Broadcom-Symantec Enterprise Deal: How It Came To Be, What Will Happen Now

Here's a deep dive into why Broadcom plans to buy Symantec’s enterprise security business for $10.7 billion and how Broadcom plans to improve the profitability and go-to-market strategy of the underperforming business.


End Of An Era

Symantec plans to break up its consumer and enterprise businesses after nearly three decades together with the planned sale of its struggling enterprise security division to Broadcom for $10.7 billion. Symantec's stock is up 14.6 percent to $23.40 per share since news of the deal first broke late Wednesday, while Broadcom's stock is down 0.4 percent to $269 per share over that same time period.

Thursday's news of the deal capped off more than a month of speculation over the future of Mountain View, Calif.-based Symantec. Media reports in early July indicated that Broadcom was looking to buy both Symantec's enterprise and consumer businesses, but the deal reportedly fell apart less than two weeks later when Symantec made it clear that an offer of less than $28 per share would be refused.

The deal is one of the largest in cybersecurity history, and may create an opening for competitors that are either dedicated to customers outside the Global 2000 or focused on practices like email security, network security, managed security services, or consulting.

Sponsored post

Here's a deep dive into why Broadcom plans to buy Symantec’s enterprise security business, and how Broadcom plans to go about improving the profitability and go-to-market execution of the underperforming segment.

10. Deal Is Broadcom's Fourth Massive Acquisition In Four Years

Broadcom's parent company has increased its revenue ten-fold and boosted margins by 70 percent over the past several years through a series of enormous acquisitions. The deal-making began in February 2016, when the company (then known as Avago) bought semiconductor manufacturer Broadcom for $37 million and took the name of the acquired asset.

Since then, Broadcom has aggressively diversified its business, purchasing data center networking provider Brocade for $5.9 billion in December 2017 and IT software giant CA Technologies for $18.9 billion in November 2018. As a result of the four deals (including Symantec), Broadcom's revenue will jump from $2.5 billion to $24.6 billion, while EBITDA margins will grow from 33 percent to 56 percent.

The deal with Symantec comes 17 months after Broadcom dropped its $117 billion bid to buy rival chipmaker Qualcomm, which was scuttled after President Donald Trump blocked the acquisition due to national security concerns. Since then, Broadcom has officially relocated its headquarters from Singapore to California's Silicon Valley.

9. Symantec Will Significantly Reduce Head Count In The Coming Months

In addition to announcing the planned sale of its enterprise security business, Symantec Thursday also unveiled a $100 million restructuring program (its second in two years) that includes a 7 percent reduction in head count as well as the closure of certain sites. The job reductions and site closures, which have already been started, are expected to be mostly done by the company's fiscal third quarter, which ends Dec. 31.

Symantec has 12,000 employees today and expects to get down to 10,000 employees for both its enterprise and consumer segments as part of the improvement plan, Symantec CFO Vincent Pilette told investors. The head-count reductions will include people who have been instrumental in making the deal with Broadcom happen, Symantec CEO Richard Hill told investors.

The company expects to have 2,500 employees as part of its consumer business after the sale of the enterprise security business to Broadcom closes, according to Pilette. The remaining Norton and LifeLock consumer segments will have roughly $2.5 billion in revenue, and the company believes that having one employee per each $1 million of revenue is the right long-term target, Pilette said.

8. $1 Billion Of Cost Synergies Expected In The Year Following Close

Broadcom plans to achieve $1 billion in cost synergies in the year following the close of the Symantec deal through cuts to sales, marketing, and general and administrative expenses, Broadcom CFO Tom Krause told investors Thursday. Symantec’s enterprise security business spent $650 million on sales and marketing in its most recent fiscal year, equal to 24 percent of the division's $2.32 billion in revenue.

Redundant general and administrative expenses for Symantec’s enterprise security business, meanwhile, will be eliminated by migrating the organization to Broadcom's platform. All told, the cost reductions are expected to increase the EBITDA for Symantec's enterprise security business from $350 million today to $1.3 billion post-synergies on a pro forma basis.

7. Focus Will Be Culled To Symantec's Endpoint, Web And DLP Products

Broadcom plans to enhance its investment around the Symantec enterprise security endpoint, web and data loss protection products, while scaling down investment in other areas where the return may not be as profitable, Broadcom President and CEO Hock Tan (pictured) told investors Thursday.

Other areas where Symantec enterprise security has offerings today include email security, network security, managed security services and consulting, according to filings with the U.S. Securities and Exchange Commission.

Symantec's web security business has $700 million in annual revenue, stable market growth, 29 percent market share (Forcepoint is second with 17 percent share), and includes technology from the company's $4.65 billion acquisition of Blue Coat Systems in August 2016, according to the Broadcom investor presentation.

The company's endpoint security business, meanwhile, has $550 million in annual revenue, stable market growth, and 18 percent market share (McAfee is second with 12 percent share). And Symantec's data loss prevention business has $450 million in annual revenue, plays in a growing market, and has 19 percent market share (McAfee is second with 7 percent share).

