Microsoft bought Sybari Software Inc, a pre-IPO provider of email scanning software that plugs into Exchange and Lotus Notes mail servers (see separate story), signaling for the first time its antivirus aspirations beyond the desktop.
The incumbent antivirus firms acknowledged that Microsoft will be a serious competitor, but said that it is far from certain that the software giant, will be as successful as the share price slumps of yesterday seem to assume.
We expect Microsoft to be a significant competitor, McAfee president Gene Hodges said. But this is a product we see in the market every day already. It’s a good product, but we still beat it every day.
Microsoft now has a mail server antivirus product to sell alongside Exchange. Its June 2003 acquisition of GeCad gave it the technology to release desktop antivirus. There are still some blanks to fill, rivals said.
When we go to sell to a CIO, he doesn’t say ‘I need you to protect my Exchange server’, Symantec senior vice president Enrique Salem said. He says ‘I want you to protect my whole network’.
The major security vendors tend to offer products that deal with viruses at the desktop, at the mail server, and at the network gateway, with a unified management console. Buyers only have to deal with one vendor.
Joe Fisher, VP of product management at Tumbleweed Communications Corp, which sells security gateway appliances to the Global 2000, said that many small and medium sized enterprises are content with desktop and mail server antivirus.
If Microsoft is aiming at the SME market, it now has the two pieces it needs. It could sell Exchange and Sybari together, reducing the need to work with a separate antivirus vendor. That message will resonate very much with the SME market, he said.
Since Microsoft bought GeCad, the conventional wisdom has it that the company has been building out its support infrastructure. It has the software but, rivals say, it does not have the ability to catch and protect against new threats as fast as the incumbents.
Competitors pointed out that the Sybari acquisition will do nothing to change this situation. Sybari is not an antivirus company in the same sense as Symantec or McAfee, in that it does not operate its own virus lab.
Rather, it offers its customers the ability to license their virus definitions databases and scanning from up to six vendors. Its partners include Sophos, Computer Associates, Kaspersky Labs, VirusBuster, Norman Data Defense and Authentium.
Microsoft said it will offer GeCad’s engine as one of these options, and has no plans to ditch any of them. In other words, it will be able to offer up to seven scanning engines on the one box, whereas rivals have to settle for offering one.
There’s no real danger of Microsoft eliminating Exchange support for third-party antivirus. There are so many enterprises using software that leverages the Exchange’s APIs that Microsoft would hear a pretty big outcry, Salem said.
The antivirus market is very mature. While hundreds of firms sell antivirus in one form or another, it’s usually through OEM deals. There are barely a dozen significant companies that maintain their own virus lab and produce their own scanning engine.
Symantec and McAfee are the big US-based vendors, followed by Computer Associates. Japan’s Trend Micro is also in the big three. Then there are many European vendors that have carved out substantial local niches but also play globally.
The UK’s Sophos, Norway’s Norman, Finland’s F-Secure, Spain’s Panda and Russia’s Kaspersky have all managed to build businesses in the tens of millions of annual revenue or more, despite the scale of their US rivals.
If scale was all that mattered those companies wouldn’t exist today, McAfee’s Hodges said. The difficulty with a large company like Microsoft is that security evolves very quickly, it doesn’t move at the speed of operating system releases.
Bill Gates may spill more of the beans on Microsoft’s security strategy next week, when he is scheduled to keynote the RSA Security Conference in San Francisco for the second consecutive year.
What he is not likely to discuss is whether Microsoft, three deals in, has finished acquiring security vendors to build on its anti-malware strategy, or whether a gateway firm like Tumbleweed could be next.
Whatever Microsoft is planning, its newest rivals have had at least 18 months’ warning, and the incumbents have reacted accordingly.
Symantec is currently radically diversifying with its acquisition of Veritas Software Inc, while McAfee now styles itself as an intrusion prevention system player.
The bottom line is that we’re eager to see the product in the market, said McAfee’s Hodges. It’s very difficult to compete against speculation.
