Symantec CEO Challenges Microsoft to 'Horse Race'

The remarks, made during Thompson's appearance at the RSA Conference, came as little surprise in light of Microsoft's purchase last week of server-level anti-virus software vendor Sybari, a move that competes directly with Symantec.

The Cupertino, Calif.-based security vendor already is fending off Microsoft to provide desktop-level antivirus software based on the Redmond, Wash.-based vendor's 2003 acquisition of antivirus ISV GeCad.

In a rollicking keynote address, Thompson noted that a cross-platform solution is necessary to help disparate enterprises handle compliance and other security issues, and said Microsoft's strategy fails because it does not address security across more than one platform.

Symantec, on the other hand, with its line of integrated security appliances launched three years ago at the RSA show, tackles security across a variety of environments, including Microsoft, Solaris, Linux and more.

"We aren't distracted by a host of computer games and a host of other computer related stuff going on," Thompson said, referring to Microsoft's raft of digital media and gaming products. The comment drew loud applause from the audience of about 3,000 attendees.

Microsoft wasn't the only competitor to spark Thompson's ire Tuesday. While he touted Symantec's 7100 line of integrated security appliances, Thompson also razzed competitors such as Fortinet, NetIntelligence and Secure Computing for products in the new category called "unified threat management."

Thompson insisted that these products fail to cover all of the security issues facing enterprises today. He added that for Symantec, integrated security is about seamlessly bridging the divide between security, device management, systems management and network management, one of the key reasons behind the company's December 2004 merger with Veritas.

"I'll let you judge for yourself whether 'unified' provides the same level of integration you might need," he said. "They've dropped the term integrated, because they don't control all of the relevant technologies." Aside from his harsh words for Symantec competitors, Thompson also shared his views on security compliance and the evolving role of the Chief Security Officer (CSO) in the enterprise.

The outspoken CEO said there was a "golden opportunity" for security vendors and security solution providers alike to help enterprises audit network information in accordance with all of the most recent regulations.

"Compliance is the new elephant in the living room today," he said. "You can't avoid bumping up against a new rule and its information reporting requirements, and the entire compliance marketplace is about understanding risks."

Thompson also predicted that some day in the not-too-distant future, enterprises will put all security and availability issues into the hands of a department that tackles risks of all kinds, head up by a Chief Risk Officer, or CRO. The CRO will be the next evolution of the current role of the CSO, he said.

To prove his point, Thompson cited a recent study from Forrester Research that indicates by 2007, more than 75 percent of large enterprises will all have established a risk management office led by a CRO. He hinted that new early-warning system technologies from Symantec could help prevent threats before they even get close to a network.

"In old paradigm, you were only as protected as your last update," he said. "In the new paradigm, sensors will prevent many attacks, and information technologists can stay focused on innovating and fighting fires."