It's The Product, Stupid!

TechTransform, December 30, 2006: On 20 November 2006, a new product was launched. It attracted immediate attention in the press and with users, some of whom wrote in to tech support to thank the company for the product. Downloads of the product increased instantly more than ten-fold over the previous version. Revenue forecasts from the product quickly began to exceed expectations. How did all this come about? What lessons came out of it? An Early Success Today, this company is known as CyberDefender. It went through a transformation that started in May of 2005, when the CEO, Gary Guseinov, invited me to form a team to productize a technology the company had acquired. Gary had founded CyberDefender under a different name at the end of 2003. Funded by friends and family, it was a pure media-buying organization and it expanded fast; Gary and his team had tapped into growing fears over spyware and the resulting adoption of anti-spyware software. Limits Reached By the end of 2004, the company found itself with positive cash flow, a growing topline and recurring revenues from subscriptions. But the company suffered from having licensed someone else's product. And rapid expansion without good controls had created complaints within the security software industry. At this point, Gary and his co-founder Igor Barash had the luck to run into a great new technology, and the quick wits to acquire it. Bing Liu, a technologist who had done well with CyberMedia, a company that was sold to McAfee in the late 90s, had come up with a new way to sense, analyze and immunize against fast-moving threats of all kinds. An Inventing Breakthrough Any computer loaded with Bing's software would automatically become part of a collaborative network. The machine could sense attacks and report them to a lab; the lab itself was highly automated, able to detect the presence of a virus without human intervention; and a breakthrough method was used to immunize all the machines in the network against that threat. The invention achieved unique, near-real-time protection. Other rapid protective schemes involved artificial intelligence to figure out if unexpected software behavior was 'friend' or 'foe'. The required calculations slowed down computers and it was easy to mis-identify a friend as a foe. Not being a marketer, Bing had simply released his software (then only covering viruses) to the public as freeware, and roughly 2 million users had downloaded it. And in 2004, he had scored key successes in protecting his network from dangerous virus attacks earlier than anyone else. He needed now to turn his viral success into a commercial one. By early 2005, Gary Guseinov and Igor Barash had acquired Bing's technology and hired him as chief technologist. A Product Management Nightmare Bing went to work. His first order of business was to create the company's first internally-developed software product, which quickly improved quality. But the team knew that they needed to take Bing's new network to market, and early efforts ran into the simple fact that the company's marketing was nothing more than media buying. Since anything a company doesn't know how to do quickly ends up as the CEO's problem, Gary was now the de facto product manager, with neither the time nor the expertise to execute. In 2005, TechTransform was doing very well with a team of consultants who the year before had helped transform a content publisher, YellowPages.com, resulting in a successful exit for the company. When Gary called me in mid-2005, I quickly fielded a team to get to work and we started to turn Bing's vision into product reality. Within three months, we had a new product ready to go to market. A Reality Check Alan Wallace, a brilliant PR who had collaborated with me on an earlier security software success, was brought in to introduce the new concept to the media. But the company's previous practices had tarnished both its name and the software brand and a friendly journalist told us in no uncertain terms that we needed to restart completely. People can make mistakes, she said. But now the company needed a new name, new marketing practices, a new software line, in other words a complete transformation, before she could even consider a product review along with the big boys. Gary got it; and he recruited me as his COO to help get the job done. Two of my consultants were also recruited into the company. We were up and running. Creating the New Company I won't go into the months of work that went into the rebranding, the hiring of talent, the upgrading of media practices, the development work that continued to extend the anti-spyware product into a full internet security suite. We had a bigger challenge than all that: anti-spyware was no longer an easy sell. It wasn't enough to tell someone they had a threat; more had to be done. Gary and a marketing team headed by then-CMO Wendy McCulley got to work, trying to get better metrics out of the existing approach, which basically consisted of an offer to scan your system for free and selling the software to eradicate any threats found (this is a no-brainer: very few machines are completely clean). They worked on this for many months in 2006. Clouds on the Horizon But in late 2005, I had heard something interesting: one of our media buyers had heard from one of our ad networks that a competitor was thinking of going with ad-supported software. Plainly, we were not the only ones seeing the end of rapid growth in anti-spyware adoption. There was another cloud on the horizon: Microsoft was going into the security software business. They had done this a decade earlier with miserable results, but this time they were serious; security was going to be the cornerstone of the new operating system Vista. Microsoft's classic strategy is to snuff out an entire product category by making its own offering free or nearly so. It did so, famously, with Outlook, which was distributed for free in the mid-90s and quickly eliminated the then-leader, Eudora. We could look ahead to more of the same in Internet security software. This was going to be terrible for the large players like Symantec and McAfee, who had the most to lose. But small guys like CyberDefender would just lose all their steam. So we had to do Something Completely New. Reinventing the Business The answer lay in the product itself. Internet Security is a business that relies heavily on updates delivered through networks like Akamai. New threats show up and spread quickly, and the software has to be updated with their characteristic 'signatures'. Also, the software engines themselves have to be updated for new types of threats. The result is that it costs the market leader, Symantec, something like $2 per user per year to keep users properly updated. Others do it more efficiently, but regardless, distribution is not free. What was special about our own product was that updates are distributed