Q&A: McAfee, Symantec CEOs talk security

McAfee CEO David DeWalt and Symantec CEO John Thompson answer tough questions about data protection, consolidation, and the IT security market

If you can address those two problems, you can address the bulk of the issues on the marketplace. It will be up to customers to determine which approach they think is better: a network-oriented appliance tool, as with Vontu, or protection at the endpoint, which is where we have invested.

What we have compared to Vontu is apples to hubcaps, literally entirely different technologies. Vontu is primarily a network gateway appliance that is matching rules. There's no host to classify content, but primarily an appliance to look and monitor for data loss.

That's a totally different thing than Safeboot, which is whole disk encryption for mobile devices. Symantec has no encryption technology in its entire portfolio, so the technologies are not even in the same hemisphere. Symantec bet that monitoring network traffic is the future. We bet that doing it at the endpoint is more of a safe, compliant way to address this.

Our philosophy is protecting all the endpoints, including all types of mobile devices, and every access point through those endpoints, including removable storage. That's where our DLP strategy will be centered and we feel the growth of Safeboot proves that we're making the right bet.

Symantec could be right too -- maybe were both right -- because it's not like Vontu is doing poorly either.

InfoWorld: Your smaller rivals, and some industry analysts, like to say that large companies such as Symantec and McAfee do not innovate, that they only acquire innovation through mergers and acquisitions. How does that strike you and why do you think they are wrong?

Thompson: I think people might argue inappropriately that the sustaining innovation mission that any company with a large base of users has is forgotten about. We already have the 2008 versions of our products in marketplace. Is there any innovation in there at all? We certainly think so.

There is a very important mission that we cannot overlook, and that is we have a bunch of customers who have an enormous amount of expectation of us being able to continue to deliver new features, functions, and capabilities for them that will migrate seamlessly from what they do today to what their needs might be tomorrow.

We spend 15 percent of our revenue on research and development not because we want to spend it, but because we have to maintain some stream of innovation in order to be able to serve the needs of our existing customers.

If you look inside the company, our Symantec Research Labs facility has delivered incredible innovative capabilities such as generic exploit blocking, or the ability to see vulnerabilities and create a signature to block an attack before the attack occurs. That's all about innovation. The fact that we are an acquisitive company means that we are open to people who have fresh ideas or a new view of the world.

The security world has evolved so rapidly over the last five years that if we were stuck in a paradigm that said we will only deal with ideas that emanate from inside the company, we would be unable to serve the needs of our customers at all. The best way for a company that competes in all the segments of the market where we compete is to use strength of our balance sheet, cash, and income statement to continue to evolve.

Consider all that in backdrop of the idea that the whole software industry is consolidating around us. You cannot ignore the broader macro-trend going on in the industry itself.