Category Archives: McAfee

Attack on Nortel Not an Anomaly

In my last post,, I promised to offer a subsequent entry on why public companies are reluctant to publicize breaches of their corporate networks.

I also suggested that such attacks probably are far more common than we realize. What happened to Nortel likely is occurring to a number of other companies right now.

It’s easy to understand why public companies don’t like to disclose that they’ve been the victim of hacking exploits, especially if those attacks result in the theft of intellectual property and trade secrets.

Strong Sell Signals

As public companies, their shares are traded on stock markets. Not without reason, shareholders and prospective investors might be inclined to interpret significant breaches of corporate networks as strong sell signals.

After all, loss of intellectual property — source code, proprietary product designs, trade secrets, and strategic plans — damages brand equity. Upon learning that the company in which they hold shares had its intellectual property pilfered, investors might be inclined to deduce that the stolen assets will later manifest themselves as lost revenue, reduced margins, decreased market share, and diminished competitive advantage.

Hacking exploits that result in perceived or real loss of substantial intellectual property represent an investor-relations nightmare.  A public company that discloses a major cyber breach that resulted in the loss of valuable business assets is far more likely to be met with market dismay than with widespread sympathy.

Downplay Losses

So, if public companies are breached, they keep it to themselves. If, however, a company is compelled by circumstances beyond its control to make a public disclosure about being attacked, it will downplay the severity and the risks associated with the matter.

In early 2010, you will recall, Google announced that it was subjected to a persistent cyber attack  that originated in China. It was part of larger attack, called Operation Aurora, aimed at dozens of other companies.

Some companies acknowledged publicly that they were attacked. Those companies included Adobe Systems, Juniper Networks, and Rackspace. Other companies subjected to the attacks — but which were not as forthcoming about what transpired — reportedly included Yahoo, Symantec, Northrop Grumman, Morgan Stanley, and Dow Chemical.

After the Crown Jewels

At the time of the attacks, Google spun a media narrative that suggested the attacks were designed to spy on human-rights activists by cracking their email accounts. While that might have been a secondary objective of the attacks, the broader pattern of Operation Aurora suggests that the electronic interlopers from China were more interested in obtaining intellectual property and trade secrets than in reading the personal correspondence of human-rights activists.

Indeed, McAfee, which investigated the attacks, reported that the objective of the perpetrators was to gain access to and to potentially modify source-code repositories at the targeted companies. The attackers were after those companies’ “crown jewels.”

The companies that admitted being victims of Operation Aurora all downplayed the extent of the attacks and any possible losses they might have suffered. Perhaps they were telling the truth. We just don’t know.

Transfer of Wealth

Last summer, Dmitri Alperovitch, McAfee’s vice president of threat research, provided the following quote to Reuters:

“Companies and government agencies are getting raped and pillaged every day. They are losing economic advantage and national secrets to unscrupulous competitors. This is the biggest transfer of wealth in terms of intellectual property in history. The scale at which this is occurring is really, really frightening.”

What Alperovitch said might seem melodramatic, but it isn’t. He’s not the only knowledgeable observer who has seen firsthand the electronic pillage and plunder of corporate intellectual property on a vast scale. For the reasons cited earlier in this post, few companies want to put up their hands and acknowledge that they’ve been victimized.

Nortel, in apparently being subjected to a decade-long cyber attack, might have been a special case, but we should not assume that what happened to Nortel is anomalous. For all we know, the largest companies in the technology industry are being violated and plundered as you read this post.

Talk of CEO Succession at Cisco

As Cisco has struggled to adapt to the protracted global market downturn and the “recoveryless” recovery — it’s been going on so long, perhaps we should just call it the Information-Age Depression — the company’s CEO, John Chambers, has been subject to unfamiliar criticism from investors and industry observers alike.

Then again, Cisco’s shares have stagnated for much of the last decade, leading some to contend that Chambers and his thinning bench of executive talent were long overdue for reproach.  Indeed, it’s a measure of Cisco’s great success under Chambers, especially during the hypergrowth 90s, that he was spared the scrutiny that other executives would have received under similar circumstances. Cisco’s blazing growth and industry dominance in its earlier incarnation gave Chambers and crew protective cover from criticism — until now.

Glory Days Fade

One can only feast on the glory deals for so long. Cisco still dominates enterprise networking, but its market share is receding gradually. The company hasn’t been able to find the growth it expected from Chambers’ “market adjacencies,” and it was forced to abort an ill-considered foray into the consumer space, shutting down Pure Digital Technologies and its Flip video camcorders earlier this year.

