My colleague Jon Oltsik had a running blog series entitled “If I Were the Next CEO of Symantec” that he updated every few years when new leadership was introduced. With the recent announcement of Broadcom’s intention to purchase Symantec’s enterprise business unit for $10.7 billion, I thought I would beat him to the punch and create a new blog series, “If I Were the CEO of Broadcom.”
Of course, I’m not a silicon analyst, so my recommendations will be limited to the security side of Broadcom’s business. However, if I were the CEO of Broadcom and my goal was to optimize Symantec’s portfolio and properly leverage my investment, here are a few of the things I would focus on:
- Retire or divest legacy and non-core products: There are areas of the Symantec portfolio that may have made perfect sense at one time but no longer do. Much of this is due to the long (and inconsistent) acquisition history of the company. These product lines represent a small part of the business and, in many cases, limited growth opportunities. Symantec may be better off moving on from them.
- Network Performance (Blue Coat) and Endpoint Management (Altiris) fall outside of the cybersecurity realm and don’t add a lot of incremental value to the company.
- Control Compliance Suite (CCS) doesn’t have the breadth of more full-scale risk management platforms like RSA Archer, and has lost ground to smaller players like Tripwire.
- VIP, Symantec’s two-factor authentication solution, has seen enhancements over the last few years in an attempt to break into the B2C space, but with CA’s Identity suite already under the Broadcom umbrella and limited B2B traction, I’d expect some changes here.
- Continue to invest in the Integrated Cyber Defense approach: ICD is Symantec’s platform architecture and represents an important opportunity moving forward. ESG research has shown that 62% of organizations would consider using a single security vendor for the majority of their security solutions, with efficacy, automation of processes, and operational efficiency being top reasons why. Symantec’s ICD vision puts it in contention to compete for these organizations’ business. Yet further development is required to expand its platform support through the rest of its portfolio, including the cloud, and increase its analytics capabilities. If this happens, Symantec will have a very compelling story to share with its customer base.
- Build deeper integrations between SWG, CASB, and DLP: Symantec has been a market leader in SWG for years but was behind the curve with the shift to cloud. That’s finally been addressed, but the vendor needs to leverage its advantages in CASB and DLP in order to not miss another seismic market shift. ESG has talked about the emergence of elastic cloud gateways, which fully integrate SWG, CASB, and DLP functionality (among other capabilities) in a cloud native, highly scalable platform that provides a globally distributed yet locally accessible experience to users. Symantec has the tools to be a key player in this space, but more work needs to be done both to integrate the products and push the huge ProxySG installed base into the cloud with Symantec rather than a competitor.
- Maintain a presence in email security: It seems like from a solution perspective this is fast becoming one of the forgotten areas of cybersecurity, even though it continues to be the preferred threat vector for attackers. Some of this can be attributed to O365 adoption and the built-in controls Microsoft offers. Yet like with all cloud services, there’s room for native controls and third-party solutions. Symantec has a robust offering here, accounting for filtering, advanced threat detection and response, isolation, and user awareness training. Symantec’s lost a good deal of ground to Proofpoint in this space, but these products provide important telemetry to the rest of the portfolio and will represent a key aspect of any platform strategy.
- Allow services to flourish: Symantec has done most of the hard work of building a strong services organization that boasts consulting and incident response, managed services, and threat intelligence. It’s expanded into the MDR realm recently as well, as that space continues to drive massive amounts of interest. Services is a lower margin business, so some changes may be coming to better fit the Broadcom operating model. But Symantec has been smart about its’ investments here, and the services portfolio gives it differentiation from many competitors. Also, ESG research has found that outside of having a full SIEM product, organizations think that having threat intelligence feeds/analytics and managed services are some of the most important analytics capabilities for enterprise-class vendors.
- Focus on the enterprise, without neglecting the upper mid-market: This will not be Broadcom’s strategy, but I’ll call it out anyway. There’s clearly an opportunity to cross-sell Symantec into the Broadcom strategic enterprise base (via CA). There’s also still expansion possible within existing Symantec accounts, both as the ICD vision comes to fruition and through ensuring the SEP installed base is fully utilizing all related products (i.e., EDR and SEP Mobile). However, some of the fastest growing cyber security companies are focusing further down market—not in the SMB, but to midsize and small enterprises. While we know it’s less expensive to sell to an existing customer than win a new one, Symantec has had limited success in this space for years and it represents another avenue to growth. To grow within the enterprise, you either need a new technology that has few or no competitors, or great technology to displace existing vendors. If Broadcom fully delivers on Symantec’s ICD vision, it can succeed in the enterprise—but in parallel, it should be looking to expand its potential customer base.
Symantec has good technology and a well-known brand but has seen sluggish growth for years. The Blue Coat acquisition had promise, but ultimately failed to deliver the success financially. Symantec is desperate for an injection of operational excellence, which Broadcom can clearly provide. However, for the business to truly succeed there needs to be additional investment—not necessarily through acquisition, but through the realization of the ICDx vision and further product enhancements to deliver the full value of the portfolio. Once the deal closes, Broadcom should quickly and clearly provide specifics on the future of the portfolio to protect Symantec’s installed base. Security is a competitive space, and customers won’t sit back and wait while uncertainty swirls.
