McAfee: A (Secure) Chip on Intel’s BlockBy Mike Rothman
Ah, the best laid plans. I had my task list all planned out for today and was diving in when my pal Adrian pinged me in our internal chat room about Intel buying McAfee for $7.68 billion. Crap, evidently my alarm didn’t go off and I’m stuck in some Hunter S. Thompson surreal situation where security and chips and clean rooms and men in bunny suits are all around me.
But apparently I’m not dreaming. As the press release says, “Inside Intel, the company has elevated the priority of security to be on par with its strategic focus areas in energy-efficient performance and Internet connectivity.” Listen, I’ll be the first to say I’m not that smart, certainly not smart enough to gamble $7.68 billion of my investors’ money on what looks like a square peg in a round hole. But let’s not jump to conclusions, OK?
First things first: Dave DeWalt and his management team have created a tremendous amount of value for McAfee shareholders over the last five years. When DeWalt came in McAfee was reeling from a stock option scandal, poor execution, and a weak strategy. And now they’ve pulled off the biggest coup of them all, selling Intel a new pillar that it’s not clear they need for a 60% premium. That’s one expensive pillar.
Let’s take a step back. McAfee was the largest stand-alone security play out there. They had pretty much all the pieces of the puzzle, had invested a significant amount in research, and seemed to have a defensible strategy moving forward. Sure, it seemed their business was leveling off and DeWalt had already picked the low hanging fruit. But why would they sell now, and why to Intel? Yeah, I’m scratching my head too.
If we go back to the press release, Intel CEO Paul Otellini explains a bit, “In the past, energy-efficient performance and connectivity have defined computing requirements. Looking forward, security will join those as a third pillar of what people demand from all computing experiences.” So basically they believe that security is critical to any and every computing experience. You know, I actually believe that. We’ve been saying for a long time that security isn’t really a business, it’s something that has to be woven into the fabric of everything in IT and computing. Obviously Intel has the breadth and balance sheet to make that happen, starting from the chips and moving up.
But does McAfee have the goods to get Intel there? That’s where I’m coming up short. AV is not something that really works any more. So how do you build that into a chip, and what does it get you? I know McAfee does a lot more than just AV, but when you think about silicon it’s got to be about detecting something bad and doing it quickly and pervasively. A lot of the future is in cloud-based security intelligence (things like reputation and the like), and I guess that would be a play with Intel’s Connectivity business if they build reputation checking into the chipsets. Maybe. I guess McAfee has also been working on embedded solutions (especially for mobile), but that stuff is a long way off. And at a 60% premium, a long way off is the wrong answer.
For a go-to-market model and strategy there is very little synergy. Intel doesn’t sell much direct to consumers or businesses, so it’s not like they can just pump McAfee products into their existing channels and justify a 60% premium. That’s why I have a hard time with this deal. This is about stuff that will (maybe) happen in 7-10 years. You don’t make strategic decisions based purely on what Wall Street wants – you need to be able to sell the story to everyone – especially investors. I don’t get it.
On the conference call they are flapping their lips about consumers and mobile devices and how Intel has done software deals before (yeah, Wind River is a household name for consumers and small business). Their most relevant software deal was LANDesk. Intel bought them with pomp and circumstances during their last round of diversification, and it was a train wreck. They had no path to market and struggled until they spun it out a while back. It’s not clear to me how this is different, especially when a lot of the stuff relative to security within silicon could have been done with partnerships and smaller tuck-in acquisitions.
Mostly their position is that we need tightly integrated hardware and software, and that McAfee gives Intel the opportunity to sell security software every time they sell silicon. Yeah, the PC makers don’t have any options to sell security software now, do they? In our internal discussion, Rich raised a number of issues with cloud computing, where trusted boot and trusted hardware are critical to the integrity of the entire architecture. And he also wrote a companion post to expand on those thoughts. We get to the same place for different reasons. But I still think Intel could have made a less audacious move (actually a number of them) that entailed far less risk than buying McAfee.
Tactically, what does this mean for the industry? Well, clearly HP and IBM are the losers here. We do believe security is intrinsic to big IT, so HP & IBM need broader security strategies and capabilities. McAfee was a logical play for either to drive a broad security platform through a global, huge, highly trusted distribution channel (that already sells to the same customers, unlike Intel’s). We’ve all been hearing rumors about McAfee getting acquired for a while, so I’m sure both IBM and HP took long hard looks at McAfee. But they probably couldn’t justify a 60% premium.
