Overview of Broadcomโs Symantec Acquisition
Broadcomโs acquisition of Symantecโs Enterprise Security division in late 2019 for $10.7 billion marked a major shift in the security software landscape.
This deal transferred key enterprise products, includingย Symantec Endpoint Protection (SEP),ย Data Loss Prevention (DLP),ย ProxySG Secure Web Gateway,ย CloudSOC CASBย (Cloud Access Security Broker), and others, into Broadcomโs portfolio. Broadcom rebranded the consumer business as NortonLifeLock, while the Symantec name continued under Broadcom for enterprise offerings.
Broadcomโs Strategy: Broadcom, known for its aggressive cost management following prior software acquisitions (CA Technologies in 2018, among others), applied a focused strategy: prioritizing large enterprise clients and streamlining the product portfolio.
CEO Hock Tan explicitly targeted Global 2000 organizations, noting that smaller enterprises and SMB customers were โless stickyโ and not a focus for Broadcom. This approach has translated into significant changes in how Symantecโs software is licensed, sold, and supported.
Immediate Turbulence: The post-acquisition transition was rocky. Broadcomโs internal systems initially struggled to handle Symantecโs licensing and support processes, resulting in delays in new license issuance and renewals.
Many Symantec staff and partners were cut or realigned, foreshadowing a leaner operation. CIOs quickly sensed that **โbusiness as usualโ was over โ Broadcom intended to enforce new rules of engagement for Symantec software customers.
Broadcomโs Licensing & Support Changes Post-Acquisition
Broadcom implemented sweeping licensing and support changes for Symantec enterprise products, affecting pricing, contract terms, and customer experience.
Key shifts included:
- Elimination of Perpetual Licensing: Broadcom moved away from selling new perpetual (one-time purchase) licenses. Existing perpetual licenses are still honored for usage, but without an active support contract, they receive no updates or support. Customers with legacy perpetual rights often feel pressure to convert to Broadcomโs subscription model to maintain supportโ. (For example, one user noted they could no longer renew maintenance on a perpetual SEP license โ essentially being forced into a new annual subscription if they wanted continued protection updates.)
- Surging Prices and Streamlined Discounts: Under Broadcom, many customers have reported steep price increases for renewing Symantec products. Reports range from double to quadruple the previous cost, even for large enterprises. In one instance, a large customer on a renewal call heard of a ~300% price increase for their Symantec licenses. Smaller businesses saw even more dramatic hikes; for example, Symantec Endpoint Protection Small Business Edition users cited renewal quotes 4-5 times higher (400 %+ increase) than prior Symantec pricing. Broadcomโs pricing strategy leaves minimal room for negotiation compared to Symantecโs more flexible discounting in the past.
- Reduced Support for Smaller Customers: Symantecโs broad base of small-to-medium customers now gets far less attention. Broadcom significantly slashed support resources and partner involvement for the Symantec line, focusing support on top-tier clients. Many SMB and mid-market customers have experienced slower response times and less hands-on support unless they pay for premium support packages. Broadcom even discontinued Symantecโs small-business-specific offerings (such as SEP Small Business Edition), nudging those customers toward enterprise bundles or leaving them without a direct replacement. This has led some to describe Broadcom as essentially โfiringโ smaller customers by making their contracts economically unviable.
- Contract Consolidation and Multi-Year Terms: Broadcom favors consolidating Symantec contracts into larger, multi-year agreements. Instead of numerous small renewals, Broadcom often proposes aย single, unified contract (often a 3-year contract)ย that encompasses multiple Symantec products. Co-termination of license anniversaries and portfolio-wide deals is now common. While this simplifies management, it also locks customers in and syncs all renewals to one cycle โ a leverage point Broadcom can use to its advantage. Many CIOs found that renewing one Symantec product now entails reviewing their entire Symantec estate under Broadcomโs unified approach.
- Portfolio License Agreement (PLA) โ Bundled Licensing: In line with Broadcomโs wider strategy, Symantec products can be sold under a Portfolio License Agreement. A PLA is a bundled subscription that gives an enterprise access to multiple Symantec solutions for a single price, often in the form of a large annual or multi-year subscription. Broadcom pitches this as a way to โreduce complexityโ and potentially save money if a customer uses a broad swath of the Symantec security suite. In practice, only the largest customers benefit from PLAs, and they encourage the uptake of additional Symantec tools to justify the cost. Smaller clients that only need one or two products find this model unaligned with their needs.
- Changes in Support Model: Broadcom shifted Symantecโs support to a tiered model, which often ties better service to higher spending. Standard support is included with subscriptions, but many customers note it feels less responsive than Symantecโs legacy support. Broadcom offers premium support tiers (at an additional cost) for designated support engineers or faster service-level agreements (SLAs). Additionally, Broadcom has been known to sunset older versions more aggressively, requiring upgrades (often only available to subscribers) for continued support. In effect, customers must keep up with Broadcomโs defined upgrade timelines or purchase extended support contracts at premium rates if they fall behind.
