The following is a post from security analyst Mike Rothman's blog Security Incite. Learn more about Mike and his blog at the bottom of this post.
In the last post, I went into
McAfee is calling their initiative "security risk management," and as I mentioned on Tuesday morning, I'm not a huge fan of taking two nebulous categories (security and risk) and mashing them together to get something meaningful. So I'm not a big fan of this tag line either, but these are pretty minor nits compared to the strategy.
The world according to McAfee breaks up into two domains: threat prevention and compliance. NAC is in there two, but it's not clear how it relates to the other domains quite yet. This is wrong because they don't factor in identity or information/data security -- but they don't have those pieces yet -- so I'll forgive them. But if you are going to make a strategic statement about how security needs to be done, you can't really leave anything out.
Threat prevention is the traditional McAfee business -- antivirus, IPS and antispyware. Throw a little SiteAdvisor magic dust in and the business is pretty competitive. They'll need to add application control to make a complete story for threat prevention from end to end, but those pieces are pretty much there.
Compliance is a conglomeration of what McAfee's shopping spree has yielded of late. By aligning the original Foundstone stuff, with the newly acquired Preventsys and Citadel technologies, McAfee can now set a policy, find broken stuff and fix it. That's pretty slick.
Of course, it'll take some integration -- but not a brain transplant. Why? Because McAfee has always built management of their disparate products into the ePO management console. This is a huge advantage tactically over Symantec, who has never delivered on any kind of console to speak of. ePO is McAfee's secret weapon, and they are acknowledging it -- which is a good thing.
As I mentioned above, the weakness is really more about not having all the pieces, rather than anything relative to the strategic direction. McAfee must do more on the content/data/information side, and they need something in the identity space as well.
So how do they get there? I suspect they don't. Now with the options overhang gone, the old management cleaned out, and a lot of the pieces assembled -- McAfee is clearly a target for a HP, Juniper or even Cisco. The synergies with HP are pretty obvious. Plug ePO right into OpenView and, combining that with the newly acquired Mercury on the application side, and you've got a very complete story.
Given these new strategic initiatives from both Symantec and McAfee, big is the new small strikes with a vengeance. The second tier antivirus vendors find themselves that much further behind as the desktop suites become increasingly part of a larger security story. These folks (Trend, Sophos, Panda, Kaspersky, et al) need to either get out the check books and start buying their way to a broader offering or put on their Sunday best, paint some lipstick on the pig and try to get a deal done.
|About the author|
You can check out what Mike's ranting about today on his Web site (http://securityincite.com), by reading his blog via RSS (http://blog.securityincite.com) or by subscribing to the Daily Incite newsletter (send email to dailyincite (at) securityincite (dot) net). Mike Rothman is President and Principal Analyst of Security Incite, an independent information security research firm. Having spent over 15 years as an end-user advocate for global enterprises and mid-sized businesses, Mike's role is to educate and stimulate thought-provoking discussion on how information security contributes to core business imperatives. Prior to founding Security Incite, Mike was the first network security analyst at META Group and held executive level positions with CipherTrust, TruSecure, and was a founder of SHYM Technology. Mike is a frequent contributor for TechTarget and a highly regarded speaker on information security topics.
This was first published in October 2006