Big Security Sees Big Money in SMBs
Why enterprise vendors with name brand recognition are moving down market, and what it means for their smaller peers. Plus a few (contrarian) thoughts on Broadcom.
A few weeks ago, in my first post of the new year, I noted the striking degree to which George Kurtz, CEO of high-flying enterprise security vendor CrowdStrike, emphasized the company’s SMB momentum during a recent podcast appearance.
And it’s not just CrowdStrike. Cisco, also a security heavyweight, has SMBs in its sights at present, as does Palo Alto.
“There’s definitely a concerted effort on our part to go after that market and go after that partner base and embrace those partners,” Tom Evans, the latter vendor’s vice president of worldwide channel sales, told me last spring.
Hence my prediction that 2024 will be a big year for big security vendors pushing into the SMB segment, which my post called a new and important development with significant potential implications for smaller (relatively speaking), more SMB-oriented security vendors like SonicWall, Sophos, and Trend Micro.
Based on recent conversations with two security analysts, it appears I got the “important” and “significant” parts of that right. But “new”? Not so much.
“What you’re seeing is not something that just happened overnight. It’s been progressing for a number of years,” says Michael Suby, research vice president for security and trust at IDC, noting that CrowdStrike in particular “is making good strong headway.”
Richard Stiennon (pictured), chief research analyst at IT-Harvest, is seeing the same thing. “No question, that’s a trend,” he says. And an exciting one at that, he adds, “because, boy, do we need it.”
Indeed, SMBs need all the security help they can get, as a global study of companies with 100 to 5,000 employees published by Barracuda Networks this week makes clear. Some 57% of organizations in that size range endured one or more attacks in the last 12 months and wound up $5.34 million poorer on average as a result, factoring in incident response expenses, operational disruption, lost business, reputation harm, and other impacts.
No wonder, then, that security spending by SMBs worldwide will rise from roughly $83 billion last year to $109 billion in 2026, according to Analysys Mason, at which point it will account for some 60% of all security outlays.
Cisco, CrowdStrike, Palo Alto, and their top-of-the-pyramid peers, not surprisingly, like the look of those numbers. They also have major advantages in competing for that money, Stiennon notes, beginning with deep pockets and high-velocity sales machines. “The [vendors] with the biggest marketing budget are definitely the ones you want to be aligned with,” Stiennon advises channel partners, “because they’ll give you all these leads.”
That even small business owners, generally speaking, know who these companies are doesn’t hurt either. “They’ve got the name brand going for them,” Stiennon says. That goes double, Suby adds, for the world’s second-ever $3 trillion business.
“If I was a vendor in this space, I would be worried about Microsoft, because they have an incumbency that hardly anybody else can touch,” he says. “Who isn’t using Office 365?”
Almost no one, and ConnectWise among many others has noticed. “You just don’t get around the ecosystem,” Raffael Marty, the vendor’s executive vice president and general manager for cybersecurity, told me earlier this year to explain why ConnectWise’s MDR service now supports Microsoft Defender for Business.
All of that said, don’t count long-time SMB leaders like Trend Micro and WatchGuard out just yet, Suby warns. They have deeper, more personal relationships with large volumes of VARs and MSPs, tend to provide better support, and offer increasingly expansive portfolios steadily growing into new areas like MDR.
Should they be concerned about competition for SMBs from the likes of CrowdStrike and Microsoft? “Definitely,” Suby says. But hardly panicked. “They don’t necessarily have to grow as fast as these bigger guys. They just need to continue to grow and get their share of the opportunity.” And most of them are doing so.
“All boats are rising,” Suby says. “Some are perhaps rising to a faster extent than others, but all are seeing the benefit of a growing market.”
Meanwhile, if there’s one clear winner in the rising popularity of SMBs among security vendors, it’s security partners. “There are more vendors that are going to be trying to attract them,” Suby observes. “It puts them in a good position to be assertive and pragmatic in choosing who they want to represent.”
Thanks for reading Channelholic! Subscribe for free to receive new posts and support my work.
Broadcom’s brutal breakup strategy
There’s been a lot of excellent reporting lately about Broadcom’s decision, shortly after closing its epic $69 billion acquisition of VMware, to shut down that company’s partner program and kick most of its former members to the curb. So rather than cover the same ground here, I’ll simply note that there’s something just a little awe-inspiring about a channel strategy pivot so sudden and sweeping that outside observers can’t decide whether the vendor responsible is stupid, cruel, or both.