What’s more, the company’s inorganic growth-by-acquisition model, which served it so well in the 1990s and into the last decade, seems to be sputtering, with Cisco making fewer acquisitions and not batting its formerly exalted average on the ones it does make. Cisco executives who directed and executed some of its most successful acquisitions — Charlie Giancarlo and Mike Volpe among them — no longer are with the company, which might partly explain Cisco’s faltering M&A pace.

Hoisted on Its Own Petard

However, Cisco also has put itself into a box of its own devising, having parked most of cash overseas to avoid US taxation. Until that money is repatriated, whether through a “tax holiday” or otherwise, Cisco will be forced to evaluate acquisitions partly on where its money resides rather than exclusively on the basis of strategic requirements. It’s a perverse dilemma, but ultimately Cisco was the author of its own misfortune.

That’s been doubly unfortunate because Cisco had become dependent on acquisitions to provide its innovation. Years ago, competitors alleged that Cisco couldn’t innovate organically, and I also felt that accusation was harsh and unfair. Now, though, it’s difficult to contend that Cisco is providing enough value-bestowing innovation to drive top-line growth or to support its traditionally robust profit margins.

Finally, Cisco has seen scores of talented executives, and their intellectual capital, leave the company in recent years. This summer thousands of employees were shown the door. Others, some with reserves of institutional memory and hard-won experience, took early retirement.

Chambers Reportedly Leaving

Cisco has seen better days, and it’s no wonder that shareholders are demanding a change of leadership. A Reuters news item reports that John Chambers might be about to relinquish the big chair, with discussion inside and outside the company intensifying about Cisco’s CEO succession plans.

Some sources say Chambers might announce his departure imminently while others say he’ll want to leave on a high note, perhaps after an expectation-smashing quarter. Timing aside, it seems all but certain that Chambers will be gone before long.

Reviewing the Field of Candidates

That has occasioned rampant speculation about who will succeed him. Candidates have been proposed from inside and outside Cisco, and some apparently are campaigning for the job, lobbying shareholders and board members for support.

The current consensus is that Cisco will look externally for its next CEO rather than promote from within.  That view implicitly questions the depth of the executive bench strength currently at Cisco.

Potential external candidates mentioned by Reuters include former Hewlett-Packard CEO Mark Hurd and former Cisco executives Charles Giancarlo, Mike Volpi, Gary Daichendt, and James Richardson. Other industry executives cited as possible contenders include Juniper Networks Inc CEO Kevin Johnson, former McAfee CEO Dave DeWalt, and HP executive David Donatelli.

Hurd Worst Fit

Some dark-horse candidates undoubtedly will surface, too, but of those mooted by Reuters, I think Mark Hurd perhaps is the worst fit. Hurd’s specialty is operational efficiency and relentless cost-cutting. As Cisco’s latest layoffs and austerity attest, operational discipline isn’t necessarily the company’s most urgent requirement.

What Cisco really needs is somebody who knows how to identify, nurture, and lead the next wave of growth. I respectfully submit that Mark Hurd is not that candidate. It’s probably a moot point, because Hurd has a pretty cushy sinecure as co-president at Oracle.

Of the others, one or more of the former Cisco executives might be good candidates, including Daichendt and Richardson. Presuming Cisco can repatriate its mountain of overseas cash, Volpi or Giancarlo might be able to resuscitate Cisco’s growth-by-acquisition model.

Casting an eye at those who’ve never been at Cisco,  I question whether Donatelli is the right fit, and I suspect that Kevin Johnson will remain at Juniper. Former McAfee CEO Dave DeWalt is an interesting possibility. He has a mix of operational, sales, and M&A aptitude that Cisco’s board might find compelling.

Perhaps the good folks at Betfair should establish a “market” on the next Cisco CEO.

Pondering Intel’s Grand Design for McAfee

Befuddlement and buzz jointly greeted Intel’s announcement today regarding its pending acquisition of security-software vendor McAfee for $7.68 billion in cash.

Intel was not among the vendors I expected to take an acquisitive run at McAfee. It appears I was not alone in that line of thinking, because the widespread reaction to the news today involved equal measures of incredulity and confusion. That was partly because Intel was McAfee’s buyer, of course, but also because Intel had agreed to pay such a rich premium, $48 per McAfee share, 60 percent above McAfee’s closing price of $29.93 on Wednesday.

What was Intel Thinking?

That Intel paid such a price tells us a couple things. First, that Intel really felt it had to make this acquisition; and, second, that Intel probably had competition for the deal. Who that competition might have been is anybody’s guess, but check my earlier posts on potential McAfee acquirers for a list of suspects.

