Symantec's Split: Here's How The Growth Bubble Burst

Symantec Kept Pace By Acquiring

The new Symantec will consist of its Norton antivirus software, its endpoint security and mobility suite, its SSL certificate business, and its managed security and advisory services practice. The IT management spinoff will be named later and will consist of the company's backup and recovery, eDiscovery, archiving, storage and availability products.

Up until this point, however, acquisitions has been the name of the game at Symantec. The company has made 29 acquisitions since 2004, responding to market technology trends and in some cases trying to one-up its archrival McAfee, which also grew out its portfolio by shopping for market leaders. The new Symantec could stand to part with its Altiris management platform and ramp up acquisitions again to pick up advanced endpoint protection technologies, cloud security and big data security platforms, according to Jon Oltsik, a senior principal analyst at Enterprise Strategy Group.

Here's how Symantec's growth bubble burst.

Symantec's Enterprise Security Birth: @ Stake

Symantec's $370 million deal in 2004 for Brightmail gave its Norton line antispam technology and reputation-based antiphishing protection designed for corporate endpoints. Most security experts agree, however, that Symantec's reputation as an information security powerhouse may stem from its acquisition of @ Stake in 2004, a security consultancy that had been a white-hat hacker powerhouse. Symantec used the acquisition as the basis of its security advisory services practice. Today, many early @ Stake security veterans are security industry luminaries.

John W. Thompson's Legacy: Storage

Symantec's $13.5 billion acquisition of Veritas in 2005 under then-CEO John W. Thompson had security industry analysts scratching their heads. Investors on Wall Street expressed their initial disapproval, with the company's stock plunging 8 percent on the news. "While the regulatory environment requires increased information security, future business opportunities require more and more information be made available to a greater number of people," Thompson said at the time. "This dichotomy is driving the obvious convergence between securing the infrastructure and ensuring information availability."

Among those who gained a seat on Symantec's board with the Veritas acquisition was Symantec's current CEO, Michael Brown, who was CEO of storage giant Quantum and served on Veritas' board of directors. He was one of four Veritas board members appointed to Symantec's corporate board in 2005.

The Death Of Symantec Network Access Control

Several months after its Veritas acquisition, Thompson attempted to gain an edge on the growing interest in network access control technology with the $176 million acquisition of Sygate Technologies. Network access control is still a thriving business, but industry experts tell CRN that its first iteration was far too complicated and costly for businesses to widely adopt it with minimal disruption.

In March of this year, Symantec quietly said that it was pulling the plug on the product and advised customers to look elsewhere for the technology. The product was removed from Symantec's portfolio in September; support for current customers officially ends in 2017.

"Those who require advanced network access control capabilities should speak to their current network device providers whose products may have already incorporated this technology," said Sara Pan, a senior product marketing manager at Symantec.

Antivirus Isn't Dead

Recognizing that signature-based antivirus wasn't going to cut it, Symantec acquired WholeSecurity in October 2005, the same month Sygate was acquired. The WholeSecurity deal was said to be worth $68 million and added behavioral-based security capabilities and antiphishing technology to its endpoint security software. In January, the company updated a blog post titled, "Your favorite security technology is dead," explaining the legacy antivirus software has evolved way beyond signature-based detection with additional threat detection capabilities. WholeSecurity still has a place in the endpoint security platform to help defend against keyloggers and screengrabbers, the company said. Symantec would later add messaging security, Web and mobile security, data loss prevention and antimalware protection to its platform.

Compliance Is King

In 2006, Symantec struck a $209 million deal to acquire BlindView Development to create a policy compliance and vulnerability management offering. The platform also would address configuration management, and directory and access management to help meet Sarbanes-Oxley and other compliance mandates, the company said. BlindView added agentless capabilities to the portfolio. Today BlindView is part of the company's Control Compliance Suite.

Symantec also acquired 4FrontSecurity, adding a risk management component to its infrastructure compliance suite, and Relicore, adding change management capabilities to Symantec's server and storage business. It also acquired technology from Revivo in a fire sale, adding it to its NetBackup and Backup Exec servers.

Instant Messaging Buy Adds Enterprise Product Leader

In 2006, instant messaging spam and phishing lures were becoming a pathway into PCs and Symantec spent about $90 million to acquire IMLogic to add instant messaging protection to its platform. The deal did more than add technology to the portfolio. The company also brought on IMlogic founder and CEO Francis deSouza (pictured), an MIT graduate, who had already founded and sold an instant messaging business to Microsoft. He would soon spearhead the company's enterprise products and services practice and became president of products and services. He left the company last November to lead Illumina, a manufacturer of genetic sequencing technologies.