Canalys analyst Jay McBain leans toward stupid. Taking the fattest accounts direct, firing all but your biggest partners, and cutting a bunch of jobs might make investors happy in the near term, he says, but it’s likely to leave them poorer in the long run.
“Go and sort the most valuable companies in the world and one thing jumps out - they are all platform companies (partner friendly and ecosystem orchestrators),” McBain wrote on LinkedIn last week. “Broadcom either thinks they're smarter than Microsoft, Apple, Google, Amazon, and others, or they are looking to get rich quick.”
For her part, Forrester analyst Tracy Woo (pictured) can’t get past how gratuitously rude Broadcom’s been about the whole thing. “There was no warning. It was just an email,” she marvels. “They definitely ticked people off.”
And yet, she continues, what looks like stone cold ingratitude from one angle can look almost admirable from another. “In some ways, you have to respect them for not making any bones about it,” Woo says.
The more I ponder it, the more I find myself grudgingly feeling the same way. I mean, think about the worst breakup you’ve ever been through. Was it painful? You bet. Would it have been less painful if the object of your affection had strung you along with mixed signals for a while before telling you it’s over? Read almost anything on ending relationships, and you’re all but sure to encounter the words “be direct.”
Besides, adds Joseph Landes, CRO at Microsoft cloud specialist Nerdio, VMware and its partners have been growing apart for a while, at least in desktop as a service, and the same goes for Citrix.
“There just hasn’t been really meaningful innovation over the past few years coming from Citrix or VMware,” he says. “The market is really embracing the investments that Microsoft is making when it comes to desktop as a service with Azure Virtual Desktop and Windows 365.”
Broadcom’s recent actions, while pitiless, have been in keeping with how the best business partners—in IT or elsewhere—conduct themselves, observes IDC analyst Stephen Elliott. “They’re honest. They’re authentic. They’re transparent,” he says. Even when the truth hurts, as in this case.
“There’s clear delineation of what’s expected as well as clear ownership by VMware on here’s how we’re going to operate differently and here are the things that you should expect from us on a more consistent basis,” Elliott notes. As a result, he continues, partners know exactly where they stand and can plan accordingly now rather than wait six months to get the same bad news.
“It’s driving a lot of honest conversations,” Elliott says of Broadcom’s behavior, “and then partners have to sort of decide what’s the next progression in their business, in their model, and where they want to head moving forward.”
And while they’re deciding…
Maybe they’ll give the new podcast I co-host a listen. You can too, right here.
Go small to grow fast in MDR
If there’s anything I can never have too much of, it’s data and nuance. New data from Techaisle this week adds some useful nuance to the MDR market, something I’ve been writing about a bit lately. Turns out awareness of MDR among SMBs varies a lot by sub-segment:
“Just 17% of companies with 1-99 employees report being aware of MDR, compared with 61% of core midmarket firms and 76% of upper midmarket organizations.
Adoption, not coincidentally, trends along the same lines:
“5% of small businesses that are aware of MDR are currently using these services versus 45% of core midmarket and 58% of upper midmarket organizations.”
There’s more to dive into, including a look at which specific MDR services SMBs most value (risk assessment, active threat hunting, and EDR all score high). Key takeaway, though, is that whoever cracks the code on marketing and selling MDR to small businesses first has a lot of upside ahead of it.
Also worth noting
SASE, like MDR, is another popular market to be in right now. Netskope’s new “MSP-friendly” SASE solution for midmarket users and Cato Networks’ new SASE-based XDR solution are the latest evidence.
Elsewhere in security, Atakama has rolled out a managed browser security platform for MSPs.
ThreatDown (formerly Malwarebytes for business) has a new bundle for K-12 customers.
Pax8 has added Trend Micro to its line card.
Sherweb has done the same for SentinelOne.
Seceon has shipped a new automated, AI and ML-based SecOps solution. More on this in a future post.
Speaking of SecOps, Stellar Cyber and Proofpoint are teaming up to help SecOps teams with email security.
Joe Smolarski, most recently Kaseya’s COO, is now president and chief customer officer.
Tony Haller is the new global head of IT partner sales and strategy at GoTo.
Kisha Thompson is the new chief people officer at ConnectWise.