One question that came to many observers’ minds today was a simple one: What the hell was Intel thinking? Put another way, just what does Intel hope to derive from ownership of McAfee that it couldn’t have gotten from a less-expensive partnership with the company?

Many attempting to answer this question have pointed to smartphones and other mobile devices, such as slates and tablets, as the true motivations for Intel’s purchase of McAfee. There’s a certain logic to that line of thinking, to the idea that Intel would want to embed as much of McAfee’s security software as possible into chips that it heretofore has had a difficult time selling to mobile-device vendors, who instead have gravitated to  designs from ARM.

Embedded M2M Applications

In the big picture, that’s part of Intel’s plan, no doubt. But I also think other motivations were at play.  An important market for Intel, for instance, is the machine-to-machine (M2M) space.

That M2M space is where nearly everything that can be assigned an IP address and managed or monitored remotely — from devices attached to the smart grid (smart meters, hardened switches in substations, power-distribution gear) to medical equipment, to building-control systems, to televisions and set-top boxes  — is being connected to a communications network. As Intel’s customers sell systems into those markets, downstream buyers have expressed concerns about potential security vulnerabilities. Intel could help its embedded-systems customers ship more units and generate more revenue for Intel by assuaging the security fears of downstream buyers.

Still, that roadmap, if it exists, will take years to reach fruition. In the meantime, Intel will be left with slideware and a necessarily loose coupling of its microprocessors with McAfee’s security software. As Nathan Brookwood, principal analyst at Insight 64 suggested, Intel could start off by designing its hardware to work better with McAfee software, but it’s likely to take a few years, and new processor product cycles, for McAfee technology to get fully baked into Intel’s chips.

Will Take Time

So, for a while, Intel won’t be able to fully realize the value of McAfee as a asset. What’s more, there are parts of McAfee that probably don’t fit into Intel’s chip-centric view of the world. I’m not sure, for example, what this transaction portends for McAfee’s line of Internet-security products obtained through its acquisition of Secure Computing. Given that McAfee will find its new home inside Intel’s Software and Service division, as Richard Stiennon notes, the prospects for the Secure Computing product line aren’t bright.

I know Intel wouldn’t do this deal just because it flipped a coin or lost a bet, but Intel has a spotty track record, at best, when it comes to M&A activity. Media observers sometimes assume that technology executives are like masters of the universe, omniscient beings with superior intellects and brilliant strategic designs. That’s rarely true, though. Usually, they’re just better-paid, reasonably intelligent human beings, doing their best, with limited information and through hazy visibility, to make the right business decisions. They make mistakes, sometimes big ones.

M&A Road Full of Potholes

Don’t take it from me; consult the business-school professors. A Wharton course on mergers and acquisitions spotlights this quote from Robert W. Holthausen, Nomura Securities Company Professor, Professor of Accounting and Finance and Management:

“Various studies have shown that mergers have failure rates of more than 50 percent. One recent study found that 83 percent of all mergers fail to create value and half actually destroy value. This is an abysmal record. What is particularly amazing is that in polling the boards of the companies involved in those same mergers, over 80 percent of the board members thought their acquisitions had created value.”

I suppose I’m trying to say is that just because Intel thinks it has a plan for McAfee, that doesn’t mean the plan is a a good one or, even presuming it is a good plan, that it will be executed successfully. There are many potholes and unwanted detours along M&A road.

Brocade Regional Director: Ethernet Space a “Red Ocean with Blood Everywhere”

Computer Reseller News is running an interview with Charlie Foo, Brocade’s regional director in the company’s partner business group for Asia-Pacific and Japan.

His answers are more forthcoming than one might expect. Usually, these types of interviews generate offer neither candor nor insight, and the news value is negligible. There’s nothing earthshaking in what Foo tells CRN, but he admits to a few issues Brocade is trying to correct.

As you might expect, most of the challenges relate to Brocade’s Foundry operation, which produces Ethernet switches. Foundry has been struggling, underperforming and losing ground to rival vendors. Foo uses graphic language to illustrate the dilemma:

With the acquisition of Foundry, we got into the Ethernet space. The IP market is a red ocean with blood everywhere. We’re parachuting in this ocean, not knowing where we’re going to land. But what we will do is play in the verticals we are strong in. These include education, media, entertainment, healthcare, service providers and government.

A red ocean with blood everywhere? That can’t be good. It’s worse when your Ethernet IP-switching company is the one doing the most hemorrhaging.

