Following the announcement earlier this week that Betrusted and TruSecure are to merge, John Becker, chief executive of the resultant security services company, Cybertrust, talked to Jaikumar Vijayan.
Who drove the merger - was it TruSecure or Betrusted?
It was the customer, actually. Both businesses were complementary. Betrusted was the larger entity in terms of revenues, but both had a similar outlook in the security space.
We also had some contacts historically. Betrusted was very strong in Europe and Asia and had a small but growing presence in the US. TruSecure was very strong in the US and [had] a small, growing presence in Europe and Asia. There was very little overlap in the product lines.
As we began dealing with larger and larger customers that have multinational sites, they were looking for a company with more [of a global reach].
Why should enterprises care about Cybertrust?
Companies are spending billions of dollars on firewalls, intrusion-detection systems and anti-virus software, and yet they continue to be hit by new vulnerabilities and blended threats and zero-day threats.
I think they are realising that defensive technologies alone are not enough. There is a lot of discussion within companies for taking a risk management approach to security.
We have developed a professional service around the security lifecycle to help people to manage vulnerabilities, threats, compliance and identity management issues.
The first three are focused on protecting your machines. ID management focuses on enabling customers, partners and employees to access the resources they need to do their jobs.
What value add will Cybertrust deliver in each of these areas?
We have a risk management program where we get customers to focus on the crucial issues that will have a security impact on them. The world is full of new vulnerabilities. The likelihood of all of them being [exploited] is remote.
We have a large intelligence-gathering arm that spends an awful lot of time doing the research and getting customers to focus on the ones that will be exploited. We spend a lot of time monitoring underground systems and chat rooms looking for actual exploits or those that are in development and develop controls to help mitigate the risk.
On the threat management side, [Betrusted subsidiary] Ubizen is a market leader in the managed security service space. It has very sophisticated correlation engines that home in on specific [threats]. With ID management, we are focused on using PKI, digital certificates and smartcards.
What does the consolidation of the security market mean for users?
It is a good thing for the user community. They are frustrated from being bombarded by 100 different suppliers all pitching the latest firewall technology.
The bottom line is, the differentiation among these technologies is not great. If you are a large organisation with a 100 sites around the globe, you are dealing with a $3m (£1.6m) company here or a $5m in England. It doesn't give you the comfort that you get when working with a trusted partner that you know and understand.
A lot of the organisations we are working with are very excited about our new global footprint.
What do you think of the broadening security efforts of large suppliers such IBM, Cisco and Microsoft - what is this going to mean for pure-play security suppliers?
For us, since we are not a product supplier, I think the [trend] is complementary to our business. I believe that large customers are putting more pressure on the Ciscos, Junipers and Microsofts of the world than on people like Symantec or Trend Micro.
Customers have spent an awful lot of money on defensive technologies that are just not working. So they are putting pressure on these suppliers to clean up things on the network and the endpoints.
Inevitably, when Microsoft gets into this business, they won't kill the Symantecs, but they will put on pricing pressure.
Jaikumar Vijayan writes for Computerworld