Q&A: McAfee CEO Dave Dewalt

ChannelWeb sat down with McAfee President and CEO Dave Dewalt at Interop Las Vegas 2008, to hear his thoughts on the economy, McAfee's growth and direction of the company's channel program.

You've been at McAfee a year. What have been some of the successes? How has the company changed in the last 12 months?

The biggest is that we've grown the company. An area where McAfee was growing in the midsingle digits, we're now growing at three, four, five times that. A lot of that has to do with having really good products -- the company has some great products. We also have a lot of the compliance issues behind the company, statements and things that cost the company a bit of money. So a lot of that's behind us and we've been able to open up a new chapter for the company. It's a growth year. We've brought new leadership into the company but also augmented the people who were already at the top.

But it's changed a lot. I've enjoyed the security market tremendously. There's a little bit of the passion for the noble cause. Every day our engineers and our team are all trying to help these corporations. So it's a situation where you feel good because you help people with a problem. That's been sort of the eye opener to me. We actually really do have a company that helps catch bad guys. How many people can say that? We do.

What do you attribute that explosive growth to? And why was it in the single digits before?

A couple of factors. Certainly we've had a lot of reliance on really one product -- antivirus. So we have a great product, virus scan enterprise, virus scan. Our Total Protection Suites for consumer was largely antivirus. We've got a whole suite of products now that are best of breed, but in a suite. Some of those products include spyware. They include host intrusion and personal firewall. They also include network access control, now data loss prevention and encryption products all in one suite. That makes it more economic for customers to buy that suite than buying one product at a time. We've found that with the climate we're in, from an economy point of view, as well as the compliance atmosphere that people are in, we've got a good product for people to purchase and that's helped fuel our growth.

Probably another big one is that the emerging markets are really helping us. We get about 50 percent of our revenue internationally, and we get a lot of growth there. We've been growing consistently very high in the European, Latin American and Asian markets. And that continues to be a big driving force.

McAfee's focus seems to be moving toward combining products into an all-in-one suite. Do you see this as a trend? And if so, why?

I do. A lot of it is the hangover we've had from the last five years, where the prevailing wisdom was to put in as many point products as you could from as many vendors as you could because the concept was there that by putting in more, you've got more defenses. Somebody's got to find the problem if it's multiple vendors.

The reality now is we share research behind the scenes, even with competition. We've got consortiums to share research. If Symantec finds an outbreak and a problem, we share it and vice versa. These are the ways that have now have equaled the playing field. Companies will share research and it creates an environment where one product versus another isn't necessarily higher protection.

Also, people are much more conscious of cost now. It's just the reality of where we've been for the last six months. Companies are looking for ways to consolidate their costs while keeping high protection. It becomes a nice driver for McAfee and probably for other big companies too. Whenever you're in a more frugal time economically, it plays more to a suite and it plays more to a big company needs.

Do you see the enterprise embracing security suites in the same way that the mid-tier has?

Believe it or not, it's across all the segments. And that's what's got us growing much bigger than we were. We have developed a product family we call TOPS, it's Total Protection Suite. But the same core sets of products we've built for consumers, TOPS for consumer, goes TOPS for small business, TOPS for enterprise and TOPS for enterprise advance. Essentially the core is layered on with more products for a sophisticated company. But we have a suite from consumer on up.

Next: Security Planning Not Curtailed By Economic Downtown

How do you see the failing economy affecting McAfee. Do you see your customers cutting back on security spending?

No I don't. We've had accelerated growth the last three quarters, and so we did not see any downturn. If anything, we actually saw a pickup in security spending. I certainly believe that we're going to have some changes in the economic landscape as it relates to IT. But security is becoming a bigger and bigger piece of the IT spend. That's been the trend for several years now, where security was once a couple of percentage points and now it's gone much wider and continues to be important. If you ask the financial services industry to stop spending on security, their goal is protect people's money. It's not like they can stop spending on security. Spending and security are a very important need for every company. We're pretty recessionary proof. We're not immune entirely, but we're at the top of the list for people to spend.

