Symantec hedges bets with large stake in hosted security
MessageLabs deal pilots security giant into cloud computing
Instead Symantec talks about making increased use of the whitelisting of known "good" applications and behaviour-based malware detection instead of the wisdom of crowds. It hopes these changes, prominent in its 2009 line-up of security software, will help it deal with the twin challenges of performance issues and the increasing rate of malware production by the bad guys. Meanwhile competitors are moving towards a more distributed (cloud-based) architecture for detecting and responding to threats.
Raimund Genes, Trend Micro's anti-malware CTO, told El Reg: "While other vendors have been active in cloud computing, Symantec has been consumed by by Veritas. Maybe it has woken up and decide to do more in the cloud.
"I consider Symantec to be more of a distributor of security products than a developer. It's good at acquiring and integrating firms, with the possible exception of Veritas. MessageLabs has been successful in the UK and the USA, but in other countries it has less presence."
Speaking before the MessageLabs deal was announced, Thompson denied accusations that it failed to innovate. "We spend 15 per cent of our budget on research and development. Either our people are producing a whole lot of stuff or we are wasting money," he said.
Although MessageLabs has a strong customer base, including the UK government and financial services firms, Genes reckons security as a service is most attractive to small to medium-size firms of less than 250 people.
He also notes issues for MessageLabs in keeping its technology suppliers on-side. MesageLabs uses antivirus engines from several traditional vendors as a first line of defence on messages it later passes through its in-house Skeptic engine, the technology that detected and blocked the fast-spreading Love Bug worm hours before traditional anti-virus vendors released signature definitions.
The three anti-virus engines MessageLabs uses alongside Skeptic are not something the firm likes to talk about, though it was much more open in the past. The last we heard, it used anti-virus engines from Kaspersky and Sophos. One of the three could be replaced by Symantec but to loose all of them might create headaches. Symantec uses Brightmail technology for first-line email filtering.
Genes also criticised MessageLabs as being focused on email malware at a time when drive-by downloads from contaminated websites are on the rise. This is more than a little unfair, since MessageLabs has had a range of web and IM security services, as well as partnership with web scanning firm ScanSafe, stretching back for some years. More recently MessageLabs has been among the first firms to tie together intelligence from web, IM and email security threats.
Symantec, like many of the world's largest software firms, is a serial buyer. The firm has acquired 40 firms in the 10 years Thompson has been with the firm. But Symantec has sometimes paid a hefty price. It paid $695m for MessageLabs, a firm that brought in revenue of $120m in the year to July 2008.
Google paid $625m for Postini, MessageLabs' main competitor, in July 2007. BlackSpider (another prominent hosted security firm) was bought by SurfControl for around $42m in July 2006, prior to its own $400m purchase by WebSense in April 2007.
Messagelabs gets two thirds of its revenue in Europe and around a quarter from North America, sales Symantec hopes to replicate elsewhere. Through this approach - and delivering more of its technologies as hosted services - Symantec hopes to more than recover its sizeable investment. ®