[Simon Sharwood sitting in for Pat Gray]

Whenever I speak with security vendors these days, they have an interesting story to tell, but not for the reasons I hope they will be interesting.

A chat I had Websense, vendor of web security software, the other day shows illustrates the situation.

Websense has just launched a new offering for medium-to-large sized businesses (up to 500 seats) and had an awful lot to say about the competitive landscape and how their offering fits in. They had a lot to say about pricing (which is very, very low). And the head of the local operation was happy to point out the importance of Websense’s approach, versus the flawed approaches on offer from his competitors. Support

What I did not hear, despite repeatedly asking a question about why this offering was in some way special or of sufficient importance to bring to my readers’ attention, was anything about how good (or otherwise) the software in question is at actually providing security.

When I pressed, I was offered the brand name of their software and an assurance that it is jolly good.

To me, this is symptomatic of an important shift in the security market.

When a product category is young, the engineering makes all the difference and marketing is all about the number of cogs on the gears. Once a market matures, messages start to emphasise business benefits and other intangibles, largely because products have become roughly equivalent and there’s nothing sufficiently differentiated under the hood to make it worth selling on engineering.

And that’s why I find it interesting that security vendors are not interesting any more. We seem to have reached quite a mature stage where no-one, or at least no-one that talks to me, can point out how their approach actually makes you more secure.

They’ll tell you they’re cheaper, or their approach is more sensible.

But no-one is shooting for the crown of best security provider that I can see.

Which is pretty scary, because being really secure means never trusting anyone!