Impact on Customers: These changes have alienated many long-time Symantec customers, especially those outside the Global 2000.
Channel partners have reported that numerous organizations, not on Broadcomโs โnamedโ large account list, feel abandoned and are actively seeking alternativesโ. CIOs must now navigate a very different licensing terrain than when Symantec was an independent vendor.
Legacy Symantec vs. Broadcom Licensing โ Comparison Table
Understanding the differences between Symantecโs legacy licensing model and Broadcomโs current approach is crucial.
The table below contrasts key aspects:
| Aspect | Symantec (Pre-Broadcom) | Broadcom (Current) |
|---|---|---|
| License Types | Perpetual licenses with optional maintenance; Subscription licenses available for some products (annual/term-based). | Subscription-centric model for all products; New perpetual licenses no longer sold (existing perpetuals honored for usage without updates). |
| Pricing Structure | Tiered pricing with volume discounts; Competitive pricing for SMB and enterprise alike; Negotiable discounts via resellers. | Significantly higher list prices; Minimal discounting except for very large deals; Many renewals at 2ร-4ร+ previous cost, pricing out smaller accounts. |
| Sales/Channel | Sold through broad channel partner network; Resellers and distributors catered to orgs of all sizes, including SMB. | Focus on direct sales to large enterprises; Many small partners dropped; Global strategic accounts prioritized, others see reduced attention. |
| Contract Model | Individual product contracts, co-terming optional; 1-year typical, multi-year for large deals but flexible. | Consolidated contracts bundling multiple products; Multi-year (2-3+ year) commitments standard; All licenses co-termed for single renewal event. |
| Support | Symantec support with regional teams and active forums; Support available for even smallest customers (via partners or Symantec directly). | Lean support organization; Premium support tiers available at extra cost; Smaller customers often relegated to self-service and community support. |
| Product Updates & Access | Regular product updates and feature releases (Symantec invested in R&D for new features); Maintenance contract required for updates on perpetual licenses. | Fewer new features (maintenance mode on many products); Access to latest versions only with active subscription; Some legacy products quickly EOLโd or integrated into broader solutions. |
| Bundling & Suites | Products sold standalone or in suites (e.g., Symantec Protection Suite) for convenience, but customers could buy ร la carte. | Portfolio License Agreements (PLA) encourage all-in-one subscriptions covering Endpoint, DLP, web security, etc.; Bundles aimed at increasing โproduct stickinessโ across Broadcomโs security suite. |
Table: Key differences between legacy Symantec licensing and Broadcomโs post-acquisition model.
Interpretation: Overall, Broadcomโs model is optimized for large, long-term deals with enterprise customers, whereas Symantecโs legacy approach was more flexible and inclusive of various customer sizes. CIOs at smaller or mid-sized organizations, especially, feel the pinch, as the new licensing regime may force them to either accept oversized contracts or look for alternatives.
Impact Analysis by Major Product Category
Broadcomโs changes have not affected all Symantec products equally. Below is an analysis of how different product categories have been impacted:
Endpoint Protection (Symantec Endpoint Protection & Symantec Endpoint Security)
Symantec Endpoint Protection (SEP) โ the flagship anti-malware and endpoint security suite โ was historically offered as a perpetual license (with annual support) or as part of a suite. Post-acquisition, Broadcom has rolled SEP into Symantec Endpoint Security subscriptions.
Notable impacts:
- Small Business Edition (SBE) Discontinued: Broadcom terminated Symantec Endpoint Protection Small Business Edition, forcing small customers to either migrate to the full enterprise SEP product or find alternatives. Many SMBs found the new enterprise contracts unaffordable (as noted, some received renewal quotesย for similar coverage that were 400% higher). Broadcom showed little interest in retaining tiny accounts, steering them to partner offerings or simply ending those relationships.
- Pricing and Licensing: SEP under Broadcom is only sold on a subscription basis (typically per endpoint per year). Existing perpetual SEP customers can technically continue using their last licensed version indefinitely, but without active maintenanc,e they stop receiving signature updates โ effectively untenable for security software. Broadcomโs renewal quotes for SEP have often been shockingly high, even for loyal enterprise customers, which led to pushback and exploration of other endpoint vendors.
- Feature Development: Broadcom has been slow to introduce major new features into SEP. The focus appears to be on keeping the product stable for existing customers while upselling advanced capabilities, such as EDR (Endpoint Detection and Response) or cloud-managed SEP, separately. Some customers have expressed concern that innovation has stagnated, citing Broadcomโs reputation for โstopping investment in innovationโ after acquisitionsโ. The core antivirus functionality remains solid, but CIOs worry that the solution will struggle to keep pace with evolving endpoint threats.
