Category Archives: Symantec

Network World on Challenges Facing Security Vendors in China

An interesting article appears in Network World today regarding the challenges security-software vendors confront in trying to crack the Chinese market.

The obstacles are manifold, including product-localization issues, finding the right distribution channels, and product pricing.

Regarding product localization, China has not only its own language and dialects, but also its own unique types of malware. To address that challenge, McAfee has hired a research team to develop defenses against exploits that target popular Chinese applications.

Similarly, the channels through which Chinese buyers, particularly consumers, obtain security software are different from those preferred by Westerners. Whereas Americans and Europeans often adopt the anti-malware software that comes bundled on PCs, Chinese consumers prefer to download their own security software or to use online virus-scanning services. They also favor anti-malware subscriptions from Internet service providers.

Last but certainly not least, Chinese consumers of security software favor low-priced offerings, which come primarily from home-grown vendors such as Rising, Kingsoft, and Jiangmin. Western vendors of security software are among China’s consumer-market leaders measured in sales revenue, according to Gartner numbers cited in the article, but they lag in unit-volume market share and find themselves under pricing pressure.

The unique challenges of the Chinese market are worth bearing in mind as one attempts to grapple with how quickly, and how effectively, security-software vendors can increase sales in that part of the world.

Cisco Extends Security Portfolio with ScanSafe Acquisition

Cisco announced the acquisition of hosted-security vendor ScanSafe today. To acquire ScanSafe, Cisco will part with $183 million in cash and retention-based incentives. If all goes according to plan, the deal will close in Cisco’s fiscal second quarter of 2010, which equates to the calendar year’s first quarter.

Based in London and San Francisco, ScanSafe is a market leader in software-as-a-service (SaaS) Web security, serving customers that span small- and mid-size organizations as well as large enterprises. Among ScanSafe’s customers are Google, AT&T, and Sprint.

ScanSafe’s competitors include Blue Coat, Websense, Symantec, McAfee, Kaspersky, Purewire (now part of Barracuda), and Zscaler. According to market research from IDC, ScanSafe held more than 30 percent of the worldwide SaaS web security market, on a revenue basis, in 2008.

In a press release announcing the acquisition, Cisco said web security will be a $2.3 billon market by 2012. Presuming Cisco can expand upon and extend ScanSafe’s market presence, the networking giant looks well placed to see a return on its investment before long.

Cisco foresees ScanSafe meshing well with its IronPort on-premise content-security appliances. With the IronPort web-security appliances and ScanSafe’s web-based security services, Cisco’s security portfolio encompasses either premise or hosted security as well as a hybrid approach combining both.

When the acquisition closes, Scan Safe will be subsumed within Cisco’s Security Technology Business Unit (STBU).

Digital River to Survive Surprise Symantec Defection

When Symantec informed Digital River, a manager of online storefronts for more than 40,000 companies, that it would no longer be needing its services, Digital River’s shares took a precipitous plunge of as much as 41 percent yesterday.

It was the sharpest drop the company’s shares had taken in seven and a half years — the sort of seven-year itch no public company wishes to experience.

As is often the case, however, the market seems to have overreacted. Even though Symantec was Digital River’s largest customer, accounting for 30 percent of sales in the quarter ended June 30 compared with 33.7 percent in the same period a year earlier, the spurned company will endure, perhaps even prosper.

Digital River has plenty of other customers, and it seems to be cultivating a robust consumer-electronics niche. Symantec’s defection hurts Digital River, but it isn’t fatal. The Symantec-related share of Digital River’s overall revenue and earnings has been declining, and the company has been looking to lessen its reliance on the security-software vendor. It will have to scramble to expedite the necessary repositioning, but Digital River will find healthy and growing substitutes for Symantec’s business.

Many observers were shocked that the Symantec defection caught Digital River, not to mention practically all the market analysts that follow both companies, completely by surprise.

Said Digital River CEO Joel Ronning:

“Until last Friday, we had no notification Symantec was developing their own internal system . . . . (At a meeting Friday, Symantec) “informed us they recently completed a multiyear effort to develop an internal solution for these services.”

Symantec CFO James Beer said on a conference call that the eCommerce business through Digital River accounted for about 36% of Symantec’s consumer revenue for the fiscal year ended in April. He believed Symantec’s net consumer revenue will now increase because it won’t be paying fees to Digital River, though he noted operating expenses will rise because Symantec will incur the cost of running its own online-sales platform.

It seems an odd move. One would think that the outsourced approach would be less costly, all things considered, than an internal solution, which will require ongoing maintenance and support. There’s also the risk that the transition won’t go that smoothly. It could be an instance where Symantec is penny wise and pound foolish.

It’s possible other factors were behind the move, but it’s too early to offer an educated guess as to what those might be.

Strategic Alliance between McAfee and Verizon Business Aims for the Clouds

The phrase “strategic alliance” is abused, cheapened, and trivialized through rampant overuse in the information-technology industry. Occasionally, however, a strategic alliance warrants the designation.

Take, for example, the strategic alliance announced today by McAfee and Verizon Business. This is an extensive, far-ranging partnership, bringing together each company’s respective strengths today and extending them ambitiously into the future.

The highlight of the partnership is the companies’ commitment to jointly develop and market a suite of next-generation, cloud-based, managed-security solutions for enterprise and government customers. If this initiative is executed well and brought to fruition, it has the potential not only of being lucrative for McAfee and Verizon, but also of providing a secure foundation for the widespread adoption and proliferation of enterprise-class cloud computing.

But the announcement wasn’t just about the future. A range of initiatives and services are available immediately.

As of now, for example, Verizon Business will offer its customers McAfee’s full range of enterprise security solutions. The McAfee offerings will broaden the choice of security solutions available to Verizon Business’ customers while helping McAfee expand its distribution channel. That’s a double-edged sword, of course, because there is no question Verizon Business will compete against, and often overwhelm, preexisting McAfee channel partners.

Verizon Business also will offer McAfee’s PCI (Payment Card Industry) compliance services to banks and other organizations that support merchants that handle fewer than 20,000 e-commerce transactions or up to one million credit card transactions annually. It’s potentially a big market, encompassing a group of retailers that accounts for nearly a third of all credit-card transactions.

McAfee and its customers also will gain access to Verizon Business’ network of 1,200 security professionals, providing a lot of feet on the street capable of designing, implementing, and integrating security solutions.

Another interesting aspect to the relationship is Verizon Business’ commitment to provide data-center outsourcing services to McAfee. Verizon Business will help McAfee consolidate its data centers, enabling the latter to improve round-the-clock management of its web-hosting operations and set the stage for rollout of cloud-based security services.

Speaking of which, the cloud-based security services will be managed and operated by Verizon Business. The services will include McAfee security technologies such as firewalls, intrusion prevention services, anti-malware, content control, and SSL VPNs.

A McAfee spokesperson said some of the cloud-based security services are being used now by a small number of customers, but that wider availability is scheduled for mid 2010. That availability will span North America, South America, Europe, and the Asia-Pacific region.

From top to bottom, the partnership is a major breakthrough for McAfee. It will result in some friction with channel partners, but the upside for McAfee more than compensates for the diplomatic overtime its field representatives will have to endure.

It’s a good deal for Verizon Business, too, enabling it to extend its push into managed services. The partnership also allows Verizon to establish a credible security foundation for cloud-based application services, which have understandable appeal to service providers with prodigious hosting facilities.

The partnership stands as a testament to the technology and thought leadership McAfee has established in framing its vision for cloud security. It got out ahead of the curve — and ahead of its competitors — in staking those claims.

Having that edge in a new and potentially lucrative market will serve it well. The consumer anti-malware franchises that Symantec and McAfee built are under increasing attack from free products, including Microsoft Security Essentials (MSE), which is more than good enough to eat into the market share and revenue of the incumbents, especially in a new economic reality that favors parsimony.

McAfee has adapted well, changing its emphasis and apportioning its resources accordingly. The company has more than held its own against Symantec in enterprise markets, and it has taken a leadership position in cloud security. The strategic partnership with Verizon Business represents strong validation that McAfee is on the right course.

Defending Its Consumer Turf, Symantec Attacks Microsoft Security Essentials

Symantec knows its consumer market is threatened by Microsoft Security Essentials (MSE). It doubtless recognizes that, during a period of protracted economic austerity, free anti-malware protection — provided it is good enough to do the job — will frequently beat for-pay anti-malware.

The challenge for Symantec, then, is to convince the world that Microsoft’s restyled anti-malware suite is so inferior as to represent a near-mortal risk for anybody who adopts it. Alternatively, Symantec must prove definitively that its own anti-malware protection is so superior to Microsoft’s that it warrants the hard-earned money consumers must pay for it.

Given what’s at stake for Symantec, we should not be surprised that the company has unleashed the labs of war. Symantec today clamorously calls attention to an anti-malware report it commissioned from Dennis Technology Lab, “an independent testing lab based in the UK” with which I am unfamiliar and for which I could not locate a website.

Still, questions about the provenance of the research aside, let’s consider the results of the Symantec-sponsored bake-off.

As explained by Network World, Dennis Technology Labs tested how well each of the two vendors’ anti-malware products (Norton Antivirus 2009 and the prerelease version of Microsoft Security Essentials) could defend a desktop computer running Windows XP Professional SP2, Internet Explorer and Outlook Express, subjected to 50 instances of threats originating either as Web-site malware, e-mail, or downloaded files.

In a weighted score based on a points system, Symantec scored an 80, with 45 successful defends, and 5 compromises. Microsoft Security Essentials scored a 44 with 33 successful defends, 4 neutralized threats, and 13 compromises.

Symantec rejoiced at the results. Jens Meggers, vice president of engineering for Norton products, alleged that MSE was just “stripped-down OneCare,” a lighter version of Microsoft’s discontinued for-pay Live OneCare anti-malware. Meggers charged that the MSE scanning engine, which he argues is practically the same as the one that powered OneCare, is “very average—nothing outstanding.”

He also says the Microsoft technology is fat and old, presumably like a former athlete having trouble navigating a midlife crisis. According to Meggers, Microsoft is seeking effectiveness by desperately creating a signature for every malware sample — hence producing a large code base — instead of deploying efficacious and slimmer reputation-based and behavior-blocking defenses.

For its part, Microsoft has launched a counterattack. A Microsoft spokesman told IT Brief that MSE is not a stripped-down version of the Microsoft OneCare product.

Said the Microsoft representative:

“MSE is built to address market changes and consumer needs and includes real-time antivirus, antispyware and core anti-malware functionality while utilising fewer computing resources.”

This Microsoft spokesperson also noted that MSE has performed strongly in independent laboratory testing and has been certified for anti-malware protection by West Coat Labs. He or she also said MSE is not based exclusively on signature technology and that it is automatically updated at regular intervals to ensure that its protection is up to date.

Still, Meggers wasn’t the only Symantec employee taking the hacksaw to MSE. On a Norton blog, Mike Plante, a senior director for worldwide marketing strategy and branding of the company’s consumer products, exulted as follows:

The bottom line: MSE falls short of protecting against today’s aggressive malware and zero-day threats. Norton nearly doubled the protection provided by MSE in malware detection, scoring an 80 compared to MSE’s 44 using DTL’s Accuracy scoring system. (This scoring system awards two points for blocking exploits altogether, one point for letting an exploit onto a system but then successfully neutralizing it, and deducts two points for every exploit that compromises a system.)

