Original URL: http://www.theregister.co.uk/2008/10/10/symantec_messagelabs_analysis/

Symantec hedges bets with large stake in hosted security

MessageLabs deal pilots security giant into cloud computing

By John Leyden

Posted in Security, 10th October 2008 10:06 GMT

Analysis Symantec, traditionally one of the more conservative firms in the security market, is attempting to pull off a high-wire balancing act with its surprise $695m acquisition of security software-as-a-service pioneer MessageLabs. The firm is betting that increased revenues in the hottest segment of the security market will justify a high (especially for the current economic climate) acquisition price.

It's also betting it can avoid the possible cannibalization of its traditional on-premise security market, while navigating the tricky business of keeping MessageLabs' technology suppliers, direct competitors to Symantec such as Kaspersky and Sophos, on-side.

Against this the deal offers a good chance to sell MessageLabs services into markets where it has traditionally been weak - the Americas, outside the US, Asia and continental Europe. It also gains the chance to offer a greater range of technologies as a hosted service.

Symantec chief exec John Thompson explained: "MessageLabs has a strong customer base into which we can cross-sell our current online services such as backup storage and remote access".

More than one way to crack a nut

Three technology options have evolved for dealing with problems such as spam filtering, and blocking threats including malware contained in email messages and malicious code on booby-trapped websites. These options are the traditional approach of security software packages running on PCs or servers, specialist appliances, and software as a service.

While the traditional software market is growing in single digit figures, appliance revenue growth is in the low teens and SaaS revenues are expanding at around 20 per cent a year. Whether the high growth rates of (security) software as a service will be maintained is open to question but in the meantime Symantec wants to make hay while the sun shines, paying a high price for a slice of the action.

"As customers recalibrate their infrastructure we hope to gain a bigger share overall. We will not be cannibalizing our existing customer base," Thompson explained.

Adrian Chamberlain, chief executive officer at MessageLabs, added: "Joining with Symantec we can leapfrog into new markets we might not have been able to access for years. In addition there's the potential for us to develop Symantec protection products as an online service, expanding the portfolio, as well as creating a potential to cross-sell existing products."

MessageLabs email filtering services cover much the same technological function as Brightmail spam filtering appliances, another Symantec acquisition. "I'm not concerned at all that we can have Brightmail on premise and MessageLabs, and that the two will work with each other," Thomspson said.

Head in the clouds

Symantec is positioning the MessageLabs purchase as giving customers the option of either on-premise or off-site approaches to solve the same information security challenges. It doesn't see a move into cloud computing as a fundamental architectural shift in how security technologies are delivered, unlike some of its principal competitors - most notably McAfee, Trend Micro and Panda Software.

Instead Symantec talks about making increased use of the whitelisting of known "good" applications and behaviour-based malware detection instead of the wisdom of crowds. It hopes these changes, prominent in its 2009 line-up of security software, will help it deal with the twin challenges of performance issues and the increasing rate of malware production by the bad guys. Meanwhile competitors are moving towards a more distributed (cloud-based) architecture for detecting and responding to threats.

Raimund Genes, Trend Micro's anti-malware CTO, told El Reg: "While other vendors have been active in cloud computing, Symantec has been consumed by by Veritas. Maybe it has woken up and decide to do more in the cloud.

"I consider Symantec to be more of a distributor of security products than a developer. It's good at acquiring and integrating firms, with the possible exception of Veritas. MessageLabs has been successful in the UK and the USA, but in other countries it has less presence."

Speaking before the MessageLabs deal was announced, Thompson denied accusations that it failed to innovate. "We spend 15 per cent of our budget on research and development. Either our people are producing a whole lot of stuff or we are wasting money," he said.

Although MessageLabs has a strong customer base, including the UK government and financial services firms, Genes reckons security as a service is most attractive to small to medium-size firms of less than 250 people.

He also notes issues for MessageLabs in keeping its technology suppliers on-side. MesageLabs uses antivirus engines from several traditional vendors as a first line of defence on messages it later passes through its in-house Skeptic engine, the technology that detected and blocked the fast-spreading Love Bug worm hours before traditional anti-virus vendors released signature definitions.

The three anti-virus engines MessageLabs uses alongside Skeptic are not something the firm likes to talk about, though it was much more open in the past. The last we heard, it used anti-virus engines from Kaspersky and Sophos. One of the three could be replaced by Symantec but to loose all of them might create headaches. Symantec uses Brightmail technology for first-line email filtering.

Genes also criticised MessageLabs as being focused on email malware at a time when drive-by downloads from contaminated websites are on the rise. This is more than a little unfair, since MessageLabs has had a range of web and IM security services, as well as partnership with web scanning firm ScanSafe, stretching back for some years. More recently MessageLabs has been among the first firms to tie together intelligence from web, IM and email security threats.

Gone Shopping

Symantec, like many of the world's largest software firms, is a serial buyer. The firm has acquired 40 firms in the 10 years Thompson has been with the firm. But Symantec has sometimes paid a hefty price. It paid $695m for MessageLabs, a firm that brought in revenue of $120m in the year to July 2008.

Google paid $625m for Postini, MessageLabs' main competitor, in July 2007. BlackSpider (another prominent hosted security firm) was bought by SurfControl for around $42m in July 2006, prior to its own $400m purchase by WebSense in April 2007.

Messagelabs gets two thirds of its revenue in Europe and around a quarter from North America, sales Symantec hopes to replicate elsewhere. Through this approach - and delivering more of its technologies as hosted services - Symantec hopes to more than recover its sizeable investment. ®