Tony Soprano step aside. Symantec is now in the protection business. And its turf is pretty wide. Infrastructure, information and interactions -- Symantec says it's committed to protecting them all.
At the company's Vision 2006 conference in San Francisco, CEO John Thompson outlined his company's "broader approach to security and availability" -- one that he said harnesses the combined strengths of Symantec and Veritas -- the backup and storage products company Symantec acquired last year.
The conference, held at the famed Moscone Center, has drawn more than 3,500 attendees.
As part of this new approach to security, he said, "message management" and "IT policy compliance" would be two critical areas of focus for his company this year.
These priorities, the CEO said, have been set in response to the "bigger and more insidious [security] challenges" enterprises face today. "Sophisticated criminal elements are now behind many of today's attacks -- and unlike many hackers of the past, are more interested in anonymity than notoriety." Today's threats are silent and highly targeted.
"What these criminals are searching for is personal and financial information -- and they are looking to use it for serious financial gain." He said all his company's offerings -- not just its products, but its support services as well -- would be geared to meeting these new challenges.
"Symantec like Veritas had a security consulting and implementation service capability. The Symantec business was focused more on consulting, while, historically, Veritas was more focused on implementation. We have brought these two teams together,and now have 500 -- 600 professionals around the world that deliver consulting and implementation around our products."
Thompson strongly advocated a "layered approach", where security is moved closer to the information itself. "The notion that you can secure the end point, and therefore secure the (data), or that by securing the network you secure the entire (organization), is just not true."
Despite it's broader role, Thompson clarified that Symantec would not venture into developing authentication and authorization technologies in-house but would rely on its partners to deliver these capabilities. "That doesn't mean we would not like to have authentication technologies in our portfolio. But we can't do everything. This is one of the things we chose not to do."
Alluding to new offerings (such as the soon-to-be-launched database security and audit tool) emerging from Symantec's labs, Thompson said Symantec set a lot of store on "internal innovation" and would continue to spend 15 per cent of its revenue on R&D.
Whether Symantec will be able to actually do this, however, is a moot point given the US$1 billion tax bill that has been slapped on the company by the U.S. Internal Revenue Service (IRS).
The IRS claimed Symantec had under-reported the value of intellectual property the software vendor transferred to two Irish subsidiaries. According to the IRS, both Symantec and Veritas Software Corp. under-priced intellectual property the two companies licensed to their Irish subsidiaries. The IRS believes that Symantec owes about $900 million, excluding penalties and interest, in connection with the Veritas claim, which covers the 2000 and 2001 Veritas tax returns. Another $100 million is due in connection with Symantec's fiscal 2003 and 2004 reports.
However, Symantec refutes this claim.
"We have an open dispute with the IRS," Thompson said yesterday. "We don't think their assessment is consistent with tax law, nor is it consistent with what our outside advisors tell us. My view is that the (tax bill) will go away."