Ed of Security Curve Weblog writes a post titled “Symantec feels the pain?”

This week, Symantec launched their new “Internet Threat Meter” site; [it] is basically a portal where Joe Average can go to see aggregated information about the “state of the Internet” – there are “traffic lights” (green/yellow/red lights) on the site that correspond to the overall “safety level” associated with PC usage at the current time.

He comments on how the Internet Threat Meter looks much like the Symantec ThreatCon, but with three color alerts instead of four. Ed says:

What strikes me about this is not just the similarity (and competition) with the existing tool, but the similarity with Windows OneCare. From a user interface perspective, this new “Threat Meter” is very close to Microsoft Windows OneCare Live – both in terms of what’s available on the interface but also the way that the controls/tools are categorized, made available, installed, etc.

Of course, this begs the question: is Symantec feeling the pain from OneCare already? Is the beta cutting into their sales enough that they are responding ad-hoc in a way that competes with rather than compliments investments they’ve already made?

Ok, normal competition where every information security company is trying to match and outdo the other, nothing new. In fact, most companies try to “see” the future and map out the path with “service offerings” and “solutions” (the best companies actually create the innovative future instead of trying just to see and mimic it.)

But Ed had some interesting analysis of the future of Symantec:

Here’s my thinking… Symantec will never say this flat out, but they make their money from consumer AV. Judging by what we can infer (the way they break down the numbers is less than transparent), their reliance on consumer AV is anywhere from 50% to 80% of overall yearly revenue.

How can we tell? Read between the lines – in Symantec’s 2005 Annual Report for example, they tell us that the consumer segment is their strongest sector (the “star performer” they call it.) They also tell us that their top selling software category is “security solutions.” Now, take the union of where “security software” intersects “consumer segment” – and compare that with what’s in their product line. See what I mean? They’re talking about consumer AV. You can actually line up the numbers in the report to make guesses about percentage of revenue (why I say between 50 and 80 percent – 80 is more of a historic number while the current report points to more like 50.)

The thinking is that when Microsoft releases their AntiVirus tool they will make it free just like their AntiSpyware (“Defender” beta2) and Windows Firewall (SP2). This will (in my mind) complete the security trinity and finally protect Windows home users from a majority of attacks (should also mention Windows Update as well). This basically means that Microsoft can control these markets almost overnight (probably more like 2 years). This would severely impact Symantec’s (SYMC) revenue, unless the company adapts at this inflection point.

This begs the question, what about the other information security companies? How will they do?

  • Symantec (SYMC) is down from a high of almost $22/share a year ago to $17/share today, after a big tunble in November 2005.
  • McAfee (MFE) is about the same as a year ago at $24/share, but fluctuated up in late ’05 and then back down again in January.

I’m not a financial analyst, in fact I’m no where close. But it does make sense that companies should not rely on their antivirus products to be their “base” revenue if Microsoft will soon be releasing a version of their own.

Symantec may still be OK for the next few years though because they presently have one of the best enterprise management consoles. But the moment Microsoft uses .NET programming to integrate all of their platform management tools, it will be time for Symantec to redefine itself into a new market.

Update: Funny Slashdot story about how “Script kiddies have been taking advantage of intrusion prevention features of Symantec’s Norton Firewall and Norton Internet Security Suites to knock users offline in IRC channels”