With today’s crime-fueled threat landscape, consumers need more protection, not less. That’s why we added our new reputation technology, code named Quorum, to our 2010 products. Quorum provides a revolutionary third layer of protection against real-world threats. While Microsoft is stripping down and delivering less protection, Norton is delivering more comprehensive protection from the bad guys.

At the end of the day, MSE is a rerun no one should watch.

That’s a vituperative attack, no question. Some blog commenters felt Plante went too far, and one even referred him to a different Microsoft competitor’s blog commentary that evinced a more subdued response to MSE. That blog post, from Alex Eckelberry of Sunbelt Software, is a well-reasoned, perceptive, and thoughtful analysis, which I wholly recommend that you read.

In short, Eckelberry thinks MSE isn’t bad at all, and he commends Microsoft for doing its part to help secure consumers’ PCs. He sees MSE as more of a threat to other free anti-malware than to for-pay offerings from the likes of Symantec, though he warns that the “incumbents should not underestimate the wrath that many users have about their products,” and he says that “emotional reaction may play a part in Microsoft getting traction.”

Why can’t Symantec take a similarly dispassionate view of MSE?

Microsoft really doesn’t want to destroy or kill the anti-malware market. That’s not its objective with the release of MSE. Instead, at long last and very belatedly, Microsoft is taking direct responsibility for securing the operating systems and applications it sells to its customers. There’s nothing wrong with that.

Some might argue convincingly that Microsoft had no choice, that security concerns about Windows were driving consumers into the arms of Apple and could conceivably lead to further losses to Google, with its forthcoming web-optimized Chrome operating system.

That said, Microsoft’s MSE does seem to be good enough to eviscerate other free anti-malware offerings, and it might even be good enough to take share away from the for-pay consumer offerings of Symantec and others. In fact, as I noted before, Symantec will lose market share to Microsoft in the consumer anti-malware market. The question is, how much share will Symantec lose?

Symantec’s overheated reaction to MSE indicates that it will fight furiously for every consumer subscriber. In the end, though, consumers will decide whether they want a good-enough free suite or an alternative with a few more bells and whistles that will require them to dig into their pockets.

In an unforgiving economic environment that is unlikely to improve dramatically in the foreseeable future, consumers will be looking to save money wherever they can. Symantec might rage against the dying of the light, but it probably is destined to bitterly and grudgingly surrender a significant chunk of its consumer market share.

Microsoft’s Free MSE “Good Enough” to Take Consumer Share from Symantec, Others

As Microsoft today releases its free anti-malware suite, Microsoft Security Essentials, the for-pay vendors of competing products are moving the goalposts and repositioning to fight on different turf.

A replacement for Windows Live OneCare, the for-a-fee security suite that was retired at the end of June 2009, Microsoft Security Essentials (MSE) includes anti-malware and anti-rootkit protection. It does not come with a firewall, but Microsoft provides a free firewall with Windows.

Microsoft is positioning MSE as a capable, lightweight anti-virus, anti-spyware program, pointing out that it consumes fewer resources than for-pay anti-malware suites from the likes of McAfee, Symantec and Trend Micro. Microsoft also has positioned MSE as a worthy rival to any of the free anti-malware offerings on the market.

As eWeek notes, the product will be available in eight languages and 19 countries.

Mary-Jo Foley of ZDNet’s All About Microsoft points out that Microsoft is aiming MSE at the consumer market, where many customers are unwilling or unable to pay for security software. She explains that Microsoft representatives believed it was worth offering customers a free product to help thwart security breaches on unprotected Windows PCs that could be used as bots to infect other users’ systems.

The free suite is a client-only offering, with no centralized server capabilities. It does not include the enterprise-class business features associated with Microsoft’s for-pay Forefront security products, which provide not only anti-malware protection but also real-time reputation services, archiving, encryption, disaster recovery, and policy enforcement. Then again, not many consumers require those features.

