By Alex Salkever Killing computer viruses has been very good business for Symantec (SYMC). While the rest of the security software sector has largely languished over the past year, the Cupertino (Calif.) outfit's impressive growth has been powered by its popular antivirus products. The most recent fiscal quarter, ending June 30, 2002, was no exception.
The company posted revenue of $316 million, a 39% bump from the $228 million logged in the same quarter of 2001. A whopping 133% leap in revenues from sales of antivirus software to consumers, vs. the same quarter last year, looked particularly impressive. Net earnings for the quarter clocked $56.6 million. That compared to a net loss of $21.2 million from the same quarter last year when Symantec was still digesting acquisitions.
BUYING INTO THE BUSINESS. Yet the stellar earnings report elicited two stock downgrades from Bear Stearns and AG Edwards. What gives? For one thing, Symantec shares, floating in the low $30 range after a split earlier in 2002, have significantly outperformed sector peers -- despite the fact that it is well off 52-week highs of $45. Some security-sector analysts worry Symantec may be overpriced.
More likely, though, the downgrades were prompted by increasing concerns about Symantec's strategic push to provide security as a service to companies wanting to outsource that task, and also as the outfit starts to digest three acquisitions.
The nascent sector of managed security represented just 1% of Symantec's revenues in the most recent quarter, to the order of $3 million. Those numbers should grow quickly thanks to the July 17 acquisition of Riptech, for $145 million in cash, a major name in the field.
The big push into managed security, however, raises questions about Symantec's ability to balance the two seemingly opposing missions: selling Symantec software with one hand while providing impartial advice on which software products to buy and use with the other.
BIG GULP. "I don't see that you can purport to be a product-independent vendor when the bulk of your revenues depend on your own product," says Jon Bruce, executive vice-president of network monitoring company Countepane Internet Systems, which competes with Symantec. True, Bruce has a vested interest. But apart from that, managed security is proving to be a money pit with high labor costs and slimmer margins than software pure plays, experts say.
Another big question is how well Symantec will be able to absorb the three acquisitions it made on July 15, 2002, for a total of $355 million. Besides Riptech, those acquisitions were intrusion-detection systems maker Recourse Technologies for $135 million in cash and SecurityFocus, a vulnerability tracker and database service purchased for $75 million in cash. Symantec has more than $1.5 billion in cash, so the buys had little impact on the company's financial health.
Symantec sees these acquisitions as an affordable and prudent way to add to its arsenal in selling security software and services to businesses, a far more lucrative proposition than selling to consumers, according to John Schwarz, Symantec's president and COO.
"CHALLENGING FOR ANYONE." Still, integrating two security companies, let alone four, could prove taxing to Symantec. Analysts say the company struggled to integrate the products from its 2000 acquisition of Axent, a maker of firewall and IDS systems. Keeping key engineers was challenging. As a result, the firewall product it bought from Axent has managed to grab only a small toehold in the brutally competitive market. At the same time, some security sector insiders say Axent's IDS system has had trouble getting real traction, which would explain why Symantec bought Recourse.
Successfully digesting more than one acquired company at the same time is difficult in good times, let alone when things are tough. Network Associates unsuccessfully tried a similar simultaneous acquisition strategy in the late 1990s. "Symantec is better run and they have a good depth of management -- but that would be challenging for anyone," says Richard T. Williams, a managing director at investment research firm Summit Analytic Partners.
Thompson also is pouring resources and manpower into the development of a so-called security "console" product. It would allow a network engineer to effectively manage and configure with a single program the vast majority of computer security systems out there, from Check Point (CHKP) firewalls to Internet Security Systems (ISSX)intrusion-detection packages. Sounds good -- except Symantec has a firewall that competes in some places with Check Point.
IT'S BEEN TRIED BEFORE. And with the Resource Technologies acquisition, Symantec is going head-to-head with its Manhunt product against ISS' own popular intrusion detection system. "When you talk to the IT managers, we have heard again and again there is no way a Symantec console is going to be able to run a Check Point product better than Check Point's own software," says Williams.
What troubles him the most is that the move into consoles, too, echoes an unsuccessful strategy pursued by Network Associates several years ago. "They appear to us to be following the same strategy that Network Associates tried, and failed with, two or three years ago. We are essentially in a show-me mode," adds Williamson, who suggests that Symantec might do better targeting the middle market rather than the high end. In the mid-tier, companies might pick superior product integration over anything else, even superior software, he says.
Not that anyone thinks Symantec is in trouble. Thompson has expertly captured a significant chunk of the corporate anti-virus market, a domain once dominated by Network Associates and Japanese firm Trend Micro. The stellar revenues in consumer security products, while surprising, could indicate a growth engine fueled by constant virus paranoia rather than the single-digit workhorse business that Thompson has said it would likely become.
TALL ORDER. And all of the companies that Symantec acquired on July 17, analysts agree, have their own merits. Plus, by all accounts, security over the long haul will prove a lucrative niche for some time to come. "They will grow in lockstep with security. And I am long-term bullish on security," says P. Sean Jackson, a vice-president at investment bank Avondale Partners.
Maybe, just maybe, Big Blue alum Thompson is overreaching a bit with his quest to turn Symantec into a one-stop shop that provides all things in the way of security. Acquisitions are tough to pull off. New products are hard to launch. Selling both impartial consulting and management services alongside in-house software products can be tough. Combined, these maneuvers could prove a bigger bite than Symantec can handle at this time. Salkever is technology editor for BusinessWeek Online