Category Archives: McAfee

McAfee Commits to China, Establishes Wholly Owned Subsidiary

As I’ve discussed previously in venerable forum, security-software vendors face unique challenges in trying to crack the potentially lucrative Chinese market.

Notwithstanding those challenges, security-software market leaders such as Symantec, McAfee, and Trend have every intention of pursuing opportunities in China. To do so, they must find the right mix of product offerings (including localization), positioning, pricing, and channel partners.

To succeed in China, though, vendors must commit to China. Responding to that imperative, McAfee said yesterday that it would establish a new wholly owned subsidiary in China.

In Beijing to make the announcement, Dave DeWalt, McAfee’s president and CEO, issued the following statement:

“China offers compelling opportunities for McAfee. China has great potential as a center for manufacturing, research and development for McAfee and is also a significant burgeoning market for our products. McAfee has continuously strengthened its presence in China over the last decade and we are planning to expand our investment in the near term to take full advantage of the opportunities China presents.”

McAfee estimates that its potential addressable market in China will grow from about $390 million in 2009 to $1.09 billion in 2013.

In a press release accompanying the announcement of its new Chinese subsidiary, McAfee explained that its Chinese expansion also would include the following:

• A new call center planned to open in Beijing in February 2010 to service the mid-market segment, particularly in smaller cities across China.

• Additional headcount in functions including sales, sales engineering, marketing, support and research and development (R&D), including a planned doubling of the field sales organization in 2010.

• Recently signed reseller partnerships with both Neusoft and CS&S (China National Software and Services) who have become premier partners for McAfee products in China.

• A partnership with Lenovo to market McAfee VirusScan products through Lenovo retail outlets across China, opening up a significant retail channel for McAfee and contributing to our position as the world’s largest dedicated security technology company. McAfee products ship on more than 50% of the PCs shipped by the top 10 PC OEMs.

• A partnership with Dell to offer China consumers 15 month subscriptions on all their retail and direct systems with a Microsoft Windows preinstalled.

McAfee also plans to strengthen existing partnerships in the Chinese market and to establish new ones. Prior to the announcement, McAfee operations in China included sales, manufacturing of the McAfee Unified Threat Management Firewall, and an R&D team focused on mobile security, localization, and security research.

The cornerstone of this move, though, is the establishment of the wholly owned subsidiary. As DeWalt explained to PCWorld, McAfee’s formation of the subsidiary will give the company greater flexibility and more options relating to its China-based manufacturing and to the regulatory approval of its products.

Those considerations are significant. In China, McAfee not only competes against its traditional rivals, such as the aforementioned Symantec and Trend, but also against domestic Chinese software companies that have benefited from home-field advantage in more ways than one.

Advertisements

McAfee Maps the Malware World

The mind of the average cyber criminal is dark, devious place. These are people who spend considerable time thinking about how they can deceive you, the unsuspecting Internet voyager, for fun and profit.

McAfee, whose business it is to defend against the misdeeds of online malefactors, has just published its third annual “Mapping the Mal Web,” report, which provides insights into which top-level Internet domains (those suffixes at the end of web address, such as the “.com” and “.edu” designations) are the most frequent and likely harbors for malevolence.

For as long as humans use keyboards as a mechanism for alphanumeric communication, typographical errors will be with us. The Internet’s evildoers try to exploit such human frailty, which is why Cameroon’s domain, “.cm,” has risen to the top of the malware charts. All it takes is rushed keystrokes, and one can easily be transported to an Internet tar pit rather than to a desired destination.

That isn’t to say all “.com” sites are safe havens. McAfee finds that the designation for commercial sites ranks second, behind only Cameroon’s domain, as a source of online risk. Whereas McAfee assigns a weighted-risk ratio of 36.7 percent to Cameroon, it gives “.com” a ratio of 32.2 percent. (You can read about McAfee’s methodology, about the weighed-risk ratio, and about caveats associated with the study at the McAfee website hosting the report.)

