The State of Data Protection: Broadcom, Symantec, and the Evolving Information Security Technology Market

Jeremy Wittkop, CTO

01.31.2020

This is the first of a series of blogs about how the Broadcom acquisition of Symantec will affect the information security marketplace, companies, and the wider security landscape. In each post, I will answer some of the most common questions I’m asked.

 

InteliSecure is the world’s premier vendor-neutral provider of solutions focused on the data protection space. Therefore, when the data protection community is disrupted, as it has been since Symantec was acquired by Broadcom, I get many phone calls. However, although this acquisition is high profile, I believe the change the industry is experiencing is reflective of a wider disruption in Information Security as a whole.

Before we look at the concerns related to this latest shift, let’s take a look at the wider Information Security technology space. Then, I’ll address some of the very real and practical questions about data protection that have been surfacing in the past month.

 

Symantec, DLP, and the Bigger Picture of Information Security Technology

For many years, security dinosaurs have roamed the earth. Huge security vendors like Symantec and McAfee, who filled giant war chests with legacy antivirus products, have attempted to build wider security “platforms” by purchasing a variety of promising technologies in growing spaces. The problem with these attempts is that they relied on rolling up complex products into already-large code bases, so true integration of those products was either difficult or impossible. The resulting platform offerings provided little integration beyond the fact that you could pay a single bill or work with a single sales rep.

Recent events such as Broadcom’s acquisition of Symantec and the replacement of McAfee’s CEO amid rumors of a possible IPO or merger signals the end of this era. Vendors like Palo Alto Networks that are executing a similar broad-brush strategy should take note. The truth is the rollup strategy didn’t work. While convergence is certainly important in security, the huge, loosely connected security portfolios failed to remain competitive in all the disciplines that they tried to cover. Each had pockets they were really good at, but none could hold all of their products to a consistently high standard of excellence. It is worth mentioning that Broadcom understands this and has already begun the process of streamlining Symantec’s portfolio in order to try to focus on what Symantec does best.

For Symantec, one of its pockets of expertise was Information Protection, led by a brilliant technologist named Nico Popp. Key products inside Nico’s purview were Symantec Data Loss Prevention (DLP) and Cloud Access Security Broker (CASB), both very good products that together solved for a significant portion of the data protection puzzle. As a result, Symantec gained a significant market share in both of those segments.

The fact that Broadcom has acquired Symantec, abandoned a large swath of Symantec customers, and started selling off assets has many customers rightly concerned. The fact that many key leaders from Symantec (including Nico Popp) have left the company, coupled with the disruption at McAfee, leaves many Information Security professionals wondering if this is the death of data protection as we know it.

The answer to that question is maybe.

The answer to the question of whether this is the death of data protection overall is a resounding NO.

 

The Evolution of Data Protection

Most organizations who are wondering about data protection are not privy to a significant fact: There is more venture capital money and innovation in the data security vendor space now than there has been at any point in history—at least since the acquisitions of Vontu, Tablus, and Port Authority in the mid-2000s. In fact, investor funding of data protection solutions is outpacing most other security categories, close behind investments in the long-time leading threat intelligence and Identity and Access Management (IAM) spaces. Research firms across the industry report that stalwart security segments with much larger market share (e.g., security hardware) and analytics systems (like SIEM) are attracting only a fraction of the investment we are seeing in data protection.

Today, we are watching the emergence of a group of highly innovative, cloud-native data protection companies like Altitude Networks and Open Raven that are led by brilliant security and technical minds and are likely to change the face of data protection. Large, successful companies like ZScaler have publicly acknowledged that data protection is a key security element for their platforms and have vowed to beef up their capabilities in this area. Companies like Forcepoint and Netskope, who were already trying to revolutionize the space but doing so largely in Symantec’s shadow, are investing heavily to ensure they are able to take advantage of the opportunity before them. Cloud players like Microsoft and Amazon Web Services are also seeking the benefits of adding data protection capabilities to their stack.

Data protection is not dying but is rather evolving into a much more important and powerful capability that should be embraced by all organizations. From Zero Trust to Secure Access Service Edge (SASE), it’s impossible to find a next-generation security model that does not require an organization to distinguish critical data from commodity data. If you think about it, it’s common sense. When organizations lose control over perimeters, devices, and networks, all they are left with are cloud application controls, data controls, and identity access controls, including User and Entity Behavior Analysis (UEBA). This is the core of modern Information Security. Everything else is a somewhat useful but diminishing relic of a bygone era.

 

Five Questions

So, where does that leave the industry today? Here are some of the pressing questions that organizations are addressing in the short term.

 

1. How does the Symantec acquisition change the data protection vendor landscape?

Significantly.

