Symantec Could Face Hurdle Filling Network Security, Threat Detection Gaps

Symantec's long-term strategy to stay out of the network security market has kept it out of a white hot space, but some industry watchers say that approach will need to change as Palo Alto Networks and other competitors add on endpoint capabilities.

Symantec lacks a security information event management system and doesn't have a presence in the firewall market. It's archrival Intel Security (formerly McAfee) made key acquisitions as part of a network security strategy that included the purchase of Nitro Security and Stonesoft to add next-generation firewall capabilities. The McAfee unit also did some early integration work and launched a fully automated platform earlier this year, bridging the products in its portfolio.

Symantec announced plans to launch an advanced threat protection service, but it is late with detection capabilities compared to McAfee, Trend Micro and other endpoint security competitors and hasn't built strong partnerships with emerging, advanced threat detection platforms, said Jon Oltsik, senior principal analyst at the Enterprise Strategy Group (ESG). Oltsik, who is speaking this week at the Symantec partner summit in Phoenix, said the company's approach will likely change once it fully completes its breakup next year.

[Related: Symantec CEO: 10 Priorities For Security, Storage Businesses]

"Symantec needs to follow a GE-type product matrix strategy by investing in successful and promising product areas and get out of all the others that haven't worked," Oltsik said. They have had strong services and some solid products, but they never have been able to integrate those well and there's always been some serious gaps in their portfolio."

While the company has been streamlining internally and overhauling its entire sales operation the security market has turned to a variety of platforms and security software for threat detection. Much of the interest has been on networking vendors like Cisco-Sourcefire, Palo Alto Networks, Check Point, Fire Eye and others that are extending their platform with endpoint components to identify and quarantine threats for further analysis.

"They have had a couple of CEOs that were inwardly focused and that put other vendors in a better position, "Oltsik said.

Symantec COO Stephen Gillett told CRN, at the partner summit in Phoenix this week, that the company sales executives will review the Symantec breakup plans and recommit to partners continued support of the current channel program structure with no major changes. Sorting through changes to the sales operations during the transition are two industry veterans.

Symantec named Adrian Jones, a former Hewlett-Packard channel chief, to lead Symantec's global security sales during the transition. Brett Shirk, a Symantec sales veteran, will lead global sales for the information management portfolio.

"Our line of sight to our program only goes until the separation is expected to conclude by the end of next year," Gillett said.

Symantec partners should gain by talking with sales people that are knowledgeable about its specific products and know what the end buyer looks like, said Kevin Wheeler, founder and managing director at Dallas-based information security services company InfoDefense. Partners need to look to "the end goal," Wheeler said, calling the portfolio split a significant improvement.

"People might get distracted during the division of the companies but at the end of the day I have to look at the long-term benefit and I can only see long term upsides for my business and for Symantec's customers," Wheeler said.

Symantec's portfolio has some strong areas that are likely to remain at its core. It's encryption acquisitions of PGP and Guardian Edge is in the first stages of integration, Sherman said. Symantec's Vontu acquisition places it in the upper right of Gartner's Magic Quadrant for data loss prevention.

"There's a lot of security product areas to be encouraged by and a lot of room to be optimistic about the potential if they can innovate like they say they will," Sherman said. "Symantec's traditional strength is in endpoint protection but I expect they'll probably continue to be challenged by all the vendors in the space to detect advanced threats."

IBM paid a premium, as much as $1 billion according to some estimates, for Trusteer to add its Apex, advanced threat detection capabilities to its security portfolio. It also acquired Q1 Labs in 2011 for its analytics capabilities and is using it as part of its big data security strategy, according to analysts. Other security vendors are emerging to tackle data security in cloud-based services or provide authentication and activity monitoring of services as the endpoint becomes more porous and employees more mobile.

Remaining vendors and some emerging security startups could be acquisition targets once the dust settles on the Symantec split and the new Symantec security company is freed up to potentially execute on an M&A strategy, said ESG's Oltsik.

"They can close the gap in network security by focusing on analytics, build out their already strong services and integrate products to work across the whole portfolio," Oltsik said.

PUBLISHED OCT. 15, 2014