Subscribe in a reader
A tale of two strategies - Symantec and McAfee - Part 2
Submitted by Mike Rothman on Wed, 2006-10-18 15:39.
In the last post, I went into Symantec's big Security 2.0 strategy and am pretty favorable to where they are going. Not to be outdone, McAfee makes a big strategic statement this week. Glad they didn't have a big shindig scheduled in NYC, as they would have had to make it into a funeral for their senior management. But I digress.
McAfee is calling their initiative "security risk management" and as I mentioned on Tuesday AM - I'm not a huge fan of taking two nebulous categories (security and risk) and mashing them together to get something meaningful. So I'm not a big fan of this tag line either, but these are pretty minor nits compared to the strategy.
The world according to McAfee breaks up into two domains: threat prevention and compliance. NAC is in there two, but it's not clear how it relates to the other domains quite yet. This is wrong because they don't factor in identity or information/data security - but they don't have those pieces yet - so I'll forgive them. But if you are going to make a strategic statement about how security needs to be done - you can't really leave anything out.
Threat prevention is the traditional McAfee business - AV, IPS and anti-spyware. Throw a little SiteAdvisor magic dust in and the business is pretty competitive. They'll need to add application control to make a complete story for threat prevention from end to end, but those pieces are pretty much there.
Compliance is a conglomeration of what McAfee's shopping spree has yielded of late. By aligning the original Foundstone stuff, with the newly acquired Preventsys and Citadel technologies, McAfee can now set a policy, find broken stuff, and fix it. That's pretty slick.
Of course, it'll take some integration - but not a brain transplant. Why? Because McAfee has always built management of their disparate products into the ePO management console. This is a huge advantage tactically over Symantec, who has never delivered on any kind of console to speak of. ePO is McAfee's secret weapon, and they are acknowledging it - which is a good thing.
As I mentioned above, the weakness is really more about not having all the pieces, rather than anything relative to the strategic direction. McAfee must do more on the content/data/information side and they need something in the identity space as well.
So how do they get there? I suspect they don't. Now with the options overhang gone, the old management cleaned out, and a lot of the pieces assembled - McAfee is clearly a target for a HP, Juniper or even Cisco. The synergies with HP are pretty obvious. Plug ePO right into OpenView and combining that with the newly acquired Mercury on the application side and you've got a very complete story.
Given these new strategic initiatives from both Symantec and McAfee, big is the new small strikes with a vengeance. The second tier AV vendors find themselves that much further behind as the desktop suites become increasingly part of a larger security story. These folks (Trend, Sophos, Panda, Kaspersky, et al) need to either get out the check books and start buying their way to a broader offering, or put on their Sunday best, paint some lipstick on the pig and try to get a deal done.
McAfee is calling their initiative "security risk management" and as I mentioned on Tuesday AM - I'm not a huge fan of taking two nebulous categories (security and risk) and mashing them together to get something meaningful. So I'm not a big fan of this tag line either, but these are pretty minor nits compared to the strategy.
The world according to McAfee breaks up into two domains: threat prevention and compliance. NAC is in there two, but it's not clear how it relates to the other domains quite yet. This is wrong because they don't factor in identity or information/data security - but they don't have those pieces yet - so I'll forgive them. But if you are going to make a strategic statement about how security needs to be done - you can't really leave anything out.
Threat prevention is the traditional McAfee business - AV, IPS and anti-spyware. Throw a little SiteAdvisor magic dust in and the business is pretty competitive. They'll need to add application control to make a complete story for threat prevention from end to end, but those pieces are pretty much there.
Compliance is a conglomeration of what McAfee's shopping spree has yielded of late. By aligning the original Foundstone stuff, with the newly acquired Preventsys and Citadel technologies, McAfee can now set a policy, find broken stuff, and fix it. That's pretty slick.
Of course, it'll take some integration - but not a brain transplant. Why? Because McAfee has always built management of their disparate products into the ePO management console. This is a huge advantage tactically over Symantec, who has never delivered on any kind of console to speak of. ePO is McAfee's secret weapon, and they are acknowledging it - which is a good thing.
As I mentioned above, the weakness is really more about not having all the pieces, rather than anything relative to the strategic direction. McAfee must do more on the content/data/information side and they need something in the identity space as well.
So how do they get there? I suspect they don't. Now with the options overhang gone, the old management cleaned out, and a lot of the pieces assembled - McAfee is clearly a target for a HP, Juniper or even Cisco. The synergies with HP are pretty obvious. Plug ePO right into OpenView and combining that with the newly acquired Mercury on the application side and you've got a very complete story.
Given these new strategic initiatives from both Symantec and McAfee, big is the new small strikes with a vengeance. The second tier AV vendors find themselves that much further behind as the desktop suites become increasingly part of a larger security story. These folks (Trend, Sophos, Panda, Kaspersky, et al) need to either get out the check books and start buying their way to a broader offering, or put on their Sunday best, paint some lipstick on the pig and try to get a deal done.
Recent comments
10 weeks 1 day ago
10 weeks 2 days ago
10 weeks 3 days ago
12 weeks 2 days ago
12 weeks 5 days ago
13 weeks 17 hours ago
13 weeks 22 hours ago
13 weeks 2 days ago
13 weeks 2 days ago
13 weeks 2 days ago