Investigative Report – Part I: Concerns Mount over Symantec

On paper, Symantec (Nasdaq: SYMC) appears to be one of the hottest tech companies around. Propelled in part by users’ need to defend against a rash of destructive and well-publicized computer worms like Code Red, Nimda and SirCam, its stock price has jumped 70 percent in the past year. Nonetheless, leading industry experts seem to be far from enamored with the company. Some stock analysts have even responded by placing sell or hold ratings on Symantec, while others question the company’s ability to compete successfully in some of its most important markets. Another leading analyst stated that Symantec may have recently squandered nearly a billion dollars on the acquisition of a related company whose technology is a “non-factor” in today’s market. In Part I of this investigative report series, the E-Commerce Times goes beyond the headlines to find out what industry insiders really think of Symantec, and why so many are concerned about its future.

Our attention was first drawn to doubts about Symantec when UBS Warburg stock analyst Jordan Klein slapped the company’s stock with a “hold” rating in December. He told the E-Commerce Times that although the company’s valuation is “not extreme,” in order to provide a return on investors’ dollars, Symantec would need to keep growing at its current rate, which is highly unlikely.

But Klein is not alone regarding his reservations about Symantec.

Other leading industry experts have confirmed Klein’s doubts about the company and have also added their own concerns, joining the growing list of Symantec skeptics. Specifically, analysts question whether Symantec can sustain growth in a consumer antivirus market that has already matured, whether its stock has peaked or is overvalued, whether its sales force is up to snuff, and whether it can compete effectively in the enterprise space. The latter question, which focuses on the lucrative enterprise market, is particularly thorny.

Enterprise Focus

Symantec has focused heavily on its enterprise business since the 1999 arrival of CEO John Thompson, pushing its integrated security solution of antivirus, firewall, virtual private network (VPN), intrusion detection and managed security products.

Still, analysts have expressed concern that Symantec’s enterprise business is too heavily dependent on antivirus offerings, while significant growth can only come from its firewall, VPN and intrusion detection products. Although that market is promising, Symantec may not stand up to specialized competitors in the sector, such as Check Point, Internet Security Systems and Cisco, Morningstar.com stock analyst Mike Trigg told the E-Commerce Times.

Trigg said he does not see investor value at the current stock price, so he has given Symantec a one-star rating — the equivalent of a “sell.”

“My recommendation is based purely on valuation,” he noted. “If it got into the high 20s, I would consider recommending the stock pretty aggressively, but at the current price, there isn’t a lot of potential [for] stock appreciation, in my opinion.”

Best-of-Breed Preference

Another concern centers on the company’s all-in-one, integrated strategy, which has yet to work for any major security vendor. For example, rival Network Associates purchased a number of security firms in the late 1990s to become a full-service provider and struggled under the debt load it incurred. Likewise, Secure Computing tried a similar approach to lure one-stop shoppers, without much success. The outlook for Symantec, which is pursuing the same approach, is also shrouded in doubt.

“I am not convinced that it is a given they will succeed in the enterprise and IDS market,” Merrill Lynch stock analyst Ed Maguire told the E-Commerce Times. “They haven’t gone there before. It’s a new market. There’s always risk.”

Klein concurs with Maguire. The majority of companies continue to seek a best-of-breed security strategy, Klein said, citing a recent UBS Warburg survey of CIOs. When asked whether they prefer all-in-one or best-of-breed solutions, two-thirds of respondents voted for best-of-breed. Likewise, a similar survey of vendors and resellers by UBS Warburg found that 80 percent said their customers prefer best-of-breed products, meaning that Symantec’s all-in-one offering is at a disadvantage in this respect.

Possible Positives

In the face of these daunting obstacles, two factors could help Symantec. Analysts say the company is currently reorganizing its sales force to better specialize in intrusion detection products. And a recent Dow Jones report indicated Symantec may be in line for a major Navy contract currently held by Internet Security Systems. But doubts still persist.

“Symantec is still untested at the large enterprise level, and selling a product like Recourse [intrusion detection systems] requires a bit more direct sales than what Symantec has historically had as part of their business model,” Merrill Lynch’s Maguire said. “I know Symantec has said it is building up a sales force. So we’ll have to see.

“It’s a tough market, and they’re banking on their ability to grow their business — essentially to look for the IDS to lead them into the enterprise,” Maguire added.

Acquisitions Play Vital Role

So far, Symantec has built its enterprise business in part through acquisitions. In a July 2001 stock-for-stock deal valued by Symantec at a whopping $975 million, the company bought enterprise security firm Axent Technologies. And last summer, it also added four other security companies — Recourse, Riptech, SecurityFocus and Mountain Wave — to its cache for a total of roughly $360 million.

Part of Symantec’s enterprise strategy is to provide security alerts via SecurityFocus’ Bugtraq list and DeepSight, along with intrusion detection products from recently acquired Recourse and a host-based product that came with its earlier acquisition of Axent.

But Internet Security Systems’ vice president of strategic planning, Steve Russ, told the E-Commerce Times that his company has doubts about whether Symantec’s acquisition strategy will actually make it a formidable competitor in the intrusion detection arena.

“They just spent $400 million six months ago to replicate our strategy — right across the board. We all have our doubts,” Russ noted. “I sat back and said, ‘Wow, our strategy has been totally validated.’ Imitation is the most sincere form of flattery.”

Axent Technology Obsolete?

And Gartner research director John Pescatore told the E-Commerce Times that much of what Symantec purchased last year is a replacement for technology already acquired from Axent, which he deemed a failure.

“We look at it from the [standpoint of the] technology, and are they meeting the market’s needs,” said Pescatore. “All the enterprise products they bought from Axent are non-factors in the market now. The Raptor Firewall has pretty much disappeared. They abandoned the Axent intrusion detection product, and [the] enterprise security manager has had its market share stolen.

“Bottom line, they have definitely not yet made a major impact on the enterprise market, outside of antiviral, and I’m beginning to doubt that an antiviral company can,” he added.

Time will tell whether Symantec can make the leap from consumer antivirus business to one-stop enterprise security shop. At the moment, only one thing is certain: In a highly competitive industry, evolution is not an option — and the path is fraught with peril.