Symantec's Security Strategy

In very difficult economic times, customers turn to trusted brands, notes CEO John Thompson of the antivirus and firewall software outfit

The board of security-software and desktop-accessory software outfit Symantec brought in former IBM executive John Thompson more than two years ago to turn the smallish provider of antivirus programs and other Net security wares into a top performer. He established a rep as a straight shooter, only to see that reputation diminished in June, 2001, when Symantec (SYMC ) shocked the Street with an earnings shortfall.

To his credit, Thompson made amends on Oct. 18 by delivering much needed good tidings: a positive earnings announcement that blew by analysts' expectations. For the first fiscal quarter of 2002, pro forma earnings hit 56 cents per share on revenues of $228 million. A day after the announcement, the company raised $525 million in funds through a convertible-notes issue -- despite the generally horrific market prevailing for commercial paper. The company's share price is up 72% on the year and just over 30% in the past month.

BusinessWeek Online Technology Editor Alex Salkever interviewed Thompson on Oct. 29 to get his take on the company's direction. Here are edited excerpts of their conversation:

Q: Where is Symantec going with its strategy?


The focus of our company is providing security technologies for individuals and businesses. We want to leverage the strong tradition and historical base that we've had with consumers but to move as rapidly as we can into providing security technologies for enterprises and large government organizations. We are focusing on what we call infrastructure security. That's antivirus, content-filtering, e-mail scanning, [and] firewalls, as well as infrastructure technologies like intrusion detection.

Q: How are you going to...break into the business market? Some pretty tough players are there now. You've got Internet Security Systems (ISSX ), Check Point (CHKP ), and others.


We are the largest single security-software company in the world in terms of net new bookings in the year 2000. If you look at aggregate revenue generated, we are the second-largest company, second only to Computer Associates (CA ).

So I don't think the issue is about Symantec breaking in. It's about how...we continue to grow our position in the industry when it is getting increasingly crowded with not just players like the ones you mentioned but a bunch of smaller players as well.

In very difficult economic times, customers turn to trusted brands, where the companies have financial muscle. And there are very few firms in the industry which have the strong balance sheet or the strength of global presence of Symantec.

Q: Are you concerned that your desktop business will erode down the road as Microsoft (MSFT ) builds more security software into its operating systems?


Not at all. We've lived with Microsoft continuing to enhance its operating system now for almost 20 years. And our team can add bona fide security expertise to a Microsoft environment, far more so than Microsoft has been able to do to date. And as our business moves more toward selling to businesses and organizations, it's clear to us that you have to be multiplatform and not just deliver desktop capability.

Q: Are there any long-term conflicts in the fact that, as you sell more, more products are [offered as downloads] off your Web site? Will your traditional retail partners be miffed if they get less business?


There is room for everybody to participate in a shifting model mix, to the extent that [as] more of our business moves online, that becomes the channel of choice. So far, what we continue to see is strength in the traditional channels with good growth rates in the online channel as well as the mail-order channel.

Q: From what I've read, your corporate firewall product has a very small market share now. What are you trying to do to build it?


Our corporate firewall is the third-place holder in terms of market share, behind Cisco and Check Point. Quite frankly, it's a different firewall than what they are offering. It's what's called a proxy-based firewall, [which] inserts a completely separate computer between your network and the traffic. So it's more secure, and perhaps it better lends itself to a class of applications where customers are very, very concerned about the security of the assets -- such as the Department of Defense, financial-services institutions, and certain health-care institutions.

Q: Where do you see Symantec moving in the future?


There is a lot more to do in the segments where we already play. The intrusion-detection and vulnerability-management segment is growing quickly. Recent activities around the Internet have certainly raised the awareness of people that they need vulnerability-management and intrusion-detection software.

Our acquisition of [software makers] Axent Technologies and L-3 Network Security during 2000 set the stage for us to be able to take advantage of a rapidly growing market segment. I am more interested, quite frankly, in leveraging the position that we have as opposed to continuing to look over the fence for greener pastures.

Q: On the consumer side, are you concerned that companies offering free security products may cut into your business?


There are always threats from early-stage companies that come with free product as they try to establish a market position. But nothing is free forever. At some point, companies have to figure out how to monetize the relationships they have with customers.

Q: Since September 11, many people have been saying that the online-security business will boom. To what degree is that true?


It's a bit of an exaggeration at the moment. We haven't seen an appreciable change up or down in our business since September 11.

Q: It's pretty clear that "always on" consumer broadband connections are a big threat to the general security of the Internet. What should be done about that?


I think we may reach a point where we may need to have the same public-awareness campaign launched by the U.S. government as it did for driver and fire safety.

Q: Are ISPs overreacting when they say they are going to start bouncing customers off their networks if they don't get their connection fixed?


Well, whenever there is a threat to the infrastructure of an ISP, it's incumbent upon them to take some action to protect their customer base. An antivirus product is not something that will make or break, in my opinion, a family budget. And you would expect people to take some rudimentary steps to protect themselves.

Edited by Thane Peterson

Before it's here, it's on the Bloomberg Terminal. LEARN MORE