The news recently that Symantec’s board had ousted Enrique Salem sent its stock up 17%, a huge move for Symantec.
Watch out as reality sets in. I have seen this played out over and over in the security space as grown-up management is brought in.
They bring discipline, focus, and, operational discipline. But because they do not understand the security space the company starts a slow decline into oblivion.
Admittedly, Symantec, under a previous CEO, pivoted away from being a pure play security company by acquiring Veritas for $10.5 billion in 2005. My prescription for innovation does not apply to the storage business.
This quote in the Bloomberg article on Salem’s departure is classic:
“Brian Freed, an analyst at Wunderlich Securities Inc. in Memphis, Tennessee, who has a buy recommendation on the stock. “The combination of consistent execution and operational discipline is exactly the order Symantec needed.”
Consistent execution and operational discipline is exactly what will kill Symantec. Or rather, relying on operational fixes alone will kill Symantec.
Bringing in Jack Welsh style management to a mature player in a mature market is usually a great idea. The company already dominates its market and any tweaks to operational efficiencies such as pairing down the product catalog, rationalizing SKUs, normalizing points given to resellers and distributors, and optimizing sales, R&D, marketing, and the executive office, will lead to greater profitability and increased stock performance.
But the security industry is NOT mature. It is one of the few tech businesses that will NEVER mature. It is a completely different animal. The primary driver in the security industry is not the customers, as it is in every other industry. The primary driver is the threatscape which evolves continuously.
New threats and new threat actors drive innovators to create new products and services. Symantec took their eye off the ball when they acquired Veritas. 2005 was way too early for a software security vendor to attempt to mature into a tech holding company like IBM or HP.
Sure EMC managed to do it by going on an aggressive campaign of acquiring security vendors, starting with RSA, but they have succeeded by continuing to acquire the innovative vendors that are addressing the new threats. The Netwitness acquisition in 2011 is the perfect example of how RSA, now the security division of EMC, recognized and seized an opportunity.
The anti-virus industry is alive and well. There are almost one hundred vendors in the space, many of them thriving with over $100 million in revenue. The only reason that Symantec has for losing market share is the failure to recognize the opportunity in the space. White-listing, virtualization security, threat intelligence, beaconing detection, and APT mitigation are all fields that are growing rapidly.
The new CEO of Symantec, Steve Bennett, should immediately prepare a sale or spin-out of the the Veritas business. He should then pursue an aggressive acquisition spree of the fastest growing security technology companies.
Use that “consistent execution and operational discipline” to streamline the on-boarding process. Only then can Symantec return to the 25% annual growth rates of the security industry as a whole. If Mr. Bennett needs help identifying the best candidates for acquisition, I have a list…