Symantec and McAfee CEOs go Head-to-Head
- 30 January, 2008 16:40
Last month, ARN had the opportunity to sit down with Symantec CEO, John Thompson, and McAfee chief executive, David DeWalt, individually to discuss the strategic direction of their respective companies and where they see the IT security market heading.
Over the last year we've seen a relative sea change in the security market as customers have shifted their focus toward data protection, versus more traditional methods of defending endpoints and network assets. How has this forced a strategic change in direction for your companies - in particular as smaller vendors in sectors including data leakage prevention (DLP) claim they are better suited?
John Thompson, Symantec (JT): The reality is that we have had insight about what information was fl owing around in an organisation for years. The fact that we were doing virus protection was interesting, but what was more interesting was the depth and breadth of intelligence network around the world, which has been telling us where viruses and worms are coming from, what hacker attacks are occurring, where spam is originating from, and what keywords people are using to bypass filters.
There's a great deal of insight associated with that intelligence network that Symantec has that should make this shift toward information-based security easier for us than any smaller company that doesn't have that breadth. Furthermore, customers have the expectation that we and others who have been trusted providers for them will evolve as their needs evolve.
David DeWalt, McAfee (DD): Actually, I see it as a huge advantage being a big company. Managing data and data security is a pretty strategic thing for corporations, when I think about who they would trust as an advisor in these situations. You get a level of service from companies such as Symantec and McAfee that isn't there with the others - we're already running in most large corporations on the endpoint. And we offer cost optimisation, centralised management, and other benefits you can't get from smaller companies.
The reality in the security world today is that we are seeing more cost-optimisation requirements. So, how do you look at a company like us that has AV, anti-spyware, HIPS (host intrusion protection), and NAC (network access control), and how will you add DLP and encryption as an agent, versus adding someone else's products?
DLP is obviously an area where both companies have made significant investments over the last year, with Symantec's acquisition of Vontu, and McAfee's acquisitions of Onigma and Safeboot. Could you describe your strategies around DLP?
JT: The first thing we have to ask ourselves is if this is a problem that customers would like us to help them solve; if so, is there a technology already in place that has garnered the hearts and minds of its users? Clearly, that was the case for Vontu, which was unquestionably the market leading solution for DLP.
Our view is, if this is a problem that customers would look to Symantec to help them solve, why not see if we can acquire the best technology to be able to do that? The question of DLP as a standalone platform or as a feature will be answered in how customers want to solve the problem. If customers are willing to dedicate resources to the problem as an isolated area of activity, that probably functions as a standalone product.
However, if they view that solving that problem is a part of another business process, then it would behoove us to make that feature part of a broader suite.
DLP over time might become part of a broader digital rights management strategy for an organisation. Now, that's a big theme that goes well beyond what Vontu does today, but if you believe the currency of business today is as much about information as it is about cash, having a clear understanding of where digital content is and who has rights and privileges to use it is a very important topic.
DD: McAfee and Symantec have addressed DLP in different ways. We see DLP having two important problem-solving areas: intellectual property protection, and the management and monitoring of information loss via endpoints.
We believe most DLP events occur through insiders, through endpoint devices. If you look at where the problem is, you'll see the protection of intellectual property is the most important issue, and that, secondly, it's about compliance data privacy reporting components. With Safeboot, encryption is already proven as a strong approach for data privacy and breach management, and it is best served when the customer can prove no loss of data when they lose a mobile device, that they have no need to report that incident. If you can address those two problems, you can address the bulk of the issues on the marketplace. It will be up to customers to determine which approach they think is better: a network-oriented appliance tool, as with Vontu, or protection at the endpoint, which is where we have invested.
Safeboot is whole disk encryption for mobile devices. Symantec has no encryption technology in its entire portfolio, so the technologies are not even in the same hemisphere. Symantec bet monitoring network traffic is the future. We bet that doing it at the endpoint is more of a safe, compliant way to address this.
Your smaller rivals, and some industry analysts, like to say that large companies, such as Symantec and McAfee, do not innovate - they only acquire innovation. How does that strike you?
JT: There is an important mission we cannot overlook, and that is we have a bunch of customers with an enormous amount of expectation of us being able to continue to deliver new features, functions, and capabilities for them that will migrate seamlessly from what they do today to what their needs might be tomorrow. We spend 15 per cent of our revenue on research and development because we have to maintain some stream of innovation in order to serve our existing customers. Our Symantec Research Labs facility has delivered innovative capabilities such as generic exploit blocking, or the ability to see vulnerabilities and create a signature to block an attack before it occurs. The fact that we are an acquisitive company means we are open to people who have fresh ideas.
The security world has evolved so rapidly over the last five years that if we were stuck in a pattern that said we will only deal with ideas that emanate from inside the company, we would be unable to serve the needs of our customers at all. The best way for a company that competes in all the segments of the market where we compete is to use the strength of our balance sheet and income statement to continue to evolve. Consider all that against the idea that the whole software industry is consolidating around us.
DD: It's a myth that companies our size don't innovate. Lots of the work in our new consumer technologies was an organic exercise, as with ePolicy Orchestrator. But, we also have to use the balance sheet and acquisitions because we can. Maybe that looks externally like we don't have to innovate, but we're really doing both and making sure that we augment the strategy. Part of that is around blended shore development - we're moving sustained engineering and quality assurance to offshore locations like India and China.
We've seen many major platform providers make investments in acquiring security technologies. How has this shift changed how you will direct your own companies?
JT: What customers are trying to do when managing access to applications and the ability to share information across the enterprise, both internal and extended, makes it incumbent upon all of us to recognise that securing content is very important.
Many of the platform companies started their lives thinking security was something that slowed down the machine, network access, or their sales. They finally came to the realisation that security is an enabler and not an inhibitor and that they must embrace it. The real question becomes, where do customers think logically about security elements? If you look at what has evolved at Symantec, we have said that it's natural some security technologies will live in the network.
Networks have become fast enough, deep packet inspection technologies have become good enough, and we assume that more of that will occur. And the logical place for companies to do that is with the people providing network equipment, but that's only one place where you have to protect the stream of content. Another is where the users interact at a desktop or server, or where content is being managed at the gateway or applications level.
We're partnering with Cisco, Juniper and Alcatel and license our technologies to them because we'd like to have the scanners we have become more ubiquitous, not less so. Let's move to where the user is interacting with the application, or where the application is managing the digital content. There's also the issue of heterogeneity. Whereas a company such as Microsoft is only focused on Windows, our largest customers still run mainframes, Unix, and have interests with Linux in the applications sphere.
DD: One word describes our differentiation from these [platform] companies: heterogeneity. Large companies want freedom of choice - they don't want to get locked down with Oracle, EMC, or Microsoft who only support their own releases with their security products. Would you trust your security requirements to a single vendor? This goes back to conversations of best-of-breed small vendors versus best-of-breed large vendors, and it is turning into best-of-breed security versus gigantic companies with some security in their strategy.
We bet that the cross-platform approach wins out. To support all is better than just supporting one vendor, whether for storage, the OS, or routers. Cisco is not exactly supporting Juniper anymore.