I've always admired McAfee. Its customers and product reviewers typically have great things to say, its CEO, Dave DeWalt is smart and humble and laughs at himself easily. Those things all matter. But now it seems marketing and corporate messaging are getting in the way and I am growing concerned that maybe there's not much innovation left or, like any decent company growing up before our eyes, it aspires to raise its profile but is doing so through song and dance instead of technology innovation.Today marks the beginning of, well, something for McAfee. I'm still not quite sure what, but in my discussion with Marc Olesen, new Senior Vice President and General Manager of its Software as a Service (SaaS) division, I've concluded that McAfee wants the world to know it has the most diverse portfolio of security as a service technology on earth (endpoint security, web and mail filtering, vulnerability assessment). After weeks of trying to find a date and a venue (which turned out to be this Podcast), hearing about Marc's "tour," and agreeing to an embargo, the big news is the rough equivalent of a big tent unveiling at which the main subject finally comes on stage and says: "I'm here, and I've got my shit together."
As for the depth and quality of McAfee's offering, I'll let the reviewers decide, and maybe I will take a deeper look sometime soon. Security as a Service is, to be fair, a crucial market. This isn't merely outsourcing or even hosting; nor is it a managed service. McAfee develops the software, you deploy it on site, and McAfee runs the back-end functions (for example filtering URLs, checking sites for malware, providing reports, vulnerability scanning from outside the firewall). Also, to be fair, Marc talked about the expansion of each of these components, including vulnerability scanning inside the network and web application scanning. It would also be good to see McAfee broaden its scope into managed services (like firewall, IDS and IPS management); after all, if you're a corporate enterprise considering the potential time and cost savings, why not just encompass everything.
McAfee cited research that shows a 30 percent CAGR in security as a service, which it also says is more than three times the growth rate of on-premise security technology. I doubt that any market is actually growing right now, but I can certainly fathom a faster growth rate for an "as a service" business, especially when it comes to something as complex as information security.
I'm less dubious about McAfee's place in this market -- surely a $1.6b company on the rise (its revenue and profits continue to grow year over year and quarter over quarter), with quality software and 350 researchers around the world isn't a bad place in which to put some trust. However, that means McAfee's attempt to be that one-stop security shop is going to have to be competitive against smaller more focused players with point products (say, Qualys with its vulnerability scanning service), while also fending off giants like IBM (with ISS and Tivoli at its disposal), Symantec, and even Cisco which has been making noise in SaaS.
I'm quite certain McAfee will fare well, but some of the discussion with Marc was like trying to follow a choreographer. I asked him to cite the company's market share in security as a service, and he answered like a media-trained spokesperson -- you know, the kind that when you ask him how to change a light bulb talks about how phenomenal his light bulbs are. I had to press him before he admitted not being able to answer. On this and other questions, I could even hear whispers of coaching from the handlers in the room (perhaps if you listen closely enough to the podcast you will hear it too).
Marc boldly stated that McAfee was the biggest security provider, by revenue, but when I pressed him on who McAfee took this measure against, he said just the dedicated security companies. So not IBM (or its security portfolio), nor Symantec (which is also in the storage market, among other things), and not Cisco (same reasons as IBM). Convenient.
You can listen to the details of McAfee's announcement, and some of the song and dance, in the accompanying podcast. Tell me if you think I've undervalued what the company had to sing (er, I mean say).