Brought in to drive that growth as Verodin moves past proof-of-concept stage, Potter talks about his strategy for doing this with ChannelBuzz.
Reston VA-based Verodin, whose Security Implementation Platform instruments security infrastructure to test the configuration and effectiveness of the stack’s components, has named former Symantec VP of the Americas Robert Potter as their Chief Revenue Officer. Potter, who has also held senior roles at RSA and Lancope, will head up global sales, partnerships and field operations
Verodin came out of stealth in April 2016, and has brought on board Potter to drive the company out of its proof-of-concept stage and significantly accelerate growth.
“Since we released our platform and established it as a proof-of-concept, the reception has been very significant,” Potter told ChannelBuzz. “We have established sales in the Fortune 200, retail, financial and government. We have also moved from being an interesting technology to something which has proven value. The company will see some great things over the next three to four quarters. Companies are using it not just for its main purpose, to measure the effectiveness of their security stack, but also for auditing, as part of rationalization studies, and automating processes, including training.”
While organizations have used tools like penetration testing on their security infrastructures for years, Potter said that what Verodin does is at another level, and is really differentiated from anything else out there.
“The technology addresses a compelling concern,” he said. “At Symantec, many customers came to me and questioned the efficacy of our products in addressing today’s challenges. One area not being addressed was the ability to truly understand how effective the technologies are. Breaches today in many cases come down to an ineffective configuration. It wasn’t that the technology failed. It was that it wasn’t configured properly.”
Verodin’s technology specifically addresses this.
“Penetration testing is trying to figure out how to get in, and is looking for gaps,” Potter said. “What we do is focus on testing the stack against your expectations of its effectiveness. We both deploy actors internally and attack externally, and report on how your security infrastructure responds to it. By assessing whether network security technologies detect and alert the attack, we provide an instrumentation of effectiveness, as opposed to just seeing if you can get in. Instrumentation continually monitors real techniques and behavior. That to me was very compelling. In my previous roles, I saw that customers value penetration testing and see it as a necessity. However, they typically walked away from those scenarios not understanding what failed. They know something got in, but not what configuration failed to let it get in, and that just isn’t good enough any more.”
Potter emphasized that what Verodin is doing here is distinct in the market.
“We are creating a market segment in instrumentation that is not defined today,” he said. “There is no Gartner Magic Quadrant for it, but customers get it. I have not seen any other companies out there that approach this concept in the same way. The platform has an open interface that allows organizations to identify where you have efficiencies and inefficiencies, and ties them directly to products in the stack. In addition, while all your large security organizations talk about effectiveness, many tie that back into consultants doing health checks. Verodin has automated this process of measuring that environment. I think that’s very unique.”
That uniqueness, Potter said, was what attracted him to come to a startup.
“This has technology which has very compelling value to organizations in terms of improving their security posture,” he said. “In addition, I didn’t want to be in same competitive landscape as Symantec. I also really enjoyed working with Art Coviello at RSA, and he is an advisor here. Christopher Key, the CEO, is also well known from his days at ArcSight and Anira.”
While Verodin has a logical sweet spot in large enterprises with very complex security stacks, Potter said that their logical market extends well beyond that.
“The mature enterprise customer is critical for us, because of the massive amount of cost associated with security stacks today, and because while their cost is up, their effectiveness seems down,” Potter said. “Those organizations see it as a necessity. There are multiple markets for this technology, however. Besides the mature enterprises, I see two other areas as important. One is the SMB market, that relies on a lot of services that come out of the channel. They will want lower cost and more automation. The other is organizations who leverage outsourcers for things like managed security. Those organizations often have difficulty measuring the effectiveness of SLAs.”
The channel will be the key route to market, and Potter said that the objective is to get to 100 per cent channel sales.
“My philosophy is that the channel has to be the main path to market, and long term, we will be 100 per cent if possible, with systems integrator and VAR and managed security partners,” he said. “Many organizations aren’t looking for a vendor for this type of advice. They want a neutral, trusted partner to provide it.”
Whether Verodin will stick with a relatively small group of partners at this early stage of their history, or broaden out more quickly, has not yet been decided.
“I see the value in each component of the channel, including a distribution channel, and including customer-facing partners,” Potter said “The issue is that at what point do you need to add them. At what point do you deliver value to those resellers or distributors. We are still evaluating and measuring that. Some partners have jumped at us out of the gate. I have a long history with Dave Castignola of Optiv [EVP of Worldwide Sales] from RSA, and he sees the value. At some point later in the year we will assess our growth path as far as what the channel will look like, including distribution.”
Defining how strategic vendor technology partnerships will fit in is also in the process of being defined.
“It’s too soon for clarity on that,” Potter said. “We are seeing interest from organizations in the service model and cloud space who are motivated by concerns about how much they can trust security moving off-prem. I do expect you will see partners emerge quickly on an OEM type model. From a technology partner perspective, it’s important for them to consume data coming out of our instrumentation, to ensure that the technology is configured and effective against what they want to be protected against.”
Presently, Canada has two Verodin sales people who touch into it from a territory perspective, and Potter sees it as a strong growth market for them.
“At Black Hat, we had several Canadian customers – and South Americans – who came into our suite,” he said. “Canada has definitely emerged as a market for us.”