Q&A: Symantec President Michael Fey On Blue Coat Integration, Competition With McAfee And Driving Security Consolidation

The New Symantec

Symantec came into the 2017 RSA Conference this year a very different company than last year, with two blockbuster acquisitions under its belt, new executive leadership and new technology products. CRN sat down with President and COO Michael Fey at the RSA conference this year to talk about how the company's integration of Blue Coat Systems was progressing and how its LifeLock acquisition fits into its enterprise security portfolio. Fey also discussed the company's long-standing competition with McAfee, which is going through a private equity acquisition of its own, and how he sees the endpoint security market as a whole evolving. Take a look at what he had to say and what to expect from Symantec in the months to come.

It's been about six months since the deal closed – how is the integration of Blue Coat Systems progressing?

It's going really well and the business is showing it. Now we're a publicly traded company and you can see how the business is doing, and it's going really well. The market is reacting – you've seen us add $8 billion to our market cap since the acquisition. That's eight unicorns, for the record.

We think we have a lot of exciting stuff ahead. This [RSA] show has been amazing to confirm that. Last year you would have seen that Symantec's numbers were about 250 executive visits. We're going to cross around 700 at this show. We are seeing the market really looking to us to step up. It's nice to have these interesting technologies coming from all different locations, but there has to be a platform to emerge out of this thing that we can build around. We are seeing existing customers and new customers coming at us really looking at how do we fit in strategically long term. It's been an incredibly positive experience. This is probably the most positive RSA I have been a part of so far. … I think people are ready to listen. They want to know what the new Symantec is about. SEP 14 has been a really successful launch, so there's a belief that the technology is in the right place, so some of the issues of the past have been risen through. I'm finding a very receptive industry at a very critical time in Symantec's history.

How is this integration different from other integrations you have overseen in the past?

It's been a very unique integration, unlike anything I have ever experienced, given with the Symantec-Veritas separation there was a planned vacancy of leadership – if you break a company in two, half go one way and the other half go the other way. … We didn't have a lot of difficult decisions to make as to who we take, who do we not take, all those things that normally make for a lot of angst and stress. We were able to move from organizational dynamics to implementation in a week and a half, as opposed to the month that it normally takes with something this large. I think that's why we feel so positive right now, because we've gotten so far in such a short amount of time. When we look back on other integrations that we've done in our careers, they have never gone that fast. I think that's the underlying reason why it has gone so fast.

The other part is: Both product families did a really good job of having an open infrastructure to integrate to each other, so the actual effort to get tangible integrations that our customers get to use and look for are coming out much faster than we ever thought they could. We have 30-plus integration points between the product families already and we're only about six months in.

This is two massive security companies coming together -- have you hit any integration hiccups along the way?

You just can't imagine how hard it is to integrate back offices sometimes. Luckily, I have a great team on that and we're on our timelines, but it's not something many companies get to do often. That effort is a grueling effort but a positive one. I'll give you an example – we took the price list down, where before if you had printed it it would have been 40 feet high to 7.5 pages now. There is integration and optimization occurring because obviously if you integrate Blue Coat in those 40 feet become 42 feet – it doesn’t become less. We're taking this opportunity to not only consolidate, but to do it right. That effort is monumental and it's inspirational.

Does that price list consolidation mean you're cutting back on the number of products you offer?

We're simplifying it. When we did the analysis, despite having many SKUs … there were so few that were really in play. First, getting to that and saying what's in play, and then asking what is redundant? ... It's just a little good management on that and some housekeeping that hadn't been done. That makes everything simpler. It's simpler to train the channel, to integrate to their systems and it just flows through all of that process. We see a huge benefit coming from channel optimization moving forward.

When you're talking to customers coming in to talk to you – are they coming to you for endpoint? Or the full platform?

It is a little bit of everything. But it seems to be they want the two termination points to work together: the proxy termination point and the endpoint termination point. Those are two big areas of interest. We see proxy customers looking at us for their next endpoint solution and endpoint customers looking to augment with proxy. I will tell you the whole stack is operating to build upon itself. The DLP solution has been beautifully integrated into CASB. The vested DLP customers are extending into CASB, which was a Blue Coat technology. That CASB connects back to our cloud-based web protection offerings. So, they are just flowing around that stack in a very nice, meaningful way. I think in six months we have been here every major product line has grown. I think we will continue to see that for some time. We saw some of the largest deals in our industry done in places like CASB last quarter, which we're very proud of, while many of the smaller, niche vendors are trying to give stuff away. We are getting $5 [million], $10 [million], $15 million deals in some of these new investing areas of cybersecurity.

Are most customers just now moving to cross-sell? Or are you seeing net new customers?