- Customer Example: A large retail enterprise with ~10,000 endpoints reported that their SEP renewal quote jumped roughly 3ร under Broadcom, with no significant changes in terms or features. This caused them to evaluate CrowdStrike Falcon as an alternative. They ultimately used the CrowdStrike proposal as leverage โ Broadcom conceded a smaller increase (around 50% over previous pricing) when faced with losing the customer. It illustrates that while Broadcom starts with high pricing, they may negotiate for big accounts if competitive pressure is clear.
Data Loss Prevention (Symantec DLP)
Symantecโs DLP suite (for monitoring and preventing sensitive data leakage across endpoints, network, and storage) remains a staple in many large organizations, and Broadcom has continued to offer it, but with adjustments:
- Continued Availability: Unlike some smaller products, Symantec DLP is still strategically sold and supported because many Global 2000 companies rely on it for compliance. Broadcom folded DLP into its Information Security portfolio deals, often bundling DLP licenses into broader agreements that also include classification and cloud security.
- Licensing Changes: Previously, Symantec DLP could be purchased as individual modules (such as Network, Endpoint, and Discovery servers), often with perpetual licenses plus maintenance. Broadcom now sells DLP primarily through subscription bundles, often based on the number of users or endpoints being monitored. Perpetual DLP licenses held by customers are still valid for use, but upgrades, such as new detection rules or cloud connectors, require a subscription. Broadcomโs pricing for DLP increased, but not as abruptly as for SEP; however, discounts decreased. Some mid-sized firms that only wanted an endpoint DLP module found they had to buy a broader DLP package or commit to a higher tier license count than before.
- Support and Updates: DLPโs support under Broadcom has seen mixed feedback. The core technology is mature, and Broadcom retained key engineers for DLP due to its importance for large accounts. Updates (e.g., new policy templates and cloud application coverage) continue, albeit at a slower pace. Support for smaller deployments, however, is less personalized โ many smaller DLP customers now have to go through Broadcomโs central support portal. In contrast, Symantec had more high-touch support via DLP specialists earlier.
- A customer example:ย A financial services firm using Symantec DLP reported that Broadcom pushed them to migrate from a perpetual license model to a three-year DLP subscription covering all modules (Endpoint, Network, and Cloud). The cost was higher over the term than their previous maintenance fees, but Broadcom justified it by bundling additional features, such as CASB integration. The firm negotiated to protect its โhistorical entitlements’ย โ ensuring that the data fingerprinting licenses they had purchased would remain valid indefinitely for on-premises use, even as they adopted the new subscription for cloud features.
Secure Web Gateway and Proxy (Symantec/Blue Coat ProxySG)
Symantecโs Secure Web Gateway products (originating from the Blue Coat acquisition in 2016) โ including ProxySG appliances and the cloud-based Web Security Service โ faced strategic changes under Broadcom:
- Enterprise Focus & SASE Integration: Broadcom sees a secure web gateway (SWG) as a component of the broader SASE (Secure Access Service Edge) framework. Broadcom has begun integrating Symantecโs proxy and web security capabilities with other acquired technologies, such as combining Symantec web protection with VMwareโs SD-WAN to offer a new single-vendor SASE. This signals that standalone proxy products may be gradually integrated into bundled cloud-edge solutions targeting large enterprises.
- Licensing Model: Historically, ProxySG appliances were sold with perpetual hardware plus a subscription for threat intelligence updates (URL filtering databases, etc.), or as part of a user-based subscription if using the cloud proxy service. Broadcom now leans towards user- or bandwidth-based subscriptions for web security, often packaged under names like Symantec Enterprise Cloud Secure Web Gateway. Hardware appliances remain available for existing customers, but new investments are often directed to cloud-delivered solutions. As with other products, minimum license sizes and multi-year terms are now common โ for example, a mid-sized company that only needed 500 seats of web filtering might be quoted a 1,000-user minimum on a 3-year term with Broadcom.
- Support and Development: Broadcom trimmed partner-led sales for these products, instead dealing directly with large customers on web security deals. Feature development has been modest, focusing on integration (e.g., better coupling with Symantec CASB and Endpoint for unified policy). Support for the proxy appliances and software continues, but smaller clients, such as those with just one proxy appliance, reported feeling deprioritized. Broadcom has also accelerated the end-of-life for older models and software versions, aligning all customers on a narrower set of supported versions. This makes their support burden easier, but forces customers to upgrade on Broadcomโs timeline.
- Customer Example: A multinational manufacturing company used Blue Coat ProxySG proxies globally. After Broadcomโs takeover, their renewal quote for support and subscription services came with a notable increase (~150% over the prior one) and a push to shift to a cloud-based proxy service. Because the web gateway was critical to them and alternatives (like Zscaler) would require re-architecture, they opted to stick with Broadcom but negotiated a slightly reduced user count commitment. They also secured assurance that their existing appliances would be supported for at least the length of the new term, staving off an immediate forced migration to the cloud.