McAfee customers are fine – for the time being. McAfee will run standalone for the foreseeable future, though you have to wonder about McAfee’s ability to be as acquisitive and nimble as they’ve been. But there is always a focus issue during integration, and there will be the inevitable brain drain. It’ll be a monumental task for DeWalt to manage both his new masters at Intel and his old company, but that’s his problem. If I were a McAfee customer, I’d turn the screws – especially if I had a renewal coming up. This deal will take a few quarters to close, and McAfee needs to hit (or exceed) their numbers. So I think most customers should be able to get better pricing given the uncertainty. I doubt we’ll see any impact at the technology level – either positive or negative – for quite a while.
I also think the second tier security players are licking their chops. Trend Micro, Sophos, Kaspersky, et al are now in position to pick up some market share from McAfee from customers who now feel uncertain. Not that McAfee was a huge player in network security, but Check Point and Sourcefire are probably pretty happy too. This could have a positive impact on Symantec, but they are too big with too many of their own problems to really capitalize on uncertainty around McAfee.
Most important, this demonstrates that security is not a standalone business. We all knew that, and this is just the latest (and probably most visible) indication. Security is an IT specialization, and the tools that we use to secure things need to be part of the broader IT stack. I can quibble about whether Intel is the right home for a company like McAfee, but from a macro perspective that isn’t the point. I guess we all need to take a step back and congratulate ourselves. For a long time, we security folks fought for legitimacy and had to do a frackin’ jig on the table to get anyone to care. For a lot of folks it still feels that way. But the guys with the IT crystal balls have clearly decided security is important, and they are willing to pay big money for a piece of the puzzle. That’s good news for all of us.
Anybody who opens with a Hunter S. Thompson reference and pays it off deserves a thorough read. Thanks for validating the head-scratching. I think one of your more compelling observations is that with this purchase maybe businesses and consumers will drive manufacturers to weave “security” into computers, servers, networks, and all electronics for that matter, instead of bolting it on after the fact.
I like the pillars of Security, Connectivity and Energy-efficiency, in that order. Time will tell if this will become real and more than a go-to-market marketing framework.
By mark evertz
Let me pull the rabit out of the bag. This Monday Intel will release a patch for _all_ McAfee software. It will start using as many CPU cycles as Symantec and demand for uber Intel cores will rise accordingly.
There’s your case :P
By mokum von Amsterdam
Good idea on parsing the press release, and based on your post, and the press release, here are some thoughts, in no particular order:
1. I’m not seeing the synergy either, despite having read the McAfee press release also. Ok, 50 billion devices, 3rd pillar is security - but as one example, if you take the iPhone, it doesn’t even run on Intel. (Oh, but that might change - real soon:
2. Maybe Intel is expanding, and it’s not the leveling off of McAfee, but the leveling off of Intel, i.e. if those 50 billion devices *aren’t* Intel, then Intel needs to be more “well rounded” perhaps, more like IBM and HP? And you get a hint of that from the software deals they mention.
3. Building in security in the chip is certainly useful, I can see some use cases or threats where that is good, such as building in security into lower-level devices like routers and switches. But even there you have solutions that are software-based, like Cisco IOS and TACACS+, for example. No matter how good the security is in the silicon, it’s the OS, and other apps running on the chip that really matter. I can have Microsoft Windows running and Mac OS X both running on Intel, but with vastly different vulnerabilities.
This is where I do see, as you or Rich pointed out, other customers like Symantec crying foul. This is WinTelFee or MacWinTel. Going to the extreme, what if MacWinTel decides Symantec is a virus? Something along these lines actually happened sometime back I believe, with an update from Microsoft or Symantec causing the OS to reboot.
4. Maybe they are thinking about ways of doing security stuff in the chips, for performance purposes, like IBM handles encryption in Crypto Express?
5. 60% premium - wow, they must have a darn good reason for doing that. These companies move in mysterious ways, I’ve seen some crazy, inflated purchases out there, consider Mercedes buying Chrysler.
6. “This is not about cost-cutting, this is about ” blah blah. My take on things like that in a press release is - aha. This is all about cost cutting.
So in conclusion, yes, in general a stamp of approval for the security industry, but the competition just got a little different, perhaps easier, certainly boosts the folks in the lower tier as you point out, even Symantec I would venture. And this churn, maybe that’s a good thing. I’ll withhold judgement for now, but it will be interesting to see how this shakes out.
By Michael O'Keefe
Two questions relating to Symantec.
1: What long term problems do you see within the company? I’m not familiar with their operations beyond consumer products (Norton brand), which accounts for only a fraction of their revenue.
2: If HP and IBM are the two clear potential acquirers of McAfee and Symantec, with Intel upsetting the balance, will there not be a bidding war for Symantec (behind closed doors, of course)?