There really aren't that many of those out there that haven't bought either [Blue Coat or Symantec before]. … We have customers that might have said we weren't strategic before, and now they are saying we're a strategic platform for them. What customers are coming to us for is to discuss that ELA thought process. They don’t want all these vendors in their infrastructure anymore – it's too complex – and they want to give a big chunk of the wallet share to us, for a good cost structure, and once they have they can think about how they augment these platforms. … Additionally, we have that same conversation happening in the mid- and the small-[business market], where the channel is saying we can't afford to touch these smaller companies 13 times with 13 different products. We want to set them up in an area where we can enable them, get them a small medium large buying process and then use that one touch to get an optimized interaction for everybody.

As both you and McAfee navigate through major company transformations, how would you compare the strategic directions you're heading in?

It's very different. Large companies ebb and flow. Symantec had to do a lot of work to get in a position to grow and thrive again. They did that. It took years of effort on the part of the company to set it up, to get Wall Street comfortable with the plan, buying the right companies, finding the right people – all of that stuff had to occur. We're on that upswing trajectory that is driven by all that prep work. McAfee is now just starting to undergo that. They have to come out of Intel, they have to form their own new identity, they have to reshuffle the product stack – at the end of the day I think the next couple of years will be tough for them. I think these are our couple of years to thrive. You see very few companies can just thrive continuously, but the deck is stacked very well for us right now. … Additionally, the difference of the stacks. The size of our business compared to McAfee's – and I never understood this when I was there – is so much larger. When you talk about billions of dollars of revenue larger, that is a serious difference. So, my reach, my account reach, the portfolio is substantially larger. It's a different machine altogether.

What do you think of the endpoint security market in general right now?

I will tell you I think the endpoint market is very healthy – it's a growing market space for us. I think the importance of the endpoint is growing every day. Things like encrypted internet and the like challenge a lot of networking gear, so the endpoint is becoming more important. The diversity of the endpoint challenges everybody. But, I do think there are a lot of endpoint vendors that are a mere feature of a full solution. I think in our more recent releases, like SEP 14, we're showing the world the full cost of what would be including multiple vendors out there. I think that's what's driving that growth for us. Usually when you hear the competitive claims against us, they're really talking about SEP 12, which is two-year-old technology. No one has taken SEP 14 head on in the market.

Do expect to see some consolidation to come in the next year in the endpoint security market?

I think there could be consolidation to come. Some of these organizations have taken a lot of money and so they need a valuation at a pretty sizable sum and I'm not sure that's where the strategic buyers' minds are at right now. There's a lot of interesting companies with real revenue and real profits that are out there. To buy something that may or may not become a feature, that you may not even be able to charge for long term, is a dangerous thing to look at. Most of the companies in their head won't even go for hundreds of millions of dollars – they want at least a billion. We just saw one recently go for around $100 million. There was a time they wanted a billion as well. … There's a lot of ways to grow big companies in this space. It's not all startup, VC, sell high.

Do you feel like Symantec has all the pieces now or can we expect to see you driving some consolidation?

I do think we will play a role in consolidating the industry. We're happy with our stack right now, so I wouldn't say we're looking, but we do have a very strong balance sheet that affords us that luxury if we determine it makes sense. [CEO Greg Clark] and I have always been acquisitive throughout our careers, so we're not afraid to acquire. But, we like the organic development in the works at Symantec. We think the future of our products exist around that. So, we don't feel pressure at all [to acquire]. Picking up the CASB space with Elastica was big. Of course, we made a strategic acquisition on the consumer side [of LifeLock], which was absolutely critical.

Will you look to bring together the enterprise and consumer sides of the business?

The consumer security space is shifting from protecting a PC or a device to protecting a digital identity. … That digital security for the consumer is a great growing market and the [total addressable market] is so much larger than the TAM that Norton was addressing prior to that. Extending that and continuing to build that subscriber base on the consumer side is very helpful.

On the enterprise side, things get very interesting as well because the identity of users is no longer clear if you are consumer or employee. We have to build a bridge that allows people to move from that consumer space into work, out of work. Having a very healthy consumer line and having a very healthy enterprise line will be key as those converge down the road. Keeping a healthy consumer business and a thriving consumer business is something we're very proud of. While others are blaming PC shipments and others for drop-off, we are saying this is a growth market and you can grow in consumer.

What other trends in security are you keeping an eye on right now?

What I'm finding is customer fatigue. That's the thing that's overwhelming. Where customers used to be appreciative of all of the vendors and the diversity, they're now annoyed by it. … I am seeing that they are trying to figure out what brand names to rally around and to trust out of necessity, not affinity. In the past it was out of affinity. … That creates a real opportunity for the larger brands -- if you are innovative and you're driving real value -- to build a strategic position with your customers that you can leverage for years to come. We are certainly feeling that and are dedicated to it. … The days of the partner showing up with a buffet card – 'I have them all, which one do you want?' – those partners are becoming more irrelevant to their customers. The ones that are more relevant are showing up saying, 'Here is my prescription.' … Those are starting to have more and more value because of that fatigue. We're seeing a lot stronger partners lately that realize they need to do that and are good at that. I think the security partner community has gotten stronger over the past couple of years. That's really healthy because they need to rise to the challenge of the future, like we all do.