For network security companies, the past two years have been a blur of innovation
and skyrocketing customer demand, both feeding off a string of increasingly
disruptive and malicious viruses, worms and targeted attacks. Indeed, as enterprises
have scrambled to keep pace with the bad guys and look for better ways to secure
their networks, security companies such as Symantec Corp., Internet Security
Systems Inc., Computer Associates International Inc. and others have watched
their bottom lines swell.
At least most of them have. For Network Associates Inc., which made its bones
in the 1990s by gobbling up smaller competitors and integrating their products
into its own, the current security gold rush has been a painful reminder of
how quickly things can change.
The company, which once grew at a breakneck pace and swatted aside challenges
from Symantec and Trend Micro Inc., is now beset by legal and financial troubles
stemming from accounting and sales abuses.
NAI executives have watched as the company's stock has lost more than half
its value in less than two years. Worse, revenue and net income have fallen
steadily since 2002, with revenue dropping to $226 million in the third quarter
of this year from $254 million in the same period last year and net income plummeting
from $50.6 million to $26.5 million.
All of this forced NAI to rethink its strategy and refocus the company on a
risky new plan to become the dominant player in the hot but nebulous intrusion
prevention market. The plan, which took shape during the last eight months,
centers on the company's acquisitions in April of IntruVert Networks Inc. and
Entercept Security Technologies, two of the leaders in the IPS (intrusion prevention
system) space.
NAI executives said the strategy is not just another of the company's semiannual
rebranding campaigns; instead, it's a move to position NAI at the forefront
of what they see as a seismic shift in the way enterprises secure networks.
But the plan is something else as well: a major gamble. It is the action of
a once-dominant company that needs a win, pushing its stack of chips to the
middle of the table and waiting to see if anyone will call it. From the outside
looking in, many observers, former employees and competitors said NAI's move
smacks of desperation and is little more than a new marketing message—and a
vague one at that. Others see it as an attempt to distract analysts and customers
from the recent financial issues and ongoing battles with the Securities and
Exchange Commission and Department of Justice.
"It looks a lot like what Symantec did when I was at NAI. They're just pulling
together product lines that are force-fed," said a former top NAI marketing
executive who asked to remain anonymous.
Much of the trouble that has plagued NAI of late can be traced to the alleged
questionable accounting and sales practices that took place during the Bill
Larson era. Larson, CEO of the Santa Clara, Calif., company in the late 1990s,
was famous among employees and competitors for being intensely driven, competitive
and charismatic. During companywide meetings, he would speak for hours at a
time, exhorting his troops to keep the pressure on the competition and to sell
more.
Under Larson's leadership, the company, once known as McAfee Associates, grew
by leaps and bounds. But it also gained a reputation for pushy sales tactics
that former NAI employees said sometimes included eleventh-hour demands that
customers buy more software days before the end of a fiscal quarter to help
the company make its revenue projections. The company was also using an accounting
method that allowed it to recognize revenue as soon as NAI shipped products
to its resellers, instead of when those resellers actually sold the software
to customers.
All of this eventually attracted the attention of the SEC and the Justice Department,
and both launched investigations into NAI's accounting practices. Investors
got in on the act as well, filing several lawsuits charging that the company
overstated revenue and committed other abuses. NAI settled the suits in September
for $70 million, and Terry Davis, a former NAI executive, pleaded guilty to
securities fraud earlier this year. NAI eventually restated several quarters
of financial results. Both the government probes continue.
None of NAI's current executives, most of whom joined in 2001, was with the
company during this time period, although they have spent much of their time
dealing with the fallout. The specter of the legal problems has hung over the
company for years.
"The challenge of getting rid of the taint of the former management is a pain
in the neck," said Gene Hodges, president of NAI. "I don't even sit in on those
meetings when George [Samenuk, CEO of NAI] goes over that stuff. I don't even
want to know about it. We still have a lot of work to do. The technological
part of this strategy is going to be a challenge.
"Intrusion prevention technology requires that you build anomaly and IDS [intrusion
detection system] capabilities to anticipate future attacks," he said. "The
technology is not going to be static."
Hodges stressed that intrusion prevention encompasses any technology capable
of actively blocking attacks and malicious behavior, including anti-virus tools.
NAI's plan hinges on integrating the network IPS technology of IntruVert and
the host IPS capability of Entercept into the company's existing product line.
But, having spent $220 million on the two acquisitions, NAI can't afford to
miss the mark. The first real evidence of the integration work will emerge next
year, when NAI introduces its Rogue Machine Detector. The device will combine
the principles of identity management and authentication with intrusion prevention
and will look for unauthorized users who attempt to connect to the network.
Analysts have been supportive of NAI's focus on IPS, saying it is a logical
use of the company's technological assets. "I think it's safe to say that Network
Associates was fumbling for a while. But I think the intrusion prevention strategy
is a good one," said Pete Lindstrom, an analyst at Spire Security LLC, in Malvern,
Pa. "It's not everything you need, but it's a good part of it. Right now, nobody
is competitive with them on this. And I think they can execute, especially with
the new blood they have in there from the acquisitions."
But most of NAI's competitors remain scornful of the IPS plan. Companies such
as ISS, Blue Coat Systems Inc. and others regard IPS as an add-on rather than
an entire product and have added behavior blocking to their appliances. "Intrusion
prevention is a feature, not a product, and certainly not a company," said Steve
Mullaney, vice president at Blue Coat, a Sunnyvale, Calif., maker of security
appliances. "Intrusion prevention will get folded into the firewall. Being the
leading provider of a feature is not a sustainable model."
Still, NAI's Hodges has little doubt that the company is going down the right
path. Asked how confident he is that the company can execute on the plan, Hodges
said, "Above a nine [on a scale of one to 10]. I think we can. If you had asked
me six months ago, the answer would have been five or six. "All of the ups and
downs [in recent years] had two distinct parts: The solutions have been ups;
the other stuff has been downs. The acquisitions and the products have the CFO
[chief financial officer] smiling," Hodges said. "There may be more acquisitions.
This is a good time to be evaluating startups. There's a lot of money flowing
into security startups. And our belief is that all vendors in this space will
have to switch to intrusion prevention in the next couple of years." But it
remains to be seen whether NAI is still sitting at the table if and when that
change comes to pass.
Channel News and Analysis 