What new emerging threats out there that users should be wary of?

One of the threats that have continued to grow, which is going to grow even bigger, is data loss protection. There is absolutely no doubt that companies are very concerned about losing their data. And losing it can be accidental, as in 'I lost my mobile phone or my laptop' but even if I lost my mobile phone and I can't find it for 24 hours, I have to report it if I know that there's consumer data on that laptop or mobile phone. When I have to report it, it could be sensationalized as data loss, consumers have to be notified, and PCI compliance forces them into a notification and a breach.

That scares a lot of consumers from continuing to buy from the brand they trust. So people are really worried about that so they're deploying things like encryption and data loss prevention. Then of course offshore development and outsource manufacturing are driving people to worry about intellectual property. That's a big trend. We've only seen the beginning of that as it relates to security.

Then the other ones that I think are out there are mobile computing and virtualization threats. How many mobile phones did we ship this year? A billion plus. How many new deployments of virtualization will we see? VMWare and other companies in that space have grown dramatically. These all require security features. It's just a whole new device and a whole new operating system to worry about.

How do you plan on diversifying your portfolio to combat these threats?

First of all, we're focused on security only. I think that's been a very strong strategy for us. We've seen some of our competition diversify out of security, and they've had their challenges as a result of that. We focus on security. We want to be the largest security vendor in the marketplace and we're not going to get outside of that market.

Having said that, you can't do everything, even inside security. But we have three big segments of our business. We're focusing on endpoint security as defined by laptop PCs, mobile phones, everything at the endpoint. We're focused on the network, however the network is very tangential business to our endpoint because same types of threats and trends that happen at the endpoint, happen at the network. Virus scanning, malware detection, intrusion prevention and detection -- very similar parallels there. So it's very easy for us to do the same thing in both of those spaces.

A third business is what we call risk and compliance -- this one covers all aspects of security, vulnerability scanning, vulnerability management and remediation management. This is patch management. We've acquired a few companies to focus in on that. We've decided to continue to acquire and build products and continue to grow.

You have a roadmap for how many companies you plan to acquire in 2008?

We try to do two or three acquisitions a year, that's generally the model. It's not dictated by the numbers, it's dictated by the strategy. We certainly see some areas that we can continue to move into, like the Web area. The recent one, ScanAlert, was to help drive at Web oriented security. Probably the biggest threat spectrum we see is coming from the Web. We think this is a very explosive opportunity for the company. For example, we've had well over a 100 million downloads and users of our product called SiteAdvisor. It's all about safe searching online. And now the acquisition of ScanAlert helps us do safe shopping. We think that's a very interesting growth market for us as we move forward.

Are you planning to delve into storage arena at all to stay competitive?

No, but we certainly like the concept of protecting more than the endpoint. Storage and servers are clearly some of the easy places for us to apply similar technology. We already have hundreds of customers where we protect their storage. And a lot of that is preventing viruses from being deployed on to storage, particularly long term storage. So we've developed partnerships with the leading storage vendors to help them. But getting into selling storage? Only once in my career for that one.

Next: Partnership Plans In The Making

Do you plan on creating more partnerships to develop these technologies or incorporate them into your portfolio?

Absolutely. One of the core principles to McAfee is really two fold, but one is to be 100 percent channel. I've been very, very aggressive stating that. I will not hurt my channel partners. My goal is to help them.

Partnering with other technology partners is opening up our architecture in a way that allows us to be more interopable than anyone else on the market. That fundamental core principle is important now as customers are asking us to interoperate with even our competition. (At Interop Las Vegas 2008) we demonstrated at our booth how we can manage Symantec and Trend Micro's products. Now who would have thought that that day was coming? To have one vendor manage another person's products or vice versa. And I think that interoperability is long overdue in the security market. We hope to lead that. We've announced a host of security alliance. And that allows customers to access a development kit. Customers, channel partners can all access it. And they can build their own integrations toward technology, which drives services revenue for the channel, drive services revenue for our partners. I think that's a nice value add that we can create.