Foo goes on to discuss Brocade’s plans for the SMB space — I’ll withhold judgment there, though I’m among the somber skeptics — how Brocade intends to enlist and motivate Select Partners, and expounds on the company’s demand-creation plans. He also touches on a security partnership with McAfee.

At one point, while talking about the moves Cisco and HP have made to provide “converged networking” solutions for the data center, Foo contends that the 3Com-fortified HP still will not have IP-based Ethernet switching products that overlap with Brocade’s Foundry gear. That seems a hopeful assertion.

Given the challenges Brocade faces on the Ethernet switching side of the house, however, one can allow that a dose of optimism is a necessary tonic.

Google Doesn’t Seem Entirely Candid on China Affair

James Fallows conducted a telephone interview with David Drummond, Google’s chief legal officer, and posed a salient question that most of the business press has not bothered to ask.

Quoting from Fallows’ interview with Drummond:

I then asked Drummond about something that has always puzzled me. If the original occasion for the shift of policy was (as generally reported) a hacking episode, why did it lead to a change in the censorship policy? What’s the logical connection? He explained the reasoning in a way I hadn’t seen before.

The initial premise, that it all started from a hacking episode, is not quite right. We did have a hacking incident. Most hacking incidents that you see are freelancers — maybe government sponsored, maybe not. They are out there trying to steal intellectual property, make some money. Or they might just be hackers who want to damage something for whatever reason. That’s a fact of life that internet companies deal with all the time.

This attack, which was from China, was different. It was almost singularly focused on getting into Gmail accounts specifically of human rights activists, inside China or outside. They tried to do that through Google systems that thwarted them. On top of that, there were separate attacks, many of them, on individual Gmail users who were political activists inside and outside China. There were political aspects to these hacking attacks that were quite unusual.

That was distasteful to us. It seemed to us that this was all part of an overall system bent on suppressing expression, whether it was by controlling internet search results or trying to surveil activists. It is all part of the same repressive program, from our point of view. We felt that we were being part of that.

That was the direct connection with the hacking incident. It wasn’t in isolation. Since the Beijing Olympics, our experience in China has gotten worse. Although we have gained market share, it has become more and more difficult for us to operate there. Particularly when it comes to censorship. We have had to censor more. More and more pressure has been put on us. It has gotten appreciably worse — and not just for us, for other internet companies too.

So we increasingly came to feel that the original premise of our entry into China was being undermined. We thought when we went in that we could help to open the country and things could get better by our being there. Things seemed to be getting worse.

Does that answer make sense? I’m not sure that it does. For one thing, it seems to conflict with what we already know.

Let’s begin with what Drummond says about the nature of the hack attack. He says it was “almost singularly focused on getting into Gmail accounts, specifically of human rights activists.”

Really? I have read multiple reports, including one today, that the attack perpetrated on Google was part of a broader cyber onslaught, called Operation Aurora, aimed at 30 or more U.S.-based companies. Moreover, the objective of the sophisticated, systematic raid wasn’t to crack activists’ email accounts, but to purloin intellectual property from the companies targeted, which included Juniper Networks, Intel, and Adobe, among others.

As McAfee CTO George Kurtz explained, “social footprinting” was a notable feature of the attacks. The attackers took special care to identify employees with access to source code or other intellectual property, then posed as social acquaintances of those employees to enlist them as unwitting accomplices to the thefts.

Perhaps Drummond is right, but most reports suggest that the assailants primarily were after intellectual property, and only secondarily interested in cracking the Gmail accounts of human-rights activists.

What else is wrong with Drummond’s answer? He appears hopelessly naive or disingenuous when says the hacks seemed “part of an overall system bent on suppressing expression.” What did he think the Chinese government represented? Sweetness and light? Freedom and liberty? Fun and frolic?

I think Google knew the beast long before these attacks, and that it was wiling to make accommodations and compromises to continue doing business there. Something else changed from the time Google set up business in China, back in 2006, to now. For whatever reason, Google doesn’t want us to know the whole story.

Nonetheless, Drummond hints at the bigger picture. He says “our experience in China has gotten worse,” and “it has become more and more difficult for us to operate there.” He also says censorship is the main issue for Google, but again I question the party line.

In search, Google is a distant second to Baidu in China. But we should understand that Google is not alone among Western Internet companies that have found China to deliver less than it promised as a market destination. Yahoo, eBay, and Microsoft flamed out or underachieved, and China’s authorities slammed the door shut on Twitter, Facebook, and YouTube (now owned by Google).

