s reputation and brand. Building a similar foundation of trust as an early-stage start-up isn’t easy. When meeting potential customers or partners for the first time, people at smaller companies are really just a random person asking them for trust with access to some of their most sensitive environments. As a start-up founder, it’s critical to relentlessly focus on building both personal and professional trust with customers from the first day. Leaders at start-ups need to inspire their confidence in how the product operates to maintain that trust even when things aren’t going as well as hoped. Once these relationships are established, it’s much easier for early-stage start-up companies to maintain close, direct ties to security leaders in the industry. Customers don’t need to go through support or wait for monthly meetings with customer success – they can just send the engineers a quick request or directly call the product managers. Honestly, if something becomes really urgent, they can just pick up the phone and call an executive (many times the CEO or other founders) versus having to go through an account manager.  
  • Scale and type of impact: Another important difference between early-stage start-ups and larger vendors lies in the scale and type of impact they have. Back at PANW, our features reached tens of thousands of organizations and millions of end users, a monumental achievement. However, for start-ups, achieving even half of that scale requires a formidable challenge and may take considerable time. The type of impact early-stage start-ups have, however, can also be quite impressive. Most new security categories are often created by startups because of their ability to identify a new challenge and tackle it swiftly. I have experienced this firsthand, creating one of the first-ever data security posture management (DSPM) products, a category later ending up used by Gartner. Most enterprises find it difficult to have this type of impact on the industry and focus on scale.
  • Customers: Finally, but most important, are the customers. Eureka seed investor, YL Ventures, recently published its CISO Circuit research report which analyzed the effect of the current market conditions on the budgetary priorities of CISOs. When asked which new vendors they continue to meet despite the economic crisis, 12% of CISOs responded that they will “only meet with early-stage start-ups.” Many CISOs see early-stage security start-ups as being on the front lines of cybersecurity innovation. Partnering with these young, innovative companies offers CISOs a winning combination of lower licensing costs and valuable design partnerships. This lets CISOs learn about the most cutting-edge products and possibly replace existing ones at a lower price. These CISOs are the “early adopters” that can make startups succeed or fail.  

Working with start-ups comes with its fair share of risks: some may experience rapid growth at the expense of product stability and edge cases, while others are often acquired by a company that’s unfavorable for the customer or shift their vision away from the customer's interests. It’s not for everyone. For those customers and partners who see the value in working with the next generation of cybersecurity innovators, they will most likely gain a cost-effective product, developed by a motivated team eager to address their specific needs – and it’s more often than not, worth it. 

Liat Hayun, chief executive officer, Eureka Security

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.