Problem solve Get help with specific problems with your technologies, process and projects.

A tale of two strategies -- Symantec and McAfee, part 1

Security analyst Mike Rothman comments on Symantec's Security 2.0 initiative.

The following is a post from security analyst Mike Rothman's blog Security Incite. Learn more about Mike and his blog at the bottom of this post.

It's about time the Big AV players acknowledged that their business is fundamentally changed. Over the past two weeks, both Symantec and McAfee announced new strategies, extending beyond milking the AV cash cow -- into trying to solve broader security and risk problems for customers. I'll do two pieces examining both Symantec and McAfee's new strategies.

Both Symantec and McAfee have done a lot of acquisitions over the past couple of years, but neither did a very convincing job of explaining how and why these deals made sense. I put them largely in the bucket of "put more crap in the bag" strategies of giving reps more to sell and pray they can figure out what to sell and when.

But, I like the strategies that both have put in place for moving forward. Symantec finally has a story that starts to integrate the VERITAS storage management products into the Big Yellow. McAfee also does a nice job of reconciling their recent acquisitions, as well.

A tale of two strategies -- Symantec and McAfee, part 2
Read Mike's analysis of McAfee's new strategy.

Let's dig into the Big Yellow's plans a bit more. Symantec is calling their initiative Security 2.0. I hate it. Well, the name anyway. It makes their approach seem more like a fad, rather than a sea change of how security should be done. I get that part of their offerings are protecting the identity of users online and Web 2.0 is all about user-generated content, but it feels icky to me. Kind of like a used car salesman.

Which is too bad because Symantec has filled a couple of big holes in their offerings -- in the identity space, leak prevention and database/data center security. By partnering with VeriSign and hooking the new Norton Confidential consumer anti-fraud and anti-phishing product to VeriSign's VIP network -- we see the potential of the first broad Identity Service Provider.

Will it happen? I've got no clue. Having hooks to the VIP Network on the hundreds of millions running Symantec's AV will give it broad distribution. But we also thought that having Cisco's Trust Agent distributed with the AV products would help spur adoption of the C-NAC Framework -- which didn't happen. So we'll see, but it's a good partnership on both sides.

Secondly, Symantec has upgraded their mail security offerings to do outbound content filtering. It's about time on that one. Folks like CipherTrust (now Secure Computing) and ProofPoint have been doing this for years and it's becoming increasingly important. Outbound email is also a logical first place to start with leak prevention because that's where many users feel the most pain. Of course, Symantec needs to make a broader statement about supporting multiple protocols, which will likely involve buying something that's a bit broader.

Next, they announced a database security product and initiative that finally gives all of those VERITAS folks something else to sell to their data center customers. It's a new product and will take some time to mature, but that's fine -- database security is still an early market. Any success that Symantec has in this space will likely kick off yet another feeding frenzy to acquire the myriad of database security players out there.

Finally, Symantec announced a strategic relationship with Accenture. I had initially overlooked this deal when I did my quicky analysis last week, but this is actually the most important part of the strategy. Why? Because Symantec is not credible with the CIO. They think they are because they are big, but they aren't. CIO's don't care about AV. They don't care about optimizing storage. They have folks to do that for them.

CIO's care about how to leverage technology for competitive advantage. That's what Accenture does. They've got the relationships to get Symantec an audience with the right people, and if the partnership gets any traction -- they'll be built into Accenture's huge projects as the security component. Of course, this is easier said than done -- given the loose partner-driven fiefdom model of all of the big integrators -- but it's a start.

But most of all, I like that Symantec finally has pieces along all parts of the Pragmatic Security Architecture. Adding the identity piece (even if it's a start) and a presence in information/data security gives Symantec a much broader, more coherent and more strategic story. They still spout the compliance word and that's fine.

So two years (and countless senior managers) later, the pieces are starting to come together for Symantec. It's about execution now, The big hole is still integration of all these disparate pieces, something that McAfee's ePO does well. It's not enough to have everything in a yellow box; all of these products need to work together and provide the CSO with a more compelling "dashboard" to manage policy and remediate broken stuff.

About the author
Mike Rothman

You can check out what Mike's ranting about today on his Web site (, by reading his blog via RSS ( or by subscribing to the Daily Incite newsletter (send email to dailyincite (at) securityincite (dot) net).

Mike Rothman is President and Principal Analyst of Security Incite, an independent information security research firm. Having spent over 15 years as an end-user advocate for global enterprises and mid-sized businesses, Mike's role is to educate and stimulate thought-provoking discussion on how information security contributes to core business imperatives. Prior to founding Security Incite, Mike was the first network security analyst at META Group and held executive level positions with CipherTrust, TruSecure, and was a founder of SHYM Technology. Mike is a frequent contributor for TechTarget and a highly regarded speaker on information security topics.

Dig Deeper on Cybersecurity risk assessment and management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.