Contents

  1. The Acquisition and What It Changed
  2. The Symantec Product Portfolio Under Broadcom
  3. Pricing Changes: What Enterprise Buyers Are Experiencing
  4. Support Quality: The Hidden Cost of Broadcom Ownership
  5. Product Roadmap and End-of-Life Risk
  6. Alternatives: How Symantec Compares in 2024
  7. Renewal Traps and Contract Red Flags
  8. CIO Decision Framework: Stay, Renegotiate, or Exit
  9. 90-Day Action Plan

The Acquisition and What It Changed

Broadcom completed the acquisition of Symantec's Enterprise Security business from Broadcom Inc. on November 4, 2019, for $10.7 billion in cash. Symantec shareholders received approximately $12.00 per share in a special dividend. The consumer security division was retained by Symantec's former parent and rebranded as NortonLifeLock.

The strategic rationale from Broadcom's perspective was explicit from the outset. Broadcom CEO Hock Tan described the acquisition as an opportunity to apply Broadcom's operational model — focused cost reduction, premium customer retention, and monetisation of a dominant installed base — to an enterprise software franchise. This is the same model Broadcom applied to CA Technologies (acquired 2018) and would later apply to VMware (acquired 2023).

What Broadcom will not tell you: the model requires identifying which customers are worth retaining and which will be allowed to churn. Broadcom stated publicly after the acquisition that it intended to focus on Global 2000 enterprise accounts. The $1 billion operating expense reduction target — achieved through cuts to sales, marketing, and general and administrative staff — was explicitly funded by reducing the investment in serving mid-market and smaller customers.

For CIOs at Global 2000 organisations, this means Symantec under Broadcom is a very different commercial relationship than Symantec under its previous management. Enterprise support, dedicated account relationships, and some commercial flexibility remain. For CIOs at mid-market organisations — the segment below Broadcom's strategic priority threshold — the experience has been markedly different: price increases without negotiation room, support interactions with reduced technical depth, and a product roadmap that lacks the innovation investment of the pre-acquisition era.

The Symantec Product Portfolio Under Broadcom

Broadcom has rationalised the Symantec product portfolio since the acquisition, retaining the core enterprise security platforms while discontinuing products that did not meet revenue or strategic threshold criteria.

Symantec Endpoint Security (SES) Complete

The flagship endpoint security platform. SES Complete provides multi-layered protection across on-premises, cloud, and hybrid deployments. Core capabilities include endpoint detection and response (EDR), threat hunting, adaptive protection, application control, and XDR integration. The platform addresses the full endpoint security lifecycle from prevention through detection and response. It is deployed on a per-endpoint subscription basis and represents Broadcom's primary endpoint security revenue stream.

One capability that Broadcom genuinely differentiates: Adaptive Protection, which uses machine learning to build behaviour baselines per organisation and alert on deviations. This is not widely replicated by competitors at the same fidelity. It is one of the few areas where CIOs considering migration should evaluate capability parity carefully before committing.

Symantec Data Loss Prevention (DLP)

Symantec DLP is one of the most mature and comprehensive enterprise DLP platforms in the market. Current version DLP 25.1 covers endpoints, network file shares, databases, email systems, and cloud applications. Advanced detection capabilities include Exact Data Matching (EDM) and Indexed Document Matching (IDM) — both of which offer higher fidelity detection than most competitive DLP products. The platform has received meaningful investment since the acquisition, including integration with Google Workspace and Google Chrome Enterprise through a Broadcom-Google collaboration announced in 2024.

For organisations where Symantec DLP is deeply integrated into data governance workflows and regulatory compliance programmes, migration complexity is high. The product's technical depth is genuine, and the switching cost — in both implementation effort and institutional knowledge — should be factored carefully into any exit evaluation.

Symantec Secure Web Gateway and CASB

The web security and Cloud Access Security Broker portfolio has been subject to more competitive pressure than endpoint security. Zscaler has become the default consideration for organisations evaluating web security alternatives, and Palo Alto Prisma Access competes effectively for organisations pursuing SASE consolidation. Broadcom has invested in ZTNA integration within its SASE architecture, but the competitive positioning against cloud-native alternatives is less compelling than in the endpoint and DLP categories.

