Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

10/26/2020
10:00 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

The Story of McAfee: How the Security Giant Arrived at a Second IPO

Industry watchers explore the story of McAfee, from its founding in 1987, to its spinoff from Intel, to how it's keeping up with competitors.

Last week, McAfee made its second appearance on the public market with its second initial public offering. It's the latest in a long series of major changes for the cybersecurity software giant, which has had an interesting path to growth since it was founded in the industry's early days. 

To see how it got here, we take a look back at McAfee's history and explore the corporate changes and industry trends that shaped the company it is today.  

Related Content:

Businesses Rethink Endpoint Security for 2021

2020 State of Cybersecurity Operations and Incident Response

New on The Edge: 8 New and Hot Cybersecurity Certifications for 2020

McAfee was founded in 1987 as McAfee Associates, named for its founder, John McAfee, who later resigned from the business in 1994. The security company went through its first of several changes in 1997, when it merged with Network General in an effort to create a cybersecurity company that focused on endpoint and network security, a mix that "continues to fail as a strategy," industry analyst and adviser Richard Stiennon wrote in his Security Yearbook 2020.

Stiennon worked with McAfee as a Gartner analyst in the 2000s. In 2003, new president Gene Hodges aimed to restructure the firm, focusing on security and shedding desktop management, LAN management, and other tools. The Gauntlet firewall went to Secure Computing, divisions were sold off, and the remainder, left with an antivirus product, was rebranded as McAfee. 

"I told them that they should end-of-life their firewall," says Stiennon in an interview with Dark Reading. "I've always felt that companies can't have both firewall and endpoint security because it's two completely different buying centers. Desktop support is way different from the network security team."

At the time, McAfee and Symantec were the biggest names in cybersecurity software. Peter Firstbrook, vice president analyst at Gartner, began watching McAfee in 2002 and says that at the time, most customers used either Symantec or McAfee. "There wasn't a lot of alternatives," he says, noting Trend Micro, Kaspersky, and Sophos were also industry players at the time.

McAfee's evolution progressed "in a couple of waves," Firstbrook continues. In its first wave, it tried to focus on endpoint, firewall, and network security with a firewall and intrusion detection system. In the second, it zeroed in on data security and regulation, acquiring a number of smaller security companies as data security and regulation became prominent industry topics. 

During this time, it bought endpoint intrusion prevention provider Entercept (2003), network intrusion prevention company IntruVert (2003), and vulnerability scanning firm Foundstone (2004) as it strengthened its focus on enterprise security.

Even with its security focus, more technology wasn't necessarily the answer, notes Forrester senior analyst Chris Sherman.

"McAfee has been a very important player overall in the cybersecurity ecosystem, but it's generally been viewed as one of the more feature-heavy products," he says. "[It's] notorious for slowing down endpoints with its multitudes of endpoint-scanning technologies." It has gone through "a lot of peaks and troughs" in terms of consumer satisfaction and trust in its products.

The company again decided to reinvent itself in 2006 with plans to combine old and new products into an overall risk management framework. McAfee released compliance auditing tool PreventSys 2.6 and Web security tool SiteAdvisor, with its ePolicy Orchestrator (ePO) as the glue bridging old and new. Analysts saw the move as a way to expand beyond its "traditional threat play" into compliance, and beyond the consumer market into the enterprise sector; more acquisitions, including its $20 million buy of Onigma at the time, would integrate into its ePO.

While McAfee "lost the opportunity" to take over the market around then, it was still "making great headway," Stiennon says. Its ePO became a standard inside the US government, and it still had a large customer base. The following years, however, would prove tumultuous.

In 2007, McAfee appointed CEO Dave DeWalt, who acquired Secure Computing and brought back the Gauntlet Firewall McAfee had sold to the company, along with other firewall brands it had acquired over the years. "I was very critical of that, because they're an endpoint protection company and they bought a network security company," says Stiennon, who believes DeWalt's goal was to demonstrate growth to the market.

"He just wanted to make the company look good," Firstbrook notes. "He didn't care if it was good; he wanted to make it look good and feel good." He speculates the driver was eventually to sell McAfee and move on.

The Intel Years: Gaining a Buyer, Losing an Identity
In August 2010, DeWalt sold McAfee to Intel for $7.68 billion in an all-cash deal. The acquisition was meant to solidify Intel's strategy of embedding security into silicon and establish its claim in the wireless market. However, industry watchers saw gaps in the strategy.

"A bunch of people in the industry said, 'No way,'" Stiennon recalls, adding that "there was no synergy between an antivirus vendor and a chip vendor — never has been, never will be."

Intel wanted to make hardware more secure, says Firstbrook. "And the fundamental problem with that is, unless you standardize your buying on a single brand of hardware, you can't rely on that security." Unless a company was willing to say, "I will forever buy Intel chips," it would also need software-based security that can run across all its different platforms, he explains. 

McAfee operated under Intel from 2010 to 2016. Those years were transformative for the security landscape but a lull for the company. Many employees who left McAfee went on to found, or work for, future competitors. Kevin Mandia left to form Mandiant, which was later acquired FireEye; Stuart McClure left to found Cylance, which was later sold to BlackBerry. George Kurtz left to found CrowdStrike. 

"When everyone else was moving month to month and trying to figure out what the next big thing was, they didn't have their eye on the ball during those years," Firstbrook adds, noting this put McAfee at a disadvantage when it was no longer part of Intel.

During the time McAfee operated under its new parent company, Firstbrook noticed more customers were asking to replace it. "They just weren't supporting them; they weren't modernizing their fleet," he says. This period stalled innovation and, consequently, McAfee's earnings.

The year before McAfee was acquired, it reported just over $2 billion in revenue, Stiennon says. Four years later, Intel's Software and Services Group was reporting $2.216 billion in revenue. Four to five years after Intel spun out McAfee, the company is still making $2 billion per year.

Post-Intel Innovation: Catching Up With the Market
Two years later, after it rebranded McAfee as Intel Security, Intel spun out McAfee to private equity firm TPG for $3.1 billion, with the company valued at $4.2 billion — a $3.48 billion loss since it was acquired. Since rebranding as McAfee, it has started to turn things around and find its way in a world running on cloud technology.  

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-23727
PUBLISHED: 2020-12-03
There is a local denial of service vulnerability in the Antiy Zhijia Terminal Defense System 5.0.2.10121559 and an attacker can cause a computer crash (BSOD).
CVE-2020-28175
PUBLISHED: 2020-12-03
There is a local privilege escalation vulnerability in Alfredo Milani Comparetti SpeedFan 4.52. Attackers can use constructed programs to increase user privileges
CVE-2020-13524
PUBLISHED: 2020-12-03
An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim n...
CVE-2020-13525
PUBLISHED: 2020-12-03
The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2020-23726
PUBLISHED: 2020-12-03
There is a local denial of service vulnerability in Wise Care 365 5.5.4, attackers can cause computer crash (BSOD).