Symantec Says Viruses And Worms Are 'Solved'

It's official: The problem of worms and viruses is "solved"--at least according to Symantec chairman and CEO John Thompson. The more relevant security threats today are phishing and fraud, as well as organized crime's interest in stealing and reselling personal information, Thompson says. Not that Symantec will stop cashing checks made out to it for antivirus software. But the company's "Security 2.0" strategy, detailed for the first time last week, tackles broader threats beyond its popular Norton PC security line, including database, E-mail, and identity-theft protection.

For instance, Symantec Database Security monitors data flowing to and from databases and, depending on a company's security policies, alerts administrators when it detects intellectual property or sensitive information leaving the database. Symantec's Mail Security 8300 Series appliance, which provides spam and antivirus protection as well as message filtering, is set to ship in November and will be part of the Secure Exchange products and services Symantec recently began offering with Dell. And Norton Confidential Online Edition, available next year, will help banks protect online customers from phishing, pharming, and other scams designed to steal personal information and money through keylogging, screen capture, and password-stealing malware.

As part of Security 2.0, Symantec will partner with security services company VeriSign and IT services firm Accenture. Symantec plans to integrate its Norton Accounts software with VeriSign's Identity Protection Authentication Service, which will let Symantec customers use one-time passwords when conducting online transactions. Symantec's relationship with Accenture will augment the security vendor's 1,000-person global services operation and let it help customers mitigate compliance risks, manage security operations, and build more secure applications. Symantec hopes security services account for 10% of its business by 2010.

Symantec plans additional Security 2.0 products and services that will let companies index not just structured data, but also unstructured content in instant messages, E-mails, and files, helping companies comply with regulations and cooperate with investigations.

Customers like Symantec's new direction and agree that E-mail worms and viruses are largely under control. "IM is becoming the new threat vector," says Seth Shestack, chief information security officer for Temple University. "Telling students they can't have access to IM is like telling a bank they can't use money."

Competitive Moves
Rivals aren't sitting still. McAfee is attempting a strategic expansion similar to Symantec's, but mainly through acquisitions. By the end of this month, McAfee will tie acquired compliance-auditing and anti-malware software into its security management suite, ePolicy Orchestrator, and next year will add vulnerability management, policy compliance, and data protection. Also, Microsoft is stepping up as a security player. Microsoft has its own antivirus software called Windows OneCare, and Vista, the upcoming version of Windows, will incorporate Windows Defender for protection against spyware.

But Microsoft's strategy focuses largely on operational aspects of security, says John Kirkwood, global information security officer for Royal Ahold, an international supermarket operator. And Kirkwood likes Symantec's new approach: "I expect the companies I deal with to change and grow into new spaces over time."

Symantec's Thompson may think the antivirus software market won't grow, but companies will be buying antivirus protection for the foreseeable future, and Microsoft and others want their piece. Security 2.0 holds potential for companies facing emerging security threats, and for Symantec looking to expand beyond its desktop domain.