Products Discontinued

Broadcom has executed a pattern of portfolio rationalisation since the acquisition. Products discontinued as of 2024–2025 include Cloud Workload Protection (CWP), Symantec Protection Suite Small Business Edition (SPSS), ICS Protection (ICSP), Mail Security for Microsoft Exchange (SMSMSE), and Symantec Protection Suite (SPS), all reaching end-of-life December 31, 2024. Symantec Critical System Protection (CSP) entered end-of-life proceedings from February 28, 2025, with new sales halted from March 1, 2025. Hardware appliances for Symantec EDR have been phased out in favour of virtual appliances.

Need independent assessment of your Symantec renewal options?

Redress Compliance provides buyer-side advisory on enterprise security contracts. No vendor relationships. No referral fees.
Request a Review →

Pricing Changes: What Enterprise Buyers Are Experiencing

Broadcom's acquisition economics require price increases. The $10.7 billion acquisition price, combined with a $1 billion operating cost reduction target, produces a financial structure that must generate significantly more revenue per customer than the Symantec business produced independently. In practice, this has translated into renewal quotes that consistently exceed prior pricing by 2–4 times for most enterprise customers, with the increase heavily weighted toward customers below the Global 2000 tier.

The pattern across Redress Compliance engagements and public customer community reporting is consistent. Symantec Endpoint Protection (SEP) renewals for enterprise customers have typically been quoted at 2–3 times the prior-year price. Small and mid-market customers have encountered increases of 300–400% above prior pricing, with limited or no negotiating room. One widely discussed community forum example documented an SEP Small Business Edition increase exceeding 400%.

For large retail enterprise customers, Broadcom's approach has been to propose increases at 3 times prior pricing, with negotiation room of approximately 50% of the proposed increase available when customers demonstrate competitive alternatives and credible migration readiness. The net outcome in well-managed negotiations has been renewals at approximately 50% above prior pricing — still a material increase, but manageable within security budget frameworks if the migration cost is accurately assessed and the competitive dynamic is used effectively.

Customer Segment Typical Proposed Increase Achievable After Negotiation Negotiation Lever
Global 2000 Enterprise 2–3× +30–50% above prior Migration threat + exec relationship
Mid-Market ($1M–$5M) 2–4× +50–100% above prior Documented competitive RFP
SMB / Below $500K 400%+ Minimal — take or leave Migration is the primary option

The licensing model shift deserves specific attention. Broadcom no longer sells new perpetual licences for any Symantec product. All new sales and renewals are subscription-based, typically structured as per-endpoint-per-year for endpoint security. Existing perpetual licence holders can continue to use their software, but without an active support contract, the perpetual licence receives no security updates, no patch releases, and no vulnerability fixes. For security software, operating under an expired support contract is not a functional option — the risk exposure from an unpatched security platform protecting enterprise endpoints is existential. This is Broadcom's primary mechanism for converting perpetual customers to subscription.

Support Quality: The Hidden Cost of Broadcom Ownership

The $1 billion operating expense reduction that Broadcom targeted following the Symantec acquisition was not accomplished through efficiency alone. A significant component came from reductions in customer-facing roles — technical support staff, account management, and the specialist sales engineers who historically provided the technical depth that differentiated Symantec's enterprise support from commodity alternatives.

The consequences are documented. StatusGator, which tracks enterprise SaaS service reliability, recorded 622 outages affecting Symantec Endpoint Security Enterprise and 442 outages affecting Symantec Endpoint Security Complete over a two-year measurement period. Customer community forums document recurring complaints about support staff lacking the technical depth to resolve complex configuration issues, knowledge base articles that do not reflect current product versions, and billing practices that include charges initiated a month before contract renewal dates.

Broadcom offers a premium Business Critical Services (BCS) tier with a designated Business Critical Account Manager. For Global 2000 customers, this tier provides a materially better support experience and represents a genuine option for organisations that require reliable support as a contract condition. The BCS tier comes at additional cost and should be evaluated explicitly rather than assumed in a standard renewal quote.