Did these companies make missteps in their engagements with China? Absolutely. But it’s also true that the Chinese government has done them no favors, and that China, with its “indigenous innovation” policies, wants to create its own technology-sector powerhouses rather than play host to what it perceives as Western interlopers. And, yes, it’s also true that China’s rulers don’t embrace the freedom of expression that many of these companies and their services encourage.

In pursuing its industrial policies, China’s leadership has the support of China’s populace, which is, to a great degree, fiercely nationalistic. Chinese consumers will gravitate toward products and services provided by Chinese companies, not because the products or services are better — though that’s sometimes the case in that particular market — but because they’re Chinese.

Chinese distrust and fear of foreigners are powerful demagogic levers in the hands of China’s leaders. It’s a way for the leadership to make common cause with the masses, to divert focus to a perceived external threat, and to align to its own interests with those of the people. After all, Chinese companies that become market leaders, if only in China, will reflect glory upon the nation and the people.

So, in the context of China, Google confronted a market that was inordinately inhospitable to its charms, and Chinese agents that were trying to pilfer its crown jewels. Is it any wonder Google chose this moment, under these circumstances, as an occasion for introspection and a strategic change of tack?

Google-China Conflict Must Be Viewed in Context of Bigger Story

As the old saw goes, we sometimes can’t see the forest for the trees. What’s happening is hidden in plain sight, but we don’t see it, either because we’re focusing too closely on an incidental element or because we don’t want to confront an unpalatable reality.

I feel that way as I watch the Google-China conflict play out. In truth, the dispute between Google and China is a symptom of a larger problem, one that has far-reaching implications for Western economies and entire industries, including the technology sector.

No, censorship is not the core issue. Censorship is a MacGuffin, a plot device that keeps the story moving in the media but doesn’t get to the heart of what’s really happening. As much as we like to think our companies value human rights above all else, it’s simply not true. Companies are businesses, and they behave like businesses. They’re guided by the profit motive, and they seek to grow revenue and earnings. It’s what they do.

Occasionally, ethical and moral considerations play a role in corporate strategies. There are companies that practice enlightened self-interest, and Google is one of them.

Google knows, for instance, that its search engine is more popular and valuable if it is seen to be objective, delivering the best possible results, not beholden to the solicitations of commercial interests or the fiats of oppressive governments. Paradoxically, by refusing to capitulate to those who would have Google skew its search results, Google actually makes its search engine more valuable to everybody, including Google. That’s enlightened self-interest.

So, what’s really happening? What’s the big picture? Google is one of dozens of Western multinational companies finding that China, though the fastest-growing major economy in the world, will not provide them with the riches they had anticipated. That’s because of China’s nationalist mercantilism, as reflected in its “indigenous innovation” industrial policies.

A story in today’s Wall Street Journal is instructive. Titled “Business Sours on China,” the article explores the growing disillusionment of foreign businesses in China. These businesses are discovering that Chinese authorities are increasingly favoring homegrown state-owned companies across a range of industries, including almost all involving technology-related growth sectors.

What follows is a salient excerpt from the WSJ story:

“The Google issue has had a crystallizing effect,” says Lester Ross, managing partner in Beijing for U.S. law firm Wilmer Cutler Pickering Hale and Dorr. “It raised the consciousness of government and of the boardrooms and other stakeholders” about the difficulties of doing business in China, he says.

Foreign investors have long complained about China’s haphazard legal system and regulation.

These were mere annoyances when China was an emerging market. Today, the huge Chinese market is increasingly fundamental to the health of large Western multinationals. Lose here, say Western executives, and multinationals are weakened globally.

So, as you can see, the stakes are huge. Companies that have built robust Chinese growth into their business models and revenue projections are increasingly anxious — and for good reason.

It doesn’t help that China’s systematic efforts to create state-backed, homegrown, market-leading behemoths doesn’t stop at “indigenous innovation.”

Remember that these issues are being raised by foreign transnationals in the immediate aftermath of what McAfee calls Operation Aurora, an outbreak of corporate espionage that allegedly saw China-based hackers attempt to purloin the source code, product formulas, and other intellectual property in “software configuration management systems” of at least 20 (and perhaps as many as 100) US-based companies. (Yes, Google was one of them, and that’s how and when his latest conflagration with China began.)

We don’t know what intellectual property was stolen from which companies. That information is not being volunteered. What’s not at issue is that somebody was trying to get what McAfee’s calls the corporate “crown jewels.”

I’m not saying censorship and human-rights abuses are not important issues. I wish they were more important than they are. But the fact is, this story is even bigger, with ramifications that could affect the health of Western economies as well as the profitability of the corporations they host.

