Security titans intensify rivalry

Network Associates and Symantec long to be more than anti-virus vendors. The rivals want to be one-stop security shops where businesses buy everything from intrusion prevention to spam control to firewalls. Each has invested a small fortune in pursuit of this goal, yet sweeping success is guaranteed for neither.

How the proliferation of viruses and worms helps anti-virus vendors’ bottom lines.

Each has invested a small fortune in pursuit of this goal, yet sweeping success is guaranteed for neither.

Since CEO John Thompson took the helm four years ago, Symantec has parlayed its strength selling consumer anti-virus software into a string of acquisitions that began with firewall and vulnerability-assessment firm Axent Technologies and ended most recently with the purchase of anti-spam market leader Brightmail.

Over that same period of time, Network Associates – which as early as next month will be renamed McAfee, its anti-virus moniker – also spent hundreds of millions of dollars buying up firms: Trusted Information Systems (TIS), PGP, IntruVert and Entercept. It also sold off its Sniffer protocol-analysis tools and Magic help desk units in what CEO George Samenuk says is a bid to focus solely on security.

However, becoming a full-service security company takes more than an acquisitive streak and deep pockets.

“We want to be more than just an anti-virus company,” says Allyson Seelinger, Symantec’s vice president of global channels, sales and strategy. Symantec still struggles to dispel the notion that it’s somehow not a full-fledged security vendor, she says.

Symantec’s product line has grown beyond anti-virus. But customers and sales channel partners – Symantec sells virtually everything through region-specific value-added resellers and systems integrators – still typecast Symantec as an anti-virus vendor.

For Network Associates – which also will be reliant on sales channel partners after it sells Sniffer – the perception is not much different.

“In anti-virus and understanding major exploits, they’re good,” says Rodney Madkins, security administrator at Arkansas Children’s Hospital in Little Rock. “But I wouldn’t necessarily think of Network Associates as a security vendor in a larger sense.”

In areas such as vulnerability-assessment tools, firewalls and encryption, for example, Network Associates has no products. The company dropped these types of security wares after it bought firms that made them – PGP for encryption products, TIS for its Gauntlet firewall – but found it couldn’t gain market share.

Nevertheless, anti-virus software remains a cash cow for both companies.

Symantec posted record revenue of $1.8 billion for fiscal 2003, a 33% increase over the previous year, and net income of $371 million. Network Associates anticipates a revenue decline this year to about $800 million from last year’s $933 million – because of the sale of the Magic and Sniffer businesses, it says. The company last year posted earnings of $67 million; it has not released anticipated fiscal 2004 earnings.

For both rivals, anti-virus remains the means to get their foot in the door of security managers.

Network Associates and Symantec each hold about 25% of the $2 billion corporate anti-virus market, according to IDC. A major competitor to both is Trend Micro, the third-ranked company with about a 15% market share. Trend Micro was the first to offer server-based software in 1997 and has kept a loyal customer following on its e-mail, file and Internet gateway products.

Industry analysts say Trend Micro’s reputation on the server and gateway is well deserved.

“It has always had the highest-performing platforms,” says Gartner analyst John Pescatore. That has made Trend Micro’s presence a force on the server side.

Despite pushing into the battleground of anti-spam software, Trend Micro has no ambition to be an all things to all people security vendor. Instead, it prefers to partner with others as an anti-virus vendor. That philosophy was one of the main reasons Cisco chose Trend Micro to provide it with worm- and virus-blocking technologies for Cisco’s line of routers, switches and firewalls.

But the urge to expand might be hard to resist. Increasingly, virus filtering is seen by customers and vendors as just a part of content filtering. This would include stopping spam, spyware, plus controls for blocking access to Web sites or sending unauthorized documents. Customers would like to see it all in one appliance if only to simplify management. Symantec offers McAfee’s WebShield and its own Secure Gateway. Network Associates added intrusion-prevention and spyware features to its anti-virus software package.

Despite their broad aspirations, neither Symantec nor Network Associates has developed much security-related core technology on their own outside of anti-virus. Symantec is poised to replace its anti-spam technology for what it gets with the Brightmail acquisition. Network Associates, which bought anti-spam firm Deersoft last year, preferred Deersoft’s technology to its in-house SpamKiller.

Though they have deep pockets from anti-virus sales to buy their way into new areas of security, both companies sometimes have found it an uphill battle to turn the dynamic start-ups they acquire into money-making product lines.

Symantec bought Recourse Technologies for intrusion-detection systems, RipTech for managed security services, SecurityFocus for threat-management information, and Mountain Wave for security information management software.

Network Associates bought Entercept Security Technologies for host-based intrusion-prevention system and IntruVert for network-based IPS.