through a peer to peer network. Each machine is responsible for updating a small number of other machines, so that after the first few machines get their updates, the rest are updated using a relay method. Relaying through local machines means that the user's own bandwidth pays for distribution, not CyberDefender. Skype used local bandwidth to make phone calls free; we do the same to make our distribution free. That's a big deal. You get new users by giving away product that is free for one month or even six months; during that period, your update costs are a major issue. Symantec solves this by simply updating its free software less frequently; we have seen versions that come built into computers that only update every 15 days. And a major Internet threat can mature in just four hours! Not having these update costs, CyberDefender can update users without delay, all the time, and it doesn't matter if they are paid users or not. Free Software Marketing I am a big fan of Free Software Marketing. I discussed it in my two 1996 articles, The Free Model and Marketing The Free. In the second article, I wrote: The most apparently extreme case of freezone marketing is this one: give them the whole product, for free, forever. This would seem to be pure suicide; but it is unquestionably the most powerful category domination strategy we have in our toolbox as marketers today. And boy, does it work. A McAfee ad some time ago put it this way: "Some People Think They're Stealing Our Software". Sure enough, you can put McAfee AntiVirus on your machine, and it will never die. And the last I checked, McAfee was a fair success in the antivirus business. In 1996, the motivation for free product was to get people to pay for a more powerful version. Or, like Microsoft, to make the free product a paying one, as it eventually did with Outlook after it owned the marketplace. In the past decade, a massive new factor has developed: online advertising. This is so potent that Internet leaders like Google and Yahoo! are jockeying to buy companies that let you do things for free, just so they can show you ads. Now a product can actually make money - good money - by generating advertising revenues. "Free" is the most powerful word in the marketer's lexicon: when you don't have to charge for your software, you can get millions of users. I sold the CyberDefender execs on my idea and we created a version of CyberDefender AntiSpyware that carried unobtrusive advertising. Problem was, it was too early for the company to stop its efforts to acquire customers the old way, just yet. The Concept is Persuasive CyberDefenderFree, Version 1, was launched in stealth in late March 2006 and we recruited a small number of users - ultimately about a thousand. From this user base, we learned that, if you factored in advertising revenue from a "Safe Search" toolbar, each user could be worth $3.37 or more in Annual Revenue Per User (ARPU). The math is persuasive. If you don't have much in the way of update distribution costs, then all you have to pay out of that revenue is the costs of user acquisition costs, and of running a good software company. That's not trivial - Sunbelt Software, a small, well-regarded company in the Internet Security business, has more than 65 people in its Technology division alone - but it doesn't grow at the same rate as your user base. So the key is to get millions of users. Now Free Software is great, but the anti-spyware business already has its free software - like LavaSoft Ad-Aware and Spybot Search & Destroy. How could CyberDefender succeed in this environment? Breaking Out of the Clutter In 2006, as I mentioned, CyberDefender was working hard on extending its technology to a full Internet Security Suite: Anti-virus, Anti-Spyware, Anti-Spam and Anti-Phishing. We were going to let the spyware part be "free forever" under the CyberDefenderFREE banner, and we built a complex process to upgrade users to the full suite on a paid subscription basis. I've always found that it's the technologists who sometimes come up with the ideas that your users will like the most. Sure enough, it was Bing Liu who first suggested that we make the whole suite free. After a lot of debate, that's exactly what we did. Version 2 of CyberDefenderFREE became not just anti-spyware but the whole suite of security applications. Now we weren't a me-too. At this writing, there is only one other company offering a free internet security suite, and that's AOL. And my guess is that the advertising that will come with that won't exactly be "unobtrusive".   Figure 1: CyberDefenderFREE 2.0 An Attractive Product As you can see from the screenshot (Figure 1), CyberDefenderFREE 2.0 is an attractive product. And since it was built to complement existing software, a user could add it easily to existing protection on a machine (and replace it over time). What did we have to lose? A lot, perhaps; but we had the eight months of test numbers from the previous version under our belt and we could always step back to a paid product. But paid products are a crowded market, while as a free product we had now found ourselves nearly alone, A very small and dedicated tech team released CyberDefenderFREE, the All-Free Internet Security Suite, in record time. And the rest was indeed history. And just ten days after release, CyberDefenderFREE was in illustrious company when TechRepublic (link) said about free software: "…Several of these programs are freely available, including Lavasoft's Ad-Aware and CyberDefenderFREE…" What We Learned In the end, it's the product, stupid! If CyberDefender had stuck to a conservative strategy of just making the anti-spyware free, it would hardly have been noticed. But by making the leap to the full suite, it became the leader in a new, growing market of major ad-supported applications. I made one last pitch: make it really inexpensive to get rid of the ads. And that's how it is: users can upgrade to CyberDefender's Early Detection Center, a fully paid Internet Security Suite for $11.95, or less than a dollar a month. That's about a quarter of the least expensive paid competitor. What's interesting about all this is that all the careful positioning work we did around people being protected earlier, reflected in the "Early_____" syntax of all of the components, went basically unnoticed. The Free message is what got noticed, and that's just fine. How would I do this again better? In hindsight, we could have switched to the "Free" model earlier rather than fighting to make the Paid conversion model work through 2006. But that period was valuable for the insight we gained from months of testing the free product. The First Step Time will tell if CyberDefenderFREE makes it in the marketplace. But it's definitely earned its first stripes by being a product that people liked and adopted. And that's always the more important first step in any market share expansion. click on my signature to comment