Category Archives: Symantec

Microsoft’s Free MSE “Good Enough” to Take Consumer Share from Symantec, Others

As Microsoft today releases its free anti-malware suite, Microsoft Security Essentials, the for-pay vendors of competing products are moving the goalposts and repositioning to fight on different turf.

A replacement for Windows Live OneCare, the for-a-fee security suite that was retired at the end of June 2009, Microsoft Security Essentials (MSE) includes anti-malware and anti-rootkit protection. It does not come with a firewall, but Microsoft provides a free firewall with Windows.

Microsoft is positioning MSE as a capable, lightweight anti-virus, anti-spyware program, pointing out that it consumes fewer resources than for-pay anti-malware suites from the likes of McAfee, Symantec and Trend Micro. Microsoft also has positioned MSE as a worthy rival to any of the free anti-malware offerings on the market.

As eWeek notes, the product will be available in eight languages and 19 countries.

Mary-Jo Foley of ZDNet’s All About Microsoft points out that Microsoft is aiming MSE at the consumer market, where many customers are unwilling or unable to pay for security software. She explains that Microsoft representatives believed it was worth offering customers a free product to help thwart security breaches on unprotected Windows PCs that could be used as bots to infect other users’ systems.

The free suite is a client-only offering, with no centralized server capabilities. It does not include the enterprise-class business features associated with Microsoft’s for-pay Forefront security products, which provide not only anti-malware protection but also real-time reputation services, archiving, encryption, disaster recovery, and policy enforcement. Then again, not many consumers require those features.

Predictably, the for-pay anti-malware vendors are attempting to change the rules of engagement. Recognizing that Microsoft is a threat to vaporize revenues they derive from for-pay consumer anti-virus products, these vendors are trying to play on consumers’ fears and on Microsoft’s status as a relative newcomer to the anti-malware space.

Said Con Mallon, EMEA Consumer product marketing director at Symantec:

“The security industry has moved on from the product Microsoft is launching. Unique malware and social engineering fly under the radar of the traditional signature based technology employed by free security tools such as Microsoft’s. . . . “

“We believe the false sense of security provided by this tool is almost as dangerous as having no security at all. The latest generation of internet security is real-time and reputation-based, operating in real-time and not relying on a signature being produced and downloaded before the computer is protected.”

You can almost see the smoke billowing from his ears. Considering some recent anti-malware test results, Symantec might want to hold its fire.

Microsoft’s MSE received plaudits recently from independent testing firm AV-Test GmbH, which evaluated its performance in combating nearly 3,2000 common viruses, bot Trojans, and worms.

Said AV-Test’s Andreas Marx of MSE:

“All files were properly detected and treated by the product. That’s good, as several other [antivirus] scanners are still not able to detect and kill all of these critters yet.”

What’s more, Symantec’s Endpoint Protection failed a recent Virus Bulletin anti-malware test that Microsoft passed using the same AV engine built into MSE.

The fact is, for many consumers, especially in developing markets, what Microsoft is offering with MSE will be sufficient, particularly considering the price. The for-pay vendors of consumer anti-malware suites will lose market share and revenue to Microsoft. It’s not a question of whether they will lose business, but of how much.

Microsoft will continue to charge for its Forefront offerings for enterprise security, and that’s where Symantec, McAfee, and Trend Micro should look to make their stands. In enterprise markets, they will have a better chance to successfully exploit Microsoft’s relative inexperience as a security player.

Rumor Madness: Why Cisco Unlikely to Acquire Symantec

One crazy rumor that hit my radar screen today involves a mooted Cisco acquisition of Symantec.

I can see why Cisco would consider additional security acquisitions to complement its Unified Computing System (UCS) strategy, but Symantec isn’t the most logical target.

Let’s consider the valuation first. As security players go, Symantec is a big one. Cisco traditionally has eschewed large acquisitions, instead favoring smaller purchases of companies and technologies that can be seamlessly integrated into the Cisco operational machine and quickly monetized in the field.

