Is Symantec Still A Safe Bet?


VARs wager on vendors’ products and alliances


The year 2003 may very well turn out to be the best year yet for security software vendor Symantec. The company has managed to consolidate its acquisitions, strengthen its product lines, improve its partner relationships and execute on all cylinders during some difficult market conditions during the past several years. And it has managed to leverage the Symantec brand into a powerhouse at a time when its competitors have yet to prove a compelling case.

Check Point, Network Associates and even Cisco all have Symantec in their sights, and each has had trouble catching up to Symantec in terms of products and customers in the past year. Not bad for a company that was present shortly after the creation of the PC, selling utility software. Symantec has made tremendous progress, keeping a focus on selling security solutions.

Financially, Symantec is sitting pretty these days. The company has managed to weather the storms of the marketplace and actually increased revenue to $1.07 billion last year, up from $944 million the previous year and sustaining decent growth through the doldrums of 2001 as well. On the M&A front, it has continued an aggressive acquisitions strategy since buying the venerable Peter Norton line in 1990, cutting deals for three companies in a single day last August, on top of a long list of other technologies and firms acquired during the company's 20-year history (see Timeline, below).

Indeed, no software company has a better security-related product portfolio than Symantec's: The company has both wide and deep product lines that cover antivirus, intrusion detection, firewall and VPN policy management, security appliances and managed security services. Still, the 150-plus different SKUs might be more confusing than helpful for the average nonsecurity VAR, which is why we have prepared the "Symantec Product Road Map" on page 35. This will help solution providers fit clients with the best Symantec product offerings for their needs.

The good news for VARs is that the company aims to double its revenue during the next three years.

"The majority of this increase is going to have to come from our partners," says John Schwarz, president, COO and day-to-day operations manager at the software giant. "We can't possibly grow our sales force fast enough."

The company is serious about making improvements to its partner programs, with plans to beef up the company portal site, PartnerNet, in the coming year with real-time information on licensing and sales data so that it's more attractive to VARs and solution providers. At the same time, Symantec continues to expand its influence with VARs and large solution providers such as IBM Global Services.

Schwarz is a big cheerleader for his company: "We have the products, the breadth, the brand, the cash, the management team [and] the back-office infrastructure," he says. "I think we have everything we need, and the market is there." Here, VARBusiness explores each of those metrics and digs into what Schwarz means exactly,and we illustrate how close he comes to delivering on each one.

Schwarz is no stranger to the software world. Coming from IBM, he was "present at the birth and death of OS/2" and ran several other large software projects at the company's Toronto research labs.

VARBusiness spoke to him prior to giving one of the keynotes at the InfoSecurity conference last month in New York.

VB: How's business?

Schwarz: Business is as successful as it has been all year long. And it is true for both the consumer as well as for the enterprise side of the business. The enterprise today accounts for about two-thirds of our revenue, so in a space of two-and a-half or three years, we flipped the equation from two-thirds consumer to now two-thirds enterprise, which is very gratifying because that's the strategy we want. We are forecasting a growth rate of somewhere in the vicinity of 30 percent year-on-year for the enterprise.

VB: How does the channel help your growth?

Schwarz: The channel absolutely is helping it because it's the only way we go to market with the consumer. We go to market for the consumer exclusively through [the] distribution process.

VB: How does 2003 look in terms of what you're going to be spending on your programs vs. 2002?

Schwarz: We are going to be increasing the spending commensurate with the increase in our business, so there is not going to be a radically different level of spending. But because our business is growing by 20 percent overall, we'll see a commensurate level of increase in our market spending or go-to-market spending.

VB: Are you happy with the business levels your VARs are seeing?

Schwarz: We are disappointed, frankly, with the level of business we have done with the VAR community to date. We have, as I said, some 2,000 overall VAR partners in our portfolio, but the level of business that is done through that channel that's actually generated by the channel is not adequate and not sufficient, to my mind. So the next year will be clearly spent ratcheting that up.

I'm not talking about fulfillment of businesses that we generate. I'm talking about demand generated that they brought Symantec into. I'm disappointed in our joint execution. I think it's as much our problem as it is [the channel's]. Clearly, we have work to do in certifying their people. Clearly, we have work to do in giving them leads and managing the leads, [and] we have work to do in helping them become more profitable in the way that they use the Symantec solution. So, this is not a knock at the VAR population, but the net effect is inadequate. And the result is not where it needs to be. And not by a large margin.

VB: How has the evaporation of the enterprise IT business affected you?

Schwarz: There has been no evaporation of the IT business relative to security. Customers are spending what they said they would spend on the security budgets. We're seeing the IT overall security spending growing by probably something in the vicinity of 15 [percent] or 16 percent this year.

VB: What events can you point to for this increase? Was this the result of the 9/11 attacks?

Schwarz: No, 9/11 was a government wake-up call more than it was an industry wake-up call. I think it was the actual cost of recovering from NIMDA and Code Red that got our industry in gear. This cost is in the billions of dollars and has given the impetus to the kind of priority that security gets today.

VB: Have you changed any of your distributors in the past year?

Schwarz: No, we have shifted focus and priorities and some marketing dollars, but, generally, we are in the same channel this year we were in last year. The only major shift that's going on in the consumer space is that we're seeing a lot more business coming directly to us in the Shop Symantec online store. More people are buying from our online site. We have had phenomenal growth.

VB: Why have you seen such growth from online shoppers?

Schwarz: Partly there is a lot more buying online generally this year than there was last year. Secondly, we have some very cool tools available on our Web site for the browsing public to, for instance, check the health of their own machine and the security they ought to have.

If they authorize us to scan their machine, we could give them precisely the status of their security implementation and tell them how to improve [it]. It is something we developed internally called the Health Check, and it's been a very powerful driver.

The other thing that's happened in the consumer space is we raised prices. That has clearly contributed to the revenue numbers we are reporting now. Our subscription fees for the online antivirus live update went from $4 a year to $15 a year. We're seeing very, very strong renewal rates and, interestingly, we give the customer the option to renew or to buy a new product. We find the split between renewal and the existing platform and buying new product is about 50-50. Almost half the customers will opt to buy another more current year [or] different version as would opt to subscribe.

VB: How do you handle channel conflict?

Schwarz: We're also very careful on the channel side to make sure that we do not undermine or do not somehow take away margin from the channel as they go to market. We work in the enterprise exclusively through VARs. We have a direct sales force that actually generates the demand that closes the deal, but the actual fulfillment is done through a channel partner. That's helped to eliminate both conflict in our own sales force with partners in a territory, and it's helped to keep the loyalty of our partners.

VB: Let's talk about some of your recent acquisitions and where that technology has infiltrated into the current Symantec.

Schwarz: Let me actually go back then a little further than last summer's acquisitions. I'll start with Axent. Axent was an acquisition that was made in 2000 and was really the first major departure point for Symantec to become truly an enterprise solution provider, both in terms of product and in terms of the channel. Axent had a direct sales force that was already present in selling at the enterprise level. And we needed that sales force. So Axent was acquired as much for the sales force as it was acquired for the programming. We spent all of 2001 and the first half of this year [2002] building up a sales force on the basis of this Axent capability we had acquired. Today, we have some 1,100 direct sales people worldwide, some of whom are inside sales and some of whom are actually territory reps.

Axent had brought firewalls, gateway devices and scanning devices to the Symantec portfolio, which have been fully integrated. We've now developed an architecture we call the Symantec Enterprise Security Architecture (SESA), which is the vehicle for integrating all the technologies on a base of a common definition of what an event is, what a security event is. [For example,] we have a common logging, common reporting, common console capability, as part of the SESA architecture.

VB: Are there any products that you currently offer that don't work through that?

Schwarz: There are products that we offer that aren't yet part of SESA,some of these products won't take much development to take advantage of the common logging and reporting features, and some will take a lot more work to bring into our common management infrastructure. But you'll see us rolling out products over the next nine to 12 months that will all have some kind of SESA components,especially our enterprise products,to take advantage of the architecture.

VB: What about some of the other companies you have acquired?

Schwarz: We bought two product companies, one called Recourse that had a very high-speed network intrusion-detection agent we're using to displace NetProwler, one of the Axent products that was not doing well in the marketplace. Recourse also has a product called ManTrap. This is a honeytrap solution, essentially used for forensics where you set up a dummy network and track the intrusion inside this network [to] observe its behavior, trying to trace it back to its origin. We are in the middle of a very heavy-duty integration where we are going to share the scan engine between the ManHunt and Intruder Alert. That requires some months of engineering work ahead of us.

The other product company acquired is Mountain Wave. It was a small technology company in the Washington, D.C., area. It has a statistically based correlation engine we are using in our systems-management solution we announced last October called Symantec Security Management System. In addition, the Recourse people also have a data-correlation technology, which is heuristic-based, and we'll be using that one as well. So, the customer will have a choice of using a set of statistical engines to do data correlation or a more automated heuristic base for their correlation or, for that matter, do both depending on the degree of complexity of the environment and sophistication they wish to use in the management.

