Symantec Brass Tackles Complaints, Touts Progress

As top management puts the best face forward on security and compliance at the annual Vision conference, some Symantec customers wonder where's the beef for product support, encryption and identity management.

SAN FRANCISCO—Symantec will seek to extend its security protection beyond the client and infrastructure to encompass Web 2.0 models and data, top executives told an assembly of partners and customers here for the annual Vision conference.

But as the company announced new compliance packages, some attendees wondered where the company was headed on technologies such as identity management and encryption. Or the quality of support on storage-centric data lifecycle management.

Following his keynote address, Symantec Chairman and CEO John Thompson addressed questions from the crowd. Some customers were upbeat on the companys progress in melding the storage products from Veritas Software, bought by Symantec in 2005, while others had their share of gripes.

"We have struggled to ramp resources in support of the enterprise archiving product," said Thompson in response to the complaint, promising that the problem is being addressed by increased training.

/zimages/4/28571.gifRead more here about why fusion looked difficult for Veritas and Symantec.

In his keynote address, Thompson said the company is moving to create a trusted computing environment spanning three primary areas of computing: infrastructure, which includes both client and network resources; information, or data records and resources; and now "digital interactions," or the creation of a secure identity for electronic commerce.

"With emerging online models, such as Web 2.0, driving more robust collaboration, we must expand our focus beyond protecting the infrastructure and the information to protecting digital interactions. As more interactions happen online, it becomes critical that each and every one of us—enterprises and consumers alike—can prove to the other that we can be trusted."

Thompson warned that confidence in online commerce is already being eroded because of lack of confidence in security and identity.

"At the foundation is a process in which customers and businesses can authenticate their identities to each other," he said, adding that the company will detail its "Security 2.0 vision" later in the week.

However, later in the Q&A session after the keynote, Thompson was pressed about the companys plans for incorporating identity management capabilities in its software suites. He said the company currently views identity management as a part of compliance, rather than the "interactions" between customers and an e-business.

[Identity management] is a critical component of the stack, so we have to participate. Today we participate with partners—we are agnostic in our strategy. We will embrace the technologies that other companies bring to the marketplace, and they will be manageable within the context of Symantecs security management approach," he said.

According to Thompson, Symantec isnt "at this moment in the identity management business—but its an area of great interest."

Thompson called out the companys security credentials for the audience and cautioned over changes in the market.

He said the primary threat to information is no longer a "large-scale, fast-moving virus or worm," and instead is a criminal enterprise, who are "more interested in anonymity than in notoriety."

"Last year alone, there were at least 130 large-scale data breaches, some innocent, some inside jobs by employees and some the work of skilled criminals," Thompson said.

/zimages/4/28571.gifSymantec beefs up its counter-phishing effort. Click here to read more.

The executive said the company is the worlds fourth largest software vendor and invested 15 percent of its annual gross revenue into R&D.

He said the companys security researchers operate a worldwide network of more than 24,000 sensors and track vulnerabilities in applications from more than 4,000 vendors.

Meanwhile, while this is the ninth annual Vision conference, it was only the second opened by Thompson; the conference was formerly called Veritas Vision, named for the backup software company bought by Symantec in mid-2005. Naturally, Thompsons address drilled into the storage side of the business.

He pointed to various compliance initiatives, how the company is addressing the expanding needs of compliance regulations as well as internal requirements within organizations and the combining of data filtering with storage, boosting the effective management of data resources.

/zimages/4/28571.gifClick here to read how Symantecs Intelligent Archiving Partner Program works with records management, ECM and content classification vendors to make e-mail more accessible.

For example, Thompson said that e-mail messages now may contain up to 75 percent of a companys intellectual property. But today, managers need to address other messaging formats.

"Today, we also need to think about the information contained in instant messages, VOIP [voice over IP] connections and various forms of Web collaboration. Effectively managing your messaging environment requires real-time protection at all layers of the infrastructure. That means being able to filter out the spam and other garbage, block malicious traffic and protect the endpoint devices connecting to the enterprise," he said.

While concerns over encryption were on the minds of a number of attendees, the subject didnt appear to be on Thompsons hit list.

"Encryption is one area where Symantec isnt heavily invested," observed one systems manager of a large enterprise to eWEEK after the keynote address.

"I want to hear where Symantec is going with encryption and how it can be integrated into a backup environment. Is the [encryption] level at the frame, the drive or software? You can do it at many levels, but there seem to be multiple schools of thought on how to integrate encryption," he said.

Thompson was pitched questions on encryption during his address. He pointed to other Symantec security products and strategies, such as the companys Database Security and Audit solution that monitors database transactions in real time and flags requests that dont comply with company policy or might represent an external attack.

"We dont deliver encryption technology, per se. But there are many techniques that look at the behavior of a packet of information as it travels over the Web and [examines] the behavior pattern to see if it might be malicious or some form of problematic packet. And then take actions to mitigate risks from that packet."

Symantec also announced that an IT compliance solution set will be available from its value-added resellers. The solution comprises Symantec BindView Policy Manager, Control Compliance Suite, Security Information Manager, Enterprise Vault, IM Logic, Symantec Enterprise Protection, Symantec On-Demand Protection, Symantec Sygate Network Access Control, Symantec Client Security and NetBackup.

/zimages/4/28571.gifCheck out eWEEK.coms for the latest news, views and analysis on servers, switches and networking protocols for the enterprise and small businesses.