Symantec would be a bear of an acquisition for Cisco to integrate and assimilate. If Cisco’s past comportment in these matters is an indication of future behavior, it will steer clear of potential disruptions and drawbacks associated with an unwieldy acquisition.

Seeking to refute that argument, some will point to Cisco’s sizeable acquisition of Scientific Atlanta. That was an exception to the rule, and an interesting one at that.

Cisco thought it essential to enter the set-top box market, where there weren’t many pure-play leaders, and none located in Silicon Valley. By process of elimination, Scientific Atlanta was the only strategic option that made sense under the circumstances. One alternative for Cisco involved buying all or part of Motorola. That would have been an act of corporate masochism.

Symantec, even after its misadventures and missteps in recent years, has a market valuation of more than $12 billion. McAfee, which has been getting the better of Symantec lately in the enterprise space and has been aggressively pushing a comprehensive security vision for cloud computing, is valued at just more than $6 billion. I’m not saying Cisco would go into its bank vault for either company, but McAfee would be easier to digest if Cisco determined that it had to make the move.

While Cisco would have product overlaps with McAfee or Symantec, the latter has significant parts of its business — such as Veritas’ storage management — that Cisco would be inclined to perceive as more liability, or irrelevance, than asset.

At some point, Symantec might cease to be an independent company. Network security appears destined for distributed integration into the cloud-computing fabric and into enterprise infrastructure. That said, I don’t see Cisco as Symantec’s buyer.

ConSentry Latest NAC Vendor to Close Shop

ConSentry Networks, a pioneer in network-access control (NAC) switching, is closing its doors.

Founded in 2003, ConSentry raised lifetime funding of approximately $80.4 million, borrowed in five installments, roughly one per year. Its final funding round, announced in January of this year, was for approximately $9.4 million and came from existing investors.

During the course of its existence, ConSentry was financially backed by some prominent Silicon Valley VCs, including Accel Partners (one of Accel’s partners became ConSentry’s CEO for a brief period) and Sequoia Capital.

Network Access Control, sometimes referred to as Network Admission Control — which fortunately resolves into the same acronym — is a market that has failed to deliver on its hype and promise. For a long time, it was billed as the next major wave in enterprise security.

To date, though, it has fallen well short of becoming a $1-billion market. Gartner reported that the NAC market grew 51 percent in 2008, but was worth just $221 million. That’s not enough to support dozens of players, including many established, brand-name vendors who tend to capture their fair share of NAC from within their broader installed bases of customers.

In that respect, ConSentry is not alone in failing to survive the economic downturn and the natural consolidation of the marketplace. All technology markets consolidate as they mature — with the marketplace eventually selecting winners and losers — and they consolidate faster during economic downturns. Consolidation is heightened further if it occurs in a market segment that isn’t living up to commercial expectations.

A few of ConSentry’s former rivals had closed their doors previously, and others have been acquired by bigger players.

In general, whatever spoils the NAC market has yielded have gone to the leading network-infrastructure players (Cisco, Juniper, HP ProCurve, etc.), who’ve built or bought their own NAC capabilities, and to the vendors who own security real estate on computing end points. Those vendors include Symantec, McAfee, Sophos, and, increasingly, Microsoft.

Each time the market’s music stops, signaling that another vendor must leave the party, fewer chairs are available at the table. Some of those chairs are permanently reserved for
the major players
. Less and less room is available for standalone NAC switch or appliance vendors, even if they’ve attempted to tailor their value proposition toward providing security intelligence to the network infrastructure or endpoints belonging to the big guys.

Some observers still claim the “Year of NAC” will come, but it won’t arrive soon enough for ConSentry and others.

eWeek Would Like to See Security Acquisitions

eWeek has compiled a slide-show list of security acquisitions it would like to see happen.

The list, according to eWeek, was assembled without regard to acquisition rumors, Instead, eWeek put together the list on the basis of product portfolios and competitive positioning.