Cloud Access Security Broker (Symantec CASB)
Symantecโs CloudSOC CASB (Cloud Access Security Broker) was a newer offering in Symantecโs portfolio, enabling visibility and control over cloud app usage.
Under Broadcom, CASBโs trajectory has been telling:
- Bundled as Part of Suites: Broadcom rarely sells CASB as a standalone product now. Itโs usually bundled into a Symantec Enterprise Cloud package or the PLA, alongside endpoint and web security. This is partly because CASB by itself is a tough sell against pure-play competitors unless itโs integrated. Broadcomโs strategy is to make CASB an added value for those already invested in Symantecโs ecosystem.
- Licensing Approach: CASB is a subscription-only service (it has always been, being a cloud-based service). Broadcom adjusted packaging to often license CASB per user, co-terminus with other products. Some legacy Symantec customers who had purchased CASB found that the new bundles included CASB, whether they wanted it or not โ essentially, Broadcom is trying to increase adoption by bundling. The cost allocation for CASB within a bundle is not always transparent, but if a customer tries to drop CASB, it may not reduce the bundle price proportionally. In short, CASB has become โpart of the dealโ if you go with Broadcomโs full security suite.
- Product Evolution: The CASB market is highly competitive, with leaders including Netskope, Microsoft Cloud App Security, McAfee Skyhigh, etc. Broadcomโs investment in Symantec CASB has been moderate, maintaining key cloud application coverage and integration, but it has not led to innovation. Some clients have noted that Symantec CASB works well for sanctioned apps like Office 365 and Salesforce, but lacks the analytics finesse of stand-alone rivals. Broadcomโs answer is typically that their โplatform approachโ (combining CASB, DLP, and Web Security) covers those gaps holistically.
- Customer Example: A tech company that used Symantecโs CASB since before its acquisition found that its renewal was folded into a larger Symantec Enterprise Cloud agreement. They were told the CASB component was effectively โfreeโ in the bundle, yet the overall price was higher than their previous separate purchases of CASB and DLP. This bundling made it hard to discern the value per product. The company evaluated Netskope as a pure-play CASB alternative, which offered more advanced features and a competitive price. They ultimately used this as leverage, and Broadcom responded by extending an additional two years of price lock on their bundle and a commitment to roadmap enhancements in CASB. The example shows how introducing a strong alternative can push Broadcom to sweeten the pot for retention.
Protecting Historical Entitlements
Many Symantec customers accumulated valuable legacy entitlements โ especially perpetual licenses and long-held usage rights โ before Broadcomโs takeover.
CIOs should take steps to protect these historical entitlements amid Broadcomโs transitions:
- Audit and Document Your Licenses: First, inventory all Symantec software licenses owned. Identify which are perpetual licenses and which are term subscriptions. For perpetuals (e.g., a 500-user SEP license purchased outright years ago), locate proof of purchase and any license keys or entitlement IDs. These documents are your legal assurance of usage rights. Broadcomโs systems might not have complete records from Symantec days, so maintaining your evidence is critical if any dispute arises.
- Understand Support Cut-offs: If you have perpetual licenses without active maintenance, know what youโre entitled to. Generally, you can use the last version released while your maintenance was active, indefinitely. However, you wonโt get new updates or support. Broadcom has shown a willingness to end support for perpetual customers quicklyโ. Consider whether you need to reinstate support (if available) or if you can safely run the software in isolation (e.g., an old SEP managing an isolated network segment). If you do need support, be prepared that Broadcom may require converting to a subscription โ try negotiating perhaps a โsupport-onlyโ fee to retain your perpetual use (this is rare, but some vendors allow it).
- Watch for Contract Language: When renewing or signing new deals, scrutinize the terms regarding existing licenses. Broadcomโs new contracts might include clauses that supersede past agreements. Avoid inadvertently voiding your perpetual rights โ for instance, if a new subscription deal says it replaces all prior licenses with a new agreement, ensure you carve out that you retain ownership of pre-existing perpetual licenses. Explicitly ask Broadcom representatives how your legacy licenses will be treated if you sign a new portfolio agreement.
- Leverage Perpetuals in Negotiation: A historical perpetual license can be a bargaining chip. Broadcom ultimately wants all customers on subscription, but the fact that you could stick with an old version (even if not ideal) gives you some leverage. One strategy is to say, โWe have the right to use our existing Symantec version indefinitely. If Broadcomโs offer isnโt reasonable, we might just stick with our current version or seek third-party support.โ While running outdated security software isnโt ideal in the long term, this stance can encourage Broadcom to provide a more palatable quote rather than losing the account entirely. For example, a healthcare company with a perpetual SEP deployment threatened to stay on their last supported version without updates. Broadcom responded by offering a shorter-term (1-year) subscription at a deep discount to bridge the gap, buying time for further negotiation.
