Symantec & The Enterprise Security Market

By

Andrew Braunberg

and Tere Bracco

Symantec Corporation is a leading enterprise security vendor with a wide range of products to address the needs of enterprise customers with products including:

• Norton AntiVirus suite
• Software and hardware-based firewall/VPN solutions
• Host and network-based intrusion detection
• Content filtering products
• Vulnerability management solutions

Moreover, Symantec Security Services provides information security services through four service families: consulting services, implementation services, managed security services, and education services. As a sign of its aggressive move into the Enterprise Security market, Symantec has spent billions of dollars on acquisitions, including:

• Axent
• Mountain Wave
• Recourse Technologies
• Riptech
• SecurityFocus

These products legitimized and essentially provided the framework to enable Symantec to push further in its plans to be a market leader in enterprise security.

Markets/Sales Strategy

Symantec’s marketing and sales efforts are largely determined by customer type, using the following channels:

• Internal Enterprise Unit: Sells directly to large enterprises and has system integrators and VARs that sell to top enterprise customers.
• SMEs: Symantec uses VARs, resellers, and its own telesales force.
• Consumers: The company enjoys numerous OEM agreements with leading PC and Internet product manufacturers such as HP, Intel, Toshiba, and Gateway, through which Symantec expects to ship nearly 36 million Symantec products over the next few quarters.

In spring 2003, the company launched the Symantec Technology Partner Program, establishing standards for interoperability between Symantec technologies and security and infrastructure products from other vendors. The program simplifies the engagement process, allowing qualified partners to integrate their products with Symantec’s Enterprise Security Architecture by providing integration tools and development support. The integrated products will be jointly sold and supported by Symantec and participating partners.

Symantec has allied its security solutions with PricewaterhouseCoopers’s security services to provide end-to-end security management and solutions for enterprise customers across their entire network environment. Symantec has also announced the Managed Security Services Partner Program enabling solution providers to sell outsourced Symantec managed security services to enterprise customers.

Analytical Summary

We are taking a positive stance on Symantec in the enterprise security market in terms of its intrusion detection and antivirus systems. The company is an industry leader in both host-based intrusion detection and desktop antivirus. As the intrusion detection market continues to become markedly more competitive, Symantec must continue to innovate if it is to remain one of the top three vendors in that segment.

The company’s traditional strength is its host-based IDS, Intruder Alert. The product is the recognized market leader in host protection through its ability to provide real-time monitoring of systems. To shore up its network IDS, the company acquired Recourse Technologies, and will work at integrating its ManHunt solution with Intruder Alert.

Additionally, the company provides policy-based management and a three-tier architecture for centralized management. Symantec faces a rough transition, however, in its key product groups as the market continues to change. For example, the host-based IDS market is quickly moving toward intrusion prevention products, which are now undoubtedly recognized as the clear evolution within the product group. Additionally, when competing with ISS, Cisco, and NFR, the company is at a disadvantage because it has not developed a hybrid IDS with integrated host and network- based capabilities, although it will now aim to do that following the Recourse acquisition. Integration will be a key feature as the company moves to integrate its spat of recent purchases. In the antivirus market, Symantec has focused too exclusively on McAfee, and has somewhat lost sight of Trend Micro. If the market continues to see the rise of gateway antivirus solutions, Symantec will be at a disadvantage in competing with Trend Micro, which has greater than 60% marketshare in the segment.

Strengths & Weaknesses

Strengths

• Symantec’s Intruder Alert host-based IDS is the recognized market leader that helps the company hold a spot as one of the top three vendors, along with Cisco and Internet Security Systems. IBM now offers Intruder Alert for deployment within its managed security customer base; and PricewaterhouseCoopers’s Security and Privacy Practice plans to integrate Symantec’s security solutions as an integral part of its Enterprise Security Business Model, aimed at providing customers with comprehensive security solutions.
• Symantec’s acquisition of Recourse Technologies gives the company a top network IDS in ManHunt and a unique deception-based IDS with ManTrap.
• Norton AntiVirus continues to experience market gains in the enterprise antivirus marketanticipating sales of nearly 36 million Symantec security products
• Symantec has a broad antivirus product portfolio with Norton AntiVirus for Desktop and Servers, Gateways, Microsoft Exchange, Lotus Notes/Domino, and its all- inclusive Enterprise Edition with gateway, server, and client protection bundled together. The company also has CarrierScan Server and Command Line Scanner.