The news isn’t all bad. Hong Kong (.hk) went from being the top-level domain with greatest number of risky registrations to an overall risk ranking of 34th in this year’s report. While you should never drop your guard completely while online, McAfee says your safest Internet travels will be among the domains associated with government (.gov), Japan (.jp), education (.edu), Ireland (.ie), and Croatia (.hr).

In considering where to register malicious websites, according to McAfee, scammers and hackers account for the following factors: lowest domain prices lack of domain regulatory control and supervision, and ease of registration.

Online malfeasance is a booming business. McAfee says we should not be surprised:

The evolution of malware delivery toolkits has given even the novice hacker the ability to easily create a fake bank site that challenges all but the most careful consumer to tell the difference. The persistence and proliferation of these phishing sites is in itself proof of this; absent of hacker profitability, phishing would disappear. Likewise, the explosion in the use of social networking sites and communication tools has exposed even more consumers to malware authors.

I suppose one could draw some dark inferences about humanity from the criminality manifested online. Then again, what’s new isn’t the evil, nastiness, and wrongdoing by some people against others. That’s been with us from time immemorial. What’s new, of course, is that the Internet has provided a venue in which certain criminal activities can become anonymized, unprecedentedly stealthy and surreptitious.

What this tells us is that even the best anti-malware can only go so far in providing us with online protection. Many Internet criminals are proficient social engineers. It’s incumbent on us all to rely at least as much on our wits as on our firewalls and anti-virus software.

What follows is a color-coded map, excerpted from the McAfee report, ranking countries according to the relative risk of their Internet domains.

InternetDangerNations2.jpg

McAfee and Symantec Contend for Market Share and Stock-Market Favor

Two major security-software vendors released their latest quarterly results this week. It’s instructive to look at how the markets reacted to those results and to look ahead and see what we can discern about each company’s prospects moving forward.

Symantec, which had been struggling in prior quarters, surpassed the expectations of market watchers in its second quarter, which ended October 2. Excluding certain costs, profit was 36 cents a share; analysts had predicted 33 cents on average, according to a Bloomberg survey. Including revenue from acquired companies, sales were $1.48 billion, exceeding the average estimate of $1.43 billion, but down three percent from the same quarter a year ago.

Symantec saw six-percent growth in its sales of security software to consumers. Sales in the storage and server-management segment fell nine percent, while security and compliance sales slid three percent. Symantec, which had previously experienced sales-execution problems in enterprise-security markets, seems to be rectifying that problem, with several high-value deals coming to fruition in vertical markets such as financial services, the federal government, and telecommunications.

Geographically, Symantec saw growth in China specifically and Asia more generally, and it saw a semblance of stability beginning to return to its business in North America.

Extending a previous practice, Symantec will buy back up to $1 billion in shares through public and private transactions. Symantec still has about $57 million remaining under its current share-repurchase plan. The company has bought back over $1.9 billion in shares since the last plan was approved in June 2007.

Share-buyback programs usually enhance the value of remaining shares, but they also have the effect of making it easier for executives to reach performance-based benchmarks because the earnings-per-share value increases as the number of shares in circulations decreases.

The overall theme of Symantec’s results was stabilization, and the market was appreciative. Symantec shares went up after the results were announced.

If Symantec benefited from the market’s low expectations, McAfee was undermined by the market’s relatively high expectations.

You wouldn’t know it from most of the business-press headlines regarding McAfee’s results, but the company actually did well in its fiscal third quarter.

McAfee reported sales of $485.3 million, up 18 percent from $409.7 million in the same period last year, just below the $486.6 million that Wall Street had predicted. Meanwhile, the company reported profit, excluding items, of 62 cents per share for the third quarter, above the average forecast of 60 cents, according to Thomson Reuters I/B/E/S.