But selling those acquired companies’ products is different – and apparently a lot harder – than selling anti-virus software, which Gartner calls a commodity.

“Desktop anti-virus is a volume play,” said Kevin Weiss, Network Associates executive vice president of sales, during the company’s recent analyst day in New York. “It’s relatively easy to sell since many desktop anti-virus products are similar.”

He said the more sophisticated host- and network-based IPSs require more training and knowledge. Selling complex security gear through sales channels and resellers can be hard.

“IntruShield is down,” Network Associates’ Samenuk said about sales of the intrusion-prevention appliance during a conference call with Wall Street investors in April.

Echoing similar sentiments in his call the same week with Wall Street, Thompson noted about the Symantec Recourse product line, “This is a tough, tough market.”

Such is not the case with consumer anti-virus, which according to IDC is about a $1 billion market. Thompson predicts overall revenue, 43% of which today are based on consumer purchases, will reach $2.35 billion in 2005.

“Anti-virus is the cornerstone of our business,” says Steve Cullen, senior vice president for security products and solutions at Symantec. “The consumer business does fuel growth for the enterprise success.”

Though a distant second, Network Associates is determined to expand further into the consumer market, and is finding momentum through marketing arrangements launched with ISPs such as AOL, MSN, Comcast, Cox Communications, Telefonica and Telstra.

“It’s fundamental to our business,” says Bill Kerrigan, senior vice president at McAfee. “Partnerships account for 75% of new subscriptions.” The first quarter this year McAfee recorded 860,000 new subscribers on the consumer side, “our largest quarter ever,” Kerrigan says.

Security aspirations

Deals that closed this year highlight Symantec’s aspirations as a security vendor. The company bought ON Technology for $100 million for its systems management products and PowerQuest for $150 million for its imaging, provisioning and storage management offerings. The goal is not to just continue selling these product lines, but to integrate patch-management, provisioning and storage technologies it acquired through the deals into innovative security offerings.

“It’s integrating security, systems and storage management with Symantec Threat Management,” says Don Kleinschnitz, vice president of product delivery.

Whenever Symantec’s Security Response group pinpoints a new threat such as a worm, during the period of vulnerability before a virus or filtering update is available, a security alert would trigger a storage backup to preserve machine data, Kleinschnitz says. ON Technology’s iPatch and On Command asset management gives Symantec a way to be more involved in the patching process to “add signatures for defense,” he says.

Symantec says it plans to unveil integrated products to accomplish these kinds of goals later this year. However, integrated security based on automated processes has found limited acceptance so far because many organizations remain more comfortable with manual response. Network Associates found that out the hard way a few years ago with its Active Security effort, which flopped.

As far the future, Network Associates has just committed to a re-organization that the company acknowledges is risky.

Samenuk said in his April conference call with Wall Street analysts that the company might encounter business disruptions from the sale of the Sniffer division, in which about 500 employees are expected to exit this summer to the newly formed Network General. (The name of the new company is based on the name of the company that originally sold Sniffer.)

“We expect some dislocation in the sales force,” Samenuk said. That’s because the same salespeople in the larger enterprise accounts are selling Sniffer and Network Associates’ other security products.

After the sale of Sniffer is complete, which could come by the end of the month, Network Associates will change its name to McAfee.

“My impression is [the company is] going back to the future,” says SG Cowen analyst Peter Kuper. Network Associates’ course has been somewhat erratic over the years, he says, but the makeover envisioned for later this year is an attempt to “start over.”

Network Associates is embarking on a cost-cutting effort that will include reducing business locations from 10 to four over the next six months and outsourcing research and development to India.

Symantec, Network Associates and Trend Micro – as well as Sophos, F-Secure and other anti-virus companies – say they see potential for growth in the small and midsize business (SMB) segment.

For instance, Network Associates has released a handful of new SMB products, including the McAfee ProtectionPilot 1.0 anti-virus management console, that are easier to use than ePolicy Orchestrator, which is favored by large corporations.

Though the major anti-virus vendors compete fiercely among themselves, the shadow of Microsoft – which bought the Romanian anti-virus firm GeCAD last year – hangs over all of them. All have to maintain close ties with Microsoft to build products that run with its products.

Gartner’s Pescatore says he doesn’t see Microsoft entering the anti-virus market before the Longhorn timeframe in 2007, but he added the anti-virus vendors “should fear Microsoft’s Adaptive Protection technology, which should ship by the end of 2005.”

While it’s not likely to eliminate the need for anti-virus software, “it will greatly reduce the price enterprises are willing to pay for purely reactive signature-based anti-virus,” Pescatore says.