Last year was a busy one for Symantec, one of the United States’ leading developers of security products. The Cupertino, California-based company helped customers battle and protect against an ever-growing list of malware, ranging from Blaster, Slammer and SoBig to hundreds of smaller irritants.
The hectic year paid off: Symantec posted revenue of US$429 million in the second quarter of its 2004 fiscal year, which ended October 3rd — a 32 percent increase from $325 million in the same quarter last year. This increase was driven by strong enterprise security growth and better than expected results in the consumer segment.
The company did not achieve growth by standing still. On the technology front, it unveiled the Symantec Gateway Security 5400 series, a family of security appliances that integrates several capabilities, including a full inspection firewall, intrusion prevention, intrusion detection, antivirus, content filtering, virtual private networking and anti-spam.
In addition, Symantec acquired PowerQuest, a developer of automated deployment and recovery products; SafeWeb, which develops SSL VPN appliances; and ON Technology, an enterprise infrastructure management vendor. It expanded an existing pact with Hewlett-Packard, ensuring HP will continue to include Norton AntiVirus and Norton Personal Firewall on many of its PCs, and teamed with enterprise management software company BMC to help corporations manage their various security solutions.
Also in 2003, Symantec and Microsoft launched a series of efforts to educate users about the need to secure their PCs and Internet connections. Symantec executives spanned the globe, making presentations at government, trade and industry gatherings.
Less than a month after he delivered a speech to IT professionals at the Department of Defense’s Defense Information Systems Agency, Symantec chief technology officer Rob Clyde talked with the E-Commerce Times about the recent past and immediate future of security.
What do you consider the highlight, both for the industry in general and for Symantec specifically, of 2003? Obviously, it was a challenging year for people who were fighting viruses and worms.
Rob Clyde: It was a challenging year at the security end of the equation, [but] I don’t think any one technology stood out in 2003. In terms of the economy, the mood seems a little more upbeat for 2004. For me, that’s one thing that stands out: We’re starting to see light at the end of the tunnel.
Probably one other [important development], for the U.S., [was] Sarbanes-Oxley and whether it would negatively impact the IT sector. It turned out to be more of a documentation effort. The impact was a bit overhyped.
How about turning inward a little bit: What was the highlight for Symantec?
Clyde: I think we have two different ends to the equation: One was the kind of new attacks we were seeing, and the other is we had a new solution coming out.
We experienced, in eight days in August, three Category 4 worms and one Category 3 worm, so we had four very severe worms or blended threats. It required us to have really tremendous response capabilities for our customers.
In late October or early November, we came out with the Symantec Gateway Security Appliance 5400 series, which met with tremendous accolades. It includes firewall, antivirus, intrusion detection, anti-spam filters [and] VPN in a single appliance. We’ve had some rave reviews. Even though I can’t comment about actual sales, we’ve certainly been pleased with the response from analysts and reviewers. When it’s a new kind of technology, they can be really tough! Four to five years from now, everybody will be running these kinds of devices.
How do you expect security spending to fare in 2004?
Clyde: It still is a top item. It’s somewhere in the top five. We expect to see it continue to grow this year in terms of percentage. At some point, we’ll hit equilibrium. It can’t keep growing to 100 percent. In 2004, it looks like it’ll be another year of growth, percentage-wise.
We think things in the proactive area of security will do well. Antivirus, vulnerability assessment and the new area of security management [all] look interesting. [Spending] is pretty much across the board, and your difference tends to be on the higher end in the 20 percents and on the lower end [in] the teens.
It’s always the new things that have the highest growth. The easiest ones to predict are things like antivirus. With the increase in broadband connectivity, the need for more than antivirus is huge. That’s one thing people learned from the attacks in August.
And security plays such a crucial role, both for consumers and corporations
Clyde: It is clearly one of the biggest challenges. The most common theme is likely to be security, just because it impacts so many programs you might have. We see continued growth of mobile and wireless users, and the biggest challenge in dealing with those users continues to be security. With online applications — whether for government or business — again, security appears to be the biggest challenge.
I was in Taiwan recently, and a bank shut down its online banking indefinitely because it was leaking information about customers. It had a very chilling effect on the online banking industry in Asia. Unlike our country, there aren’t many online banking providers in Asia. [Security breaches] can literally stall, chill, destroy IT projects almost worse than anything else.
What’s one of the biggest challenges Symantec faces in the next 12 months?
Clyde: Dealing with the massive increase in vulnerabilities. According to the latest statistics from Symantec, 60 attacks per week are reported. It’s true that not everybody has all 60 vulnerabilities — there are five to 15 that a given customer is going to have to deal with — but they have to roll out new patches, make sure their systems are up-to-date. Patch management will be a big thing — finding ways to proactively block those vulnerabilities. While these things aren’t foolproof, they can block most of the attacks.
Near the end of the year, Symantec acquired PowerQuest and ON Technology. Through the combination of those, plus organic development within Symantec, you’ll see very strong patch-management solutions in 2004.
Another big [challenge] has to do with mobile users. Before allowing someone to connect to the network via a VPN or bring a notebook back in, [companies need] to ensure the end-user system is adhering to policy. We partnered with Cisco to assure the end-user is complying with policy before the network fabric allows the system to work.
Is Symantec doing anything on the educational side of the security equation?
Clyde: Symantec is a founding member and sponsor of the National Cyber Security Alliance and its Stay Safe Online program. That’s one of our primary methods of educating people. We also participated in the DHS Summit in Santa Clara. There were five task forces, [and] one of them happens to be on education and awareness.
We participate in a lot of university and K-12 education programs. We also have found it to be particularly useful to work with universities so that IT security can be one of the majors they work through. We also have Symantec employees participate in various certification programs.
Do you think the anti-spam law, which President Bush signed into effect late last year, will have any impact on this problem?
Clyde: It gives a little bit of teeth if you happen — and I say happen — to find a spammer in the United States. I don’t expect the anti-spam law to have a major impact on defeating spam. I think it’ll be more technology. You’ve already seen a greater increase in the use of anti-spam technology — from the ISP [and] corporate gateway all the way down to the end user. We are building anti-spam into our products. Ultimately, people are going to say, “Why scan once for viruses, once for pornography, once for spam?” When you use Norton Internet as a consumer, it’s all in the same tool.
In the end, I think the scales will be tilted more to the technology side than to the law.