The last several years were an incredible run for the cybersecurity industry. Even as the pandemic put pressure on many areas of the global economy, technology companies — and cybersecurity vendors in particular — thrived. Venture capital was plentiful, company valuations skyrocketed, hiring ramped, and demand for better cybersecurity capabilities grew steadily in response to an ever-evolving threat landscape.
But now, the tide has turned dramatically.
While the need for advanced cybersecurity tools and techniques has never been greater, the industry faces its biggest test in recent memory. Most notably, the venture capital tap that flowed so freely for so long has slowed down to a drip. This directly affects companies that sell cybersecurity products and services and, for some, shakes them to their core. The effectiveness of every company’s culture and operational execution is now being tested in this difficult financial climate.
What do I mean by this?
Cybersecurity vendors that have built sound businesses with the flexibility to operate profitably while still innovating and delivering outstanding customer service will keep on thriving. Meanwhile, the vendors that haven’t done that — and instead rely on venture capital as life support — will struggle.
The impact of this won’t be visible overnight. But over the next year or so, the cracks will start to appear. And the best way to find them early is by listening to what cybersecurity vendors are saying over the next 12 months with a more critical ear.
To illustrate this point, here are a few red flags you likely already see from security vendors daily — and the critical reality checks that will help you decide where to place your trust.
Red Flag #1: “Our product is the one and only answer to your biggest security problem.”
Reality Check: Effective security requires a customer-led ensemble, not an overzealous soloist.
Most security leaders hear from a noisy chorus of security vendors every day. And most of these cybersecurity vendors have one high-level message: that their product should take priority over everything else on your security team’s agenda. The problem is that security leaders need to assess and improve their risk posture holistically, and vendors with tunnel vision are a problem and not a solution to this end.
This theme will likely become even more common in the coming months as weaker security vendors become more desperate to hit short-term sales goals that are quite literally do-or-die for them.
Strong cybersecurity vendors, including LogRhythm, make customer success the priority. The difference is that we are committed to taking the time to build long-term partnerships with customers. It starts with exploring where our capabilities best fit within your broader security tool ensemble. Will any new product investment complement what you already have? Or better yet, will it unlock new value from your existing tools?
We’re fortunate at LogRhythm in that the nature of what we do makes these types of conversations flow naturally. The value of our security monitoring, detection, investigation, and response capabilities reaches its peak when we deeply understand the security tools deployed in your environment — and what type of signals we can capture from them. So, rather than trying to sing a solo about our product’s stand-alone value, we show you how we can bring your entire security ensemble into harmony.
Red Flag #2: “Our impact on your security posture will be a one-and-done exercise.”
Reality Check: Quick wins are important, but security is a journey of continuous improvement.
One of the most challenging aspects of being a security leader is the fact that you’re never truly done. No matter how well you execute, there will always be new threats and more opportunities to strengthen your security posture. But that doesn’t stop vendors who are desperate to earn a share of your security spending from presenting themselves as a silver bullet.
The story is usually supported by a well-delivered demo based on best-case conditions. But the reality is that making an impact with any new security product takes time and effort. So be wary of any security vendor that downplays that in the quest for a quick sale.
Does that mean that you shouldn’t expect fast time to value from your cybersecurity vendors? Definitely not. But a strong vendor will present a path to quick wins, along with a blueprint for even greater impact over time.
At LogRhythm, we approach this in two ways. First, we do everything we can to accelerate time to value. Ongoing innovation at the product level to simplify deployment and integration is a big part of this. But our solutions are built on decades of proven content and backed by a team of expert advisors who have the sole mission of helping you realize value quickly.
We complement this with a bigger-picture view of how we can help you improve your security posture continuously over time. You can see this in resources like our Security Operations Maturity Model, which provides an assessment framework for setting both immediate and long-term goals for improving your security detection and response capabilities.
Red Flag #3: “We’re well-funded, so we’re not going anywhere.”
Reality Check: In the current economic climate, even well-intentioned cybersecurity vendors may be unable to meet their commitments when faced with changing expectations for operational efficiency.
A mistake that many in the cybersecurity industry make is to equate a company’s venture capital funding with its financial health. The industry celebrates large funding rounds and “unicorn” valuations. But being a hot company by those measures is not the same thing as being a successful and sustainable partner.
Ready access to venture funding whenever a non-profitable company comes close to running out of runway can cover up many deficiencies. As the coming year unfolds, we will undoubtedly see some companies disappear and others turn into something very different than what they are today now that funding lifelines are harder, if not impossible, to find.
This doesn’t mean that some startups won’t break through. But it’s more important than ever to game out the possible outcomes for every security vendor you plan to work with. Are they capable of operating profitably if they need to? If so, will it require deep staffing cuts that will affect their ability to innovate and support customers? If they need to secure additional venture funding at a lower valuation, how will this affect their ability to retain their best talent? Some venture-backed companies will navigate these waters successfully, but you shouldn’t treat it as a certainty without looking a level or two below the surface.
At LogRhythm, we’ve worked hard to build a trustworthy, healthy, and profitable business, alongside our investment in continuous product innovation and the world-class personnel we need to make our customers successful. This empowers us to make promises to our customers with the confidence that we will deliver on those promises through any economic peaks and valleys.
In the digital age, partners matter and cybersecurity partners matter absolutely. Tough economic times make it essential to choose the right cybersecurity vendor to protect your digital systems from potential threats.
Let Us Earn Your Trust
I hope these thoughts prompt you to challenge any security vendors you are working with or considering to prove whether they are ready to thrive or just trying to survive.
But I also encourage you to hold us to the same standard.
Here are two ways you can do that today: