Q&A: McAfee 'a whole lot more' than an AV vendor, CEO says

Dave DeWalt sees growth potential in the enterprise market

Dave DeWalt took over as CEO of McAfee Inc. in April during a high-level management shakeup after a stock-options scandal at the security vendor, making the former All-American wrestler and avid triathlete McAfee's fourth CEO in six years. DeWalt, who was previously a vice president and president of customer operations at EMC Corp., spoke with Computerworld about the security marketplace, McAfee's rivals and why he thinks his company has a chance to make a bigger impression in the enterprise market.

Excerpts from that interview follow:

Why did you decide to join McAfee, given all of the accounting problems and stock-option scandals the company was embroiled in? I chose McAfee because I thought it was a great opportunity. At the time I was joining, it had had nine consecutive record quarters. If you look in IT, how many companies have had nine consecutive record quarters? The company did over $1 billion last year; it had more than $1 billion in cash, no debt. It has got almost $100 million of free cash flow a quarter and over 100 million customers. It's got a pretty dynamic market place and a lot of strong product assets. Of course, I worried a little bit about the compliance issues, the restatements and obviously some of the stock-option challenges the company had had. But the company went through this exhaustive discovery process where we [looked at] over 6 million documents all the way back to 1995. It did hundreds of interviews during the completion of the restating process. I felt this company was as clean as it could possibly be. So I walked into a situation of rebuilding and transformation. But there's a lot of assets in the company that most of the market doesn't know about.

You've been on something of a mission to change market perceptions of McAfee. So what exactly is the perception? A lot of the perception is that McAfee is an antivirus company, unless of course you are a very large company or any company using our products. They know we're more than that. We have 76% of the Fortune 1,000 customers. We've got an extensive security framework that manages security operations in a product called EpO. McAfee is a whole lot more than an AV company. We have world-class products on the desktop, of course, beyond AV. We have spyware products, spam products, personal firewall products, data loss and prevention products, and the list goes on. There are more than 12 products just on the desktop alone in a suite called Total Protection. And then, of course, we have a very fast-growing business on the network side [with] multilayered support and security capabilities. In the last two years, we have expanded extensively into risk management, which encompasses vulnerability discovery, remediation, patch management and compliance management. So we are a security risk management company and the largest dedicated security company in the world. I think that's the message I would like to give.

How much of McAfee's business comes from enterprise customers? We have a very balanced model that is attractive to investors as well as to customers. Just about half of our business comes from consumers -- last quarter, it was 42%. And 58% comes from corporate or companies with greater than 100 employees. What's unique about us is that our technology is the same whether you are a consumer of one or an enterprise of tens of thousands. Our Total Protection product line works on a single machine, of course, but it also works in clusters. We have a single customer with more than 5 million desktops. That's the Department of Defense. A lot of the work I've been doing is really to go after what I think is the largest opportunity in the security industry today, which is the corporate market. There's an opportunity for companies that are dedicated like McAfee to really grow in the enterprise markets.

How concerned are you about Microsoft's growing presence in the security space? I have tremendous respect for Microsoft. I have worked with Microsoft and competed with Microsoft almost my entire career. You know, it's a situation where you respect Microsoft and you watch what Microsoft is doing. But I also see Microsoft as a huge partnering opportunity. I had a chance to meet recently with some executives at Microsoft, including their CEO. Microsoft wants security aligned with partnerships. They want the ability to have an open architecture that allows companies to integrate with their framework. You look at Vista and all of the technologies they are releasing into the market. They need security companies to help protect them. They are not dedicated at security; they have a very thin layer of security, and I think we have a chance to complement what they have. My goal is to be one of the best partners to them in the security market.

What about Symantec? Well, Symantec I'm not going to partner with. I'm going to compete with them, that's for sure. I think that there's a great opportunity to win lots of market share from Symantec. Again, I have a lot of respect for [Symantec CEO] John Thompson. I've known him, and I think he's a gentleman and a hard worker, and he's done a lot for Symantec. But having said that, you know I've been competing with Symantec for more than three years now -- from my EMC side, competing with Veritas, and now for McAfee against their security business. Symantec has created a situation where they have a lot of enemies in the IT market. With the Veritas merger, they have a lot of storage vendors competing with them. Through their Altiris acquisition, they have systems management vendors competing with them. They have created a challenge for themselves in trying to do a few markets. We are dedicated to security. That gives us an opportunity to beat Symantec, and that's my goal.

What's your analysis of the threat landscape today? The amount of malware we are seeing is off the charts. We expect to see over the next two years more malware than we have seen in the last 20 years combined. So the rates at which we are receiving malware is tremendous, and we have to automate how we process the malware and how we distribute that malware protection. This is why I say that [the] security-as-a-service model is critical. We are seeing very sophisticated threats now in the form of all kinds of new techniques. Obviously, phishing is a very big threat today. We see upwards of 17,000 phishing attacks a month now, which is tremendous. The complexity of these phishing attacks is enormous. They can change DNS servers multiple times a day. We have seen attacks where they can change it 10,000 times a week. Of course, ID theft and fraud [are] really the main goals of phishing attacks, and we are seeing a tremendous uptick in both around the globe. Virtualization is a whole new threat landscape that we see emerging. Statistically, cybercrime now is over a $100 billion problem a year. It has now surpassed the global illegal drug trade in terms of revenues, and it seems a very difficult problem facing corporations. There are good opportunities for large companies like McAfee [that] are dedicated in security to help meet and beat those challenges.

Copyright © 2007 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon