In-Depth

Security Showdown

Microsoft's entry into enterprise security has market leader Symantec gearing up for a fight -- but not necessarily doing more to attract Microsoft partners.

• By Lee Pender
• September 01, 2007

Fast forward to the middle of this decade in Cupertino, Calif. While the medium was probably e-mail rather than a rider on horseback, it's not hard to speculate that word went around Symantec Corp. headquarters quickly as soon as the news came out: Microsoft is coming!

However, there's a key difference between Symantec and the Americans of 1775: Symantec itself is more established empire than colonial upstart. The Silicon Valley stalwart is the market leader in enterprise endpoint security -- that is, anti-virus software and client security, as opposed to the virtual private networks and firewalls of network security. As such, Symantec has a kingdom of its own, with a wide range of offerings spanning categories from basic anti-virus to backup and recovery to network management. Symantec also boasts a robust partner network, and the company has already made moves -- such as purchasing Altiris Inc. and releasing new products -- to stave off Microsoft's attack on its market.

In 2006, Microsoft made its first foray into the enterprise security market with a suite of applications called Forefront (see "Partners in Security," November 2006). At that point, Symantec, a long-time collaborator with Redmond, became an enemy -- or, more precisely, just another partner-slash-competitor in Microsoft's increasing realm of "coopetition."

Microsoft, of course, has a reputation for moving into new spaces with its massive Windows installed base and popular integration message, displacing former market leaders and gobbling up market share. But just as the American colonists didn't back down in the face of the mighty British Empire in the 18th century, Symantec isn't shying away from a fight with Microsoft.

Michael Goldstein, chief marketing officer and vice president of business development at LAN Associates, a Gold Certified Partner and Symantec partner based in Central Islip, N.Y, compares the relationship to yet another great historical rivalry: "I don't think you're talking about David and Goliath here," he says. "You're talking about England and France."

But in the channel, Symantec's zeal to defend its territory hasn't necessarily translated into extra incentives or benefits for partners. Symantec did recently revamp its partner program, but partners who work with both Symantec and Microsoft haven't seen the security market-leader reach out to them with anything in particular in response to Microsoft's popular Security Software Advisor (SSA) program, which provides incentives and special programs for partners selling Forefront.

Of course, Symantec and Microsoft are far from being the only players in enterprise security. McAfee Inc., Trend Micro Inc. and CA Inc. are all major players in the space. But Symantec vs. Microsoft is the market leader vs. the industry giant, and both companies have the resources and the stomachs for a long battle in the enterprise security market.

Symantec declined numerous requests to talk to RCP specifically for this article, but RCP has been able to question Symantec officials about competition with Microsoft on other occasions over the past six months. Some of those responses are included in this story. RCP also had the opportunity, in a joint interview with Redmond magazine, to speak to Symantec Chairman and CEO John Thompson about his company's relationship with Microsoft.

Chilly Relations
For years, Symantec -- itself a Gold Certified Partner -- was among the companies that helped Microsoft Windows work. Its security software prevented viruses and malware from wrecking the often attack-prone operating system. As such, Symantec and Microsoft maintained a fairly close relationship, with the security vendor sharing information about threats with its larger counterpart and working with Microsoft to develop for Windows.

That relationships still exists, and, in fact, officials from both companies like to talk up their collaborative efforts. Microsoft officials say that this year's release of the Windows Vista operating system has strengthened Redmond's relationship with its California counterpart.

"If anything, the relationship has become closer than ever with the development and deployment of Vista," says Margaret Dawson, Microsoft's group product manager for security and access products.

Symantec officials echo that sentiment. "We have a good working relationship with Microsoft. We compete with them, but we also are one of the largest software vendors on the Windows platform," says Oliver Friedrichs, director of Symantec Security Response, whose team regularly shares information on potential security threats with Microsoft. "In many cases, our concerns are ones that Microsoft wants to address in future versions. … They're open to suggestions and are certainly not defensive."

But despite talk of collaboration, controversy erupted between the two competitors last year when Symantec, along with McAfee, complained that Microsoft wasn't opening the 64-bit Vista kernel to security vendors for development. After a protracted war of words in the press, Microsoft ultimately promised a set of Application Programming Interfaces (APIs) that would let security vendors access the kernel. Those APIs are due with the first service pack for Vista, the release date of which was still pending at press time.

Officials from both companies say that they've moved on from the kernel issue -- although Friedrichs notes that Symantec is still waiting for the SP1 APIs -- but analyst Neil MacDonald, of Stamford, Conn.-based research firm Gartner Inc., doubts whether the two companies are all that friendly these days.

"The relationship is still chilly because Microsoft threatens Symantec's business," MacDonald says.

For his part, while he says that his company "got what we wanted" out of the 64-bit kernel affair, Symantec Chairman and CEO John Thompson says that he won't back down from calling out Microsoft again if he feels as though his company's rival from Redmond is trying to use its Windows monopoly to affect competition in the security market.

"I want every employee and every channel partner that's associated with our company to know that we stand for something," Thompson told Redmond magazine Editor Ed Scannell in an exclusive interview with editors from Redmond and RCP. "We stand for innovation and we're not going to be constrained by a monopolist. We're not going to let Microsoft do something that's illegal. If that means calling Microsoft to task on bad behavior, we're more than willing to do that."

Parry and Riposte
Two of those fronts include comprehensive anti-virus packages and systems management. Microsoft, with Windows Live OneCare, and Symantec, with Norton 360, both released comprehensive client-security offerings in 2006 that included anti-virus, anti-spyware and anti-phishing technologies as well as backup and restore capabilities.

Perhaps more intriguing for enterprise partners, though, is the battle emerging for the systems-management side of the security market. Microsoft, as it so often does, is pitching product and platform integration as a major selling point for Forefront, which includes a client-security offering and components for Exchange Server, SharePoint Server and Office Communications Server, as well as Internet Security and Acceleration (ISA) Server 2006, a gateway server designed to protect against Internet-based threats. Partners can sell each of the components separately or sell them together as a package.

On top of all that, Forefront customers can install a Microsoft Operations Manager (MOM) 2005 management pack that lets administrators monitor Forefront clients -- a key feature that no other vendor offers, says Andy Papadopoulos, president of LegendCorp, a Toronto-based Gold Certified Partner and Symantec partner. For instance, he says, the MOM pack functionality lets an administrator know if a user has turned off anti-virus protection.

"Being able to have that visibility is a really powerful feature," Papadopoulos says. "Anybody who's invested in MOM gets it right away. The people with MOM are already in position to see the value with Forefront."

Symantec, though, has not stood pat in the face of Microsoft's systems-management functionality. In January, the company announced that it would spend $830 million to buy Altiris Inc., a Lindon, Utah-based vendor of service-oriented management software. MacDonald sees the move as a clear indication of Symantec's willingness to compete with its new rival.

"As Microsoft started launching Forefront and emphasizing the longer-term integration with Systems Center, who did Symantec go out and acquire? Altiris, No. 2 in systems management," MacDonald notes.

Goldstein says that Symantec has some "phenomenal" products on the way, including Symantec Endpoint Protection 11.0, due in September, which will offer anti-virus functionality combined with threat prevention for laptops, desktops and servers. But he notes that Microsoft's pitch remains strong, especially because Redmond has simplified licensing for Forefront as part of a larger Microsoft technology stack.

"As we're converting any of our clients to Microsoft renewals, we sell them an open license -- one number for all the products," Goldstein says. "Forefront slips into this and ties into the rest of the Microsoft licensing. The billing aspect and the licensing aspect work well for Forefront."

And Papadopoulos notes that the classic all-in-one technology integration message works for Forefront, too: "Anti-virus is subscription-based -- the money's already there," he says. "Every two years, during renewal, people start thinking maybe this Microsoft thing is a good deal: 'The fewer vendors I have running on my machine, the easier it'll be to maintain and manage.' The customers are asking for this: 'Simplify my environment, simplify my life.'"

A Happy Giant
Microsoft has reached out to partners not just with its integration message but also with the SSA program, which company officials say provides incentives such as the opportunity to earn up to 30 percent of revenues from Forefront sales along with supplemental revenues. Microsoft officials say that they've welcomed about 4,000 partners to the program since its debut at the company's Worldwide Partner Conference in Boston in July 2006. And about 1,000 of those partners, officials say, are new to the Microsoft Partner Program.

Symantec, in this case, hasn't responded directly to Microsoft's challenge. The company revamped its partner program earlier this year, but it isn't necessarily out to siphon off Microsoft partners, says Julie Parrish, VP of the Global Channel Office at Symantec.

"We're not responding to anything," Parrish says of Symantec's program upgrade. "There's already a tremendous amount of overlap between the Symantec and Microsoft partner communities. There has been for years, and I'm sure there always will be. … I'd say no, we're not looking to go out and aggressively recruit Microsoft partners."

For their part, partners who work with both Microsoft and Symantec say that the latter could stand to be more aggressive, period. "Symantec's been a good partner, but we process so many orders and get no recognition for it," says Kevin Fream, president of Matrixforce Corp., a Tulsa-based Gold Certified Partner and Symantec partner. "We have 300 clients, and all of them are Symantec. We've never gotten a call from Symantec, nothing more than an e-mail. You never get a lead from Symantec, either."

Parrish says that Symantec can compete with Microsoft based on technology in the marketplace and not necessarily on partner incentives. Goldstein recognizes that approach, noting that Symantec, already the market leader, has focused more on bulking up its technology than on working more closely with partners.

"They're a happy giant," Goldstein says.

A Long Way to Ride
Just how long the security giant will stay happy remains to be seen, and MacDonald notes that neither company should be completely satisfied with its offerings. Microsoft, for instance, he says, doesn't really have the systems-management capabilities tied with Forefront that it claims it has.

"Forefront is still a separate product," he says. "You can't just have a single console. What Microsoft talks about sounds good, but in reality they haven't shipped that. The positioning is really just that -- positioning."

Beyond that, he says, customers aren't yet looking for what Microsoft -- and Symantec, with the Altiris acquisition -- claim to offer: "For now, people tend to have security products and they tend to look for platforms. The demand for integrated security and management platforms isn't really there yet."

And Goldstein notes that there isn't much of a reason for clients to switch security providers unless they're undergoing an infrastructure upgrade -- in which case they can still employ a Microsoft-Symantec hybrid approach. Papadopoulos agrees, noting that partners will do the right thing for customers regardless of Microsoft partner incentives: "I don't think anyone is going jam Forefront down someone's throat."

Still, the message has changed at Symantec headquarters. It's no longer: "Microsoft is coming." Now, very clearly, the cry is: "Microsoft is here."