Vulnerabilities / Threats
9/13/2012
11:06 AM
Connect Directly
RSS
E-Mail
50%
50%

Symantec Security Has Become Forgotten Child, Critics Say

After Symantec leadership change, some channel partners question whether the company will continue emphasizing its storage business over security.

Can Symantec be more than the sum of its parts?

That question appears to be on the minds of many of the company's channel partners. In particular, some of the company's value-added resellers (VARs)--who also resell products from Symantec's competitors--have been asking how the company's new leadership plans to move forward.

Symantec's board fired president and CEO Enrique Salem, who'd held both posts for three years, on July 25, and installed board chairman Steve Bennett in the roles instead. The company's shares immediately climbed 12% in value. "My view is that Symantec's assets are strong and yet the company is underperforming against the opportunity," said Bennett--a veteran of Intuit and General Electric--in a statement. He promised to begin his tenure by holding a listening period of up to 120 days with customers, partners, and shareholders, about the best way to take the company forward.

Some of those business partners have already begun speaking out. In a recent "open letter to Steve Bennett," Mike Karp, a VP and principal analyst at consultancy Ptak, Noel, & Associates, reported hearing "nervousness in the channel, which of course is to be expected when a major supplier brings on new leadership." But he said that nervousness reflects "deep concern" not about the new CEO, "but more about the potential for lack of change."

"Steve, right now you are the CEO of many good brands. But wouldn't it be much better to be the CEO of a consolidated Symantec?" said Karp.

[ There's no cure for human error, but that doesn't make you helpless. See Why Security Policies Fail, How To Make Them Work. ]

On a related note, this week Symantec hosted its annual partner conference, Symantec Partner Engage, in Baltimore. While no major announcements were previewed from the invitation-only gathering, Symantec was expected to announce new incentives for its sales representatives, aimed at eliminating some of the company's product silos.

But fixing Symantec will take more than new incentive schemes. Symantec's stock has underperformed for years, and the company--which boasts annual revenue of $6.73 billion--has lost $3 billion in value in the past year, according to Bloomberg. Many observers trace Symantec's financial problems to its acquisition of Veritas--pushed by Salem's predecessor--in 2005, for $13.5 billion.

One Symantec channel partner--speaking on condition of anonymity--said he believes that after the Veritas acquisition, Symantec became blinded by the potential profit margins to be made in the storage business, and made all other Symantec products a secondary concern.

But now, he said, Symantec is facing stiff competition from numerous businesses, some of which the $1 billion channel partner also resells, including EMC, Dell--especially with its acquisition of backup provider AppAssure--as well as CommVault. From a security perspective, meanwhile, there's strong competition from Intel's McAfee, Trend Micro--which the reseller said has taken the lead on promoting the need for businesses to secure their cloud and virtual environments--as well as "a bunch of other products out there who are partnering with the channel and investing heavily in the channel community."

According to the business partner, Symantec's security business has been lagging, both in terms of in-house support as well as innovation. "They're not doing very well because today, the culture within Symantec, and the commission model in the company, is most heavily focused on tiered backup products--the legacy Veritas products," he said. "So every time we get in from of them and ask what we should promote, it's always Veritas, not security."

He said Symantec also remains late to the security game when it comes to cloud computing and virtualization. "I would have expected them to talk about how [Symantec] will secure your endpoints in a virtual environment, but instead it's all about backup and archiving," he said. "But the security industry is mostly driven by threats, and when it comes to the cloud and virtualization, Symantec is very late in addressing that market."

What should Symantec do? "Symantec still has a big presence in the backup sector, and we want Symantec to be successful, because we'll end up making money as well," said the reseller. "So we're hoping they'll take some right steps." In particular, he's called on the new CEO to articulate a clear direction for the company, for Symantec to invest more heavily in its channel partners, and for the company to create new messaging about how it can both back up and secure business data.

But new messaging might not be enough to satisfy investors. In fact, some analysts have been calling on the company to split its storage and security divisions, perhaps selling parts of the company to IBM or Oracle. "There was always this hope and promise that storage and security would converge, and it really hasn't," Brian Freed of Wunderlich Securities told Bloomberg last month. "Since there are no synergies, a singular focus yields better results."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2963
Published: 2014-07-10
Multiple cross-site scripting (XSS) vulnerabilities in group/control_panel/manage in Liferay Portal 6.1.2 CE GA3, 6.1.X EE, and 6.2.X EE allow remote attackers to inject arbitrary web script or HTML via the (1) _2_firstName, (2) _2_lastName, or (3) _2_middleName parameter.

CVE-2014-3310
Published: 2014-07-10
The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463.

CVE-2014-3311
Published: 2014-07-10
Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467.

CVE-2014-3315
Published: 2014-07-10
Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308.

CVE-2014-3316
Published: 2014-07-10
The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.