- Consider Third-Party Support: In some cases, independent support providers (or in-house expertise) can help you keep legacy Symantec products running safely a bit longer. This is more common with infrastructure software, but we are also seeing an emerging niche for third-party security software support. If you have a perpetual license and Broadcom support is cost-prohibitive, consider whether specialized consultancies, such as former Symantec partners, can provide virus definition updates or DLP policy updates on a contract basis. This is not mainstream, but if youโre in a tough spot, it can maintain protection while you transition.
In summary, donโt let Broadcomโs new licensing steamroll over your pre-existing rights. Meticulously preserve documentation, clarify terms, and use your historical position as a negotiating asset wherever possible.
Strategies for Negotiating New Deals with Broadcom
Facing Broadcomโs hardened stance on contracts and pricing, CIOs must approach negotiations for Symantec software with a careful strategy.
Here are key tactics to secure better terms or at least avoid pitfalls:
- Bundle for Leverage: Broadcom values big deals. If your organization uses multiple Symantec products (for example, Endpoint Protection, DLP, and Web Security),ย consolidate them into a single negotiation cycle. A bundled deal (even if co-terminous) that covers a larger spend may give you more leverage to negotiate discounts. Broadcomโs sales reps often have more flexibility on pricing when more product lines (and revenue) are at stake. Use this to ask for cross-product discounts or concessions (e.g., โWeโll renew DLP and add CASB, but we need at least a 20% reduction overallโ).
- Secure Multi-Year Protections: If you agree to a multi-year term (and Broadcom will push for it), insist on price protections and flexibility. Negotiate caps on annual price increases or the ability to adjust quantities downward in future years if needed. Broadcomโs standard contracts might lock you in at a set price for the term, but beware of clauses that allow annual uplift (some contracts allow up to 7% yearly increase โ try to strike that out or cap it). Additionally, seek an option to true-down license counts at renewal anniversaries in case your usage drops (they often allow true-up for more, so ask for true-down symmetry).
- Maintain Legacy Entitlements in Writing: As mentioned earlier, ensure any new agreement acknowledges your legacy usage rights. For example, if you sign up for a new Symantec Endpoint Security cloud subscription, note in the contract that this is in addition to your perpetual SEP licenses, not a replacement, unless you intend to retire them. This avoids confusion later and keeps your fallback option open.
- Identify the Minimum Viable Footprint: Evaluate what your organization truly needs before negotiating. Broadcomโs quotes may try to include extra products or higher seat counts โto cover growth.โ Be wary of over-buying. Determine the minimum number of licenses or modules you require, and start negotiations from that baseline. If Broadcomโs price is too high, consider cutting out a component. For instance, if you planned to use 3 Symantec products but one is non-critical, price out your must-haves only. Broadcom would prefer to sell you everything, but if your budget is constrained, you may get a more reasonable deal if you focus on the core pieces.
- Pit Vendors Against Each Other: Broadcom is aware that its steep pricing is sending customers shopping around. Use this to your advantage by soliciting proposals from competitors before finalizing your Broadcom deal. If youโre renewing Symantec Endpoint Protection, get a quote from CrowdStrike or Microsoft Defender ATP. For Web Gateway, talk to Zscaler. For DLP, check with Forcepoint or other providers. Having these alternatives in hand provides concrete leverage. Broadcom may ask what it would take to keep your business โ you can then cite the competitorโs pricing or superior terms. Even if Broadcom doesnโt fully match, they might offer extras like extended support, training credits, or a moderate discount to avoid losing to a rival outright.
- Leverage Broadcomโs Account Team Commitments: Broadcom sales teams are under pressure to retain the big accounts they have left from Symantec. Engage with your account manager and express your concerns plainly (high costs, internal justification difficulties, consideration of alternatives). Broadcom often tries to justify its cost with claims of โhigher valueโ โ press them to specify what that value is. Also, ask for executive involvement if needed, such as a call with a Broadcom VP. Sometimes, escalating within Broadcom can yield a one-time concession, especially near quarter-end when they want deals to be closed. Come prepared with data, such as usage stats, prior spending levels, and quotes from others, to make your case.
- Consider Timing and Co-term Opportunities: If youโre mid-term on some Symantec products and up for renewal on others, Broadcom will try to align them. You can use timing to your advantage โ if one product is not expiring yet, you can delay discussions until you have multiple products that you can renegotiate together (as bundling increases leverage, as mentioned above). Conversely, if Broadcom is offering a better deal to renew early and co-term, weigh the benefits of locking in now versus having flexibility later. Sometimes, accepting an early renewal with a small incentive can stave off a much bigger hike later, essentially hedging against Broadcomโs known price escalations.
- Document Promises: If Broadcom makes promises during negotiation (e.g., feature roadmaps, specific support personnel assignments, migration help), get themย written into the contract or, at the very least, as a formal addendum. Verbal assurances are not enough. CIOs should ensure that any trade-off they make, such as sticking with Broadcom despite the cost, is met with tangible commitments that can be enforced.
