15 January 2014
Bloated Security Firms Get Fatter on Hackers
Tech Security Upstarts Enter Fray
By NICOLE PERLROTH
JAN. 14, 2014
SAN FRANCISCO Steve Bennett, the chief executive of the computer security
company Symantec, is spoiling for a fight.
Symantec is still, by a pretty long stretch, the biggest in a growing pack
of tech security companies. But like Microsoft, Mr. Bennetts company
is sometimes viewed as an aging, if still wealthy, outfit that cant
keep up with a new generation. And no one in the technology industry likes
being labeled the old, slow rich guy.
Particularly when $67 billion is up for grabs. Thats how much companies
were expected to spend last year on computer security.
But younger outfits with names like FireEye and Palo Alto Networks are now
competing with Symantec and its longtime rival McAfee, which is now part
of Intel, for a greater share of a market that is expected to swell to $87
billion by 2016, according to Gartner, a research firm.
The pitch from the new companies is simple: Conventional security defenses
like those that the antivirus software of Symantec and McAfee built
their brands upon, as well as the network firewalls of Check Point and Cisco
have proved vulnerable to determined adversaries. The biggest problem
with that older technology, they say, is that it reacts to threats rather
than anticipating them.
The young companies say they can help solve that problem, which the Center
for Strategic and International Studies in Washington estimates costs the
United States economy $100 billion a year, and theyre getting ready
for a long fight with the established companies.
More so in security than in other areas, companies are willing to buy
from smaller start-ups, said Asheem Chandna, a venture capitalist at
Greylock Partners who has invested in several security start-ups. They
want the new, shiny mousetraps.
Take FireEye. This month, the company announced that it had acquired Mandiant,
another young firm, for $1 billion in stock and cash. The deal combines two
darlings of this new generation of security one that detects attacks
by examining Internet traffic for potential threats before they hit a network,
and another that responds to threats and tries to make sure they dont
FireEye is run by Dave DeWalt, who used to be McAfees chief executive.
Antivirus products are not working right now, Mr. DeWalt said
in a recent interview. Companies are spending tens of billions of dollars
of their money on a model that doesnt work.
This fight between new and old has led to an unusually fragmented market,
with 50 or so competitive companies, said Lawrence Pingree, a security analyst
at Gartner. In 2012, Symantec led the security software market, with 19.6
percent of it, followed by McAfees 8.8 percent, according to Gartner.
Once the final numbers are tallied for 2013, Mr. Pingree said, he expects
the incumbents will have ceded ground to the upstarts.
The problem with traditional antivirus technology is that security researchers,
like medical researchers, must study a virus before they can create the antidote.
They have to capture a computer virus, dissect it and identify its signature
unique signs in its code before they can write a program to
That process can take as little as a few minutes or as long as several years.
Once a virus gets blocked, it is often left to the customer to run frequent
software updates. And even then, it takes just a few tweaks to the code for
criminals to outwit the system.
We believe the antivirus market is hopelessly behind in being able
to address the most acute problems, said Nir Zuk, the founder and chief
technology officer at Palo Alto Networks. That is not where the action
is and that is not where the majority of the money is going to be.
Venture capitalists are also backing firms that help companies deal with
the security issues created by employees who insist on using their own
smartphones or computers on the company network the bring your own
device dilemma. Last year, Greylock Partners and Sequoia Capital invested
in Skyhigh Networks, a start-up that helps companies keep an eye on apps
downloaded to corporate networks through those rogue devices.
Accel Partners, Khosla Ventures and others are betting on another start-up,
called Lookout, which started out as a smartphone app and is now targeting
corporate customers worried about the problem.
Investors are also keen on start-ups like OpenDNS, which tries to identify
suspicious Internet traffic patterns. The company was able to pre-emptively
block malware hidden in Yahoo ads last month after it identified dangerous
traffic coming from a small Internet service provider.
We take a satellite view of the Internet, said David Ulevitch,
OpenDNSs founder. We dont wait for the shots to get fired,
then analyze the bullet.
Even among the antivirus makers themselves, antivirus has become
something of a dirty word. Symantec and McAfee are aggressively rebranding
and investing in new sorts of technology. Notably, antivirus
does not appear once on either companys home page.
Everybody still talks about us as antivirus, said Mr. Bennett,
the Symantec chief. We have more advanced threat protection in our
portfolio than anybody else.
He said the key to Symantecs plans was integrating all the little pieces,
from antivirus software to systems that monitor incoming Internet traffic,
into one big package that can be more easily installed and controlled. In
fact, he said, 50 percent of the threats Symantec blocked last year were
not blocked by antivirus, but by the companys newer security protections.
The reality is that no one security technology is good enough,
said Mr. Pingree, the Gartner analyst. Hackers are always working to
defeat the latest defense, and so you have to invest in defenses for the
latest threat as well as every threat experienced in the past.
Last week, Intel, which acquired McAfee in 2011, announced it was killing
off the McAfee brand altogether, keeping only the companys red shield
logo intact. McAfee will now be known as Intel Security.
Analysts say the move is an apparent effort to separate the brand from its
antivirus roots and from its founder, John McAfee, who has gained notoriety
for behavior that, at last count, included going on the lam after his neighbor
in Belize was found dead, an arrest in Guatemala, a deportation to Miami
and, finally, an expletive-laced video featuring Mr. McAfee trying to uninstall
McAfee software while surrounded by scantily clad women, guns and bath
Antivirus is not what were focused on, Michael Fey,
McAfees chief technology officer, said in an interview this week.
Its fun for younger companies to point fingers, but thats
not even where we get the bulk of our revenue.
McAfee now makes more revenue selling newer network security and
intrusion-prevention systems to its business customers, Mr. Fey said.
Were proud of our antivirus it is a valuable solution
that catches hundreds of thousands of issues a day for companies but
under no circumstances do we think that is the future of security.
And if you cant beat them, buy them. Last year, for example, Cisco
spent $2.7 billion to acquire Sourcefire, an upstart security company. Mr.
Chandna of Greylock, for one, expects to see a lot more of those big deals
One other thing the older companies can still do is compete on price. Last
week, McAfee announced that it would begin giving away its mobile security
Were running a marathon, not a sprint, Mr. Bennett said.
When were at the end of the finish line, sometime in the future,
were going to be there and were going to be smiling. And well
see where all these shiny-new-object companies are.