All the scenarios eWeek puts forward are plausible, and you’ll notice that one — an HP acquisition of McAfee — has been and remains a focus of rumors and speculation.

Microsoft’s Anti-Malware Passes Test that Symantec Fails

For a long time now, anti-malware vendors have pondered the possibility that Microsoft eventually would release a free Windows-based security suite that would prove effective enough to kill off or seriously enfeeble the paid-for products of security stalwarts.

Until now, vendors of anti-malware consumer products have debunked the idea. Symantec, in particular, suggested that Microsoft would never get it right or would leave enough gaps for competing revenue-generating anti-malware products to remain commercially viable.

It might be time for Symantec to revisit those assumptions.

Virus Bulletin has published its latest evaluation of anti-malware offerings. The results are good news for some, including Microsoft, and bad news for others, including Symantec.

First, a little about the Virus Bulletin methodology, as channeled by Ars Technica:

Virus Bulletin (VB) conducted its latest test in July, posting the results this month. The security research company evaluated 35 anti-malware products for the 32-bit version of Windows Vista SP2 Business. The basic requirements for a product passing the test is detecting, both on demand and on access, in its default settings, all malware known to be “In the Wild” at the time of the review, and not detecting any false positives when scanning a set of clean files. The products were pitted against about 3,000 unique samples of malware that fall into four categories: WildList viruses, Worms and bots, Polymorphic viruses, and Trojans.

You can see the list of products that passed and failed at Ars Technica, which also links to Virus Bulletin, where subscribers can peruse the actual report. I just want to note that most of the major security vendors passed the test, including McAfee, Sophos, F-Secure, Kaspersky, and the like.

Microsoft’s Forefront Client Security was also among those accorded a passing grade. That rates as a significant development.

Also significant is that Symantec’s Endpoint Protection failed. As Ars Technica reported:

Symantec’s failure is particularly unacceptable as the security giant is often talked up as the top dog in the market. Microsoft’s success with its Forefront product is promising not only for business users, but for consumers as well, given that the upcoming Microsoft Security Essentials product is closely tied to it.

Well said, but let’s consider the commercial implications. Microsoft security-product marketers will be all over this news, while Symantec marketers will be running in the opposite direction.

It’s one thing to sell anti-malware when you can make a case that freeware doesn’t perform as well as your for-pay products. But what happens when that’s no longer true? What happens when Microsoft Security Essentials, which will cost consumers nothing, can do as good a job at securing Windows-based PCs as can a decidedly more expensive offering from Symantec?

At the point, what happens is a sea change in the marketplace.

At least Symantec still has its enterprise and SMB markets to provide comfort and joy. Unfortunately, it’s losing ground in those markets, too.

Symantec and McAfee: One is Going the Wrong Way

In comparing and contrasting their latest quarterly results and earnings forecasts, we find McAfee and Symantec on divergent paths.

McAfee, the smaller of the two security-software stalwarts, is on the better path, going from relative strength to strength and gaining market share on Symantec in enterprise markets, small- and medium-business accounts, and the consumer space.

This isn’t a new development. McAfee has been getting its act together for a while now, whereas Symantec cannot seem to recover from its ill-advised acquisition of Veritas back in 2005. The legacy that former Symantec CEO John Thompason left behind has been more albatross than soaring eagle.

Current Symantec CEO Enrique Salem, who’s been in the security industry a great many years in a number of high-profile roles, probably wishes he could have a do-over. Unfortunately for him, he and his executive team will have to find a way to get an unfocused, unwieldy, and fractious company back on track. He’ll require a large measure of good fortune as well as skill and diplomacy.

The wheels seem to be falling off at Symantec, and the problems cannot all be blamed on a moribund macroeconomy. McAfee is not experiencing the same degree of pain that Symantec is suffering. In every market where the two companies compete head to head, McAfee is getting the better of its larger rival.

