Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics //

Security Monitoring

Symantec Fires CEO In Surprise Move

Analysts question security and storage giant's turnaround after the board fires its second CEO in two years.

In a surprise move, Symantec's board of directors announced Thursday that CEO Steve Bennett had been terminated, effective immediately. In his place, board member Michael Brown has been installed as interim president and CEO. "This considered decision was the result of an ongoing deliberative process, and not precipitated by any event or impropriety," according to a statement released by Symantec.

A number of information security industry watchers reacted with surprise to Bennett's ouster after just 18 months on the job, not least because in recent quarters Symantec's revenue has often exceeded expectations.

Steve Bennett

"I was very surprised by this," said Forrester analyst Rick Holland, speaking by phone. "I just don't think it's the right time for a company that's not seen as innovative, that's been struggling to rebound, to have a leadership change. If you count the interim CEO, this makes three CEOs in less than two years' time. That has an impact on morale."

Furthermore, the company appeared to be making good progress with its turnaround, which has included consolidating products and reorganizing sales teams. "I've heard positive things officially and unofficially from Symantec employees -- you can even tell the difference from Symantec employees' demeanor," Holland said. "The restructure and eliminating operational friction: The employees thought that was the right move."

[In security, technology is the easy part. See Target's Weak Points, Examined.]

In recent years, antivirus giant Symantec has struggled to reinvent itself as a modern and innovative information security player. Last year, for example, the company's image suffered after Chinese attackers hacked The New York Times, using malware that bypassed Symantec's signature-based antivirus software. Of course, signature-based products can only spot malware that's already been seen before, and the Times failed to tap technology for blocking unknown threats.

But that situation speaks to the real-world security demands that have lead many businesses to use technology from newer players such as FireEye, which recently bought Mandiant for $1 billion, and Palo Alto Networks. Both sell technology that helps spot and block unknown malware, and many would-be buyers have come calling. "What I can tell you anecdotally is that if they had the chance to meet with Palo Alto Networks, FireEye, or Symantec, my suspicion is that Symantec would be last on the list of who you'd take a meeting with," said Forrester's Holland.

Other analysts have long argued that Symantec can only save itself by choosing to focus on either security or storage. "I have thought the same thing: spin off one of those businesses so there's more of a focus in each area, the buyers are completely different -- infrastructure and operations, versus security people," said Holland.

A year ago, Bennett had acknowledged some of these challenges. "We've had to reprogram the brains of our employees because they thought about our company as 150 different point solutions," he said in an interview, noting that he was trying to reposition the company's products as ways to "solve a higher-level problem."

In fact, some market watchers think Symantec's continuing woes date to its $13.5 billion acquisition of storage vendor Veritas in 2005, which was championed in part by then-Symantec consumer business president Enrique Salem, who later served as CEO before being fired by the board in July 2012. He now sits on FireEye's board of directors. Meanwhile, Symantec's new interim chief, Michael Brown, cut his teeth in the storage sector, having come to the Symantec board from the board of Veritas. He previously served as the CEO of backup-technology vendor Quantum.

If Symantec continues to struggle, its next step might not just be a new CEO, but -- following in the footsteps of Blue Coat, Websense, and McAfee -- either to go private or get acquired. "If you're trying to rebuild, if you need to reset, going private is not a bad idea," said Holland.

Next-gen intrusion-prevention systems have fuller visibility into applications and data. But do newer firewalls make IPS redundant? Also in the The IPS Makeover issue of Dark Reading Tech Digest: Find out what our 2013 Strategic Security Survey respondents have to say about IPS and firewalls. (Free registration required.)

Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014. View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
3/24/2014 | 7:29:29 AM
Re: Wrong CEO blamed for the Veritas aquisition
Thanks for the catch. Yes, Salem was group president at the time of the Symantec Consumer Business Unit, although he reportedly also backed the Veritas acquisition, and of course did later become CEO. 
Madhava verma dantuluri
Madhava verma dantuluri,
User Rank: Apprentice
3/24/2014 | 12:50:22 AM
Is it?
Surprise move and wonder whats ahead for Symantic now.
User Rank: Apprentice
3/23/2014 | 7:36:12 PM
Re: Symantec Inovation
Information security is incredibly important, which is why I think that Symantec can turn things around. 

Sure, the New York Times story is not positive. But companies that can face up to challenges like this are the ones that come out stronger in the end. I can't speculate as to why Symantec decided to get rid of its CEO, but the consensus must have been that it would be for the best. 
User Rank: Apprentice
3/22/2014 | 5:57:00 PM
Symantec fires CEO
Given that we don't know the exact reason why the umpteenth CEO was fired, I do not understand some of the reasons purported here, especially that the company would have its attention diverted because it's in both the storage and the security business.

