Linking the Safety Chain

Symantec branches out from anti-virus arena; strategy aims for integrated security lineup.

At a time when security options are becoming increasingly fragmented with many vendors concentrating their resources on specific, sometimes-arcane pieces of technology, Symantec Corp. is betting that the old concept of an all-in-one vendor has some life left in it.

The company, best known for its Norton AntiVirus product, recently moved into other areas of security and is working to solidify a strategy that its executives call integrated security. The plan includes more than just offering a wide range of security products, encompassing security response, event monitoring, managed services and even consulting services.

Symantecs plan is to become the security vendor of choice at every level of the network.

"The broader picture for us is integrating our security vision at the gateway, server and client. Weve really stepped up to the vision of integrated security," said Gail Hamilton, executive vice president of product delivery and response at Symantec, based in Cupertino, Calif. "The customers dont care about the technology, whether its delivered on software or on an appliance. They just want to be protected."

A key element of the new plan is an effort to integrate the companys products with other vendors wares as well as with the custom applications that enterprises develop on their own. Symantec is working on a way to connect its products with management consoles such as IBMs Tivoli software and Hewlett-Packard Co.s OpenView.

Symantecs new vision is most visible in its new Gateway Security appliance, an all-in-one box that provides a firewall, anti-virus software, a virtual private network, intrusion detection and content filtering. The idea, Hamilton said, is to take the management headaches out of the process.

"There was a clear need for a dedicated box at the gateway because it provides better security, the operating system is secure and its easier to manage," she said.

Symantec also has recently moved into managed security services, a market that has been less than kind to many early players. The company offers enterprise customers 24-hour monitoring of their security infrastructure, as well as management and security response services.

While acknowledging the problems faced by many of the dedicated managed security services companies, Hamilton said she believes there is still plenty of customer demand for such services.

"Overall, the industry had such high expectations for managed security services," she said. "Theres still a great need because of the lack of security expertise in midsize to small companies."

Symantecs security response services—providing virus alerts, removal tools and advice on network security—will be a key part of the new strategy as well.

"We see a world with an ever-increasing level of threats, and that requires comprehensive security and integrated response," Hamilton said.

The companys next move will be integrating into a cohesive whole its various client-level security products, which currently include various consumer anti-virus products, the Norton Internet Security suite and Norton Personal Firewall.

Of course, what Symantec is trying is not new. Vendors ranging from Network Associates Inc. to RSA Security Inc. in the past have outlined similar strategies, only to see them disintegrate due to a lack of focus and a tendency to spread resources too thin. Indeed, NAIs failure at this gambit is probably the most conspicuous.

The Santa Clara, Calif., company grew quickly through dozens of acquisitions in the 1990s and eventually found itself with a scattered portfolio of unrelated products, including anti-virus software, the famed PGP (Pretty Good Privacy) desktop encryption software and its Sniffer network diagnostic tool.

When a new management team took over the companys reins early last year, CEO George Samenuk quickly set about dismantling this strategy in favor of a more focused plan. He sold off some assets, including portions of the PGP line and the Gauntlet firewall, and killed others outright.

NAI emerged from the cleansing with a smaller line of products—not to mention a lower head count after axing the PGP division—focused around its core enterprise and consumer anti-virus offerings.

The goal, Samenuk said, was to sell only those products that were either leaders in their category or had a strong chance of becoming leaders.

Symantecs corporate history has followed a trajectory that is remarkably similar to NAIs: growth through acquisitions, an early focus on anti-virus software and now an attempt to become the dominant player in the security market. But Symantecs Hamilton said the companys strategy is more about offering interrelated and complementary technologies and not being dependent on one product than it is about selling one of everything.

"Weve made significant movement toward not being just an anti-virus vendor," she said. "Well still have a very strong presence there" but will place increased emphasis on other parts of the product line as well.

While Hamilton said she is confident that Symantecs new strategy is the right one, she still has doubts about the overall strength of the security market, despite widespread predictions of a spike in spending following Sept. 11.

"The thing we have seen is on the consumer side, the atmosphere has made consumers nervous," she said. "Security remains No. 1 or 2 on CIOs lists of priorities. In large part, people expected the government to step in [and spend money on security]. Theyve started, but, boy, is it slow."

Related Stories:

  • Review: Symantec Box Ably Melds Security Tools
  • Symantec Debuts New Software Licensing Structure
  • Symantecs Q3 Earnings Above Expectations
  • Virus Defense Gets Fortified