The other two companies we bought, Riptech and SecurityFocus, are services companies. Riptech is in the managed-security outsourcing or managed-security monitoring business. We integrated that with our existing Symantec sales force. We are using the Riptech technology as the monitoring and management technology inside all of the Symantec security operation centers, regardless of whether we acquired them from Riptech. So we now have five centers around the world with kind of the flagship center being in Alexandria, [Va.], just outside of D.C. That was the original Riptech center. We have our original Symantec center in San Antonio. And two Symantec centers in Europe,one in Germany and one in the U.K. We are also operating a joint venture center in Japan with Mitsubishi.

VB: Do you go up against IBM in terms of managed-security services?

Schwarz: Our customers are advised by their audit partners to not have the same vendor doing network monitoring as they have doing security monitoring. The measurements that you want to track on the network-management side,uptime and responsiveness,are diametrically opposed to the measurements that you want to track on the security side, where you want to stop the network and track intrusions and vulnerabilities.

VB: You have tightened up your partner requirements and raised the bar on what you want out of enterprise-level partners. Why?

Schwarz: We have rebuilt the portfolio of higher-value-added players, customers, and partners and resellers. They will have at least one person certified onboard, and we are working very hard to certify the entire population. We have asked some of them to leave our partner portfolio and we've added some 250 new ones in the United States alone, out of a total of 2,000 partners.

VB: How did you decide which partners would leave?

Schwarz: [We selected them] based on the volume of business they do, the number of people they had certified on our products and the kind of satisfaction our customers reported. We do manage a direct interface to all the customers, regardless of whether they're being fulfilled to a partner or not. So we had some idea about how satisfied the customers were with what the partner was doing. Today, you're looking at probably 20 percent new,maybe 25 percent new,population of partners in our overall stable.

VB: I was impressed with the certification requirements that I saw on your partner Web site, and especially how it was a really broad-brush approach. You could become a specialist in a particular technology, or you could go across the board. I think that's a nice level of flexibility, unlike some of your competitors.

Schwarz: We actually started on this broad-brush approach, where we wanted certification across the board, but it didn't work. Most of the partners say they simply do not have the resources and the time to take engineers out of the field long enough,four days, five days, whatever it takes,to be certified on the entire portfolio. So we've had to become more granular. That was not the original design. But having listened to the input back from the partners, we've changed. Now I think it works much better.

VB: Are most of the attacks and security breaches that you're observing coming from inside or outside the United States?

Schwarz: It's about 40 percent from the United States. That's a very high number from the United States. But the higher number is that 80 percent of the so-called security incidents come from within the company's network itself; this includes customers and suppliers that are on the company's network. So those incidents are being generated by somebody who has access to the customer infrastructure, yes. And the majority of these are not necessarily malicious. They're just mistakes.

VB: Is your consulting arm adequate to handle demand?

Schwarz: I would say the supply of technology at this point outstrips the demand for new technology. But we are partnering with true consulting companies,the systems integrators,who have a sufficient level of consultancy, certainly at the high end. The middle market is a [slightly] different animal. We find in the middle market, the customers often don't even know the

questions to ask. And so the partner is in a much better position to actually recommend an off-the-shelf solution that doesn't require much customization. When you get to a high-end customer, then, of course, the questions

are tough.

VB: What other trends have you observed with your higher-end customers?

Schwarz: Many of our larger customers have actually implemented their own security products; they've built their own tools that they insist on being integrated into the overall infrastructure. And many are also saying they are drowning in content from too many different vendors. They've got relationships with 80 different security vendors and can't afford to deal with that complexity. They ask us to help shrink down the total number. And, by the way, we are the leading players to stay in and manage things. Nobody has the breadth and spectrum of solution offerings that we have.

VB: Where do you stand with respect to Microsoft,is it a friend or a foe? Do you think it can pull off this trusted computing project?

Schwarz: Microsoft is certainly making a lot of noise about it. The company has improved its security practices, and it's spending an inordinate amount of resources on further improving the base technology it delivers. They have an enormous amount of mistrust to overcome, and that's going to be their biggest challenge. It's not a technology challenge, I don't think, as much as it is a challenge of mistrust, as a result of the nature of their products and the relationship they have with their customers and the channel.

However, I don't like knocking Microsoft because it is just as much a partner as a potential competitor. [Microsoft has] been a good friend to us and a good source of business, so I don't want to paint the company too black.

VB: Do you still find enterprise customers that don't have any antivirus screening on their desktops or anywhere in their enterprise?

Schwarz: Enterprise customers are

pretty well covered. But do they just cover their desktops, or do they have software for their e-mail gateways?; do they do filtering?; do they protect their e-mail service both outbound as well as inbound?

I think once you get to those questions, it is much, much less than 100 percent penetration. And it drops off in parts of Asia and Eastern Europe quite quickly, too.