Intel-McAfee: Horseless Carriage Vendor Buys Buggy-Whips

This morning Intel announced plans to buy security vendor McAfee for $7.7 billion, valuing the company at a 60% premium over their market cap as of closing-time yesterday. The valuation is about 5 times the last trailing four quarters’ revenues, which is about typical for M&A deals in the security industry, and it suggests that both parties negotiated well. The price is not so high that it makes Intel look like Daddy Warbucks, but not so low that it looks like McAfee was desperate to sell.

But of course “a not so high price” is all relative. Nearly $8 billion is a lot of money. What on earth does Intel expect to get for all of the money it is spending on McAfee? I’ve been scratching my head over this, and despite McAfee CTO George Kurtz’ helpful blog post, I am still struggling to figure this one out. Let’s look at some of the stated rationales for the deal:

  • Intel wants in on the mobile market. According to the coverage of the deal in Bloomberg, the McAfee acquisition is about mobility. Raymond James analyst Hans Mosesmann argues that “[Intel’s] ability to be successful in the non-PC market, and even in the PC market, is going to depend more on system solutions, and security is becoming a really big deal.” Intel apparently agrees, telling the BBC that “today’s security approach did not fully address the billions of new internet-ready devices, including mobile and wireless devices, TVs, cars, medical devices and cash machines.”
  • Security wants to be embedded in silicon. George Kurtz argues that the threat landscape has become so deadly that hardware-based solutions are needed: “Given the current challenges in dealing with the proliferation of virulent malware, bringing software closer to silicon will provide a real advantage for consumers and businesses. Beating back the tide of malware proliferation by changing the game on the bad guys is an exciting proposition.”
  • Intel moves closer to becoming a systems supplier, not just a chipmaker. New York Times reporter Ashlee Vance notes that “Intel builds a variety of security functions directly into its chips and has offered its customers ways to tap into the tools. The McAfee technology would sit a couple layers above Intel’s existing technology and perform a much wider array of functions.”

These arguments have their merits. Everyone agrees that mobility is huge, and that the post-PC market will eventually eclipse today’s PC market. Indeed, Forrester data shows that the crossover point is this year. Intel knows this, so it wants to plant a flag in the mobile security space it believes will be necessary to protect these new devices. Moreover, I can understand why Intel feels it ought to be baking more capabilities into silicon: it helps differentiate its chips against rivals AMD and ARM (via its licensees). Adding more functionality to core offerings as a way to entice buyers to upgrade to their platform is a classic strategy that Intel’s acquisition target (McAfee) has been perfecting for years with its desktop anti-malware suite. That product started as a humble virus scanner. Today it includes anti-spyware, a host firewall, data leak prevention, host intrusion prevention and much more. What McAfee has done on the desktop, Intel intends to do “inside,” on its silicon.

But I see four problems with Intel’s strategy (at least as much as I can glean, so far):

