Last month, ARN had the opportunity to sit down with Symantec CEO, John Thompson, and McAfee chief executive, David DeWalt, individually to discuss the strategic direction of their respective companies and where they see the IT security market heading.
Over the last year we've seen a relative sea change in the security market as customers have shifted their focus toward data protection, versus more traditional methods of defending endpoints and network assets. How has this forced a strategic change in direction for your companies - in particular as smaller vendors in sectors including data leakage prevention (DLP) claim they are better suited?
John Thompson, Symantec (JT): The reality is that we have had insight about what information was fl owing around in an organisation for years. The fact that we were doing virus protection was interesting, but what was more interesting was the depth and breadth of intelligence network around the world, which has been telling us where viruses and worms are coming from, what hacker attacks are occurring, where spam is originating from, and what keywords people are using to bypass filters.
There's a great deal of insight associated with that intelligence network that Symantec has that should make this shift toward information-based security easier for us than any smaller company that doesn't have that breadth. Furthermore, customers have the expectation that we and others who have been trusted providers for them will evolve as their needs evolve.
David DeWalt, McAfee (DD): Actually, I see it as a huge advantage being a big company. Managing data and data security is a pretty strategic thing for corporations, when I think about who they would trust as an advisor in these situations. You get a level of service from companies such as Symantec and McAfee that isn't there with the others - we're already running in most large corporations on the endpoint. And we offer cost optimisation, centralised management, and other benefits you can't get from smaller companies.
The reality in the security world today is that we are seeing more cost-optimisation requirements. So, how do you look at a company like us that has AV, anti-spyware, HIPS (host intrusion protection), and NAC (network access control), and how will you add DLP and encryption as an agent, versus adding someone else's products?
DLP is obviously an area where both companies have made significant investments over the last year, with Symantec's acquisition of Vontu, and McAfee's acquisitions of Onigma and Safeboot. Could you describe your strategies around DLP?
JT: The first thing we have to ask ourselves is if this is a problem that customers would like us to help them solve; if so, is there a technology already in place that has garnered the hearts and minds of its users? Clearly, that was the case for Vontu, which was unquestionably the market leading solution for DLP.
Our view is, if this is a problem that customers would look to Symantec to help them solve, why not see if we can acquire the best technology to be able to do that? The question of DLP as a standalone platform or as a feature will be answered in how customers want to solve the problem. If customers are willing to dedicate resources to the problem as an isolated area of activity, that probably functions as a standalone product.
However, if they view that solving that problem is a part of another business process, then it would behoove us to make that feature part of a broader suite.
DLP over time might become part of a broader digital rights management strategy for an organisation. Now, that's a big theme that goes well beyond what Vontu does today, but if you believe the currency of business today is as much about information as it is about cash, having a clear understanding of where digital content is and who has rights and privileges to use it is a very important topic.
DD: McAfee and Symantec have addressed DLP in different ways. We see DLP having two important problem-solving areas: intellectual property protection, and the management and monitoring of information loss via endpoints.
We believe most DLP events occur through insiders, through endpoint devices. If you look at where the problem is, you'll see the protection of intellectual property is the most important issue, and that, secondly, it's about compliance data privacy reporting components. With Safeboot, encryption is already proven as a strong approach for data privacy and breach management, and it is best served when the customer can prove no loss of data when they lose a mobile device, that they have no need to report that incident. If you can address those two problems, you can address the bulk of the issues on the marketplace. It will be up to customers to determine which approach they think is better: a network-oriented appliance tool, as with Vontu, or protection at the endpoint, which is where we have invested.
Safeboot is whole disk encryption for mobile devices. Symantec has no encryption technology in its entire portfolio, so the technologies are not even in the same hemisphere. Symantec bet monitoring network traffic is the future. We bet that doing it at the endpoint is more of a safe, compliant way to address this.