Troubled waters

The entire security industry is split between those companies that wish to create holistic security and management systems, and those that wish to specialise in certain products. Which produces the ideal scenario for the customer?

Share

Perhaps it's apt that Symantec chose "Hamlet" as the code name for its Endpoint Protection Version 11. After all, the infamous, indecisive prince of Shakespeare's tragic tale suffered from longing ambition and a failure to vanquish his enemies to achieve his ultimate aims.

The same might be said not just of Symantec, but of the entire security industry as it tries to sort out its ultimate composition. Consolidation versus standalone companies. Best-of-breed point products versus holistic suites of security technologies. Security specialists versus one-stop shops for all IT needs.

Symantec is just one example of the Hamlet dilemma. Since its 2004 merger with Veritas, critics have charged that the world's largest security company has lost its focus as it has broadened its horizons into storage management software. Long-time customers and partners have complained bitterly about the decline in quality in Symantec's security technology and support.

Earlier this year, Symantec's resellers were in near revolt over the bloated Symantec AntiVirus Corporate Edition 10, calling it an ineffective, unmanageable "resource hog." Hamlet is designed to restore confidence in Symantec's security products.

"We're trying to be more cognisant of users and their resources," says George Myers, a Symantec director of product management on the Hamlet project. "None of these technologies is a silver bullet, which is why you need layered technologies."

Symantec Endpoint Protection combines the power of multiple security technologies--software firewall, antivirus and malware protection and intrusion prevention--in a package with a significantly smaller footprint that its predecessor. It reportedly will have a 21MB footprint as opposed to the nearly 100MB of space required for Version 10.

Symantec hopes its new release will help squelch its critics. Some customers and, no surprise, competitors blamed Symantec's security product woes on a lack of focus. Since the 2004 merger with Veritas, Symantec has spent most of its energy on the storage market and lost its way on security, critics charge. While Symantec made key strategic acquisitions to bolster its security offerings, such as the purchase of Sygate for its endpoint security and Altiris for configuration management, it completely abandoned the security hardware market and the rapidly growing unified threat management appliance market. Meanwhile, the onetime world's largest freestanding security company is now drawing most of its revenue from storage and data management software sales, particularly through the sale of products it inherited from Veritas. According to the 2007 Symantec annual report, gross revenue soared more than $1bn (£500m) and profits jumped by nearly $350m (£170m), buoyed primarily on the full inclusion of Veritas revenue.

By comparison, Symantec's profits were $156m in 2006, and its net earnings and profitability per share were slightly lower than comparably smaller CA (formerly Computer Associates). Dollars and cents are only one measure of success; the decline in security product quality has led some to question Symantec's acquisition of Veritas, wondering if it was a mistake to drift away from the company's traditional security core. It's criticism that Symantec CEO John Thompson shrugs off.

"People certainly have an opinion about what we should or shouldn't do, but we're focused on helping customers better manage and protect their information," says Thompson.

With antivirus commoditised and on the verge of becoming valueless with the entry of Microsoft into the market, the major security vendors, Symantec, McAfee, Trend Micro and Check Point Software Technologies, are moving at warp speed to position themselves for the next evolution in risk management: data leakage. At the same time, noncore security vendors, such as Cisco Systems, IBM and EMC, are moving deeper into the security markets through organic development and strategic acquisitions. Never mind the hundreds of small security vendors that are peddling their wares in hopes of building the next big powerhouse (or achieving enough critical mass to warrant acquisition).

Find your next job with computerworld UK jobs