6. Broadcom Hopes To Build On Symantec's Cloud Security Success

Symantec's 2016 acquisition of Blue Coat Systems brought the company not only into the secure web gateway space, but also into the cloud access security broker (CASB) arena thanks to Blue Coat's 2015 acquisitions of CASB players Elastica for $280 million and startup Perspecsys.

As a result, Symantec is one of just four "leaders" in Gartner's Magic Quadrant for Cloud Access Security Brokers alongside McAfee (which bought CASB Skyhigh Networks in January 2018) as well as pure-play CASBs Netskope and Bitglass.

Broadcom told investors that Symantec's approach to cloud security is differentiated from companies like Netskope thanks to its integration and wide range of predefined DLP selectors.

5. Symantec Enterprise Security Has Consistently Fallen Short Of Growth Objectives

Combining Symantec's technology with Broadcom's reach will enable the enterprise security business to grow without having to invest in fixing its go-to-market model, Symantec CEO Hill told investors. Symantec’s enterprise security business has a huge opportunity for growth, but the company was consistently falling short of its objectives given the go-to-market strategy that was being employed.

Symantec's enterprise security business should benefit from the go-to-market infrastructure that Broadcom already has in place, Hill said, allowing for an easy transition of the ongoing business onto Broadcom's platform. Broadcom CEO Tan said the company's go-to-market team is focused on Global 2000 organizations, and also supports the Brocade and CA Technologies product lines.

Attempting to restructure the Symantec enterprise security cost model internally could have put the company's revenue stream in jeopardy, Hill said. As a result, Hill said carving out stranded costs becomes much easier once Symantec's enterprise security business has been transferred over to Broadcom.

4. Broadcom Was Already Playing In Cybersecurity Thanks To CA Deal

Broadcom entered the cybersecurity arena in November 2018 when its $18.9 billion acquisition of CA Technologies closed, but unloaded much of its security expertise just two months later by selling CA-owned application security testing vendor Veracode to Thoma Bravo for $950 million.

CA Technologies, though, continues to have an identity and access management (IAM) platform, which provides authentication, single sign-on, identity management and governance, and directory services, according to the company's website. CA's IAM offering will be fused with Symantec's endpoint, web and DLP capabilities to create an even more comprehensive enterprise security platform, Broadcom said.

The platform will be supported by advanced services in information protection, threat protection, identity management, compliance enforcement, and third-party applications, Broadcom said. The platform also has 175 million endpoints as well as 57 million attack sensors, according to Broadcom.

3. Focus Will Be On Selling To Global 2000 Organizations

Broadcom plans to add Symantec's product to the company's existing go-to-market organization that supports the Brocade and CA Technologies software portfolio and targets Global 2000 organizations, Tan told investors Thursday.

Tan likened the Symantec deal to Broadcom's CA Technologies acquisition last year, where the company has increased overall bookings by 8 percent despite 10 percent revenue attrition from the company's smaller enterprise and SMB customers, which make up 25 percent of the customer base.

Tan said business with smaller enterprises and SMBs tends to be less sticky, and "bright shiny objects" tend to be a major draw. But among the core Global 2000 accounts that comprise 75 percent of the company's business, Broadcom has enjoyed bookings growth since the company's technology is embedded into the core IT infrastructure and cannot be easily displaced or removed.

2. Unloading The Enterprise Business Should Help Symantec's Consumer Division

Even though Symantec's enterprise security business made up 49 percent of the company's overall revenue in the quarter ended June 30, the segment generated just 10 percent of the company's operating income in the most recent quarter, Symantec CEO Hill told investors.

Meanwhile, Symantec's consumer cybersafety segment—which includes the Norton and LifeLock product lines—contributed 90 percent of operating income and 51 percent of revenue last quarter. The consumer business will operate as a stand-alone company going forward, although under a different name since the Symantec brand was sold to Broadcom.

Marketing costs in Symantec's consumer segment had been reduced over time to free up money at the corporate level to fund the turnaround of the enterprise business, Symantec CFO Pilette told investors. Allowing the company to focus solely on its consumer business unencumbered by the performance of enterprise security business should allow the consumer segment to get back to mid-single-digit growth, Hill said.

1. Consumer, Enterprise Units Have Cross-Licensed Tech, Will Continue Sharing Threat Intel

Symantec's consumer business will continue sharing threat intelligence data with the enterprise security business even after it becomes part of Broadcom, Hill said. The enterprise environment tends to be more benign since corporations control cyberthreats at multiple points in their network, Hill said, while consumers are subjected to more potential viruses since they're able to go anywhere on the internet.

As a result, both Symantec's consumer and enterprise divisions will continue to enjoy the benefit of diverse threat intelligence data, Symantec CTO Hugh Thompson told investors. The agreement will allow both sides of the company to benefit from the intellectual property and code base Symantec has built around its endpoint technology over the course of its history, Thompson said.

The cross-licensing agreement for the technology goes both ways, and patents that cover overlapping capabilities between the two organizations with be shared, Hill said. The patents most closely aligned with Symantec's consumer business will remain with the company, Hill said, while the ones most closely aligned with the enterprise business will go over to Broadcom.