Monday, August 30, 2004
Interview: Brendan Rizzo, President and CEO, Demarc Security
Brendan Rizzo is President and CEO of Carpinteria-based Demarc Security (www.demarc.com). I spoke to him about Demarc and where they fit in the security market.
BK: Tell me a little bit about Demarc -- what is Sentarus, and how does it fit into the security software landscape?
BR: Demarc is a global provider of dynamic threat management solutions, including intrusion detection and intrusion prevention, to organizations in more than 25 countries around the world.
Sentarus is our dynamic threat management solution now available in both hardware and software editions. Sentarus offers network and host-based intrusion detection, intrusion prevention capabilities, event correlation capabilities, system integrity verification, extensible service monitoring/regeneration, and vulnerability assessment scanning, integrating all of the essential network security functions onto a single management console. Sentarus also features False Alert Suppression Technology (FAST) to reduce false positives and unnecessary notifications, and customizable advanced reporting, to help companies meet SAS 70 IT audit requirements and other legislative regulations.
BK: What market segment does Demarc target, and who are your typical customers?
BR: There is a lot of overlap between our customer base and our target market. We serve a broad range of customers, from small businesses and Fortune 500 and 1000 companies, to military and global government agencies. What we've been doing over the past year and intend to continue doing is expanding our market share in each of those segments. Current Demarc customers include NASA, the US Department of Energy, and IBM.
BK: How is Sentarus different than the many other security products on the market?
BR: Sentarus has two big advantages over other security products on the market: it is both comprehensive and integrated.
Sentarus protects organizations from the inside out from end-user error, misuse or improper configuration of internal systems, and from the outside in from malicious users, worms and other Internet-based attacks. Firewalls aren't sufficient for detecting network based attacks, and remain oblivious to security breaches within organizations--which actually account for the majority of IT-related security issues. That's why a comprehensive threat management solution that can monitor threats from all angles is so important..
These days, companies want maximum protection but also want to consolidate their security products and vendor agreements, and minimize their IT staff training and management time. With an integrated solution like Sentarus, the IT staff can manage, monitor and maintain a single device and still provide the highest level of network and host protection for their organization.
BK: What's the history of Demarc, and how long have you been shipping products?
BR: Joshua Moskovitz, our CIO, and I founded Demarc in 2001. Both of us had worked for years as in-house security engineers, network administrators and as security consultants, and we realized there was an overwhelming need for a centralized, integrated security solution.
What most organizations had at that time -- and many still have deployed -- was an assembly of disconnected point solutions that all had to be individually managed, monitored and maintained. That can be a fairly expensive proposition and yet it still doesn't offer the highest level of protection.
We developed our first product, PureSecure to fill that gap in the market. Within the first 2 months on the market, over 2,000 users had downloaded our software. PureSecure users were so happy with the product that they wrote articles and white papers about it. In our first two years in business, we never conducted any marketing or proactive sales activities, the product literally sold itself.
It gradually became apparent to us, however, that while PureSecure was meeting a market need, it still lacked certain capabilities that our customers desired. Customer demand and market demand was for a solution that offered gig-level performance, intrusion prevention capabilities, vulnerability assessment and a full suite of reporting tools. So, in 2003, we developed a completely new product that offered all of these capabilities and we acquired the Sentarus product name, which already had some brand equity, and the existing Sentarus customer list from Silicon Defense.
BK: How did user hear about your PureSecure product if you weren't actively marketing it?
BR: Initially, word spread through online sites like freshmeat (Linux/Unix software site), slashdot ("news for nerds, stuff that matters") and securityfocus (computer security site) and through word of mouth; customer references and references from mailing lists and online communities accounted for about 50% of our revenue on average.
BK: How is Demarc funded?
BR: Because PureSecure, the company?s first product was such an overnight success, Demarc has been profitable from the start. Earlier this year, when we decided that it was time to take the company to the next level, we sought and secured our first round of Series A financing. So, we're in the really fortunate position of being debt-free, profitable and well-funded.
BK: How many employees does Demarc have, and how fast are you growing?
BR: Since we're a privately-held company we don't typically disclose that information, but what I can tell you is that with this current growth we're experiencing from the demand for our new Sentarus software, we've got three recruiting agencies working continuously finding more talent for us - there just aren't enough qualified people without jobs in this area!
BK: Finally, what's your next big goal for the company?
BR: We've been very successful in selling direct with Sentarus to date, however we're about to start an aggressive program to expand the channel to allow for more efficient scalability in delivering the product to market.