The 100 percent channel model seems to be a big paradigm shift from a year ago. Do you feel that's the case?

It's a big paradigm shift over years in McAfee where we've flip flopped on direct versus indirect or channel models. But I walked in and said "We have some great channel partners out there. I really want to nurture them. Help them. If they win, then I win." We have declared a 100 percent channel model. We may have more high touching enterprise accounts, but they are always fulfilled through the channel. This has been a model for us that's so far very successful, and will continue.

You've asserted that McAfee is 100 percent channel, but that wasn't always the case. Why was there flip-flopping between direct and channel models?

I can't speak for previous management. I can just speak for previous experiences myself. You're either a direct company or a channel company. You can't do both. The last thing you want your channel to be thinking is that maybe there is a possibility that they'll take that deal direct and cut me out. You can't even allow that thought to occur. I can't even process orders through McAfee without my channel processing them. My channel is directly engaged in my CRM system. We have 11,000 partners with account logins to our CRM system. They enter orders directly. They interact with the leads directly. And they're an extension of our sales force. So we've really tried to make this a 100 percent model and I think our channel trusts us that (going direct) won't ever occur, and that we're the best company with the best channel.

What are some channel related announcements that partners have to look forward to and what plans to you have for the channel program?

Quite a few. We've been evolving. Most recently we announced a channel chief. I now have a chief channel manager who formerly ran all the sales for McAfee worldwide. Now he oversees all the sales going through the channel. So we actually morphed our model.

We have a number of factors here. One is we have tried to organize our company around the channel by creating a senior executive whose sole purpose in life is to enable the channel and to be a channel friendly executive.

Number two, we try to create a compensation philosophy inside McAfee that drives channel behavior. These have been very successful.

Then thirdly, we continue to make our products better. There's nothing better than making our products easy for the channel to distribute. We focus hard on doing that, making it easier to deploy. You're seeing a lot of products that are 100 percent channel delivered, and much more of a package offering for our partners to deliver.

It happens in every part of our company now. Being a channel company just isn't saying I want to be friendly to the channel. You've got to incorporate it into everything you're doing. It's very important.

You're hosting the first ever user/partner conference in October. Why is this conference the first one? Why hasn't this happened before?

We have created more of a community. And my goal is to create a community with my channel, my partners, as well as my customers. So creating an event once a year, or even multiple times a year, where we can invite our customers to learn more about our company, and we can learn more about them seems to be a good thing to do. We have a very nice event. It just happens to be in Las Vegas. We're really helping to create an open atmosphere with the customers there. We'll have all our partners and channels presenting.

What has been the feedback from channel partners?

Wonderful. The growth of the company speaks for itself. Quadrupling the growth of our company has quadrupled the growth for a few other partners as well. They're the ones benefitting from the business that we're doing and hopefully the feedback is very strong.

Are you actively recruiting partners?

We always are. It isn't just the number of channel partner you have. It's really the trust as well as longevity of those relationships, where we can go deeper with certain channel partners. We've created segmentation of our channel such that the longer the business you do, the more rewards you can have. We're offering some certifications and things that allow partners to get trained and tested on our technologies. These are all the things that good channel companies do.

When you're getting the McAfee brand out there, how do you get customers to get over the conception that they have to go with a Symantec or a Cisco?

Obviously creating a community with your customers and your partners is a start. You want highly emotionally attached customers to your brand and to your business. Some of that is having fun with your customers and partners at events. Some of that is treating them with respect and creating inside information so they're able to make decisions about our product road maps and strategy. We're making a lot of decisions about that and what we're trying to do. And its creating stronger relationships. And the bigger the company, sometimes the more difficult that relationship can be, whether you're Microsoft or Cisco or Symantec. So we're trying to do security really well and customers can rely on us to be the security vendor for them and a trusted advisor to them for that. And I think that's our advantage vis-'-vis our competition. Will Microsoft ever be really serious about security? Or Cisco, or even Symantec, because they do a lot of things beyond security now. So when it comes to doing research and development around security, that's all we do. And I hope to be known for that.