Symantec: Why bigger is better but less is more

Symantec likes to point out how much bigger it is than competitors like McAfee, which at $1.6 billion in annual revenue is about a quarter of Symantec's size. But it also has come to recognize that bigness has its downsides, such as confusion that can stem from having too many products.

"The big change for us is that if you talked to me 6 or 9 months ago I'd have talked about literally over 100 products we have at Symantec from a security perspective, but going forward we'll just talk about four as we focus our investment," says Francis deSouza, senior vice president of Symantec's Enterprise Security Group (smaller than Symantec's $2 billion consumer security group, but close to $2 billion, while the rest of Symantec's revenue comes from more storage/archiving/information management-related business).

Those four product areas: protection suites that include endpoint security; data loss prevention; compliance and policies; and systems management (Altiris products).

7 Burning Security Questions

Symantec's deSouza says the company is simplifying its approach as customers face a more complex mix of threats, including viruses, botnets and insider threats, across a broader surface area that includes mobile devices and cloud environments. To emphasize how scary things are out there,  he pointed out that Symantec issued more antivirus signatures last year than in its 17 previous years combined and that organized crime  is behind 90% of data breaches now.

"The criminals are brazen," deSouza said. "They're not hiding which countries the threats are coming from yet."

Symantec has even identified a common anatomy of organized attacks, which largely take place via targeted emails/spam, poorly protected Web-facing infrastructure and poorly written Web-facing applications. The attackers break in, perform a discovery of networked assets, put a value on the data available and then take what they want.

"Most companies have no idea they're even under attack," said deSouza, who joined the company in 2006 when it bought IMLogic, a company he founded and led.

One reason for this shortcoming is that companies have various security systems in place that don't necessarily talk to each other well enough to give security teams a big picture view of what's going on. Symantec will be pushing security information management technology to address this, deSouza said. New on this front is the ability to feed into a SIM system from a global intelligence network, he said.

While SIM offerings have been around for years now, deSouza says there is evidence that customers are buying into the technology in a big way and noted that its 2007 Vontu acquisition has exceeded expectations. He also pointed to the financial performance of ArcSight, a publicly-traded security management specialist that saw 34% year-over-year growth for its fiscal year ended in April. 

DeSouza also singled out DLP as a growth opportunity. Though he once thought DLP might be relegated to a feature of other security products, he said it has emerged as its own entity. One reason for this is that the people who tend to deal with compliance and data leakage issues within companies tend to be separate from those handling antivirus and other more traditional security detail.

One area Symantec does not plan to attack is pure network security, even though rival McAfee does. With Cisco, Juniper and Check Point already controlling the market, deSouza says Symantec's prospects wouldn't be good. "Our corporate strategy is to be #1 in the categories we compete in," he said, noting that Symantec has chosen to limit its participation in this market segment to partnering with HP, Microsoft and others.

Follow Bob Brown on Twitter.

VMware offer tools to automate disaster recovery, application deployment

VMware is releasing two bundles of management and automation products designed for disaster recovery and the delivery of applications to users.

The bundles, announced Monday, include several previously released products built on top of VMware's virtualization software and two that are brand-new. The new products are Site Recovery Manager, designed to simplify disaster recovery on virtual machines; and Stage Manager, designed for deploying and updating applications on virtual machines.

IT departments often struggle to keep hardware and data in sync when a disaster recovery situation forces fail-over from one server to another, says Melinda Wilken, a senior director of marketing at VMware. Changes at primary sites have to be reflected on failover servers, and this can require a lot of manual work, she says. (Compare server products)

"There's a lot of moving parts involved and the upshot is most disaster recovery plans and processes really fail to meet the recovery objective," Wilken says.

VMware described three key features of Site Recovery Manager:

*Integrated management of disaster recovery plans, letting IT pros create, update and document recovery plans in the VMware VirtualCenter http://www.vmware.com/products/vi/vc/ management interface.

*Automated tests of disaster recovery plans in an "isolated testing environment."

*Automated failover and recovery in the event of an actual disaster.

Site Recovery Manager is part of the VMware Management and Automation Bundle, which includes the new Stage Manager software and previously released products Lifecycle Manager and Lab Manager.

A second software package called the IT Service Delivery Bundle is identical to the Management and Automation package, except it is cheaper and does not include the Site Recovery Manager.

Stage Manager targets virtual server sprawl, a common problem in which virtual machines spread through an enterprise with IT managers exhibiting little oversight or control. Administrators don't want to make changes directly in production environments, so they create "shadow instances" for testing new applications or patching and updating existing ones, Wilken says. The shadow application instances end up being out of sync with those in production, she notes.

"As IT managers roll out or update applications, instead of having to keep track of multiple instances of configurations throughout these stages, IT managers using VMware Stage Manager can automate the process so changes and updates are efficiently propagated," VMware states in a press release.

This reduces risk and eliminates errors, the release adds. Essentially, the product lets IT update an application using an exact replica of the one in production, and then transfers the updated software to a production server when it's ready, Wilken notes.VMware Lifecycle Manager, released on March 31, provides an automated system for requesting, approving, deploying, updating and retiring virtual machines. Lab Manager, which has been available since December 2006, gives users quick access to virtual machines without sacrificing IT control.

The VMware IT Service Delivery Bundle can be ordered from distributors and resellers beginning May 19 for $2,995 for every two processors. The Management and Automation Bundle, available the same day, will cost $3,995 per two processors. All products within the bundles can be purchased separately.