Q&A: Symantec CEO Enrique Salem On The Changing Security Landscape


Symantec just acquired gateway security company Mi5 Networks. How is Symantec going to integrate Mi5 technologies going forward?

Customers don't want a bunch of point products. They want integrated suites that are just on one function. Fighting viruses at the desktop, the gateway is not sufficient. They ask, 'How do I fight viruses, how do I do Web security, how do I fight spam, and integrate it all?'

So what you can expect is that we'll integrate the Mi5 technology at the perimeter, at the gateway. We've got market-leading technologies from BrightMail, TurnTide, Vontu, and now Mi5. So that's one distinction, and we will not change this. We always buy market-leading technologies. That's the focus. If you look at us, we're not bottom-feeders. If you look at what Mi5, what Gartner says about them, it's one of the cool companies in technology. They're doing some innovative things.

Storage comprises a larger percentage of Symantec's business than security. Do you see that continuing going forward or do you see security comprising a larger percentage of your business? And if so, what growth strategies for security are you adopting?

Sponsored post

Security is a big opportunity, and we've done very well in it. When I think about the growth opportunities though, it's DLP everywhere. We've got a great position in the marketplace; we just announced a product that integrates DLP with our endpoint technology. We've always had it to work with data in motion. And we think that customers need help staying PCI-compliant. For example, there's a whole set of regulations about what it means to be PCI-compliant. So we have an opportunity to help them here. And that's what's needed, and will be something that helps us move forward.

And I think that the other area of growth for Symantec is the Software-as-a-Service area. I think that's a big opportunity. We're backing up over 31 petabytes of customer data. Thirty-one petabytes. You take a large Fortune 500 company and they have less than 10 petabytes. So we have 7 million people who trust Symantec to back up their data into our data center. Even though this macroecomic environment is one that's impacting our customers, we think the business that we're in, the notion of security and storage management markets continue to do well.

Is there less focus on endpoint security in general?

Endpoint security is a part of it. Because the endpoint is where a lot of the information lives. If you think about it, you have endpoints, you have servers. We're not trying to deliver networking infrastructure. So we deal with the application layer and we deal with where the information is. There are a lot of apps and vulnerabilities that start at the endpoint, so we've got to protect that.

I've been working with some companies that have been saying, 'I don't want to spend all my time troubleshooting problems.' If it takes me more than 15 minutes to troubleshoot a problem, I just want to re-image it. I just want to put a new image on that computer, because most of the information that matters isn't on that machine -- we're storing it centrally. Our goal is to bring together security and systems management at the endpoint. The endpoint is pretty key to our strategy. And endpoints of all shapes and sizes, whether it be a mobile device, laptop device, netbook device, a server ... all shapes.

What's happened is that traditionally the world has been divided into two categories for dealing with malware. Whitelisting, which is very much trying to control what runs on a server, and blacklisting, which is seeing a threat and trying to eliminate it. We think that's not sufficient. You can use both, but what we think is important is that you have a new model, or what we call reputation-based security. What that means is, you don't necessarily want to be the first person running anything. And what you do is, you can find policies that say, if I have seen a program that's used by a million users, then I may trust that's the right threshold.

The applications you use in your environments, most of them worked yesterday. Or a week ago. Or a month ago. So there's a time component to it. And then there's usage. So there's an originator, how long it's been around, how many people are using it. The idea is we can do a few of these things that will allow us to change the model. You can have a policy and environment where you want more flexibility. Colleges may want students to be able to download lots of stuff and play with it, so (they) want less restrictive policies for your reputation. You may have a highly secure government network, where they're going to say, 'You know what, we have a very, very high threshold. So if there's tens of millions of people using those apps, unless it goes through a tight certification process, it doesn't go on our network.'

Because we have both a consumer and enterprise business, we started rolling it out in our consumer products, and we're starting to integrate it into our enterprise products now. It is available today. It will start by going into what we call Symantec Endpoint Protection, so the first place it will be [is] in the enterprise.

Several of Symantec's recent releases focus on the SMB and lower markets. Why this renewed focus?

I think we serve customers in all market segments. From our perspective, what we've got to do is continue to deliver solutions that are targeted at the different markets. So [although] Symantec has endpoint protection for enterprise, it's not the same product we would ship to a small to medium-sized business. So that's why we've done the differentiation. They have different needs. They want there to be less configuration, easier deployment, a different level of reporting. And so from our perspective, we have to customize to the different market segments. People try to say, 'which segment is most important?' Security and storage management is important to every segment. A consumer needs security just as much as a small to medium-sized company, just as much as a large company. We're across all of them. And that's good for us. We have shipped a new version of Symantec Endpoint Protection for Small and Medium Sized Businesses. And we've taken the market-eading detection/protection technology and gone ahead and simplified some of the things around this interface. They don't want all the controls as a large enterprise.

Is that a market that Symantec hasn't served as much in recent years?

Most of our business prior to 2004 was actually in that market segment. What we did is, when we shipped Symantec Endpoint Protection, we made sure that it worked in the world's largest enterprises. We have a lot of success stories. Now we said, we want to make that technology, which is integrating all of these protection technologies, available to the SMB. So that's what we've got. But we've had tremendous success over the years in all the segments. If you look at Symantec, people talk about us being the fourth-largest software company in the world. That's not that interesting to me. What's actually interesting is, we're the No. 1 security vendor. No. 1 in backup and recovery. And so, it's not about being No. 4, it's about being No. 1. That's what we have to focus on -- how we deliver technologies that allow us to build on our market leadership in two really good markets -- security and storage management.

What is Symantec expecting in terms of Stimulus dollars?

We haven't seen how much money is going to be available, but some of the programs the government is working on will be done through Symantec. One: cybersecurity. We're the largest security vendor in the world. DHS is already a big user of our threat warning systems. I expect that will be a positive for Symantec.

Second thing, they're investing in things like health care. So we have a whole set of initiatives around developing technologies for the health-care vertical. Specifically for hospitals, the amount of storage is growing dramatically. Hospitals don't have the space. So we're building a storage, or backup-as-a-service for hospitals.

I think the next big step though, is once you can secure it, you can make it easier to share. So if I go from one provider, I can secure my information, and have it online; I can transfer it to somebody else. Part of securing it, you get a lot more flexibility, you go from one provider to another.

From a Stimulus perspective, the Obama administration has said that they will invest in health care, and so that's going to create an opportunity for Symantec.