NAI Bets On Intrusion PreventionBy Caron Carlson | Print
Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers
Beset by legal, financial problems, company maps new course to regain dominance.
For network security companies, the past two years have been a blur of innovation and skyrocketing customer demand, both feeding off a string of increasingly disruptive and malicious viruses, worms and targeted attacks. Indeed, as enterprises have scrambled to keep pace with the bad guys and look for better ways to secure their networks, security companies such as Symantec Corp., Internet Security Systems Inc., Computer Associates International Inc. and others have watched their bottom lines swell.
At least most of them have. For Network Associates Inc., which made its bones in the 1990s by gobbling up smaller competitors and integrating their products into its own, the current security gold rush has been a painful reminder of how quickly things can change.
The company, which once grew at a breakneck pace and swatted aside challenges from Symantec and Trend Micro Inc., is now beset by legal and financial troubles stemming from accounting and sales abuses.
NAI executives have watched as the company's stock has lost more than half its value in less than two years. Worse, revenue and net income have fallen steadily since 2002, with revenue dropping to $226 million in the third quarter of this year from $254 million in the same period last year and net income plummeting from $50.6 million to $26.5 million.
All of this forced NAI to rethink its strategy and refocus the company on a risky new plan to become the dominant player in the hot but nebulous intrusion prevention market. The plan, which took shape during the last eight months, centers on the company's acquisitions in April of IntruVert Networks Inc. and Entercept Security Technologies, two of the leaders in the IPS (intrusion prevention system) space.
NAI executives said the strategy is not just another of the company's semiannual rebranding campaigns; instead, it's a move to position NAI at the forefront of what they see as a seismic shift in the way enterprises secure networks.
But the plan is something else as well: a major gamble. It is the action of a once-dominant company that needs a win, pushing its stack of chips to the middle of the table and waiting to see if anyone will call it. From the outside looking in, many observers, former employees and competitors said NAI's move smacks of desperation and is little more than a new marketing messageand a vague one at that. Others see it as an attempt to distract analysts and customers from the recent financial issues and ongoing battles with the Securities and Exchange Commission and Department of Justice.
"It looks a lot like what Symantec did when I was at NAI. They're just pulling together product lines that are force-fed," said a former top NAI marketing executive who asked to remain anonymous.
Much of the trouble that has plagued NAI of late can be traced to the alleged questionable accounting and sales practices that took place during the Bill Larson era. Larson, CEO of the Santa Clara, Calif., company in the late 1990s, was famous among employees and competitors for being intensely driven, competitive and charismatic. During companywide meetings, he would speak for hours at a time, exhorting his troops to keep the pressure on the competition and to sell more.
Under Larson's leadership, the company, once known as McAfee Associates, grew by leaps and bounds. But it also gained a reputation for pushy sales tactics that former NAI employees said sometimes included eleventh-hour demands that customers buy more software days before the end of a fiscal quarter to help the company make its revenue projections. The company was also using an accounting method that allowed it to recognize revenue as soon as NAI shipped products to its resellers, instead of when those resellers actually sold the software to customers.
All of this eventually attracted the attention of the SEC and the Justice Department, and both launched investigations into NAI's accounting practices. Investors got in on the act as well, filing several lawsuits charging that the company overstated revenue and committed other abuses. NAI settled the suits in September for $70 million, and Terry Davis, a former NAI executive, pleaded guilty to securities fraud earlier this year. NAI eventually restated several quarters of financial results. Both the government probes continue.
None of NAI's current executives, most of whom joined in 2001, was with the company during this time period, although they have spent much of their time dealing with the fallout. The specter of the legal problems has hung over the company for years.
"The challenge of getting rid of the taint of the former management is a pain in the neck," said Gene Hodges, president of NAI. "I don't even sit in on those meetings when George [Samenuk, CEO of NAI] goes over that stuff. I don't even want to know about it. We still have a lot of work to do. The technological part of this strategy is going to be a challenge.
"Intrusion prevention technology requires that you build anomaly and IDS [intrusion detection system] capabilities to anticipate future attacks," he said. "The technology is not going to be static."
Hodges stressed that intrusion prevention encompasses any technology capable of actively blocking attacks and malicious behavior, including anti-virus tools.
NAI's plan hinges on integrating the network IPS technology of IntruVert and the host IPS capability of Entercept into the company's existing product line. But, having spent $220 million on the two acquisitions, NAI can't afford to miss the mark. The first real evidence of the integration work will emerge next year, when NAI introduces its Rogue Machine Detector. The device will combine the principles of identity management and authentication with intrusion prevention and will look for unauthorized users who attempt to connect to the network.
Analysts have been supportive of NAI's focus on IPS, saying it is a logical use of the company's technological assets. "I think it's safe to say that Network Associates was fumbling for a while. But I think the intrusion prevention strategy is a good one," said Pete Lindstrom, an analyst at Spire Security LLC, in Malvern, Pa. "It's not everything you need, but it's a good part of it. Right now, nobody is competitive with them on this. And I think they can execute, especially with the new blood they have in there from the acquisitions."
But most of NAI's competitors remain scornful of the IPS plan. Companies such as ISS, Blue Coat Systems Inc. and others regard IPS as an add-on rather than an entire product and have added behavior blocking to their appliances. "Intrusion prevention is a feature, not a product, and certainly not a company," said Steve Mullaney, vice president at Blue Coat, a Sunnyvale, Calif., maker of security appliances. "Intrusion prevention will get folded into the firewall. Being the leading provider of a feature is not a sustainable model."
Still, NAI's Hodges has little doubt that the company is going down the right path. Asked how confident he is that the company can execute on the plan, Hodges said, "Above a nine [on a scale of one to 10]. I think we can. If you had asked me six months ago, the answer would have been five or six. "All of the ups and downs [in recent years] had two distinct parts: The solutions have been ups; the other stuff has been downs. The acquisitions and the products have the CFO [chief financial officer] smiling," Hodges said. "There may be more acquisitions. This is a good time to be evaluating startups. There's a lot of money flowing into security startups. And our belief is that all vendors in this space will have to switch to intrusion prevention in the next couple of years." But it remains to be seen whether NAI is still sitting at the table if and when that change comes to pass.