For mid-market and smaller customers without access to BCS, the support experience under Broadcom is meaningfully degraded from the Symantec-independent era. CIOs should account for the hidden cost of degraded support — the internal time and resource cost of managing incidents that would previously have been resolved faster with more capable vendor support — when evaluating the true cost of staying on Symantec versus migrating to an alternative with a better support model.

Product Roadmap and End-of-Life Risk

The most significant strategic risk for CIOs maintaining Symantec as a long-term security platform is roadmap uncertainty. Analysts and customers consistently characterise Broadcom's product development investment in Symantec as minimal relative to the acquisition cost and the revenue being extracted. The pattern of portfolio rationalisation — products discontinued in 2024 and 2025 — is consistent with a model that prioritises margin extraction over product investment.

Broadcom's policy is to provide a minimum 12-month advance notice before any product end-of-life announcement. This gives CIOs planning time, but not much more. For an organisation running a Symantec product that receives an EOL announcement, 12 months is a tight timeline to evaluate alternatives, complete a procurement process, plan migration, execute the technical transition, and re-train security operations staff. CIOs should not assume that 12 months is sufficient — in complex enterprise environments, 18–24 months is a more realistic migration timeline.

The pattern of discontinuations also signals where Broadcom's strategic investment is not going. Products at the lower end of the enterprise market, products requiring significant ongoing engineering investment, and products facing strong competitive pressure have been the first to face EOL. The core platforms — SES Complete and DLP — have received continued investment. But CIOs should not assume that the current product retention list reflects a permanent commitment. The acquisitive model that produced the 2024–2025 discontinuations could produce further rationalisations in subsequent years.

"We received the EOL notice for one of our Symantec products with 11 months to go. We thought 12 months was enough. It was not. We are now running a platform in temporary extension mode while the migration completes. The lesson is to treat every product you use as a potential EOL candidate and plan accordingly." — CISO, European Financial Services Group (anonymised, 2024 engagement)

Alternatives: How Symantec Compares in 2024

The enterprise security market has matured significantly since the Broadcom acquisition in 2019. Competitive alternatives to Symantec's core products are more capable, better supported, and in many cases more cost-effective than they were five years ago. CIOs evaluating alternatives should assess the market based on current product capabilities rather than historical perceptions.

Endpoint Security Alternatives

CrowdStrike Falcon has become the dominant endpoint security platform for organisations migrating from legacy AV and EDR platforms. The cloud-native architecture, AI-driven detection, and strong threat intelligence integration have made it the default RFP consideration for mid-to-large enterprises. Initial deployment costs are lower than Symantec's, operational complexity is reduced through the consolidated Falcon platform, and the support model is consistently rated above Broadcom/Symantec in independent assessments.

Microsoft Defender for Endpoint is the cost-effective path for organisations already committed to Microsoft 365 E3 or E5. Defender P1 is included in E3 at no additional cost; Defender P2 is included in E5. For organisations already paying for E5 across their user base, Defender for Endpoint P2 delivers enterprise-grade EDR capability at a marginal cost that makes it very difficult to justify a separate Symantec endpoint contract. The integration with Microsoft Sentinel, Microsoft Entra, and the broader Microsoft 365 security stack is a genuine operational advantage for Microsoft-committed organisations.

Palo Alto Networks Cortex XDR is the premium option for organisations requiring the most advanced threat detection and response capabilities and prepared to pay a premium. Cortex XDR's platform coverage — endpoint, network, and cloud — positions it as a consolidation platform for organisations looking to reduce vendor count in their security stack while maintaining or improving detection capability.

DLP Alternatives

Symantec DLP remains one of the most technically capable enterprise DLP platforms. CIOs considering migration from Symantec DLP should evaluate capability gaps carefully, as alternatives vary significantly in detection fidelity. Proofpoint Enterprise DLP is the most commonly evaluated alternative, particularly for organisations where email DLP is the primary use case. Microsoft Purview Information Protection (formerly Microsoft Information Protection) is the default consideration for Microsoft-committed environments. For network and endpoint DLP at the enterprise scale, few alternatives match Symantec's depth — Forcepoint DLP is the closest like-for-like alternative.