Negotiating with Broadcom requires a firm stance and detailed preparation. By bundling strategically, leveraging competitive pressure, and meticulously managing contract terms, CIOs can improve outcomes even in a sellerโs market.
Considering Alternatives & Gaining Leverage
Given Broadcomโs stance, CIOs should proactively evaluate alternative vendors as both a contingency plan and a form of leverage. In some cases, switching may indeed be the better long-term option if Broadcomโs offerings no longer align with your budget or strategy.
Below, we explore when to consider switching and which alternatives align with Symantecโs main product areas:
- When to Consider Switching: If Broadcomโs renewal quote or contract terms are unpalatable (e.g., a significant price increase with rigid conditions), itโs a clear signal to review the market. Also, if your organization values innovation and rapid progress on its roadmap, you might find Broadcomโs maintenance-mode approach insufficient โ competitors could offer more modern capabilities. Frequent poor support experiences or feeling โde-prioritizedโ as a customer is another red flag. Essentially, if the pain of staying starts to outweigh the pain of migrating, itโs time to seriously consider moving on. Many IT leaders started exploring alternatives โas early as a year out from renewalโ once Broadcomโs direction became apparent.
- Endpoint Protection Alternatives: CrowdStrike is a leading next-gen endpoint security vendor eagerly courting former Symantec users. CrowdStrike offers a cloud-native platform with integrated EDR and has been noted as a beneficiary of Broadcomโs Symantec moves (with partners launching โSymantec replacementโ campaignsโ). Other strong endpoint contenders include Microsoft Defender for Endpoint (especially if youโre a Microsoft 365 E5 customer),ย Trend Micro,ย McAfee (now part ofย Trellix), and Sophos. Each has different strengths: CrowdStrike for high-end security operations, Microsoft for tight ecosystem integration, and so on. Replacing endpoint protection can be labor-intensive, involving the deployment of new agents and tuning policies. Still, many have found the improved capabilities and possibly lower total cost to be worth it. If you do pilot an alternative, ensure it can meet or exceed Symantecโs malware protection and that you allocate time for a smooth migration, possibly running the two in parallel during the transition.
- Data Loss Prevention Alternatives: Symantec DLP has been a market leader, but rivals like Forcepoint DLP and McAfee/Trellix DLP offer comparable coverage. Digital Guardian (now part of HelpSystems) is another specialist known for strong endpoint DLP. Additionally, some organizations are shifting to cloud-native DLP options. For example, if most of your data is in Office 365 or Google Workspace, the built-in DLP capabilities of those platforms may cover part of the requirements. Another angle is Microsoftโs Information Protection suite, which includes labeling and DLP across Office apps and endpoints. Switching DLP is one of the harder moves (as it involves policies deeply embedded in business processes), so many try to stick it out. But if Broadcomโs support or pricing for DLP is unsustainable, consider phasing in an alternative for new use cases, such as cloud apps, while gradually retiring Symantec DLP components.
- Secure Web Gateway/Proxy Alternatives: The clear frontrunner here is Zscaler, a cloud-delivered web security platform often compared to on-premises proxies. Zscaler can replace both branch office web gateways and provide mobile user protection without VPN backhaul. Other alternativesย includeย Cisco Umbrellaย (Ciscoโs cloud proxy and DNS security solution),ย Palo Alto Networks Prisma Accessย (which includes SWG capabilities as part of a broader SASE offering), andย Forcepoint Secure Web Gatewayย (the successor to Websense, which some still prefer for on-premises or hybrid deployments). If you have a simple use case (just web filtering for a small group), even cheaper solutions like IBoss or generic firewall-based filtering could suffice. The move to a new web gateway can usually be done gradually, such as by running old and new proxies in parallel or through pilot group testing of the cloud service. Many Symantec ProxySG customers found Zscaler attractive not just because of Broadcom costs, but also because it reduces the maintenance of appliances and improves performance for distributed users. This alternative is often one of the first considered when Broadcom renewals loom.
- CASB Alternatives: Netskope is frequently named a top CASB/SASE platform competitor, providing robust cloud app controls, threat protection, and one-stop policies for both cloud and web applications. McAfee Skyhigh Security (formerly Skyhigh Networks, now part of McAfee/Trellix) is another leading CASB, particularly for organizations already using other McAfee solutions. Microsoftโs CASB capabilities (part of Defender for Cloud Apps) are strong if youโre a Microsoft-centric shop. If your primary need is just cloud app visibility (also known as โshadow ITโ discovery), even firewall logs with a tool like Cisco Cloud Discovery or smaller tools may be enough. Symantecโs CASB was often sold integrated with their web gateway and DLP. If you move to another vendor, the replacement may also inherently cover CASB functionality (for example, Netskope and Zscaler both have CASB modules in their platforms). Ensure any new CASB covers your critical cloud services, offers the deployment mode you need (API vs proxy), and can integrate with your identity and DLP solutions.
