EXCLUSIVE INTERVIEW
DeepNines President Dan Jackson on Network Security

Worms and viruses cost organizations billions of dollars and hundreds of man-hours. Spam has grown to represent between 60 percent and 70 percent of all e-mail, according to published reports. And even the companies charged with helping businesses secure their networks now are coming under attack. In April, for example, Cisco (Nasdaq: CSCO) warned customers about a hole in its Wireless LAN Solution Engine.

Indeed, current security gaps cost U.S. businesses about 5.7 percent in annual revenue, according to Omni Consulting Group. Thus, securing the network would give businesses about 6 percent more funding to put toward more profitable IT initiatives.

Since 1999, DeepNines Technologies, a San Antonio, Texas-based developer, has been offering the DeepNines Security Platform to Global 2000 corporations, educational institutions and government agencies. The company has developed a scalable, platform-independent solution that integrates an intelligent firewall, intrusion prevention, McAfee anti-virus software from Network Associates (NYSE: NET) , and forensic capture and reporting into a security platform that operates outside the network infrastructure, repelling attacks before they can affect network performance or compromise data. The platform runs on Sun's SPARC, x86 and Linux offerings.

Recently, the E-Commerce Times spent time with Dan Jackson, president and COO of DeepNines.

Before joining DeepNines, Jackson was senior vice president of the Kinetics Group. Jackson also has held positions at USFilter, Glegg Outsourced Solutions and Glegg Water Conditioning.

E-Commerce Times: So how would you describe DeepNines Technologies -- your philosophy and how you go about protecting the network?

Jackson: We've been around now for five years. Our overall philosophy has been that network security is so fragmented -- not only in the marketplace, but in the overall security architectures -- that we had a tremendous opportunity to come in and be a cornerstone of the integration and consolidation requirements of network security. At the same time, we could change the beliefs about where security should start. We took a different approach and said, "What's the logical point to keep the bad guys out and the good guys in?" That's at the edge of your network -- and that should include your router.

ECT: How difficult has it been, then, to target potential clients since you're taking a different tack from some others in the market?

Market share guides hacker decisions, and you're starting to see a lot of other major software companies start to come under attack. Now hackers are not just focused on Microsoft (Nasdaq: MSFT) . We're seeing history repeat itself as hackers target the other large software players. When I talk software, Cisco is a software player. A lot of companies on the edge are software players, so it's a phenomenal opportunity for us.

ECT: You've won some pretty impressive clients recently, especially in the education industry.

Jackson: We just received a deal that we're going to secure 50-plus universities. We're pretty excited about where the company is going. Here's a crazy stat: There are 28 billion malicious pings a day. Why on earth would you want that to come on your network?

We keep it at the edge. We let the good guys in and keep the bad guys out. At the same time, now you have to take a different approach to security because we believe strongly that history's going to repeat itself with some of these major software providers out there. We're starting to see some things even with Cisco, and we're there to support Cisco and help Cisco and educate the market. When you start to look at the vulnerabilities that are coming forward with Cisco, it is a software solution. For us, we're heavily focused on providing security at the edge, which the router was never designed to do.

ECT: So how does this translate into return on investment?

Jackson: There are a couple of different camps out there. They talk host-based solutions and they talk network-based solutions. We're a network-based solution. We're a security platform, so we provide firewall functionality, IDS functionality, A/V functionality, anti-spam -- all at the edge of your network. Now when there's a vulnerability you don't have to update tens, hundreds or thousands of boxes. You have to update one.

When you are a host-based technology or architecture and you have 100,000 users, it's going to be very, very difficult for you to outpace any one of the vulnerabilities out there. We believe in host-based, we believe in a layered approach, but we think your most dynamic security solution should be all the way at the edge, and it should be comprehensive. Comprehensive means it has to include your router. It needs to protect your firewall, which is internal. If you think about it, 90 percent of all companies have a firewall, but 84 percent of the companies have all suffered a loss in the last 12 to 18 months. There's a stat out there right now that 94 percent of all CIOs say they're at risk. Why is that? Obviously something isn't working.

ECT: Who does DeepNines consider its competitors?

Jackson: We compare a security platform to a multi-point security architecture. There are two ways you approach value to the customer. One is the resource side -- the administration, the maintenance. We consider those soft numbers. Tolly Group recently came out with a study that says security platforms, from a resource and administration perspective, save on an annual basis 160 percent over multi-point products. That's a phenomenal savings. Now you don't have your administrators working in five different products.

The other thing is, we price our product based on bandwidth. We are not a node-based pricing model. In our security platform versus a multi-point product, we save 50 to 60 percent on a capital expenditure and then we save up to 80 percent on the annual maintenance side of things. Those are real, hard, tangible dollars.

ECT: I understand you not only provide demo units, you'll also send out a technical person to show prospective clients how the technology works?

Jackson: When you're evangelizing a technology that nobody else has got right now, our sales cycle is a little bit longer but the benefits we're getting are phenomenal.

ECT: What are some of the markets you focus on?

From there, we have a very heavy focus in Federal, telecommunications and financial. Our revenues are 37 percent in education, 29 percent in federal, 16 percent telecommunications and the rest is more of a hodge-podge.

ECT: But you also are looking for clients outside those four large verticals?

Jackson: Absolutely. We have vertical-based sales team and we also have geographical-based teams. We won't walk away from a deal.

ECT: And you're also a big Sun partner?

ECT: Does that then mean that Sun resells DeepNines' platform or does your solution go through Sun's indirect channel?

Sun is very channel-friendly. When the channel deals with us, they know we'll be working directly with them. There's a lot of value to be created for them. It reduces conflict. I focus heavily on the Sun channel. I don't have to work with anyone else, so I can be very focused. A company of our size, you have to be focused to be successful. You can't be all things to everyone.

ECT: When you're talking to existing or prospective clients, what are some of their major concerns?

Jackson: I think the primary concern is that they have so much stuff coming at them. They've dealt with so many technologies. I don't want to throw stones or anything, but IDS came in. People came and spent a ton of money there, but it didn't solve their pain. It didn't remove any of their heartache -- it actually increased it. There are a lot of people out there just sitting back, waiting to see what will happen.

ECT: Do clients have to rip out their existing infrastructure if they invest in DeepNines' platform?

ECT: But they did happen.

It's the same thing with Check Point firewalls or IDS technologies. We eliminate the false positives, false negatives. We get rid of the bad stuff and allow the layered approach to really secure the network.

ECT: How many patents does DeepNines hold?

Jackson: We have 18 patents pending. We've been notified we're going to get our first and most major patent, and we'll hear in the next 45 to 60 days.

ECT: Why is DeepNines' technology so different from other solutions out there?

ECT: Obviously, even if a worm or virus doesn't infect a network, fighting off the intruder can decrease the network's performance.

ECT: How did you get involved with DeepNines?

Security is going to be a $155 billion market place. The largest players only have 1 percent market share. There's no major, dominant player. If you remain focused and carve out your niche, you can be a viable player.