Any time the vendor with the largest market share in a space experiences a change like this, the shift is disruptive. When you have two of the top three vendors (Symantec and McAfee) undergoing significant change, it’s even more disruptive. Does that mean the data protection space itself is in trouble? I don’t think it is. Symantec and McAfee provide a range of other offerings. I think these changes are more an indictment of the ineffectiveness of the broad security vendor rollup strategy than a reflection on data protection.

 

2. How long will it take the space to recover?

Very quickly.

Forcepoint is a strong player in the space, offering very good technology. Symantec and McAfee aren’t dead, and if they can get their act together, there is still good technology inside those companies. In addition, companies are already forming to challenge this space, and that new blood will arrive quickly. If anything, the competition will invigorate the space and lead to a boom in innovation as existing and emerging technology providers compete to acquire customers who have been comfortable with their vendor for a long time and are now open to a change. Data protection has only increased in importance.

 

3. How do technology acquisitions affect adaptation and innovation in a rapidly shifting threat landscape?

It encourages resilience.

In general, an acquisition is disruptive to an individual company’s ability to innovate and adapt. There is no doubt Symantec/Broadcom is feeling that impact. However, data protection done well is less dependent on understanding tactics, techniques, and protocols of an adversary than many legacy technologies.

As Forcepoint CEO Matt Moynahan says, “Most security technologies were designed to stop something specific from happening.” If threat protection is your strategy, you have to constantly update your product to cover every new thing a bad guy does in your space. It’s exhausting, and you will always be one step behind.

The power of switching your focus to data protection is that you are now seeking to understand the data, and what should be happening with that data. That approach is less reliant on having the latest threat intelligence and is more resilient to disruptions in the technology leadership of a particular provider.

 

4. How will market changes affect the availability of high-quality data protection technologies for enterprises?

Good news: There is no shortage of good technology available right now.

The Symantec code base for data protection is still good. The technology did not turn to junk overnight. There is legitimate cause for concern about Broadcom’s desire and ability to develop and support this stack over the long term based on what we’ve seen. However, if you are running the Symantec technology today, it is still good technology.

If you are in a hurry to move away from Symantec, Forcepoint offers an extremely high-quality alternative today. If you’re a cloud-first organization with little on-premises infrastructure, Netskope could offer a good alternative. If you want to wait and see what newer companies are able to offer, you can likely ride it out with Broadcom for at least a year. Some clients may even want to wait and see what Broadcom is going to do before making a decision.

In any of those scenarios, high quality technology is available. However, there are competing visions for how exactly to implement data security. Your decision won’t be as simple as looking at similar technologies competing on features. The new data protection landscape will offer fundamentally different approaches, and the right approach for one organization may not be the right approach for another.

That’s why it’s important to find a vendor-neutral data protection provider with deep experience in the space. If your organization is not on Broadcom’s list of companies they intend to service, it is even more important to find a high-quality services partner like InteliSecure to help support your products. If you work with InteliSecure, we can also help you evaluate your alternatives if you so choose since we are one of the few vendor-neutral services providers in this space.

 

5. What effects do you expect in the Information Security technology market in the short and long term?

We’re looking at the beginning of a new era.

Although the shift seems disruptive now, I believe it will be overwhelmingly positive for the art and science of data protection. The space had started to stagnate, and the challenges at Symantec and McAfee have created space for new ideas and approaches to flourish, paving the way for an innovation boom. While it has been painful to see what some of my friends at Symantec have gone through, I am excited to welcome new people, ideas, and perspectives into the data protection marketplace.

 

What’s next? Three options to evaluate

The recent market changes have sparked many conversations with our clients and the community at large. For most organizations, I can recommend choosing one of the following three courses of action:

  1. Stay the course with Symantec/Broadcom until you learn more about what Broadcom intends to do with the technologies you are using. To execute this strategy, I strongly recommend a managed data protection services provider who can navigate the support organization on your behalf. The current disruption of support and product teams is making it difficult for organizations to support these technologies independently.
  2. Signal your intention to move to a different technology and create a plan to get there. Most organizations cannot or will not rip and replace a technology on short notice. A number of factors that influence the decision to move from one technology to another. In order to execute this strategy, you must have a service provider who understands your current technology as well as the technology you would like to move to. An experience, neutral service provider can provide support for your current stack while offering you services to ensure a smooth transition to your new technology.
  3. Evaluate the marketplace and make a switch as soon as possible. Executing this strategy requires a partner who thoroughly understands the marketplace as well as your industry and business requirements. You must have someone who understands your goals and what works well on Symantec today in order to properly recommend a technology that can provide at least congruent capabilities.

InteliSecure is one of the few organizations with the capability to help organizations execute any of these three strategies. For more information, please view our on-demand webinar, Navigating the Changes at Symantec/BroadcomIf you have additional questions, please reach out to your InteliSecure Account Manager, who can schedule a session for you to speak to me directly.