- Integrated Platform Alternatives: Broadcom is attempting to offer a one-stop Symantec security stack, but some competitors now also provide broad platforms. For example, Microsoft 365 E5 Security, combined with Azure AD Conditional Access, can cover endpoints (Defender), CASB (Defender for Cloud Apps), and DLP (Office 365 DLP and Endpoint DLP). Palo Alto Networks has Prisma Access (for SASE) plus their Cortex XDR (for endpoints) โ not exactly DLP, but they cover many security bases. Trend Micro now has a Vision One platform that ties together endpoint, email, and network. The point is, you might not need to find one-for-one replacements for each Symantec component if another vendorโs suite can cover multiple. This can simplify the switch and potentially be more cost-effective if bundled together.
- Use Alternatives as Negotiation Leverage: Even if you prefer to remain with Symantec products, seriously evaluating an alternative gives you credible evidence to bring back to Broadcom. Vendors like CrowdStrike and Zscaler have helped many customers build business cases by highlighting savings or superior results. Some organizations have even gone so far as to signย conditional dealsย with alternatives, including clauses that allow them to cancel if Broadcom comes along. While this approach must be managed carefully, it underscores to Broadcom that you have a foot out the door. In several cases, Broadcom responded with late-stage concessions, such as a significantly improved discount or an agreement to bundle an additional product at no cost, once the customer demonstrated readiness to leave.
- Plan the Transition (if needed): If you do decide to switch outright, plan the transition methodically. For each Symantec product being replaced, assign a migration project with a timeline, resources, and risk mitigation (e.g., running both old and new in parallel for a period). Broadcom contracts are typically annual or multi-year, so time your exit to avoid gaps in coverage or wasted spend. It may be worth negotiating a short extension with Broadcom (even at reduced scope) purely to cover a transition period. Some customers negotiate transition assistance โ for example, data export from DLP, or configuration help โ as part of ending the relationship. Broadcom might not proactively offer this, but if a safe migration is important, ask for it.
In summary, alternatives exist for every Symantec solution, and some are market leaders in their own right. Whether you switch or not, knowing your options gives you power.
Many CIOs found that just the act of evaluating competitors improved their outcome with Broadcom, and if not, they had a Plan B ready.
The key is to avoid being stuck with Broadcom simply because you failed to survey the landscape โ in this new era, due diligence on alternatives is part of prudent IT management.
Recommendations for CIOs
When navigating Symantec licensing under Broadcom, CIOs should take a proactive and strategic stance. Below are actionable steps and best practices to manage the situation:
- Conduct a Licensing Health Check: Immediately perform a thorough audit of all Symantec/Broadcom software in use. Determine license types, quantities, renewal dates, and any contractual obligations. This โlay of the landโ will inform your negotiation strategy and highlight any urgent risks, such as a product reaching end-of-support.
- Engage Early with Broadcom (or Your Partner):ย Donโt wait until the last minute of a renewal. Engage Broadcom or your reseller well in advance to understand their proposal. Early dialogue can reveal Broadcomโs intentions (such as a price hike or bundling suggestion) and gives you time to react, whether to gather budget or explore alternatives. It also signals to Broadcom that you are a diligent customer; they may be more forthcoming with options if they see youโre not passively accepting a quote.
- Prioritize Critical Systems and Entitlements: Identify which Symantec products are truly mission-critical for your organization and ensure those are prioritized in any deal. At the same time, safeguard your entitlements โ if you have perpetual rights or prior agreements that are advantageous, make those non-negotiable in discussions. For example, if Symantec DLP is critical and you have 10 years of policies built, focus your energy on securing a workable DLP arrangement. In contrast, for a less critical product like Symantec CASB, you might be more willing to switch or drop if needed.
- Benchmark and Budget for Increases: Assume that Broadcomโs initial pricing will be high. Communicate with peers, analysts, or user communities to benchmark the increases others have seen for similar products. By anticipating, say, a 200% increase, you can prepare your C-suite for the budget impact or justify allocating funds to an alternative solution project. If the increase comes in lower, youโll look good โ if itโs as high or higher, you wonโt be caught off guard.
- Evaluate Competitor Offers (Even If You Plan to Stay): As part of due diligence, get competitive bids for equivalent solutions. This isnโt wasted effort; at the very least, it provides negotiating context, and at best, you may discover a better fit. In some cases, splitting between vendors may yield a better outcome (for example, keeping Symantec DLP for now but moving to CrowdStrike for endpoints). Having a multi-vendor plan can also reduce risk in case Broadcomโs relationship deteriorates further.
- Use Renewal Time as an Opportunity to Right-Size: Organizations often accumulate shelfware or unnecessary excess licenses. Broadcomโs consolidation is painful, but itโs a chance to eliminate what you donโt need. If you have 1000 seats of a Symantec product but only actively use 700, push to renew only for the seats in use. Broadcom might resist downsizing, but it justifies it with data. True-down now, because post-renewal it will be harder to reduce counts until the next term. Optimize your security architecture โ perhaps newer tools can cover multiple functions, allowing you to eliminate redundant Symantec components.
