Ray Lane buys dinner - Who buys ArcSight?

By Tom Foremski - September 12, 2006

I'm a big fan of Ray Lane, the former president of Oracle and one of Kleiner Perkins' top VCs. So whenever there's an opportunity to be around the same table I always take it.

Mr Lane is one of the industry's veterans and one of the savviest in the enterprise software industry. And his presence is large, he doesn't need to check himself for commentary, which is great if you are a journalist.

Tuesday evening Mr Lane and executives from security firm ArcSight, plus a couple of c ustomers, plus a bunch of A-list journalists, from WSJ, News.com, etc met for a roundtable discussion on matters of security. The timing was perfect to chat about security with all the talk of 9-11, and the term 9-11 came up many times during dinner.

ArcSight specializes in spotting aberrant behaviors among staff and flagging potential insider criminal activities. Some of those activities could be accidental, such as "forgetting" a laptop filled with sensitive company data in an airport lounge.

Other incidents are part of sophisticated criminal gang activities that could include extortion of corporate executives.

Interestingly, the people that are most watched are those that ArcSight describes as senior level people that hold "the keys to the kingdom." It is these types of insider threats that ArcSight's technology is designed to prevent.

They said repeatedly, that the insider threat is a huge, massive problem--but one that is unmeasurable. So how do we know it is a huge problem if we cannot quantify it?

I was told by one ArcSight customer that it is a "gut feeling" that insiders, some of them disgruntled staff, are up to various nefarious activities. ArcSight software will spot that activity, flag it, and alert company security personnel that there is a potential problem associated with a specific employee.

It is very Big Brother-like but how else can you spot such criminal activities?

The security software market is interesting because it is very balkanized. There are way too many point product companies. Enterprises want to buy one solution for one big problem. In the security software space, there still a tremendous amount of consolidation to be done to aggregate many dozens of security companies into one.

Ray Lane is very good at selling companies, last year he sold Virsa, the fastest growing private software company to SAP. Is ArcSight on the table?

It could be. One of ArcSight's board members told me the company is hitting close to the $75m revenue number, that's getting close to the magic $80m to $100m level that could initiate an IPO--except that the IPO market is in the doldrums.

Maybe ArcSight is being dressed up for sale to a larger security company. Maybe John Thompson over at Symantec is interested?

I think the tech IPO market will make a comeback because capital needs a new focus now that the real estate market is tanking. Tech IPO's will make a comeback, I'm not sure how soon, or how soon enougth for Kleiner, which has had a stake in ArcSight for more than 5 years. It could be time to pull some money out.

ArcSight has an interesting security story, but it is one fragment of a larger security issue. And with such a large problem,  corporations will want want to outsource that problem.

This  is where IT services companies such as IBM, EDS, HP, Symantec and others, are positioned to take on this IT security burden for a service fee. That's why smaller security software companies will have a tough time growing revenues with point products--no matter how good they are.

Please see SVW:

Ray Lane sells Virsa to SAP: M&A continues in enterprise software markets

I told IBM they should buy SAP-- Kleiner's Ray Lane says...

Peoplesoft and Siebel considered merging but leadership issue blocked the deal says Ray Lane former Oracle president

 

Clarifications from a representative of ArcSight:

- While the dinner was focused on insider threats, ArcSight does enterprise security management, which historically has been all about external threats and compliance. ArcSight’s enterprise and government customers (we’re talking FBI, DHS, FAA, Army, Marines, etc.) have also been using the technology to address insider threats.

- I wouldn’t really consider ArcSight a point vendor. ArcSight is the antidote to point security solutions. It takes data from hundreds of point systems (firewalls, anti-virus, data leak prevention systems) and makes sense of it all to find real threats and patterns you wouldn’t otherwise see. I suppose they’re “point” compared to the large security vendors. Convenience of a suite doesn’t necessarily win when it comes to security. ArcSight competes with Symantec, Cisco, CA, IBM and wins approximately 90% of deals that go into a side by side trial.

- As for companies outsourcing security, while it makes sense for some, you can bet that government agencies and large enterprises aren’t going to risk it. Also, 15 different managed security services providers use ArcSight’s technology to run their systems.

Background:

The roundtable was organized by the Horn Group and included:

Sandra Bergeron, security expert, formerly of McAfee

Sandra is one of the best known and highly respected women of technology in Silicon Valley. James Christiansen, CISO, Experian

James is currently the CISO of Experian.

Brian Contos, CSO, ArcSight

His latest book, Enemy at the Water Cooler, is currently available.

Morian Eberhard, Vice President, Enterprise Security, Union Bank of California

Hugh Njemanze, CTO and EVP of Research & Development, ArcSight

Hugh founded ArcSight and is now leading product development, information technology deployment, product research, and support.

Ray Lane, Kleiner Perkins Caufield & Byers

Ted Schlein, Kleiner Perkins Caufield & Byers

Robert Shaw, Chairman and CEO, ArcSight.                        Share with Bit.ly                    

September 12, 2006 | Permalink | Comment | Category: | Subscribe to SVW

Comments (2)

judy:

I wonder if ArcSight could have spotted and prevented the HP board leaks? ;)

Tom Foremski comment: They said they couldn't, but they could spot a worker who is staying late and might be up to something because they usually go home early.

Posted: September 13, 2006 11:08 AM

Rob Murray:

No worries folks for spotting leaks.

Arcsight had a break in last month at their HQ R&D offices loosing multiple servers and laptops. Let alone protecting customers, they cant keep their own safe. Go figure.

Posted: January 6, 2008 9:13 PM

Post a comment


tibco software
Silicon Valley Watcher Shop

Choose some images and the
products choose you!

Tom Foremski #28 on San Francisco - Silicon Valley Top 50 Most Influential
PR Week: Tom Foremski - top journalists you should know!
Bacon's names Silicon Valley Watcher one of the most influential blogs in the US.
In CNET's Top 100
blog100 149x46.jpg
Best Bay Area Blog
SF Publicity Club's ninth annual awards celebrating excellence in media.