Symantec likes to point out how much bigger it is than competitors like McAfee, which at $1.6 billion in annual revenue is about a quarter of Symantec's size. But it also has come to recognize that bigness has its downsides, such as confusion that can stem from having too many products.
“The big change for us is that if you talked to me 6 or 9 months ago I'd have talked about literally over 100 products we have at Symantec from a security perspective, but going forward we'll just talk about four as we focus our investment,” says Francis deSouza, senior vice president of Symantec's Enterprise Security Group (smaller than Symantec's $2 billion consumer security group, but close to $2 billion, while the rest of Symantec's revenue comes from more storage/archiving/information management-related business).
Those four product areas: protection suites that include endpoint security; data loss prevention; compliance and policies; and systems management (Altiris products).
Symantec's deSouza says the company is simplifying its approach as customers face a more complex mix of threats, including viruses, botnets and insider threats, across a broader surface area that includes mobile devices and cloud environments. To emphasize how scary things are out there, he pointed out that Symantec issued more antivirus signatures last year than in its 17 previous years combined and that organized crime is behind 90% of data breaches now.
“The criminals are brazen,” deSouza said. “They're not hiding which countries the threats are coming from yet.”
Symantec has even identified a common anatomy of organized attacks, which largely take place via targeted emails/spam, poorly protected Web-facing infrastructure and poorly written Web-facing applications. The attackers break in, perform a discovery of networked assets, put a value on the data available and then take what they want.
“Most companies have no idea they're even under attack,” said deSouza, who joined the company in 2006 when it bought IMLogic, a company he founded and led.
One reason for this shortcoming is that companies have various security systems in place that don't necessarily talk to each other well enough to give security teams a big picture view of what's going on. Symantec will be pushing security information management technology to address this, deSouza said. New on this front is the ability to feed into a SIM system from a global intelligence network, he said.
While SIM offerings have been around for years now, deSouza says there is evidence that customers are buying into the technology in a big way and noted that its 2007 Vontu acquisition has exceeded expectations. He also pointed to the financial performance of ArcSight, a publicly-traded security management specialist that saw 34% year-over-year growth for its fiscal year ended in April.
DeSouza also singled out DLP as a growth opportunity. Though he once thought DLP might be relegated to a feature of other security products, he said it has emerged as its own entity. One reason for this is that the people who tend to deal with compliance and data leakage issues within companies tend to be separate from those handling antivirus and other more traditional security detail.
One area Symantec does not plan to attack is pure network security, even though rival McAfee does. With Cisco, Juniper and Check Point already controlling the market, deSouza says Symantec's prospects wouldn't be good. “Our corporate strategy is to be #1 in the categories we compete in,” he said, noting that Symantec has chosen to limit its participation in this market segment to partnering with HP, Microsoft and others.