- Stay up to date with Broadcom Announcements:ย Continue monitoring Broadcom’s communications, press releases, and industry news for any policy changes. Broadcom occasionally adjusts its approach (for example, extending support deadlines after backlash, or introducing a new support tier) โ knowing these could provide leverage or relief. Subscribe to Broadcomโs enterprise software updates and follow analyst commentary (Gartner, Forrester, and specialist consultancies like Redress Compliance) for any hints of shifts in Broadcomโs strategy.
- Engage Peers and User Communities: Leverage the collective knowledge of other CIOs and IT procurement professionals. Some may share anonymized data on pricing or tactics that worked. User groups, forums (such as Reddit or Spiceworks), and webinars can share real-world experiences. For instance, hearing that another firm negotiated a cap on year-over-year increases or got an extra year of support for an old product can inform your requests. Broadcom might treat each deal as unique, but patterns emerge when customers compare notes.
- Involve Legal Early for Contract Review: Broadcomโs contracts can be dense and one-sided. Have your legal team (or outside counsel familiar with software licensing) review the terms early, especially any new clauses related to usage tracking, audit rights, and termination. Watch out for any โauto-renewalโ language or strict compliance audit provisions. Being aware of these lets you negotiate them or at least plan to comply, avoiding penalties. Itโs easier to get problematic language amended before signing than to fight it later.
- Maintain Vendor-Neutral Posture: Lastly, approach Broadcom (and any vendor) in a vendor-neutral, fact-based manner. Even if frustrated by Broadcomโs tactics, keep discussions professional and focused on business requirements. Make it clear that you are willing to continue the partnership if it makes business sense, but you have a fiduciary duty to consider other options. This stance often resonates in negotiations โ youโre not threatening out of emotion, youโre making a calculated decision. Broadcom sales teams are more likely to respond with constructive solutions if they feel thereโs a fair chance to retain your business through reasonable compromise.
By following these steps, CIOs can transform a difficult situation into a manageable project. The goal is to either reach a sustainable agreement with Broadcom or execute a well-planned transition โ both outcomes are achievable with foresight and firm negotiation.
Key Market and Vendor Trends (Summary)
- Broadcomโs โBig Fishโ Focus: Broadcom is concentrating on its largest customers (Global 2000), often at the expense of small and mid-sized clients. This includes pricing smaller customers out of contracts and discontinuing SMB-focused products, leading many to seek alternative solutions.
- Shift from Perpetual to Subscription: In line with industry trends, Symantecโs software licensing has shifted almost entirely to subscription under Broadcom. Perpetual licenses are now legacy artifacts, with Broadcom ending new perpetual sales and transitioning to multi-year subscription contracts for ongoing use and support.
- Significant Price Increases Industry-Wide: Broadcomโs acquisition playbook (seen previously with CA and now Symantec, and even VMware) involves steep price hikes and reduced discounting. Customers are seeing 2ร, 3ร, or higher cost jumps on renewal, forcing difficult budget decisions and casting a spotlight on software ROI.
- Contract Consolidation & Bundling: Vendors, including Broadcom, are simplifying their sales by bundling products into larger deals โ examples include portfolio license agreements and all-in-one security bundles. This can provide broad coverage, but it also reduces flexibility. CIOs must weigh integrated suites vs. picking best-of-breed components.
- Diminished Support and Innovation: There is a notable decline in support quality and product innovation from some incumbent vendors after acquisition. Broadcomโs handling of Symantec reflects this, as resources are trimmed and R&D slows. This opens up opportunities for more nimble cybersecurity startups or competitors to differentiate themselves through better service and cutting-edge features.
- Rise of Competitor Ecosystems: Competitors like CrowdStrike, Zscaler, and Netskope are capitalizing on Broadcomโs moves. They are aggressively courting enterprises with trade-in programs, often highlighting improved capabilities or cloud-native designs. At the same time, mega-vendors like Microsoft and Palo Alto Networks are bundling security into their ecosystems, presenting viable one-stop alternatives to legacy point products.
- Greater Emphasis on Vendor Management: The turmoil has reinforced the importance of active vendor management for CIOs. This includes negotiating stronger contractual protections, diversifying the vendor portfolio to avoid being locked in, and continuously evaluating the market. IT leaders are less inclined to โset and forgetโ long-term deals, knowing that vendor strategies (or ownership) can change rapidly.
- Security as a Boardroom Topic: Lastly, the confluence of higher costs and security implications (since these tools protect critical assets) means that Symantec/Broadcom licensing issues are no longer just IT department concerns. Theyโve become boardroom and C-suite discussions about risk, spend, and strategic direction. CIOs are using this moment to educate stakeholders on the value of cybersecurity investment and the need for flexibility in an evolving vendor landscape.
