X
Tech

Symantec: Your one stop security shop?

CEO John Thompson is counting on the company's new solution--Symantec Security Manager--to deliver credibility in the enterprise, but he also understands that success will depend on more than product strategy.
Written by Dan Farber, Inactive

You could say that Symantec is in an enviable position. In an era of escalating cybersecurity threats, the company has the leading anti-virus product and more than 100 million customers around the world.

But the company has gained much of its success in delivering anti-virus solutions to consumers and businesses. In my interview with Symantec CEO John Thompson, he discussed plans to extend the company's success deeper into the enterprise security sector.
Based on moves since Thompson arrived on the scene in 1999, it appears that the company is on the right track.
Over the last few years the 28-year IBM veteran-who was deeply involved in IBM's acquisition of Lotus--has been on a buying binge. Within the last year, Symantec has acquired five companies to broaden the product portfolio of enterprise security products.
For example, the company acquired Riptech and Recourse Technologies in August, bringing intrusion detection and security monitoring and management technology into the fold.
In addition, the company also saw enterprise product sales grow 35 percent in the last quarter. And this week the company introduced a new, modular enterprise security management solution, Symantec Security Manager.
But Thompson and team face two major challenges. First, growth through acquisition could result in a hodgepodge of products that are neither best of breed nor well integrated into a comprehensive security platform.
Thompson views the breadth of security products that Symantec offers as a major advantage over competitors. But many companies have taken a best of breed approach in purchasing security software and hardware. They want the top ranked firewall, intrusion detection and managed security service because they are more apt to deliver the desired ROI.
Symantec does have some best of breed products, such as its anti-virus solutions and host-based intrusion detection, but convincing enterprises today to procure a single-vendor solution is like asking someone to bet all their money on a single stock in a volatile market. Most IT buyers are skeptical, with good reason, of companies that claim to have expertise and superior technology in every facet of security.
However, as Thompson points out in our interview, security solutions are likely to take the same shape as network management, ERP and the desktop applications over time. All of those product categories started out with numerous niche vendors offering best of breed products that pioneered the market. But as the market matured only a few players were left standing, rolling the various components into comprehensive, integrated solutions that fundamentally reduced the complexity, and sometimes the cost. In my view, that level of maturation, and market consolidation, is several years away.
For Symantec to become more essential in security categories besides anti-virus, it needs to first show that its solutions are truly competitive, if not best of breed. The management of those products through an integration layer should make ease of use a priority, reducing the complexity of creating reports and managing the security infrastructure.
For smaller- and medium-sized business without huge budgets or staff for security management, a single-vendor, integrated solution is likely a cost-effective option given the need for multiple, integrated layers of security and ease of use concerns.
For larger enterprises, however, the second challenge for Symantec comes into play. Larger enterprises typically have more complex requirements and multi-vendor environments. They are not looking for Symantec, Cisco, IBM or anyone else to deliver the grand ultimate security solution-at least, not yet. But they need a way to manage all of the security inputs and outputs from a single console.
Thompson hopes that the Symantec Security Manager will at least establish the company's credibility in the critical security management layer. According to Thompson, the Symantec Security Manager correlates events, translates them into incidents, and triggers the appropriate responses. Most importantly, the management console is vendor-neutral, with facilities to relay data to network management systems such as Tivoli Enterprise and data collection from third-party vendors like Network Associates, Internet Security Systems and Check Point Software.
Thompson is not alone in seeing integrated security management as a critical need. Nortel Networks, Cisco and Check Point Software have all individually pledged to better integrate their own products and to provide central management, integrated reporting and single-step updating.
Will Symantec succeed in becoming a major enterprise player beyond anti-virus? My bet is Symantec will be one of the players left standing, and not just because of its product strategy. When I asked Thompson what he viewed as the number one security issue, he said "awareness." If I had gotten a deep, technical answer, I would have been far more skeptical of the company's chances.
Making individuals, companies and nations more secure is not just a technical problem. At least half the battle is making people aware of best practices and practical solutions that reduce risk and the complexity of managing the risk.

Editorial standards