Feb 28, 2005 (10:02 AM EST)
Symantec CEO Takes On Microsoft, Again

Read the Original Article at InformationWeek

Symantec Corp. took its offensive against Microsoft to government technology executives on Monday. The security company's CEO, John Thompson, complimented Microsoft on efforts to secure the Windows environment, but characterized the work as incomplete for many technology managers.

Speaking at the Information Processing Interagency Conference in Orlando, Fla., Thompson said Microsoft's move to secure Windows and its applications from hackers and other threats won't help government IT managers because few agencies rely exclusively on Microsoft software. Microsoft's approach doesn't help those who employ other operating systems, such as Linux, Thompson says.

Thompson's remarks echo those he made a fortnight ago at the RSA Conference, shortly after Microsoft announced plans to acquire antivirus software vendor Sybari Software Inc., a field Symantec dominates.

Microsoft's acquisition of Sybari, along with Symantec's intent to purchase storage vendor Veritas Software and its takeover of backup-and-recovery software vendor PowerQuest, demonstrate how software vendors are expanding to offer broader product lines. IT managers, whether in government or business, need to seamlessly bridge the divide between devices, systems, and network management in heterogeneous environments, Thompson says.

"Security, as traditionally defined, isn't enough," he says. Besides providing patches to fill security holes, IT managers must be more proactive in preventing them because the time between exposure to a vulnerability and the damage it could cause has shrunk from months to days. "That suggests we have to shift the game to offense from defense, to protect critical infrastructure by taking a more holistic, proactive approach before information is stolen or misused," Thompson said.

Thompson outlined a more holistic approach to cybersecurity, in which an external alert triggers an internal assessment of an enterprise's IT environment, identifying systems vulnerable to attack. The process could automatically update patches in unprotected systems, and information garnered about potential attacks could automatically prompt more frequent backups, from desktop PCs to corporate data centers. These actions could produce an automated audit trail that could help companies meet regulatory compliance. Symantec, Thompson said, needs to strengthen its portfolio to include areas such as asset management and tracking, and tie those into early-warning intelligence to help customers keep their IT systems operating regardless of what happens. "It's time," he said, "to do more than raise red flags and block threats."