The company is seeing slower growth on sales of anti-malware products to consumers. Up eight percent to $177 million in the quarter, consumer sales grew at their slowest rate since 2007. On the other hand, corporate sales grew 25 percent to $308 million, even though McAfee CEO Dave DeWalt said enterprise sales were affected by reduced sales of PC-based anti-malware software to companies that have fewer employees than they had previously. With fewer employees, companies have less need for PCs and PC software, including security products.

DeWalt made an interesting point about software sales to consumers. He noted that accounting rules require McAfee to book revenue from each consumer sale over 36 months. As such, he said, revenue reported in any one quarter is “a backward looking indicator.”As for what transpired specifically in the third quarter, DeWalt said consumer bookings grew 12.5 percent.

Looking ahead, McAfee foresees fourth-quarter profit, excluding items, of 61 to 65 cents per share on revenue of $505 million to $525 million. Analysts expect McAfee to earn 63 cents per share on revenue of $507 million.

McAfee fell just short of expectations on the revenue side, and it was punished accordingly by analysts and investors alike. Conversely, Symantec wasn’t a train wreck, as some analysts had anticipated, so it was rewarded for taking steps toward stability.

Although some of the business press focused on Symantec’s pickup in consumer business, the real battle between it and McAfee will occur in enterprise accounts, from SMBs all the way up to the largest corporations. Even though investors like the margins associated with anti-malware sold to consumers, that market is intensely competitive, even more so now Microsoft finally has a free consumer offering, Microsoft Security Essentials (MSE), that is good enough to cut into the for-pay sales of Symantec, McAfee, Trend, and others.

Neither Symantec nor McAfee will admit that Microsoft is a threat on the consumer front, but, behind the scenes, they must be concerned about market erosion.

Symantec is making considerable effort to rectify the problems it had in its SMB channel. It also won some big enterprise deals. Increasingly, what it does in enterprise markets will be critical to its long-term prosperity. Although evidence suggests McAfee is gaining ground on Symantec in business markets, “big yellow” is getting back to basics and will make its smaller rival earn any further advances.

It won’t be easy for either vendor. Even as they’re getting pinched competitively in the consumer space, Symantec and McAfee confront constrained corporate budgets.

According to Bloomberg, Goldman Sachs Group reported this month that enterprise global spending on security programs next year will grow about 5 percent, compared with an 8 percent increase for all enterprise software.

Network World on Challenges Facing Security Vendors in China

An interesting article appears in Network World today regarding the challenges security-software vendors confront in trying to crack the Chinese market.

The obstacles are manifold, including product-localization issues, finding the right distribution channels, and product pricing.

Regarding product localization, China has not only its own language and dialects, but also its own unique types of malware. To address that challenge, McAfee has hired a research team to develop defenses against exploits that target popular Chinese applications.

Similarly, the channels through which Chinese buyers, particularly consumers, obtain security software are different from those preferred by Westerners. Whereas Americans and Europeans often adopt the anti-malware software that comes bundled on PCs, Chinese consumers prefer to download their own security software or to use online virus-scanning services. They also favor anti-malware subscriptions from Internet service providers.

Last but certainly not least, Chinese consumers of security software favor low-priced offerings, which come primarily from home-grown vendors such as Rising, Kingsoft, and Jiangmin. Western vendors of security software are among China’s consumer-market leaders measured in sales revenue, according to Gartner numbers cited in the article, but they lag in unit-volume market share and find themselves under pricing pressure.

The unique challenges of the Chinese market are worth bearing in mind as one attempts to grapple with how quickly, and how effectively, security-software vendors can increase sales in that part of the world.

Cisco Extends Security Portfolio with ScanSafe Acquisition

Cisco announced the acquisition of hosted-security vendor ScanSafe today. To acquire ScanSafe, Cisco will part with $183 million in cash and retention-based incentives. If all goes according to plan, the deal will close in Cisco’s fiscal second quarter of 2010, which equates to the calendar year’s first quarter.