  • Neither Intel nor McAfee are serious players in the mobility market, and this deal doesn’t improve their prospects. In the mobile market, Intel has had its lunch eaten by ARM Holdings, a company whose energy-effiicient designs have underpinned the chips of choice on mobile devices like Apple's iPad. And for McAfee, it has recently acquired two mobile security companies — Trust Digital and tenCube. McAfee also (earlier) bought Solidcore for the embedded market, a move that looks savvy in hindsight. But speaking charitably, neither of these most recent two acquisitions will be (as the equity analysts like to put it) “accretive to earnings or revenues” in the short to medium term. That is to say, mobile security won’t be much more than a few percentage points of McAfee’s overall revenues. McAfee deserves credit for thinking outside the PC box, but its execution in this area is, at best, in the early stages.
  • Intel’s hardware platform strategy will not work. Most enterprises take the least-common-denominator approach to managing their computing assets. This is largely because refresh cycles cause hardware platforms to stick around much longer than software-based ones: it is easier to push down a software update than to pull a motherboard. I am not convinced that a hardware-based strategy for security will resonate with enterprise buyers. If you need convincing, ask yourself: how many of the PCs in your organization run Intel vPro-capable hardware? Don’t know the answer? Right: this is exactly my point. Despite Intel’s efforts to add more differentiating “professional” features on and around their core processor silicon, these are seen as a bonus, rather than the centerpiece of enterprise management strategies. It is hard to see how “McAfee Inside” would work out any differently.
  • Intel doesn’t understand software. Perhaps the most troubling part of the McAfee deal is the prospect that they will mismanage their new division into irrelevance.  Intel’s track record with deals further up the stack are patchy at best. In 2005, Intel bought Sarvega, a hardware-and-software play in the XML processing segment. Today, it is irrelevant. In 1991, Intel bought LANDesk as the centerpiece of its DMTF strategy. Remember what DMTF stood for? (No penalty for not remembering:  it stands for Desktop Management Task Force.) LANDesk was sold at the height of the dot-com boom, and it has been bought, spun off or sold three times again. Now Intel wants to get back in the software game again. Again, how will this be any different?
  • The security aftermarket will be very different on Post-PC devices. PC devices, and by this I mean those running Windows, have long needed third-party security vendors to help secure the platform. Early versions of Windows, and even current ones, were not designed with security in mind. Even though Windows 7 is much improved compared to Windows XP, 95 or 2000, the core OS is still based on the Win32 foundation, a twenty-year-old legacy that was designed to run on “everything.” Contrast that with the highly sandboxed, compartmentalized, digitally signed “apps” model of the BlackBerry OS and Apple’s iOS. With these two operating systems, you don’t need on-board anti-virus, or HIPS, or anything else — and if you do, it is because Apple or RIM have screwed up. Both of these vendors are taking responsibility for their platforms in totality in ways that Microsoft never did, or could have. Neither iOS nor BlackBerry OS depend in any way on hardware capabilities Intel or anybody else could bring to the table, other than the root-of-trust embedded in the handset. All of the security differentiation is in the OS. And that, frankly, is where it belongs.

All of which leads me to conclude that while Intel’s stated rationales for doing the McAfee deal are very forward-looking, its likely actual revenues are mostly about the past. If Intel wants to grow the franchise for protecting PC platforms, the McAfee deal is a great acquisition. But if you view today’s security aftermarket as something that ought to be better left in the ashbin of history, where security is baked into operating systems, this deal is more of a head-scratcher. In that light, Intel’s purchase of McAfee is a lot like a horseless-carriage vendor buying a leading supplier of buggy-whips.

What does this mean for Forrester customers? Given the risks associated with this deal, enterprise customers should be wary of making long-term commitments to McAfee until Intel’s intentions are clearrt. It would be best if McAfee was left to manage itself, largely as a stand-alone company. That said, Forrester has spoken to many McAfee customers in the last several months that have been upset with McAfee’s handling of the DAT file problem from April, which caused widespread service outages. We expect that customers that have already been angling to jump ship will use this deal as an excuse to accelerate those plans.


Security in silicon?

Hardware security solutions have some serious drawbacks: while they are good for the short term, as soon as they are hacked around they are no good, and, in many cases, not easily upgraded.

Even when firmware upgrades are easy for the user (as with smartphones and other devices that update the firmware when they sync, or the "one-button" approach of consumer electronics like BluRay players, etc) development of firmware patches takes a lot more in development and testing hours than the typical AV software patch.

Firmware updates have a direct impact on everything that runs on that hardware. In the case of (for instance) a motherboard chipset that means that any changes need to be tested against the entire stack from the BIOS to the OS the apps running on the OS. (I am, of course, working from the assumption that the in-silicon security is meant to provide some sort of meaningful protection against viruses, trojans, worms and the like.) And those easy firmware updates are yet another attack surface that needs to be protected. And how does the hardware manufacturer decide which kinds of things to protect against in the firmware? Do they provide protection against known Windows exploits? How does that impact the running of *nix on the hardware?