The security that Symantec provides automatically translates to a higher confidence when one uses their storage ware. I see that as a huge plus factor and something that should increase the scope for market penetration, not hinder growth or market cap, if handled correctly.

Surely, a company as prominently within the data universe as Symantec is, shouldn't suffer attention deficit because it uses the same platform for data storage as it does for security. What are they? Single cell organisms?

In my (not always) humble opinion, this dismissal is more indicative of a personality problem with the ownership or the Board, than the business end of the company, especially since Bennett has been making money for the owners.

Something doesn't smell right.
User Rank: Moderator
3/22/2014 | 11:58:32 AM
Coming from the IT security world, it doesn't seem like that long ago that Symantec had quite the positive reputation in IT security.  I think the big issue really comes down to the lack of focus, the storage move, while it makes sense in some cases, really confused folks in trying to figure out what Symantec is trying to achieve.  Is it meaning to become a large, all things to everyone, or are they really that endpoint security company who expanded to offer some core security solutions for enterprises.  I think marketing has some work to do to really refine the value proposition or we will see them get pushed aside from the other security companies who are tighter in scope.
User Rank: Moderator
3/21/2014 | 4:09:02 PM
Re: Too bad you can't fire the owner
It's not a good sign when a company goes through so many top-level executives in such a short time period, although it may not have longterm reperucssions. I'd love to know whether Bennett disagreed with the board's possible wish to spin-off either the security or the storage side of the business. And does the board have a replacement in mind?

If morale was improving, it's hard to imagine it's very good right now. People always feel shaken when things like this happen, especially when there's talk about sell-offs and all that implies about job security.
User Rank: Apprentice
3/21/2014 | 3:27:09 PM
Wrong CEO blamed for the Veritas aquisition
A correction to your statement that Enrique Salem was the CEO at the time of the Veritas aquisition. The Veritas aquisition was driven by then CEO John Thompson. 

Andrew Binstock
Andrew Binstock,
User Rank: Apprentice
3/21/2014 | 3:02:19 PM
Symantec's many businesses
It's hard to believe now, but at one time Symantec was even in the business of selling software development tools. In the 1990s, they sold a rather well-respected C++ compiler and IDE.
User Rank: Apprentice
3/21/2014 | 12:45:16 PM
Too bad you can't fire the owner
The problem with Symantec and a lot of other publicly traded IT corporations are their board of directors whom sit at the grace of the ownership or whom are owners of the corporation themselfes.  Like a professional sports team, a revolving coaching team means poor ownership.  I'm sure the next CEO at Symantec will be the same penny pinching wall street type (or GE type) that runs things by the numbers not by industry knowledge.
User Rank: Apprentice
3/21/2014 | 12:24:42 PM
Symantec Inovation
I like the Symantec software better than McAfee.  The problem I found with both of these products is that I tested both with an infected thumb drive.  When inserted to either of these products, the computers were infected instantly.  There were no warnings, nothing.  McAfee never did detect the viruses even when scanned.  Symantec detected and quarenteened them only when I scan for viruses.  MS Security Essentials which is a free product, stopped the viruses before the got to the computer. 

I was shocked.  I expected that the "World class" products would have been able to do the job of the free antivirus.  A 3 year old, not updated version from a stand alone computer of NOD32 caught them as well. 

The genuis of Peter Norton is not reflected in the current product when compared to the competition.  It used to be that nothing could compare to the Norton products.  The CEO's even though they can get fired, are doing just fine floating down gracefully in the golden paracutes.  Should they have no paracutes?
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Developing and Testing an Effective Breach Response Plan
Whether or not a data breach is a disaster for the organization depends on the security team's response and that is based on how the team developed a breach response plan beforehand and if it was thoroughly tested. Inside this report, experts share how to: -understand the technical environment, -determine what types of incidents would trigger the plan, -know which stakeholders need to be notified and how to do so, -develop steps to contain the breach, collect evidence, and initiate recovery.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-12-04
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to escalate privileges.
PUBLISHED: 2022-12-04
An issue was discovered in Veritas NetBackup Flex Scale through 3.0. A non-privileged user may escape a restricted shell and execute privileged commands.
PUBLISHED: 2022-12-04
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Authenticated remote command execution can occur via the management portal.
PUBLISHED: 2022-12-04
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Unauthenticated remote command execution can occur via the management portal.
PUBLISHED: 2022-12-04
CrowdStrike Falcon 6.44.15806 allows an administrative attacker to uninstall Falcon Sensor, bypassing the intended protection mechanism in which uninstallation requires possessing a one-time token. (The sensor is managed at the kernel level.)