the future of c-end security products

Posted by deaguero at 2020-03-24

The C-end security product is the direction I have been considering. Several of my own professional experiences are also in the C-end security enterprise, the PC security product teams of Kingsoft and Tencent computer steward, and the CM security team of cheetah Mobile's overseas security product. It is also a transition period of safety product development. As for the current lack of security product innovation, I have been thinking about what the next generation of C-end security products should look like?

Here are some of my thinking process and some judgments on the future trend.

From optimistic to pessimistic mobile security products:

The sluggish growth of PC security products caused by the termination of artificial dividend and the rapid decline of PC opening rate caused by the popularity of mobile terminals make me confused about which direction I want to do next. And then it naturally occurred to me that after the popularization of mobile terminal, it should also be like PC terminal, requiring security products for virus killing and malicious website interception. With this judgment, I came to cheetah Taipei office to start the capacity-building work of overseas mobile terminal security products.

But I soon found that the security products on the mobile end have the problem of small value space. In the PC era, windows is a completely open and independent platform, which allows third-party security companies to generate enough space for value between the platform and users. But on the mobile side, when Android is clearly closed, the value of the third-party security company lies in the small space between the platform and users.

Finally, after watching the Android o conference, I decided to give up the path of mobile security products for the C end.

Lifelock found:

At the end of 2015, when I was eating breakfast in a hotel in Seattle, I happened to see a lifelock advertisement on TV, which made me feel strange. There is no C-terminal security software in China that advertises on TV in the morning. Then I got to know that I was very excited. This kind of product can solve the threat of product living space brought by the platform.

What distinguishes lifelock from traditional security software is that it no longer focuses on the attack and defense of viruses and fraud, but on the security of personal information. This positioning makes lifelock itself free from competition with the operating system. In the past, the reason why C-terminal security software survived well was that the operating system itself did not do well. Therefore, the biggest competitor of C-terminal security software was the operating system itself. The product positioning of lifelock is more like an application software than a system tool.

I think the next generation of C-end security products must be around personal information security.

The landing of lifelock mode in China:

Let's see what lifelock looks like. Because it has to be an American identity to experience it, I would like to thank Melissa for her kindness. Below are some screenshots of the main interfaces of the product.

Figure 1: the main interface after login is to list the main alert capability points

Figure 2: the following figure is a reminder of a dark network information leakage event

Figure 3: the alert content page of the dark network alert is actually to match the data of the old leakage event with that of the new user

Difficulty 1: product scenario does not exist in China

First of all, the positioning of lifelock's core scenario is actually of American characteristics. The ecology of credit card and the ecology of medical insurance are totally different from that of China. The problem of credit card theft and medical insurance theft in the United States is a big problem, but not in China. Lifelock just found a good point, in which personal information disclosure can be directly related to personal money loss. This also allows enough space for lifelock to reflect its product value and satisfy the security sense of C-end users. And a monthly fee of $10-30 is not cheap.

Difficulty 2: Legal Issues

For example, in order to give users an early warning of data leakage in the dark network, it is necessary to be able to monitor the event as one and get data as two. In such a tense domestic environment of big data security situation, there are clear legal issues. Why America? There is still a big difference in national conditions.

Difficulty 3: what is the business model?

In the United States, lifelock relies on more than 3 million paying users on the C-end and part of the b-end business to support the revenue of several hundred million dollars a year. But in China, if we use the pure C-end, the charging will obviously be a big threshold for users to choose. If it is not large, the liquidity of C-end flow is also declining, and it may be a small business in the end.

What direction does that have to be feasible at home?

First of all, my logic is that the next product in the C-end security market will be the product around personal information security. There are four product directions of personal information security.

First: pure tool products

For example, 1Password and logdog products in Israel are essentially tools around the core scenarios. But the problem is that the experience of such tools determines that they can't become mainstream security products and can't bear the banner of the next generation of C-end security products. These products need to change the user's original experience, and have the use cost. For C-end users, an industry that must be low-frequency from the perspective of risk discovery and has the use cost is unlikely to become a mainstream product.

Second: sell your own information

You've probably heard about people driving to the countryside and replacing their ID cards with Juicers. For a large number of 5-tier and 6-tier cities in China, we are indifferent to personal information. If we can exchange money, it would be great. Based on this, if you can find a legal point in the product value scene, it is possible to play this mode, but the path is too round, hard to go, and there is no social value.

Third: imitating lifelock mode

The difficulty of this model has been stated above. It is impossible to imitate directly, either from product scenarios or business models.

Fourth: starting from solving mobile phone anxiety

The mobile phone anxiety here refers to two aspects. On the one hand, the information carried by the mobile phone has exceeded imagination. It's too simple to know your privacy from all kinds of information on the mobile phone. The second aspect is social anxiety. Mobile phones can be set to automatically prompt "off", but wechat voice can't be set. What about location sharing? Such needs are real.

And the fourth point is the path I currently think is feasible at home. This is what Han Han, a friend of the investment bank, told me. Thank you.

Here's a screenshot from the recent movie "loud call.".

There are two other things to say in the judgment of this direction:

First of all, the difficulty and demand of personal information security control will rise, which is an irreversible trend. Today's mobile phones are totally different from the positioning of 10 years ago.

Secondly, when I talk to many people about this idea, I get the same feedback many times, "Chinese people don't care about personal information security", which I totally disagree with. In the United States, lifelock only has a market accounting for 1% of the total population of the United States, which is enough to support nearly $3 billion of enterprises. In many cases, we don't want the whole society to care about it. As long as a part of it, the ceiling of this matter is large enough, and there is so much space. In addition, don't take "what's the matter with Chinese people, what's the matter with Americans". From the bottom of human nature, there is no difference. Chinese people thought that Americans paid for music more than ten years ago, but Chinese people would not. Today, QQ music is on the market. So the consumer mind of C end is easy to be affected, and the change is also rapid. I hate the logic of defining consumption habits by people.

Finally, in 2019, we will bet on the C-end security market, which we have to do this year.