Q&A: McAfee CEO On Platform Security Wars, Why It Will Win Over Symantec After Intel Spinout

McAfee Re-Emerges

There's a war for security platforms emerging, and McAfee is one company looking to come out on top. In April, the company, formerly known as Intel Security, spun out from parent company Intel in a $4.2 billion deal to private equity firm TPG Capital. As part of the June magazine issue, CRN sat down with McAfee CEO Chris Young to talk about how the company plans to win the market as a stand-alone security vendor, and what its spinout means for competitors Symantec and startups in the next-generation endpoint security market. Here's what Young had to say about the future of cybersecurity.

Can you briefly describe McAfee's strategy and approach to the market?

First, what we're doing here, the cybersecurity problem is bigger than any one company. We've made a strategic choice that we believe as an industry we've got to come together to solve the problem. There are areas where we compete, but there needs to be more cohesiveness. We believe the company that has the more open platform, who has more capability, more connective tissue that allows it to plug into other solutions and allows other solutions to plug into it is the one that's going to be more successful over the long term. I would tell you that's resonating really, really well with customers. It's resonating with partners in the markets. Obviously, we're now on the path of proving it as an independent company. I think it will be exciting. If you take a cue from what you see in history, companies that are successful are ones that make some of these longer-term bets. Open technologies, open capabilities over the long run in technology have tended to be ones that have done quite well. Integration is important.

What is the significance of McAfee emerging as a stand-alone security vendor?

I think one of the biggest elements of significance with us re-emerging is the fact that the market really needs strong, healthy cybersecurity companies. The problem of cybersecurity is one that is global. It's highly complex. ... The need for cybersecurity companies who build products, who deliver solutions, is at a premium today. Cybersecurity, because of those things, is not a problem that's going to get solved alone by [startups]. You need big companies who are able to invest, who are able to be global, and who are 100 percent focused on this problem. I think it's also important that platform players add security capability to their platforms and that they make those investments. Security can't be just part what you do, it has to be what you do. That's what I believe is part and parcel and significant about our re-emergence as one of the largest players in this particular space with laser focus on this problem.

What is the significance of the security platform? Why are we seeing so many companies push in that direction right now?

I think the recognition [of the need for platform players] has been emerging for a while. I would say the need's always been there. … I think that a defense-in-depth mind-set in some cases has led organizations down a path where they now just find themselves with a proliferation of a variety of different cybersecurity technologies, many of which they don't even get full value out of today. Part of the role, I believe, of the larger platform players is certainly not to replace new companies that are innovating in new ways -- it's to be foundational for customers and it's to have platforms in place that allow them to really go at repeatable, sustainable, effective cybersecurity programs in and around it. We've been very focused on integrating not only our products, but third-party products with EPO and DXL so that you can pull in new technologies from innovative companies. Then you can connect cybersecurity products and technology to the platform and make the whole program work and make the whole threat defense cycle work. You need it all. You need all three, but you really do need cybersecurity players to be foundational to the program.

Why do you think your approach to the security platform is better than Symantec's?

I think a diversity of approaches is good for the market. I would tell you I think it's going to be difficult for customers to sign up to the concept of 'If you buy it all from me everything's going to be fine.' They're not going to necessarily accept that. Our view is we want to help be the foundation for you, the customer, and we want to do that through delivering, certainly a lot of our own capabilities, which we know are strong and can help with that threat defense life cycle, but we also recognize that you need the connection points and you need to bring other technologies together with that platform, that foundation. Some of [the technologies] will come from us and some of them will come from the markets. It's about bringing it all together that we believe makes the most sense, which is why our strategy has been to integrate through driving that threat defense life cycle, leveraging what we do with EPO, leveraging the DXL, and open sourcing DXL late last fall. Those are all concrete examples of the way in which we're bringing that integrated cybersecurity architecture to light for the customer, and that's the bet we're making.

Do you think the spinout from Intel is going to make you a bigger competitive threat?

If nothing else, the cybersecurity marketplace is competitive. There's a lot of players, there's a lot of competition, and I don't see that intensity dying down any time soon. But I will say, as an independent company, we're going to move faster, as far as what I've talked about since we announced on Sept. 7 last year was, this opportunity for us is about innovation, it's about speed and agility, it's about growth. If that means we're going to be a tougher competitor for anyone in the marketplace, then ultimately that should yield good results for the customer.

How does that competition change the security market competitive landscape?

What's interesting is ... when we officially announced and cut over, and I got a number of notes and acknowledgments on Twitter from my 'competitors' and many of them are happy to see us be independent again because they value what we do as an industry, but they also value the competition. They like seeing McAfee as an independent player again because competition raises the bar and if we need anything in this industry we need a higher bar in terms of what we can deliver to the market.

It's cool. One thing I love about our industry is that, yeah, there's a lot of companies, there's a lot of competition, but generally speaking people believe in the mission of cybersecurity and what we're trying to do here that's bigger than any individual company. It's bigger than any individual person. That's a shared goal, that's a shared mission from any of us.

Both McAfee and Symantec have been going through changes side by side. Symantec says you are a little behind them in the transformation – how would you respond to that?

Our path is different than theirs. Symantec is a different company and they're going to make different decisions about technology, about people, but they have challenges, we have challenges. I like our position in the market right now.

How do you look at competition with the next-generation security companies and startups?

I think the role of small companies is to get laser-focused around a solution to a problem and work to make it a reality for the customer. If the benefit of that is that those startups solve a problem or, frankly, push the industry forward then that's a good thing.

If you're a partner, how do you look at the evolution toward the security platform and the rise of next-generation technology? How do you balance that?

I think the partners are trying to go through a little bit of the same change that many of our customers are going through. They've recognized that they're also in a situation where they have many, many different companies that they're doing business with. As they become more solution-focused, they're recognizing that they can't provide a high-value service to the customer if that service is going to comprise stitching together capabilities from 50 different companies to come up with an answer.

They're not going to just have one, but they do want to have fewer technologies that they use, which allows them to focus more on the solution to the customer and less on how do I bring together all the different technologies in the environment. … They're looking for platform capabilities as well to bring it all together for them. They'll always have small organizations, small startups they do business with. They'll always do business with the big platform players. They want more and they want to do more with those of us who are in that category where we're focused on cyber, we're large, we're platform-oriented in what we do.

How far along in that journey to security solution-selling are most partners?

I think a lot of the partners are undergoing the transformation in conjunction with the market. Some of them are further along than others. … Whenever there's transformation, you always have the early adopters. You have those that come through with the 80 percent from the middle of a bell curve and those who lag behind. I would say you have some partners who are further down this path than others. The challenge for all the partners is many of them are trying to transform their own business model, right, from being resellers to actually being true solutions providers. That's not easy, but certainly the work that we've done to try to simplify the architecture, to connect a lot of the different pieces together effectively, it can help enable them to move more quickly along that path.

Will there ultimately be a winner in the security space? Or will there just be a balance of power?

Our goal is to ultimately lead the market and to build a large, healthy cybersecurity company that is able to help customers really solve problems and to do it effectively. That's really the goal. We don't want to just be the biggest, we want to be the best. That's what we're really working on.

What's your vision for the future of the cybersecurity market?

I think we'll see a full transformation of how customers do things in this particular space. There's more work to be done. It's also a young industry. Cybersecurity hasn't been around that long. A lot of our history has yet to be written. … I think this is an important transformation that we're going through. ... We're going to see, in five years, [that cybersecurity is] going to be very different than it is today. I think the partners are starting to see that. I think people who are really paying attention to what's going on in the industry are seeing that. We aim to help define that future in a meaningful way. We won't rest until we get there.