Predictably, the for-pay anti-malware vendors are attempting to change the rules of engagement. Recognizing that Microsoft is a threat to vaporize revenues they derive from for-pay consumer anti-virus products, these vendors are trying to play on consumers’ fears and on Microsoft’s status as a relative newcomer to the anti-malware space.

Said Con Mallon, EMEA Consumer product marketing director at Symantec:

“The security industry has moved on from the product Microsoft is launching. Unique malware and social engineering fly under the radar of the traditional signature based technology employed by free security tools such as Microsoft’s. . . . “

“We believe the false sense of security provided by this tool is almost as dangerous as having no security at all. The latest generation of internet security is real-time and reputation-based, operating in real-time and not relying on a signature being produced and downloaded before the computer is protected.”

You can almost see the smoke billowing from his ears. Considering some recent anti-malware test results, Symantec might want to hold its fire.

Microsoft’s MSE received plaudits recently from independent testing firm AV-Test GmbH, which evaluated its performance in combating nearly 3,2000 common viruses, bot Trojans, and worms.

Said AV-Test’s Andreas Marx of MSE:

“All files were properly detected and treated by the product. That’s good, as several other [antivirus] scanners are still not able to detect and kill all of these critters yet.”

What’s more, Symantec’s Endpoint Protection failed a recent Virus Bulletin anti-malware test that Microsoft passed using the same AV engine built into MSE.

The fact is, for many consumers, especially in developing markets, what Microsoft is offering with MSE will be sufficient, particularly considering the price. The for-pay vendors of consumer anti-malware suites will lose market share and revenue to Microsoft. It’s not a question of whether they will lose business, but of how much.

Microsoft will continue to charge for its Forefront offerings for enterprise security, and that’s where Symantec, McAfee, and Trend Micro should look to make their stands. In enterprise markets, they will have a better chance to successfully exploit Microsoft’s relative inexperience as a security player.

Rumor Madness: Why Cisco Unlikely to Acquire Symantec

One crazy rumor that hit my radar screen today involves a mooted Cisco acquisition of Symantec.

I can see why Cisco would consider additional security acquisitions to complement its Unified Computing System (UCS) strategy, but Symantec isn’t the most logical target.

Let’s consider the valuation first. As security players go, Symantec is a big one. Cisco traditionally has eschewed large acquisitions, instead favoring smaller purchases of companies and technologies that can be seamlessly integrated into the Cisco operational machine and quickly monetized in the field.

Symantec would be a bear of an acquisition for Cisco to integrate and assimilate. If Cisco’s past comportment in these matters is an indication of future behavior, it will steer clear of potential disruptions and drawbacks associated with an unwieldy acquisition.

Seeking to refute that argument, some will point to Cisco’s sizeable acquisition of Scientific Atlanta. That was an exception to the rule, and an interesting one at that.

Cisco thought it essential to enter the set-top box market, where there weren’t many pure-play leaders, and none located in Silicon Valley. By process of elimination, Scientific Atlanta was the only strategic option that made sense under the circumstances. One alternative for Cisco involved buying all or part of Motorola. That would have been an act of corporate masochism.

Symantec, even after its misadventures and missteps in recent years, has a market valuation of more than $12 billion. McAfee, which has been getting the better of Symantec lately in the enterprise space and has been aggressively pushing a comprehensive security vision for cloud computing, is valued at just more than $6 billion. I’m not saying Cisco would go into its bank vault for either company, but McAfee would be easier to digest if Cisco determined that it had to make the move.

While Cisco would have product overlaps with McAfee or Symantec, the latter has significant parts of its business — such as Veritas’ storage management — that Cisco would be inclined to perceive as more liability, or irrelevance, than asset.

At some point, Symantec might cease to be an independent company. Network security appears destined for distributed integration into the cloud-computing fabric and into enterprise infrastructure. That said, I don’t see Cisco as Symantec’s buyer.