&l;p&g;&l;img class=&q;dam-image shutterstock size-large wp-image-1040156344&q; src=&q;https://specials-images.forbesimg.com/dam/imageserve/1040156344/960×0.jpg?fit=scale&q; data-height=&q;640&q; data-width=&q;960&q;&g; Shutterstock
I enjoy seeing startups take market share from big companies. Without that dynamic, customers and investors would suffer. The customers would have no choice but to&a;nbsp;pay too much for&a;nbsp;products that don&s;t solve their problems well. And investors would earn lower returns because public companies would stop growing due to&a;nbsp;their lack of innovation.
This comes to mind in considering the market for malware and ransomware protection. This $11 billion market for so-called endpoint security&a;nbsp;is expected to grow at a 12.7% rate to $20 billion in the next five years.
And legacy antivirus software companies are not keeping up the pace.&a;nbsp;For example, $4 billion (2017 revenue) Symantec has been shrinking at nearly a 10% annual rate since 2013, according to &l;a href=&q;http://www.morningstar.com/stocks/xnas/symc/quote.html&q; target=&q;_blank&q;&g;&l;em&g;Morningstar&l;/em&g;&l;/a&g;. McAfee and Kaspersky also lag the industry as does IBM&s;s $2 billion security business, according to my April 27 interview with Tomer Weingarten, CEO of SentinelOne, a Mountain View, Calif.-based challenger founded in 2013.
One reason the legacy antivirus companies are not keeping up is that they are not adapting as well as some of the startups to changes in their customers&s; IT departments. Two key changes are the widespread adoption of cloud computing and the use of smartphones and tablets to send and retrieve data.
The dynamic between the old and the new has created an opening for quick-footed cyber-attackers which legacy antivirus purveyors&a;nbsp;have been slow to close. According to the prospectus for &l;a href=&q;https://www.sec.gov/Archives/edgar/data/1366527/000104746918002643/a2235165zs-1.htm&q; target=&q;_blank&q;&g;Carbon Black&l;/a&g;
&l;/p&g;&l;blockquote&g;In the past, knowledge workers only had access to applications and data inside the corporate network perimeter, which were firewalled off from potential cyber threats. Today, an increasingly mobile workforce and the explosion of enterprise data and applications in the cloud have expanded the attack surface beyond the traditional network perimeter. In response, cyber attackers have adapted their attack methods and tools to directly target the endpoint. In short, the endpoint is the new perimeter.&l;/blockquote&g;
Founded in 2003, Waltham, Mass.-based Carbon Black — which bills itself as a purveyor of &q;next-generation endpoint security solutions&q; to this problem — is growing faster than the industry. Since 2015, Carbon Black&s;s revenue has grown&a;nbsp; at a nearly 52% annual rate to $162 million, according to its prospectus.
SentinelOne — which has raised $110 million in capital so far — is not yet ready for an IPO — but it says it is growing even faster. According to Weingarten, &q;Between 2016 and 2017, we boosted new customer bookings 300%; increased&a;nbsp;our customer base 370% to 2,500; and&a;nbsp;added to our employee&a;nbsp;headcount by 175% to over 300.&q;
This growth is remarkable considering the organizational churn it suffered which hurt Sentinel One&s;s execution and vision. According to the &l;a href=&q;https://myleadcorner.files.wordpress.com/2018/03/magic-quadrant-for-endpoint-protection-platforms.pdf&q; target=&q;_blank&q;&g;January 2018 Gartner &q;Magic Quadrant for Endpoint Protection&l;/a&g; SentinelOne&s;s biggest 2017 challenge was &q;churn in staff roles across product, sales, marketing, and other internal and client-facing groups. Gartner clients reported inconsistent interactions with SentinelOne throughout the year.&q;
SentinelOne views this turmoil as an investment with a positive return. &q;2017 was a year of significant change and development for SentinelOne — the company up-leveled its leadership team to take the product and go-to market to new heights.&a;nbsp;These leadership changes are exactly what has created the unprecedented results we&s;re currently experiencing; and in record time!&a;nbsp;Key was the hire of Nicholas Warner, Chief Revenue Officer who led Cylance&s;s global sales growth,&q; said Weingarten in an April 30 interview.
Offsetting that disquieting Gartner report was a positive one that gave SentinelOne&s;s product high marks for&a;nbsp;effectiveness and low price. According to an April 17, 2018 &l;a href=&q;https://globenewswire.com/news-release/2018/04/17/1480179/0/en/NSS-Labs-Announces-2018-Advanced-Endpoint-Protection-Group-Test-Results.html&q; target=&q;_blank&q;&g;NSS Labs, &q;Advanced Endpoint Protection Comparative Report&l;/a&g;,&q; SentinelOne is recommended with a 97.7% security effectiveness score and a total cost of ownership per protected node of $148 — which is 51% below the average TCO/node of $301 for the&a;nbsp;11 recommended products covered in the report.
Perhaps this strong relationship between effectiveness and price is contributing to SentinelOne&s;s growth. As Weingarten explained,&a;nbsp;&q;We are growing bookings at 300%. 70% of them are complete rip and replace from McAfee and Symantec. Pandora replaced Symantec with SentinelOne. We win 70% of the time we compete in a proof of concept.&a;nbsp;We expect a displacement book of $100 million in 2019.&q;
SentinelOne&s;s growth is due to strategy and execution.&a;nbsp;Its strategy is to give customers &q;new capabilities — visibility into the state of their encrypted data, searching endpoints, updates on new threat vectors (such as malware and&a;nbsp;ransomware), and&a;nbsp;machine learning,&q; he said.
SentinelOne believes that it executes more effectively than its legacy rivals. As Weingarten explained, &q;We do a new release&a;nbsp;every three months. At the end of the day we are&a;nbsp;a software as a service business that sells software in a manner that is as&a;nbsp;scalable as possible. We need to deliver value and keep the customer safe. With traditional antivirus, if the product doesn&s;t work, the customer calls the vendor but nothing changes. If we see a potential&a;nbsp;problem, we tell the customer what to do to keep it from affecting them.&q;
Meanwhile, McAfee is not sitting still. As its CEO Chris&a;nbsp;Young explained in a February 2018 interview, &q;With Skyhigh Networks, we are adding a new pillar in cloud security. We will add analytics, data science, and deep learning to underpin our&a;nbsp;data security event management platform which will help customers make better decisions and get better forensics. We will have better integration among our products which are being sold worldwide.&q;
SentinelOne does not see this product as a threat to its business. &q;Our customers and prospects tell us that McAfee is too heavy on the endpoint, still lacks a signature-less approach, is difficult to deploy and manage, and lacks basic exploit prevention on non-server endpoints.&a;nbsp; Customers of McAfee tell us regularly that McAfee MOVE, which was meant to protect virtualized environments, is a complete disaster and cannot be deployed at scale:&a;nbsp; customers are switching away from this product as quickly as possible,&q; said Weingarten.
SentinelOne could help close a gap in&a;nbsp;IBM&s;s security&a;nbsp;product line.&a;nbsp;IBM does not have a next generation anti-virus&a;nbsp;capability and has already talked with next generation companies about being acquired, according to SentinelOne.
SentinelOne has a &l;a href=&q;http://www-304.ibm.com/partnerworld/gsd/solutiondetails.do?solution=54759&a;amp;expand=true&a;amp;lc=en&q; target=&q;_blank&q;&g;partnership with IBM&l;/a&g;– could it get bought by Big Blue? Or will it keep growing and go public? The answer depends on the strength of its vision and execution.