Web Security and CASB Alternatives

For secure web gateway and CASB capabilities, Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) have become the clear market leaders among organisations pursuing cloud-native SASE architecture. Palo Alto Prisma Access competes effectively for organisations with existing Palo Alto investments. Cisco Umbrella and Microsoft Defender for Cloud Apps are viable alternatives for their respective installed bases.

Symantec Product Primary Alternative Microsoft-First Alternative Migration Complexity
SES Complete (Endpoint) CrowdStrike Falcon Microsoft Defender E5 Medium — 3–6 months
Symantec DLP Forcepoint DLP / Proofpoint Microsoft Purview ILP High — 9–18 months
Secure Web Gateway Zscaler ZIA Microsoft Defender for Cloud Apps Medium — 4–8 months
CASB Zscaler ZIA/ZPA Microsoft Defender for Cloud Apps Medium — 3–6 months
Email Security Proofpoint Enterprise Microsoft Defender for Office 365 Low-Medium — 2–4 months

Renewal Traps and Contract Red Flags

Broadcom's contract structures for Symantec enterprise renewals contain several provisions that consistently disadvantage buyers who do not review contract terms carefully. CIOs and procurement teams should evaluate each of the following before signing any Symantec renewal.

Contract Consolidation Timing Lock-In

Broadcom actively encourages customers to consolidate all Symantec product renewals into a single multi-year agreement with a common renewal date. The pitch is simplification — one contract, one renewal cycle, one account team. The risk is that consolidation hands Broadcom significant leverage at the consolidated renewal: instead of individual product renewals where you can negotiate product by product, you face a single large renewal where Broadcom can cross-leverage your dependence on the full portfolio.

Resist consolidation unless you have multi-year pricing locked on all products, price caps on escalation, and a right-to-exit specific products without penalty. Without these provisions, consolidated renewals are a leverage transfer to Broadcom.

Perpetual Licence Conversion Pressure

Broadcom applies significant commercial pressure to convert existing perpetual licence holders to subscription. The mechanism: without an active support contract, the perpetual licence receives no patches, no updates, and no security fixes. Broadcom will also, in some cases, refuse to renew support on perpetual licences and require subscription conversion instead.

Before converting perpetual licences to subscription, evaluate the cost over a 3–5 year term. A perpetual licence with annual support at 20–22% of list was historically cheaper per year than a subscription equivalent at 30–35% of list annual equivalent. The cumulative cost over five years on a subscription can exceed the perpetual plus support model by 40–60%. If conversion is unavoidable, negotiate the subscription price as a percentage of what you were paying in perpetual support, not as a percentage of current list price.

Billing Practices

Multiple customer reports document Broadcom initiating billing charges one month before the formal contract renewal date. This is not a terms-and-conditions issue — it is a billing process that catches customers who are not actively monitoring invoice timing. Assign a named owner to invoice approval for all Broadcom/Symantec renewals and verify that billing dates match contract renewal dates precisely.

Late Renewal and Reinstatement Fees

Broadcom has introduced penalties for late renewals across its product portfolio. For Symantec enterprise products, missing the contract renewal window can require paying arrears at the new (higher) subscription rate, potentially with a reinstatement fee. Organisations that are evaluating alternatives near renewal time face a compressive deadline: renew before evaluation is complete (and pay the new pricing) or miss the deadline (and pay the new pricing plus a penalty). The solution is to begin the renewal evaluation process 12–18 months before expiry, not 60–90 days.

Insider fact Broadcom does not publicise: Broadcom's account teams have revenue targets tied to converting mid-market customers to multi-year subscription agreements in Q4. Organisations that push renewal conversations to October–November often encounter materially more flexible commercial terms than those that negotiate in Q1–Q2. This is Broadcom's fiscal year-end effect — exactly the same dynamic that applies to VMware renewals.

CIO Decision Framework: Stay, Renegotiate, or Exit

The decision framework for any Symantec renewal has three viable paths. Each path requires a different preparation, timeline, and commercial approach.

Path 1: Stay and Renegotiate

This path is viable for organisations where Symantec capability — particularly DLP and endpoint adaptive protection — is genuinely differentiated versus alternatives; where the migration cost and operational disruption outweighs the potential saving; and where the organisation has sufficient spend to access Broadcom's Global 2000 commercial flexibility.