I have too many questions on this one to jump to any conclusions. I choose to adopt a wait and see attitude in regards to what Intel plans to do with this acquisition.

value statement

Good piece-- thanks. While I am quite aware of the underlying issues outlined here and elsewhere-- indeed have been raising a flag on several related issues for years, I was still surprised by the acquisition, and shocked at the price.

Despite the significant software business within Intel now, nothing previously compares to this statement, which should make for interesting discussion (if not screaming) over morning coffee in parts of the ecosystem.

End users -- consumer and enterprise-- should probably take this as good news. Unless and until Intel gets serious about systemic security, it won't exist. .02-- MM

Mark Montgomery
Founder & CEO

Wait, what about information risk?

Great post. Definitely a lot to think about!

Question for you: What happens to McAfee's current strategy? I thought it was all about going up the value chain, not down. Wasn't McAfee focusing more on information risk and not just IT security? It seems like the strategy to embed security in silicon doesn't jive with a broader information risk story.

Great questions, Rob... answers yet.

We will have to wait and see how this develops. I plan to be at FOCUS this year; that should be very interesting!

Intel enters software

This is Intel's second big software buy. Word around the bar from folks inside WindRiver is that Intel is taking a very hands-off approach and that things are working well. Expect the same for McAfee.

Hmmm. pretty negative outlook...but

I think this view underestimates 3 things...

1) Disintermediation of distribution channels
2) High perf silicon accelerated network and cloud computing offerings
3) INTC/APPL relationship positive impact.

Working on a blog, will post link when ready!

and now my blog

Move Underscores the Need for Visibility into Data at all levels

Intel today announced its acquisition of McAfee. Intel CEO Paul Otellini said on the conference call: "We believe security will be most effective when enabled in hardware."

Qosmos sees a broader picture for better secured systems across the technology value chain – enabled by better visibility into active data, regardless of where the data is at any moment. And the network is the converging point to access this intelligence.

Most companies lack the appetite and capital for such acquisitions, but will nonetheless require technologies that enable visibility into the path and content of data transiting networks. For such specialized expertise, there is Qosmos. Qosmos, the expert in so-called “network intelligence technologies,” provides software and hardware components that embed inside applications, equipment and networks to capture, extract and identify data in motion.

According to Qosmos CEO Thibaut Bechetoille, “In today’s network-dependent economy, this acquisition underscores the critical need for greater visibility of active data across the technology spectrum – whether in hardware and processors, in the networks themselves, in the systems that manage them or in the applications that run with real-time data – to enable more secure and better performing solutions.”

Technically speaking, Qosmos technology provides visibility and data extraction at unparalleled depth (up to and including layer 7), speed (with throughputs of up to 80 Gbps) and detail (recognizing 300+ network and application protocols and extracting more than 4,000 metadata elements).

In plain speak, technology providers including software vendors, systems integrators, developers and equipment manufacturers use Qosmos components inside their solutions to make them more secure, better performing and better monetized by having the detail to see patterns and aberrations that would otherwise be invisible.

Qosmos experts and executives are available to discuss why such visibility is critical and why network visibility – network intelligence – is THE keystone to improved security.

Mobile-enabled increasingly

Mobile-enabled increasingly ubiquitous computing asks for security solutions than span client devices, transmission as well as remote processing and storage.

One company may try to provide solutions for every link of this chain, but it is extremely difficult for differences in both hardware and software used in this chain.

It seems more possible that various systems will be made to cooperate to provide secure mobile environment using commonly agreed standards.

Most probably overlaps will exist between various security layers provided by different vendors.

By acquiring McAfee and integrating software and hardware elements, Intel may try to position itself in as many links of the ubiquitous computing value chain as possible.

Many years ago Microsoft tried to introduce its next generation secure computing base called Palladium, but it failed due to fears of vendor lock-in. Intel plans may hit similar wall.

Maciej Janiec

Intel, McAfee, and vPro

I remember years ago being intrigued by Intel's announcement of vPro. Unfortunately for Intel, it seems to me that ISVs did not embrace it. Perhaps Intel is doubling down by acquiring McAfee. In other words, if ISVs won't embrace vPro, then Intel itself will show its value and reap the rewards. What do you think?