Symantec and Network Associates reveal security management agendas

Computerworld - Symantec Corp. and Network Associates Inc. (NAI) have been exceedingly busy lately. Symantec, based in Cupertino, Calif., recently announced cash acquisitions of four security companies (see Company Snapshots below) to integrate into its growing security management platform.

Santa Clara, Calif.-based NAI already tried the integrated route and couldn't sell products, says NAI President Gene Hodges. So after divesting itself of three security companies this year, NAI has signed an agreement with $225 million Internet Security Systems Inc. (ISS) in Atlanta to integrate ISS's intrusion-detection system with NAI's Sniffer enterprise management architecture. The aim is to begin delivering a world-class intrusion and network security management system in the first quarter of next year.

The success of both undertakings depends upon the thoroughness of their integration with acquisitions and partners, something that Symantec also found difficult with other acquired products, according to Matt Easley, an analyst at Gartner Inc. in Stamford, Conn. And, while they may be joining up on the intrusion-detection side, ISS and NAI will continue to compete, particularly in the area of security policy management, according to a May Gartner report.

In interviews with Computerworld, NAI's Hodges and Symantec's president and chief operating officer, John Schwarz, outlined their strategies and their views of managed security.

What are today's security needs and how are you addressing them?

Schwarz: Nowadays, layers of firewalls, antivirus and intrusion detection are widely deployed. But in practice, the amount of data flowing to these sensors' consoles is not manageable. In addition, most customers don't even know where all their servers are, let alone their client devices. So we're seeing a shift toward integrated solutions that have common management systems, which can only come from a single vendor. Ultimately, when security standards are more mature, there can be interchangeability and interoperability between these vendor devices, but we're not there yet.

Hodges: Your problem isn't that you don't have enough information about potential threats to your company. It's that you have too much information.

The unique thing we bring to the table is our installed base of 80 million corporate [antivirus users] and hundreds of thousands of network segments that are instrumented with our network management Sniffer product line, which can both be used to analyze data streams for large user bases.

How can IT workers boil down all this security event information to a manageable format?

Hodges: There are two ways you can go about this: Buy all the pieces and attempt to integrate them, or try to get together with those in the industry with the largest installed base, also known as "best of breed," and put your heads together. About three and a half years ago, we were the first company to say, "We're going to put it all together." But customers buy only what you're really good at and they buy the other stuff from somebody else. So you still end up having to integrate all the rest of the vendor products and most of them are your direct competitors.