Symantec CEO Expects More Acquisitions

— -- The future holds more acquisitions for Symantec as it looks to strengthen key business areas and keep pace with evolving online security threats, its CEO said Friday.

While dismissing as "speculation" recent press reports that Symantec is close to buying San Francisco data-loss prevention software company Vontu, CEO John Thompson said Symantec is interested in expanding in that technology area.

"If I were to think about broad categories of technology where we have an interest they might include three or four important areas: data loss prevention, transaction-based security, server management, and then complementary services across those three software domains," he said at a Tokyo news conference held alongside the company's Symantec Vision event.

He said Symantec typically looks to acquire a company when its own work might not be fast enough to take advantage of a market opportunity, or when it believes it can acquire a leading company and substantially grow its own business.

"And so a company like Vontu that has achieved leadership in the category of data-loss prevention certainly would be an interesting target," he said.

Earlier in October, Infoworld reported that Symantec would pay between US$300 million and US$350 million for Vontu, with which it already has an OEM business partnership.

"Our industry is entering a very obvious phase of maturity where growth rates are starting to slow from the hectic pace of the 80s and 90s, and therefore strong companies with strong balance sheets and strong cash positions and leadership technologies are looking to add components to their overall portfolio," Thompson said. "As you look ahead you should assume that Symantec will continue to be an acquisitive company as we also match that acquisition strategy with 15 percent of revenue spent on internally developed products."

Looking ahead over the next few years Thomson, who has more than three decades experience in the industry, said he believes a couple of trends will dominate.

"The first is perhaps the realization by many users that anti-virus technology alone is not enough to protect them from today's threats," he said. Security will need to be deployed at several layers of the information infrastructure to protect not just the devices on the network, but the information and transactions that occur as well.

Secondly, he sees a shift away from rules- to policy-based security.

"In the world of security 1.0 we thought about firewall rules or rules for the intrusion device or rules for the configuration of the antivirus agent. Those were things that were typically black or white," said Thompson. "The security 2.0 world assumes a significant increase in collaboration, a much more significant increase in the layering of technology to asses multiple factors associated with a threat, and a dramatic shift in the implementation techniques to be much more policy-based than the historical rules-based approach."