Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:00 AM
Connect Directly

The Story of McAfee: How the Security Giant Arrived at a Second IPO

Industry watchers explore the story of McAfee, from its founding in 1987, to its spinoff from Intel, to how it's keeping up with competitors.

Last week, McAfee made its second appearance on the public market with its second initial public offering. It's the latest in a long series of major changes for the cybersecurity software giant, which has had an interesting path to growth since it was founded in the industry's early days. 

To see how it got here, we take a look back at McAfee's history and explore the corporate changes and industry trends that shaped the company it is today.  

Related Content:

Businesses Rethink Endpoint Security for 2021

2020 State of Cybersecurity Operations and Incident Response

New on The Edge: 8 New and Hot Cybersecurity Certifications for 2020

McAfee was founded in 1987 as McAfee Associates, named for its founder, John McAfee, who later resigned from the business in 1994. The security company went through its first of several changes in 1997, when it merged with Network General in an effort to create a cybersecurity company that focused on endpoint and network security, a mix that "continues to fail as a strategy," industry analyst and adviser Richard Stiennon wrote in his Security Yearbook 2020.

Stiennon worked with McAfee as a Gartner analyst in the 2000s. In 2003, new president Gene Hodges aimed to restructure the firm, focusing on security and shedding desktop management, LAN management, and other tools. The Gauntlet firewall went to Secure Computing, divisions were sold off, and the remainder, left with an antivirus product, was rebranded as McAfee. 

"I told them that they should end-of-life their firewall," says Stiennon in an interview with Dark Reading. "I've always felt that companies can't have both firewall and endpoint security because it's two completely different buying centers. Desktop support is way different from the network security team."

At the time, McAfee and Symantec were the biggest names in cybersecurity software. Peter Firstbrook, vice president analyst at Gartner, began watching McAfee in 2002 and says that at the time, most customers used either Symantec or McAfee. "There wasn't a lot of alternatives," he says, noting Trend Micro, Kaspersky, and Sophos were also industry players at the time.

McAfee's evolution progressed "in a couple of waves," Firstbrook continues. In its first wave, it tried to focus on endpoint, firewall, and network security with a firewall and intrusion detection system. In the second, it zeroed in on data security and regulation, acquiring a number of smaller security companies as data security and regulation became prominent industry topics. 

During this time, it bought endpoint intrusion prevention provider Entercept (2003), network intrusion prevention company IntruVert (2003), and vulnerability scanning firm Foundstone (2004) as it strengthened its focus on enterprise security.

Even with its security focus, more technology wasn't necessarily the answer, notes Forrester senior analyst Chris Sherman.

"McAfee has been a very important player overall in the cybersecurity ecosystem, but it's generally been viewed as one of the more feature-heavy products," he says. "[It's] notorious for slowing down endpoints with its multitudes of endpoint-scanning technologies." It has gone through "a lot of peaks and troughs" in terms of consumer satisfaction and trust in its products.

The company again decided to reinvent itself in 2006 with plans to combine old and new products into an overall risk management framework. McAfee released compliance auditing tool PreventSys 2.6 and Web security tool SiteAdvisor, with its ePolicy Orchestrator (ePO) as the glue bridging old and new. Analysts saw the move as a way to expand beyond its "traditional threat play" into compliance, and beyond the consumer market into the enterprise sector; more acquisitions, including its $20 million buy of Onigma at the time, would integrate into its ePO.

While McAfee "lost the opportunity" to take over the market around then, it was still "making great headway," Stiennon says. Its ePO became a standard inside the US government, and it still had a large customer base. The following years, however, would prove tumultuous.

In 2007, McAfee appointed CEO Dave DeWalt, who acquired Secure Computing and brought back the Gauntlet Firewall McAfee had sold to the company, along with other firewall brands it had acquired over the years. "I was very critical of that, because they're an endpoint protection company and they bought a network security company," says Stiennon, who believes DeWalt's goal was to demonstrate growth to the market.

"He just wanted to make the company look good," Firstbrook notes. "He didn't care if it was good; he wanted to make it look good and feel good." He speculates the driver was eventually to sell McAfee and move on.

The Intel Years: Gaining a Buyer, Losing an Identity
In August 2010, DeWalt sold McAfee to Intel for $7.68 billion in an all-cash deal. The acquisition was meant to solidify Intel's strategy of embedding security into silicon and establish its claim in the wireless market. However, industry watchers saw gaps in the strategy.

"A bunch of people in the industry said, 'No way,'" Stiennon recalls, adding that "there was no synergy between an antivirus vendor and a chip vendor — never has been, never will be."

Intel wanted to make hardware more secure, says Firstbrook. "And the fundamental problem with that is, unless you standardize your buying on a single brand of hardware, you can't rely on that security." Unless a company was willing to say, "I will forever buy Intel chips," it would also need software-based security that can run across all its different platforms, he explains. 

McAfee operated under Intel from 2010 to 2016. Those years were transformative for the security landscape but a lull for the company. Many employees who left McAfee went on to found, or work for, future competitors. Kevin Mandia left to form Mandiant, which was later acquired FireEye; Stuart McClure left to found Cylance, which was later sold to BlackBerry. George Kurtz left to found CrowdStrike. 

"When everyone else was moving month to month and trying to figure out what the next big thing was, they didn't have their eye on the ball during those years," Firstbrook adds, noting this put McAfee at a disadvantage when it was no longer part of Intel.

During the time McAfee operated under its new parent company, Firstbrook noticed more customers were asking to replace it. "They just weren't supporting them; they weren't modernizing their fleet," he says. This period stalled innovation and, consequently, McAfee's earnings.

The year before McAfee was acquired, it reported just over $2 billion in revenue, Stiennon says. Four years later, Intel's Software and Services Group was reporting $2.216 billion in revenue. Four to five years after Intel spun out McAfee, the company is still making $2 billion per year.

Post-Intel Innovation: Catching Up With the Market
Two years later, after it rebranded McAfee as Intel Security, Intel spun out McAfee to private equity firm TPG for $3.1 billion, with the company valued at $4.2 billion — a $3.48 billion loss since it was acquired. Since rebranding as McAfee, it has started to turn things around and find its way in a world running on cloud technology.  

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Recommended Reading:

1 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-16
The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 may provide overly verbose error messages, which allows remote attackers to use the contents of error messages to help launch another, more focused att...
PUBLISHED: 2021-05-16
Denial-of-service (DoS) vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by (1) enabling Time-based One-time password (TOTP) on behalf of the other user or (2) modifying the othe...
PUBLISHED: 2021-05-16
The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA challenge by reusing the same CAPTCHA answer.
PUBLISHED: 2021-05-16
Delta Industrial Automation CNCSoft ScreenEditor Versions 1.01.28 (with ScreenEditor Version 1.01.2) and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code.
PUBLISHED: 2021-05-16
Cross-site scripting (XSS) vulnerability in the Asset module's categories administration page in Liferay Portal 7.3.4 allows remote attackers to inject arbitrary web script or HTML via the site name.