Symantec’s losses in enterprise and small- and medium-size businesses (SMBs) are especially troubling. That’s where the company, with its product portfolio, should compete effectively, where it soup-to-nuts security offerings should be packaged and sold as end-to-end solutions. But it’s not happening, and Symantec is failing to get customers to sign long-term licensing deals. Again, McAfee is having more success on that front.

Nobody, especially investors, likes to see one-year deals instead of three-year pacts, and Symantec has a lot of them. When these are reviewed a year from now, they might not be renewed. They could go elsewhere. That customers are willing to make only tentative commitments should concern all Symantec stakeholders. The revenue declines the company has been experiencing have been bad, but they could get worse.

Meanwhile, though Symantec has improved its consumer offerings, that’s not a market for the faint of heart. Freeware and “cheapware” — from a host of vendors, including Microsoft, which finally is owning up to its security obligators to consumers — are thinning already pressured margins. So, even though the consumer space is an area where the company’s fortune are ebbing less distressingly than elsewhere, that situation is likely to worsen with time.

Has Symantec entered desperate times?

You know what they say about desperate times. They call for desperate measures. At some point, perhaps sooner rather than later, Salem might give serious consideration to throwing off the distracting boat anchor of Veritas and the detritus it has accumulated since that dubious acquisition.

Microsoft: Nearly 50% of PC Users Don’t Run AV Software

In a PC Advisor UK story that also has been published on the InfoWorld website, we learn that Microsoft is preparing to make available free anti-virus software online.

This move has been a long time coming, but it’s still significant. If Microsoft does a good job with the software, code-named Morro, anti-virus software vendors such as Symantec, McAfee, and Trend Micro, among others, could suffer losses in market share and revenue relating to their not-free products and services.

In making the case that it must offer free anti-virus software, Microsoft cites increasing PC adoption in developing markets such as China, India, and Brazil, where fewer PCs are protected by anti-malware software and therefore are more exposed to online security threats.

Incredibly (at least to this observer), Microsoft says that a large percentage of PCs users do not have anti-virus software running on their systems. To wit:

The company said at the time that Morro would help encourage more people to take anti-virus seriously, claiming nearly 50 percent of Windows users don’t have an anti-virus tool installed on their PC.

That’s a shockingly high percentage of unprotected Windows users. I realize AV isn’t the cure to the world’s online ills, but it’s a modest security precaution that all PC users should be willing to make.

I’m all for free anti-virus software. I think Microsoft should have protected its users from abuse right from the outset of the networked-PC era.

As the vendor of a hugely popular operating system, Microsoft has an ethical obligation to protect its customers from abuses that exploit inherent vulnerabilities and weaknesses of its product.

Symantec’s Thompson Holds Forth on DLP, Cisco, McAfee, Microsoft

Symantec chairman and CEO John Thompson granted an interview earlier this week to InfoWorld. I found a few of his comments noteworthy.

Let’s look at them, one by one.

Network World: Cisco just announced a partnership with EMC’s RSA division to make use of the data-loss prevention technology based on Tablus, a company RSA acquired last year. Any comment on that?

John Thompson: It’s a little bit ironic. Cisco had a wonderful and profitable relationship with [data-loss prevention vendor] Vontu before we bought them. Cisco was a Vontu reseller. It shows Cisco would rather work with anyone other than Symantec. Cisco has a philosophical point of view that if you compete with me, you can’t partner with me.

That’s not true. Cisco has a complicated relationship with Microsoft, for example, in which the two companies both cooperate and compete against each other in various markets. Increasingly, Cisco’s relationship with Microsoft is a competitive one, but there remain areas where Cisco is more than willing to partner with the software giant. That’s because Cisco, in certain markets, cannot afford not to partner with Microsoft. There is no alternative, and the relationship is purely one of practical necessity.

As for Symantec, Cisco obviously does not feel the same need. Put simply, Cisco doesn’t need to cooperate with Symantec in the DLP space.

NW: What’s Symantec doing with Vontu, which it acquired last December?

