Understanding the Customer is the Key to Success

Wednesday, July 27, 2011

Rahul Neel Mani


ArcSight which was acquired by HP last year was started when the Dot Com bubble had burst. CTO Forum talks to Hugh Njemanze, ArcSight Founder and VP & CTO, HP Security Solutions about the company’s journey so far and how the company has been able to sustain a robust growth...

What inspired you to incubate ArcSight? How has been the journey so far?

Before we started this company, we saw that there were organisations building tools in-house, and they were realizing that they cannot be in the business of maintaining those tools because of two main reasons.

First, perhaps the person who originally built the tool moved on to another company and so someone would need to reverse engineer it to understand it. So it was better to find a commercial solution. There was clearly a need for log consolidation and analysis tool in the market that could meet the enterprise needs for strategic monitoring.

We started at a fairly difficult time when the dot com bubble had just burst and so not many customers had the discretionary funds to start new projects. But we turned it into an advantage because while we were building our first product, we could focus on building a great product as we weren’t worried about selling it by using our funding.

By January, 2002, there was a reviewer who did a round of all such tools in the market, and told us that ours was the most mature tool in the space. When we launched our first product and published the details on our website, the competitive website claimed the same features within weeks on their own websites.

However, that worked in our favour because when we did PoCs for the customers, they told us that we were the only product that actually matches its website specs.

In fact, I also met some of my competitors at trade shows and they said we had an unfair advantage because we wrote fresh code base and they used the same old code base that evolved over a period of time. Most of our competitors started out as security consultants and wrote these tools for themselves and became a software company almost by accident.

Another advantage that we had was our conservative fiscal approach. During the Dot com days, there was almost a formula that if you were to be acquired you’d be paid a million dollar for every employee.

So these companies kept hiring employees without thinking much about profitability and viability as they just wanted to be bought. On the other hand, we maintained a small team initially and as we got customers we expanded the team. This approach helped us survive the downturn and helped us become profitable at a very early stage.

What was the kind of funding you received?

We started with $16 million venture capital and then did a second round of funding a couple of years later and that was the last time we raised money until we went public. We started selling our product in 2002 and by 2004 we started generating profits and went public in 2008.

You hired a sales person even before you had a product, yet you were able to get meeting in just a single cold call? How did you manage to achieve this?

We described the log management and analysis problem that we had been hearing from other customers and they agreed they had similar problems and needs and were therefore willing to talk to us even though we didn’t even have a proper name then, we used to call ourselves Wahoo, which is the name of a fish. People thought that it was just a copy of the name Yahoo.

With some of those cold calls that Pat (the sales guy) and I made, the customer said that if you could build a product that could solve the problems we described, they were ready to buy it. We saw a solid interest in the solution.

We spend a lot of time with customers and translate their needs into something that makes sense for an engineer. Every year we have a user conference where every presentation is either given by engineers or the customers using it.

Engineers love it because they get to interact with the customer and therefore they come back very inspired and motivated. Customers love it because they get the ground truth from the peer and the guys writing the code.

You started when the Dot com burst happen. Recently we experienced a similar or rather bigger economic recession. How did that impact you?

Rather than change things, we survived the downturn in a different way.  We continued to grow at a rapid pace.

We have a lot of BFSI customers. Banks were hit very hard during recession. Some of the banks folded, some got acquired. The interesting thing for us is if a bank got acquired, at least one of them would be using ArcSight, so they’ll expand their licensees to cover both the banks. So, we found that the mergers were driving higher adoption of our products.

It was interesting set of events because we went public in December 2008 when the economy had started declining and the advice was against going public. But we went against all odds and went public and 18 months into it, we were the only company trading above the IPO price amongst those who went public during recession. We continued climbing till the time we got acquired by HP.

How do you ensure that your solutions suit the requirements of diverse verticals and customers?

One of the principles we have is to build products that meet customer needs without applying the features to just one customer. So every time a customer explains to us what they want to do, we try to understand how that can apply to other customers and build solutions in such a way that it can appeal to others.

So, sometimes that means creating a feature in a more generic way and creating authoring tools so that customers can customize to their specific needs.

For eg. One of our early customers wanted to be able to have a workflow inside a ticketing system. So we didn’t want to rebuild the entire ticketing system but at the same time, we didn’t wanted to build that was narrowly built to just one customer.

So, we talked to a few customers and we built something that can be parameterized so that you can use all the terminologies that are there in your particular environment. So, we built a straightforward workflow which can be made to look and feel the way the customer wants.

Log management tool has a potential hazard of being misused. How did you educate the customers to ensure it isn’t misused?

Our customers actually educated us instead of vis a versa. Because different customers have different tolerance levels. For eg. In Germany, privacy is a very important consideration in the workplace.

They have legislations against workers being monitored etc. So as per the rules you can capture the logs but you have to purge them after 24 hours. That led us to build some flexibility in our products. Now, the customers can say when they want what data to expire. This ensures no data is stored beyond the acceptable limits.

We’ve always tried to make the software configurable so that it meets the needs for most customers.

How is the customer changing post its acquisition by HP? Is it moving from being a visionary company to a product centric company?

This was our biggest concern before getting acquired. One of the reasons I felt comfortable with the acquisition by HP was because we can pursue the vision of the company as part of HP. So far that has been the case. We have our R&D team completely intact.

We have our own sales force intact and even our own facilities intact. So far, HP is willing to understand how we’ve been successful and if it makes sense, HP will adopt some of ArcSight’s processes and if it makes sense, ArcSight would adopt some of HP’s processes. We’ve been going through the process for a while and it has been very constructive.

Cross-posted from CTO Forum

Possibly Related Articles:
Information Security
Tools Log Management Security Hewlett Packard Customers ArcSight
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.