Cisco’s Flat Security Business

In my post earlier today on Cisco’s latest quarterly results, I mentioned in passing — one line, really — that Cisco’s security revenue was flat.

Jon Oltsik, a principal analyst at Enterprise Strategy Group, expounds on Cisco’s inability to boost its security revenue.

He mentions that other vendors — Check Point, Juniper, Symantec, and McAfee — are growing their Internet-security businesses. Explaining the discrepancy, Oltsik suggests that Cisco has taken its eye off the security ball, diverted and distracted by other priorities.

Security was one of the advanced technologies Cisco targeted for sustained growth. It’s entirely possible, as Oltsik suggests, that Cisco’s security-related quarterly results are lagging because of benign neglect and diffusion of strategic focus.

I know Cisco hasn’t given up on security, which is integral to the availability and integrity of its customers’ communications and operations. What’s more, Cisco is extending its security portfolio into new areas, such as smart grids. Nonetheless, Oltsik is correct in noting that other security vendors have outperformed Cisco recently.

We’ll have to see how the networking giant responds.

McAfee Commits to China, Establishes Wholly Owned Subsidiary

As I’ve discussed previously in venerable forum, security-software vendors face unique challenges in trying to crack the potentially lucrative Chinese market.

Notwithstanding those challenges, security-software market leaders such as Symantec, McAfee, and Trend have every intention of pursuing opportunities in China. To do so, they must find the right mix of product offerings (including localization), positioning, pricing, and channel partners.

To succeed in China, though, vendors must commit to China. Responding to that imperative, McAfee said yesterday that it would establish a new wholly owned subsidiary in China.

In Beijing to make the announcement, Dave DeWalt, McAfee’s president and CEO, issued the following statement:

“China offers compelling opportunities for McAfee. China has great potential as a center for manufacturing, research and development for McAfee and is also a significant burgeoning market for our products. McAfee has continuously strengthened its presence in China over the last decade and we are planning to expand our investment in the near term to take full advantage of the opportunities China presents.”

McAfee estimates that its potential addressable market in China will grow from about $390 million in 2009 to $1.09 billion in 2013.

In a press release accompanying the announcement of its new Chinese subsidiary, McAfee explained that its Chinese expansion also would include the following:

• A new call center planned to open in Beijing in February 2010 to service the mid-market segment, particularly in smaller cities across China.

• Additional headcount in functions including sales, sales engineering, marketing, support and research and development (R&D), including a planned doubling of the field sales organization in 2010.

• Recently signed reseller partnerships with both Neusoft and CS&S (China National Software and Services) who have become premier partners for McAfee products in China.

• A partnership with Lenovo to market McAfee VirusScan products through Lenovo retail outlets across China, opening up a significant retail channel for McAfee and contributing to our position as the world’s largest dedicated security technology company. McAfee products ship on more than 50% of the PCs shipped by the top 10 PC OEMs.

• A partnership with Dell to offer China consumers 15 month subscriptions on all their retail and direct systems with a Microsoft Windows preinstalled.

McAfee also plans to strengthen existing partnerships in the Chinese market and to establish new ones. Prior to the announcement, McAfee operations in China included sales, manufacturing of the McAfee Unified Threat Management Firewall, and an R&D team focused on mobile security, localization, and security research.

The cornerstone of this move, though, is the establishment of the wholly owned subsidiary. As DeWalt explained to PCWorld, McAfee’s formation of the subsidiary will give the company greater flexibility and more options relating to its China-based manufacturing and to the regulatory approval of its products.

Those considerations are significant. In China, McAfee not only competes against its traditional rivals, such as the aforementioned Symantec and Trend, but also against domestic Chinese software companies that have benefited from home-field advantage in more ways than one.

McAfee Maps the Malware World

The mind of the average cyber criminal is dark, devious place. These are people who spend considerable time thinking about how they can deceive you, the unsuspecting Internet voyager, for fun and profit.

McAfee, whose business it is to defend against the misdeeds of online malefactors, has just published its third annual “Mapping the Mal Web,” report, which provides insights into which top-level Internet domains (those suffixes at the end of web address, such as the “.com” and “.edu” designations) are the most frequent and likely harbors for malevolence.

For as long as humans use keyboards as a mechanism for alphanumeric communication, typographical errors will be with us. The Internet’s evildoers try to exploit such human frailty, which is why Cameroon’s domain, “.cm,” has risen to the top of the malware charts. All it takes is rushed keystrokes, and one can easily be transported to an Internet tar pit rather than to a desired destination.

