Rupert Goodwins' Diary
Thursday 12/10/2006
Symantec has spent this week talking about how it's going to grow to a $10bn company on the back of its grandly named Security 2.0 initiative. Well, we'll see. There's much talk of evolving threat landscapes, integrated packages and corporate-wide initiatives, all the sort of things I'd be doing if I was trying to build a $10bn company.
I'm not. And that gives me the freedom to feel profoundly depressed by the whole idea. What Symantec is saying, in effect, is that everyone else's software is flawed to the tune of 10 to the power of nine — and that there's room for growth on top of that.
One thing I find most exciting for the future of security is the use of virtualisation to detect and defeat attacks, with flocks of computers co-operating to analyse, trace and characterise the threats. A virtualised system has the ability to stop and examine itself for unusual changes, no matter how cleverly they try to bury themselves in the operating system: networked systems have the ability to compare notes, to move thread signatures around through peer-to-peer, to combine log results and conduct frighteningly precise analysis on what appeared when and where.
That's a lot of work, and I'm sure you can spot hard problems there just as easily as I can, but you end up with a Net-wide immune system that could be largely self-supporting and actively dangerous to anyone trying to subvert it. How would you feel if, three hours after you released your nastyware, a map somewhere in the CIA had a tapestry of pulsing lines all converging on your point of release?
Threats don't exist in isolation — and neither do the systems that are threatened. But security companies — Symantec isn't, ahem, alone in this — make their money by presenting solutions in isolation. An "evolving threat landscape" is best countered by out-evolving the environment it inhabits, not sticking to a boy-in-the-bubble model.
But if I was trying to grow a company, perhaps I wouldn't be too thrilled by coming up with solutions that were able to look after themselves: what's more important to the shareholders, the cure or the ability to keep selling it? Last year, Symantec decided to unveil its Research Labs, which had precisely one person doing fundamental research and around 50 others doing stuff related to existing products. Still, they promised to hire 10 more this year — some of whom may have joined the solitary headscratcher. It's hard to say: the labs don't have their own Web pages. A quick spin through Google Scholar shows a sprinkling of publications, but for a company flogging itself as a hotbed of advanced innovation it merits a strong could-do-better. For one heading for that sort of turnover on the back of technological excellence, it's an embarrassingly tiny showing.
At least, in a nod to two-point-naughtiness, Symantec has a blog. Well done, Symantec. Admittedly, at the time of writing it seems to be mostly full of product announcements and people complaining that the company's removed functionality from its latest releases without telling anyone — but hey, you don't reach 10 bill without breaking a few eggs.