JT: The DLP technology Vontu brings to a company specifically makes policy-based decisions about information flowing over a network, an area important to highly regulated financial services, health care providers, or the merger and acquisition transactions at a company. The Vontu acquisition was important for us since we will now integrate that policy engine into the storage and network tier in what Symantec researchers internally are calling Project Huggie.

Project Huggie? Do the researchers at Symantec say that with a straight face? I can’t even force myself to type it again, though I realize it is an important mashup of Veritas and Vontu technologies, the fruits of Symantec’s two most important recent acquisitions.

NW: What do you think of McAfee, often viewed as your rival?

JT: It’s a nice little company and they do a nice job. The industry needs competition. But we don’t see their portfolio as competing directly with ours. We help customers manage their infrastructures better.

Could Thompson have been more condescending toward Symantec’s smaller rival? Answer: No.

NW: What about Microsoft’s entry into anti-virus about two years ago?

JT: It’s been much ado about nothing. Their results have been fairly abysmal, although Microsoft has done a lot to make Vista a secure operating system. Customers like the concept of diversity. Products like McAfee, Sophos, Panda, and more serve as part of the ecosystem.

I don’t know whether I agree that Microsoft’s results have been abysmal in data security, but I concede that the company should have performed much better than it has done. Data security on and for the Windows enterprise environment is an area where Microsoft can and should dominate. The company must execute better. Secretly, Thompson is thanking the heavens that Microsoft has failed to get its act together.

DLP Vendors Try to Lower Customer Expectations

It’s interesting to see how the major vendors of data-loss prevention (DLP) security offerings are trying to lower customer expectations relating to the capabilities and business value of their products.

Aggressive marketing, particularly for data-security products, is a double-edged sword. Hyperbolic marketing can help vendors attract customers, but those customers become disaffected when they discover that the products they bought, often at great cost, are not a panacea that prevents all instances of abuse or loss of sensitive information.

DLP vendors, such as Symantec, are trying to recast the discourse with customers, arguing that preventing the accidental or intentional loss of 80 percent to 90 percent of sensitive data is better than stopping none. That assertion is true, of course, but it would have been better for all involved if the vendors had been more realistic in marketing their wares at the outset.

At Long Last, Symantec Pulls Trigger on Vontu Acquisition

Readers of this blog know that I’ve long foretold the acquisition of Vontu by Symantec. It finally happened.

My expectation was that it would have occurred earlier, but it’s entirely logical that the deal has been consummated, even if belatedly. There are well-grounded business reasons for this move by Symantec, though some observers will debate whether Symantec overpaid for its latest security jewel.

Symantec Could Announce Vontu Acquisition Tomorrow

Unless the deal has fallen through over valuation, it’s increasingly likely that Symantec will announce its long-rumored acquisition of data-leakage prevention specialist Vontu tomorrow.

Symantec is slated to hold its second-quarter earnings conference call at the close of stock trading tomorrow. That would be as good at time as any to spring the news of its Vontu acquisition on the world.

Not many observers would be surprised. Rumors are premature reports of an acquisition announcement have been prolific during the past week or so, with several technology-related publications and websites taking positions on when the deal would go down.

Readers of this site — yes, all two of you — might recall that I mentioned talk of a Symantec acquisition of Vontu last year. The companies have been getting closer, technologically and otherwise, for some time. Symantec might have made this deal earlier, but it balked at the asking price Vontu and its agents had demanded.

Apparently things have changed. Recent reports have suggested that Symantec will pay up to $350 million for the privately held Vontu, which is said to have revenues of about $30 million.

Perhaps the ongoing consolidation in the space gave Symantec some buyer’s leverage.

Startup Uses Receiver Reputation to Combat Spam

I can see receiver reputation emerging as a new front in spam mitigation, but I wonder about whether false positives would limit its adoption in large companies and in certain industries.

While there’s nothing in the article that says so, you’d have to think the executives who run this company have filed the relevant patents. It will be interesting to see how major anti-spam players — Symantec, Cisco, McAfee, and Secure Computing — respond if this approach proves effective.