Renegotiation preparation requires a documented competitive RFP from at least two alternative vendors, preferably three. It requires internal costings for migration — the transition services, retraining, and operational disruption that migration would involve. And it requires the willingness to use those alternatives as genuine negotiating leverage, not just as a bluffing tool. Organisations that bluff without genuine migration readiness are identified by Broadcom's account teams and receive limited commercial flexibility.

Path 2: Platform Migration

Migration is the correct path for organisations where the Symantec pricing increase produces a total cost that exceeds both the migration cost and the ongoing cost of the alternative platform; where the products in use are approaching EOL or where EOL risk is elevated; or where the support quality decline has created operational risk in the security programme.

Migration requires at minimum 12 months for endpoint security migration and 18–24 months for DLP given the complexity of policy migration, data discovery reconfiguration, and operational retraining. Do not begin a migration while a renewal deadline is imminent — this produces either an expensive parallel running period or a rushed migration that compromises security posture. Begin migration evaluation 18 months before renewal, renew for a shorter term to bridge the migration period if needed, and execute migration without the pressure of an imminent licence expiry.

Path 3: Selective Rationalisation

For organisations running multiple Symantec products, a selective approach — retaining the products where Symantec's capability is genuinely differentiated (typically DLP) while migrating products where alternatives are superior (email security, web gateway) — delivers cost savings without the full operational risk of total migration. This approach requires careful attention to integration dependencies between Symantec products and a clear sequencing plan that avoids creating security coverage gaps during the partial migration.

90-Day Action Plan for CIOs

Regardless of which path you ultimately take, the following 90-day action plan applies to every organisation with a Symantec enterprise contract:

Days 1–30: Establish the Baseline. Audit all active Symantec products, versions, licence counts, and contract renewal dates. Identify which products are on perpetual licences and which are subscription. Map the renewal timeline for each product over the next 24 months. Confirm whether any products are on EOL notification lists. Identify the current billing contact and confirm invoice timing against contract dates.

Days 31–60: Assess the Alternatives. Request formal proposals from CrowdStrike (for endpoint), Proofpoint or Forcepoint (for DLP), and Zscaler (for web security). Request Microsoft pricing through your Microsoft account team for Defender E5 capabilities. Cost the migration for each product category — implementation services, retraining, and operational transition. Model the 3-year total cost comparison: stay versus migrate for each product.

Days 61–90: Build the Negotiating Position or the Migration Business Case. If the 3-year cost comparison favours staying, build the negotiating position: document the alternatives, the migration cost avoidance, and the commercial counter-proposal. If the cost comparison favours migration for any product, build the migration business case for board or executive review. If renewal is within 12 months, initiate the Broadcom renewal conversation with the documented alternatives in hand — and time the conversation for Q4 if possible.

Need support building your Symantec renewal strategy?

Redress Compliance provides independent advisory across the full decision framework — renewal negotiation, migration planning, and security platform evaluation. 500+ engagements. 100% buyer-side.
Book a Consultation →

The Position Redress Compliance Takes

Broadcom's commercial model for Symantec is rational from a financial perspective and consistently disadvantageous from a buyer perspective. The price increases are real and unlikely to reverse. The product rationalisation will continue — history since 2019 gives no evidence of a pause. The support quality reduction is structural, tied to the $1 billion cost reduction that was executed at headcount, not recovered.

None of this means CIOs must accept Broadcom's initial renewal terms. The Global 2000 organisations that Broadcom most wants to retain have genuine leverage — but only if they use it. The organisations that treat Symantec renewal as a routine procurement exercise are the ones that pay 2–3 times their prior price without achieving any mitigation.

Our position is direct: if you are in a Global 2000 organisation with genuine migration readiness, you have more leverage than Broadcom's account team will acknowledge. If you are below the Global 2000 threshold, the question is whether the Symantec capability justifies the new pricing versus the migration cost — and in most cases, a careful cost comparison finds that it does not for products where competitive alternatives are strong. The DLP product is the exception. The endpoint, web security, and email products are not. We help organisations make this distinction precisely, and then execute whichever path the data supports.