Altiris Deal Added Endpoint Management

In April 2007, Symantec struck an $830 million deal to acquire endpoint management vendor Altiris. The platform enables IT administrators to scan desktops, laptops, servers and mobile devices to identify missing patches and configuration weaknesses. It is used to deploy patches and enforce security policies, quarantining vulnerable systems until they receive attention. The endpoint management suite gave Symantec access to a strong partner ecosystem and fit into the company's security portfolio.

Diving Into Data Loss Prevention

About six months after the Altiris acquisition, Symantec snapped up the widely recognized market-leading data loss prevention platform maker Vontu in 2007 for $350 million. The move was part of Symantec’s Security 2.0 vision at the time, which the company said "shifts the focus of security from simply securing systems and devices to also protecting the information itself." Research firm Gartner still gives Symantec the leadership title, but notes that niche players are closing the technical gap. Customers have complained about the complexity of the platform and partners tell CRN that while it remains one of the most capable data loss prevention suites, it could use additional capabilities to push back competitors RSA, Intel Security (formerly McAfee), Verdasys and Websense, which are busy building out advanced threat detection capabilities.

Symantec Gets SaaSy: Web Security, Antimalware

Symantec bolstered its portfolio with the acquisition of Web security SaaS vendor MessageLabs in 2008 and the acquisition of Mi5 Networks in 2009, a maker of a Web security gateway. Symantec saw the MessageLabs acquisition as a way to grow its small- and midsize-business customer base. Thompson used the MesageLabs announcement to tout the company's secure online backup and storage and the birth of Symantec's "in-the-cloud services."

Splurging On Data Encryption

Symantec spent $300 million in 2010 to acquire PGP and another $70 million to buy email encryption GuardianEdge Technologies with the goal of integrating encryption into its endpoint security, data loss prevention and gateway products. The move ramped up competition against McAfee, which had acquired Safeboot for full-disk encryption three years earlier, merging it into its data loss prevention suite. GuardianEdge added to Symantec's already growing public sector presence. PGP gave Symantec a complete platform used by enterprises to manage full-disk and removable drive encryption on a variety of devices. PGP previously supported Symantec products and was seen by industry analysts as a good fit. Today both acquisitions are the core of Symantec Endpoint Encryption, supporting full-disk and removable media implementations, as well as its email and file and folder encryption gateways and file shares.

Enrique Salem: Symantec's Billion-Dollar Leap Into The Cloud

Symantec spent $1 billion in 2010 to acquire VeriSign's Secure Sockets Layer (SSL) encryption and managed Public Key Infrastructure (PKI) platform. Enrique Salem (pictured), who was then CEO of Symantec, saw the move as a way to push Symantec protection into authentication and secure cloud-based services. Mark McLaughlin, who was VeriSign president and CEO at the time, said the deal would enable VeriSign to focus on its Internet infrastructure services business. McLaughlin sold off VeriSign's managed security services business to SecureWorks, now an arm of Dell, and its consulting business to AT&T. In 2011 he departed VeriSign to head up network security vendor Palo Alto Networks, which recently launched endpoint security software.

Clearwell Systems Buy Bolsters eDiscovery, Archiving

Salem also acquired Clearwell Systems for $20 million, moving Symantec into the eDiscovery market in 2011 and bolstering its IT management business. Clearwell already supported Symantec Enterprise Vault for data discovery, classification and archiving unstructured data. Clearwell will become part of Symantec's data management spinoff with its synergy with the company's storage and backup products. Six months later, Salem added LiveOffice for $115 million to bolster the Clearwell platform with support for cloud-based archiving.

Symantec Streamlines While Security Innovation Surges

Symantec CEO Steve Bennett (pictured) hit the purge button in January 2013, unveiling the "Symantec 4.0" strategy to overhaul sales and cut redundant positions. The strategy put a halt on major acquisitions to focus on integration. The internal overhaul disrupted sales as a crop of innovative new security startups came to market, benefiting from an influx in VC funding. Interest surged in advanced threat detection technologies at the endpoint and on the network. Cloud security gateway technologies, big data security analytics and threat intelligence are gaining traction as well.

In March, Symantec's board of directors fired Bennett for "not moving fast enough." Brown was named interim CEO and began to explore splitting the company.