Symantec’s acquisition by Broadcom, announced recently, represents yet another major change for this cyber security vendor and service provider. Given the explicitly stated intention to focus only on the largest 2000 organisations globally, only time will tell what the impact will be on its smaller enterprise and mid-market customers.
For the email security industry though, it could have far reaching consequences. The second explicit statement made during the investor presentation was that R&D investment would be focused on endpoint protection, data loss prevention and secure web gateway. This likely leaves many wondering what it means for the Symantec Email Security.cloud service and the Symantec Messaging Gateway appliance.
Such changes are not new in the email security industry. Years ago, we won the war against email threats and the cyber criminals shifted their focus to the web channel. This resulted in email security services commoditizing and the market consolidated. Many companies then did what Symantec appears to be doing now – shifted focus to higher value products. Some exited the market completely. The most recent high-profile company to do so was another large cyber security player, McAfee. This created some upheaval for its customers, but given the ease with which email security services can be ripped and replaced, not too much.
Of course, this ability to easily change your email security service provider might suggest why email security was not called out as an investment priority by Broadcom. Hock Tan, Broadcom’s President and CEO, stated that their strategy of focusing on the global 2000 is driven by the stickiness that infrastructure software has when embedded into these organisations. I.e. replacing it is difficult, which provides Broadcom with a predictable recurring revenue stream.
Going back to our short history of the email security industry, what was the upshot of this shift in focus away from email security? When cyber criminals themselves shifted focus back to the email channel, email security products and services struggled to defend us, especially against new kinds of attacks, such as evasive phishing. The industry did react, and some vendors and service providers built new technologies to help defeat the bad guys. However, if we are to win this arms race, this industry cannot take its eye off the ball – we must commit to continuous investment in email threat detection, response and remediation technologies.
If you are thinking about evaluating new email security services, why not try Cyren’s Email Security Gap Analysis assessment, which is easy to deploy alongside your existing email security and free of charge to qualifying companies.