Weaknesses

• Symantec has a broad array of security products, but these are primarily point products for enterprise. The company lacks a seamless, comprehensive product suite that fits into its security architecture.
• The company is not a market leader in the gateway antivirus market. Trend Micro is the clear market leader in this segment.
• Intruder Alert has been on the shelf a long time. The host-based IDS market is shifting toward intrusion prevention, but Symantec hasn’t yet.
• Symantec will have to work to integrate ManHunt and ManTrap into the Symantec security architecture. The company also faces integration issues from its acquisitions of Mountain View, SecurityFocus, and Riptech.
• Symantec has little integration between its Intruder Alert and NetProwler host and network-based IDS compared to leading competitors.
• The OEM agreement between Symantec and Linksys, a recent Cisco acquisition, further complicates the competitive relationship between Cisco and Symantec, most notably in the SME and SOHO market segments.

Recommended Vendor Actions

• Symantec must begin to execute on its acquisitions and work at releasing an integrated ManHunt/Intruder Alert solution. It also must work to integrate its new solutions with technology acquired from Mountain Wave.
• The company must continue to innovate in its core competency of antivirus protection. However, it must shift some of its focus away from McAfee and realize that Trend Micro is the clear market leader in the market’s greatest growth segment gateway antivirus.
• The company needs to monitor its Gateway Security appliance market sales and consider a price drop as that market heats up with the entrance of TippingPoint Technologies.
• The company should look into the burgeoning inline IDS market with its confident newcomers IntruVert and OneSecure (now Netscreen), and consider its future prospects in that market.
• Symantec must look specifically to update its Intruder Alert product with technologies that can more attractively compete with Entercept, OKENA, and other planned intrusion prevention products.
• Symantec needs to keep a watchful eye on Network Associates and any progress the competitor makes with its recent acquisitions and intention to release two dozen new or enhanced products in 2003.

Recommended Competitor Actions

• Enterasys should continue to advance sales of its hybrid Dragon IDS, while also developing and expanding its host-based intrusion prevention and inline network-based protection. Enterasys should also argue that it is better positioned and better able to execute on its security initiatives than Symantec, particularly given its corporate emphasis on Secure Harbour.
• Cisco needs to market its Secure IDS and Entercept solutions as two market and technology leaders. The company should also work to provide improved integration between the products and central management capabilities.
• Cisco must also integrate its Psionics acquisition rapidly to overcome false positives and data overload-a general symptom of security products.
• ISS must continue to advance its new management console, RealSecure SiteProtector, along with its well- regarded hybrid IDS.
• Intrusion Inc. must market its OKENA OEM license heavily to demonstrate that it now has a leading host-based intrusion prevention product to work in tandem with its SecureNet product family.
• Computer Associates (CA) should quickly follow through on plans to revamp its North American channel organization to better integrate partner solutions with its own. CA should capitalize on the efficiencies created by its new Technology Services unit (a combination of the company’s former presales technical and professional services teams) to streamline the process of integrating partner solutions to get them to market faster.

Recommended End User/Customer Actions

• Companies wanting to purchase a multifunctional gateway appliance, particularly SMEs, should explore the Symantec Gateway Security appliance and decide whether it’s a solution that would fit their security architecture.
• Recourse customers need to ask about support issues as the products are transitioned into the Symantec product family.
• An enterprise wanting to purchase an established, safe, and respected host-based IDS should look no place other than Symantec, which remains the market leader despite little recent product innovation.
• Large enterprise solutions shopping for one security provider that can plug many of its security holes should strongly consider Symantec, a leader in a wide range of enterprise security products.