That isn’t to say all “.com” sites are safe havens. McAfee finds that the designation for commercial sites ranks second, behind only Cameroon’s domain, as a source of online risk. Whereas McAfee assigns a weighted-risk ratio of 36.7 percent to Cameroon, it gives “.com” a ratio of 32.2 percent. (You can read about McAfee’s methodology, about the weighed-risk ratio, and about caveats associated with the study at the McAfee website hosting the report.)

The news isn’t all bad. Hong Kong (.hk) went from being the top-level domain with greatest number of risky registrations to an overall risk ranking of 34th in this year’s report. While you should never drop your guard completely while online, McAfee says your safest Internet travels will be among the domains associated with government (.gov), Japan (.jp), education (.edu), Ireland (.ie), and Croatia (.hr).

In considering where to register malicious websites, according to McAfee, scammers and hackers account for the following factors: lowest domain prices lack of domain regulatory control and supervision, and ease of registration.

Online malfeasance is a booming business. McAfee says we should not be surprised:

The evolution of malware delivery toolkits has given even the novice hacker the ability to easily create a fake bank site that challenges all but the most careful consumer to tell the difference. The persistence and proliferation of these phishing sites is in itself proof of this; absent of hacker profitability, phishing would disappear. Likewise, the explosion in the use of social networking sites and communication tools has exposed even more consumers to malware authors.

I suppose one could draw some dark inferences about humanity from the criminality manifested online. Then again, what’s new isn’t the evil, nastiness, and wrongdoing by some people against others. That’s been with us from time immemorial. What’s new, of course, is that the Internet has provided a venue in which certain criminal activities can become anonymized, unprecedentedly stealthy and surreptitious.

What this tells us is that even the best anti-malware can only go so far in providing us with online protection. Many Internet criminals are proficient social engineers. It’s incumbent on us all to rely at least as much on our wits as on our firewalls and anti-virus software.

What follows is a color-coded map, excerpted from the McAfee report, ranking countries according to the relative risk of their Internet domains.

InternetDangerNations2.jpg

McAfee and Symantec Contend for Market Share and Stock-Market Favor

Two major security-software vendors released their latest quarterly results this week. It’s instructive to look at how the markets reacted to those results and to look ahead and see what we can discern about each company’s prospects moving forward.

Symantec, which had been struggling in prior quarters, surpassed the expectations of market watchers in its second quarter, which ended October 2. Excluding certain costs, profit was 36 cents a share; analysts had predicted 33 cents on average, according to a Bloomberg survey. Including revenue from acquired companies, sales were $1.48 billion, exceeding the average estimate of $1.43 billion, but down three percent from the same quarter a year ago.

Symantec saw six-percent growth in its sales of security software to consumers. Sales in the storage and server-management segment fell nine percent, while security and compliance sales slid three percent. Symantec, which had previously experienced sales-execution problems in enterprise-security markets, seems to be rectifying that problem, with several high-value deals coming to fruition in vertical markets such as financial services, the federal government, and telecommunications.

Geographically, Symantec saw growth in China specifically and Asia more generally, and it saw a semblance of stability beginning to return to its business in North America.

Extending a previous practice, Symantec will buy back up to $1 billion in shares through public and private transactions. Symantec still has about $57 million remaining under its current share-repurchase plan. The company has bought back over $1.9 billion in shares since the last plan was approved in June 2007.

Share-buyback programs usually enhance the value of remaining shares, but they also have the effect of making it easier for executives to reach performance-based benchmarks because the earnings-per-share value increases as the number of shares in circulations decreases.

The overall theme of Symantec’s results was stabilization, and the market was appreciative. Symantec shares went up after the results were announced.

If Symantec benefited from the market’s low expectations, McAfee was undermined by the market’s relatively high expectations.

You wouldn’t know it from most of the business-press headlines regarding McAfee’s results, but the company actually did well in its fiscal third quarter.

McAfee reported sales of $485.3 million, up 18 percent from $409.7 million in the same period last year, just below the $486.6 million that Wall Street had predicted. Meanwhile, the company reported profit, excluding items, of 62 cents per share for the third quarter, above the average forecast of 60 cents, according to Thomson Reuters I/B/E/S.

The company is seeing slower growth on sales of anti-malware products to consumers. Up eight percent to $177 million in the quarter, consumer sales grew at their slowest rate since 2007. On the other hand, corporate sales grew 25 percent to $308 million, even though McAfee CEO Dave DeWalt said enterprise sales were affected by reduced sales of PC-based anti-malware software to companies that have fewer employees than they had previously. With fewer employees, companies have less need for PCs and PC software, including security products.