Based in London and San Francisco, ScanSafe is a market leader in software-as-a-service (SaaS) Web security, serving customers that span small- and mid-size organizations as well as large enterprises. Among ScanSafe’s customers are Google, AT&T, and Sprint.

ScanSafe’s competitors include Blue Coat, Websense, Symantec, McAfee, Kaspersky, Purewire (now part of Barracuda), and Zscaler. According to market research from IDC, ScanSafe held more than 30 percent of the worldwide SaaS web security market, on a revenue basis, in 2008.

In a press release announcing the acquisition, Cisco said web security will be a $2.3 billon market by 2012. Presuming Cisco can expand upon and extend ScanSafe’s market presence, the networking giant looks well placed to see a return on its investment before long.

Cisco foresees ScanSafe meshing well with its IronPort on-premise content-security appliances. With the IronPort web-security appliances and ScanSafe’s web-based security services, Cisco’s security portfolio encompasses either premise or hosted security as well as a hybrid approach combining both.

When the acquisition closes, Scan Safe will be subsumed within Cisco’s Security Technology Business Unit (STBU).

Strategic Alliance between McAfee and Verizon Business Aims for the Clouds

The phrase “strategic alliance” is abused, cheapened, and trivialized through rampant overuse in the information-technology industry. Occasionally, however, a strategic alliance warrants the designation.

Take, for example, the strategic alliance announced today by McAfee and Verizon Business. This is an extensive, far-ranging partnership, bringing together each company’s respective strengths today and extending them ambitiously into the future.

The highlight of the partnership is the companies’ commitment to jointly develop and market a suite of next-generation, cloud-based, managed-security solutions for enterprise and government customers. If this initiative is executed well and brought to fruition, it has the potential not only of being lucrative for McAfee and Verizon, but also of providing a secure foundation for the widespread adoption and proliferation of enterprise-class cloud computing.

But the announcement wasn’t just about the future. A range of initiatives and services are available immediately.

As of now, for example, Verizon Business will offer its customers McAfee’s full range of enterprise security solutions. The McAfee offerings will broaden the choice of security solutions available to Verizon Business’ customers while helping McAfee expand its distribution channel. That’s a double-edged sword, of course, because there is no question Verizon Business will compete against, and often overwhelm, preexisting McAfee channel partners.

Verizon Business also will offer McAfee’s PCI (Payment Card Industry) compliance services to banks and other organizations that support merchants that handle fewer than 20,000 e-commerce transactions or up to one million credit card transactions annually. It’s potentially a big market, encompassing a group of retailers that accounts for nearly a third of all credit-card transactions.

McAfee and its customers also will gain access to Verizon Business’ network of 1,200 security professionals, providing a lot of feet on the street capable of designing, implementing, and integrating security solutions.

Another interesting aspect to the relationship is Verizon Business’ commitment to provide data-center outsourcing services to McAfee. Verizon Business will help McAfee consolidate its data centers, enabling the latter to improve round-the-clock management of its web-hosting operations and set the stage for rollout of cloud-based security services.

Speaking of which, the cloud-based security services will be managed and operated by Verizon Business. The services will include McAfee security technologies such as firewalls, intrusion prevention services, anti-malware, content control, and SSL VPNs.

A McAfee spokesperson said some of the cloud-based security services are being used now by a small number of customers, but that wider availability is scheduled for mid 2010. That availability will span North America, South America, Europe, and the Asia-Pacific region.

From top to bottom, the partnership is a major breakthrough for McAfee. It will result in some friction with channel partners, but the upside for McAfee more than compensates for the diplomatic overtime its field representatives will have to endure.

It’s a good deal for Verizon Business, too, enabling it to extend its push into managed services. The partnership also allows Verizon to establish a credible security foundation for cloud-based application services, which have understandable appeal to service providers with prodigious hosting facilities.

The partnership stands as a testament to the technology and thought leadership McAfee has established in framing its vision for cloud security. It got out ahead of the curve — and ahead of its competitors — in staking those claims.

Having that edge in a new and potentially lucrative market will serve it well. The consumer anti-malware franchises that Symantec and McAfee built are under increasing attack from free products, including Microsoft Security Essentials (MSE), which is more than good enough to eat into the market share and revenue of the incumbents, especially in a new economic reality that favors parsimony.

McAfee has adapted well, changing its emphasis and apportioning its resources accordingly. The company has more than held its own against Symantec in enterprise markets, and it has taken a leadership position in cloud security. The strategic partnership with Verizon Business represents strong validation that McAfee is on the right course.

Microsoft’s Free MSE “Good Enough” to Take Consumer Share from Symantec, Others

As Microsoft today releases its free anti-malware suite, Microsoft Security Essentials, the for-pay vendors of competing products are moving the goalposts and repositioning to fight on different turf.

A replacement for Windows Live OneCare, the for-a-fee security suite that was retired at the end of June 2009, Microsoft Security Essentials (MSE) includes anti-malware and anti-rootkit protection. It does not come with a firewall, but Microsoft provides a free firewall with Windows.

Microsoft is positioning MSE as a capable, lightweight anti-virus, anti-spyware program, pointing out that it consumes fewer resources than for-pay anti-malware suites from the likes of McAfee, Symantec and Trend Micro. Microsoft also has positioned MSE as a worthy rival to any of the free anti-malware offerings on the market.

As eWeek notes, the product will be available in eight languages and 19 countries.

Mary-Jo Foley of ZDNet’s All About Microsoft points out that Microsoft is aiming MSE at the consumer market, where many customers are unwilling or unable to pay for security software. She explains that Microsoft representatives believed it was worth offering customers a free product to help thwart security breaches on unprotected Windows PCs that could be used as bots to infect other users’ systems.

The free suite is a client-only offering, with no centralized server capabilities. It does not include the enterprise-class business features associated with Microsoft’s for-pay Forefront security products, which provide not only anti-malware protection but also real-time reputation services, archiving, encryption, disaster recovery, and policy enforcement. Then again, not many consumers require those features.

Predictably, the for-pay anti-malware vendors are attempting to change the rules of engagement. Recognizing that Microsoft is a threat to vaporize revenues they derive from for-pay consumer anti-virus products, these vendors are trying to play on consumers’ fears and on Microsoft’s status as a relative newcomer to the anti-malware space.

Said Con Mallon, EMEA Consumer product marketing director at Symantec:

“The security industry has moved on from the product Microsoft is launching. Unique malware and social engineering fly under the radar of the traditional signature based technology employed by free security tools such as Microsoft’s. . . . ”

“We believe the false sense of security provided by this tool is almost as dangerous as having no security at all. The latest generation of internet security is real-time and reputation-based, operating in real-time and not relying on a signature being produced and downloaded before the computer is protected.”

You can almost see the smoke billowing from his ears. Considering some recent anti-malware test results, Symantec might want to hold its fire.

Microsoft’s MSE received plaudits recently from independent testing firm AV-Test GmbH, which evaluated its performance in combating nearly 3,2000 common viruses, bot Trojans, and worms.

Said AV-Test’s Andreas Marx of MSE:

“All files were properly detected and treated by the product. That’s good, as several other [antivirus] scanners are still not able to detect and kill all of these critters yet.”

What’s more, Symantec’s Endpoint Protection failed a recent Virus Bulletin anti-malware test that Microsoft passed using the same AV engine built into MSE.

The fact is, for many consumers, especially in developing markets, what Microsoft is offering with MSE will be sufficient, particularly considering the price. The for-pay vendors of consumer anti-malware suites will lose market share and revenue to Microsoft. It’s not a question of whether they will lose business, but of how much.

Microsoft will continue to charge for its Forefront offerings for enterprise security, and that’s where Symantec, McAfee, and Trend Micro should look to make their stands. In enterprise markets, they will have a better chance to successfully exploit Microsoft’s relative inexperience as a security player.