DeWalt made an interesting point about software sales to consumers. He noted that accounting rules require McAfee to book revenue from each consumer sale over 36 months. As such, he said, revenue reported in any one quarter is “a backward looking indicator.”As for what transpired specifically in the third quarter, DeWalt said consumer bookings grew 12.5 percent.

Looking ahead, McAfee foresees fourth-quarter profit, excluding items, of 61 to 65 cents per share on revenue of $505 million to $525 million. Analysts expect McAfee to earn 63 cents per share on revenue of $507 million.

McAfee fell just short of expectations on the revenue side, and it was punished accordingly by analysts and investors alike. Conversely, Symantec wasn’t a train wreck, as some analysts had anticipated, so it was rewarded for taking steps toward stability.

Although some of the business press focused on Symantec’s pickup in consumer business, the real battle between it and McAfee will occur in enterprise accounts, from SMBs all the way up to the largest corporations. Even though investors like the margins associated with anti-malware sold to consumers, that market is intensely competitive, even more so now Microsoft finally has a free consumer offering, Microsoft Security Essentials (MSE), that is good enough to cut into the for-pay sales of Symantec, McAfee, Trend, and others.

Neither Symantec nor McAfee will admit that Microsoft is a threat on the consumer front, but, behind the scenes, they must be concerned about market erosion.

Symantec is making considerable effort to rectify the problems it had in its SMB channel. It also won some big enterprise deals. Increasingly, what it does in enterprise markets will be critical to its long-term prosperity. Although evidence suggests McAfee is gaining ground on Symantec in business markets, “big yellow” is getting back to basics and will make its smaller rival earn any further advances.

It won’t be easy for either vendor. Even as they’re getting pinched competitively in the consumer space, Symantec and McAfee confront constrained corporate budgets.

According to Bloomberg, Goldman Sachs Group reported this month that enterprise global spending on security programs next year will grow about 5 percent, compared with an 8 percent increase for all enterprise software.

Network World on Challenges Facing Security Vendors in China

An interesting article appears in Network World today regarding the challenges security-software vendors confront in trying to crack the Chinese market.

The obstacles are manifold, including product-localization issues, finding the right distribution channels, and product pricing.

Regarding product localization, China has not only its own language and dialects, but also its own unique types of malware. To address that challenge, McAfee has hired a research team to develop defenses against exploits that target popular Chinese applications.

Similarly, the channels through which Chinese buyers, particularly consumers, obtain security software are different from those preferred by Westerners. Whereas Americans and Europeans often adopt the anti-malware software that comes bundled on PCs, Chinese consumers prefer to download their own security software or to use online virus-scanning services. They also favor anti-malware subscriptions from Internet service providers.

Last but certainly not least, Chinese consumers of security software favor low-priced offerings, which come primarily from home-grown vendors such as Rising, Kingsoft, and Jiangmin. Western vendors of security software are among China’s consumer-market leaders measured in sales revenue, according to Gartner numbers cited in the article, but they lag in unit-volume market share and find themselves under pricing pressure.

The unique challenges of the Chinese market are worth bearing in mind as one attempts to grapple with how quickly, and how effectively, security-software vendors can increase sales in that part of the world.

Cisco Extends Security Portfolio with ScanSafe Acquisition

Cisco announced the acquisition of hosted-security vendor ScanSafe today. To acquire ScanSafe, Cisco will part with $183 million in cash and retention-based incentives. If all goes according to plan, the deal will close in Cisco’s fiscal second quarter of 2010, which equates to the calendar year’s first quarter.

Based in London and San Francisco, ScanSafe is a market leader in software-as-a-service (SaaS) Web security, serving customers that span small- and mid-size organizations as well as large enterprises. Among ScanSafe’s customers are Google, AT&T, and Sprint.

ScanSafe’s competitors include Blue Coat, Websense, Symantec, McAfee, Kaspersky, Purewire (now part of Barracuda), and Zscaler. According to market research from IDC, ScanSafe held more than 30 percent of the worldwide SaaS web security market, on a revenue basis, in 2008.

In a press release announcing the acquisition, Cisco said web security will be a $2.3 billon market by 2012. Presuming Cisco can expand upon and extend ScanSafe’s market presence, the networking giant looks well placed to see a return on its investment before long.

Cisco foresees ScanSafe meshing well with its IronPort on-premise content-security appliances. With the IronPort web-security appliances and ScanSafe’s web-based security services, Cisco’s security portfolio encompasses either premise or hosted security as well as a hybrid approach combining both.

When the acquisition closes, Scan Safe will be subsumed within Cisco’s Security Technology Business Unit (STBU).