Symantec Seems Operationally Challenged

Symantec Corporation (SYMC), best known for the whimsical Norton Anti-Virus, provides software and services for information security, availability, compliance, information technology, and systems performance. The company’s mission is to develop and maintain IT leadership in protection from intrusion or exposure. But this leadership is riding on a few new products, and a bunch of old dogs and restricted hiring to fix the bottom line.

Q2 2008 revenue is at $1.4 billion, up from $1.27 billion YoY, earning $0.29/share above $0.20/share consensus. Q3 is guided lower as the company admits it missed its new, planned business targets. Revenue is expected to be stable at $1.4 billion, but growth is off due to concerns that consumers won’t spend given housing and credit problems. This guidance has tanked the stock.

Revenue mix in 2007 versus 2006 was 6% Services (grew 13%), 6% Altiris (grew 124%), 28% Data Center Management (grew 7%), 30% Data and Security management (grew 4%), 30% consumer products (grew 11%).

Revenue by region YoY was 51% Americas (grew 10%), Europe/Middle East/Africa 33% (grew 20%), and Asia Pacific/Japan 13% (grew 9%). Deferred revenue increased again to $2.77 billion from $2.32 billion in 2006.

Previously, Symantec was a software utilities leader lacking a core mission. The company positioned as a security leader and by mid-2005 acquired Veritas to push into storage. But in November 2006, when Symantec merged its ERP systems with Veritas, problems surfaced. Big partners quickly noticed glitches. From January-February 2007, Symantec completed quick fixes. Symantec has been in fix-it mode on the remaining issues and continues to look for any other remaining issues. To offset this error stumble, Symantec now offers Symantec Protection Network and Symantec Endpoint Protection, providing network management benefits similar to the consumer version (Norton 360). Additionally, Symantec is now offering tiered Managed Security Services, allowing customers to choose the type of security desired, and tailor their contract accordingly (including firewall, intrusion, integrated security, vulnerability assessment, virus protection, and security policy compliance). Support for the service is provided through global security operations centers.

My personal experience with Symantec’s operations, customer and technical support is, by and large, absolutely sordid. They have tremendous licensing management problems, and if you are a user of Norton Internet Security on Vista, you probably have noticed how many times the software asks for re-registration and re-activation.

Bottomline, by all accounts, an operational nightmare is brewing inside Symantec, and one of these days, this time bomb is likely to burst.

Of course, a major competitive threat occurred in 2006 with the entry of Microsoft into anti-virus and firewall offerings in its Windows Vista platform. Additionally, Microsoft locked Symantec out of access to the Microsoft kernal. Both Symantec and competitor McAfee locked arms, complaining Microsoft would have unfair advantage to monopolize anti-virus/firewall products in Windows, and bar outside players. Coincidentally, Symantec sued Microsoft the same year to stop release of Vista, arguing patent infringement and theft of Veritas features in Microsoft’s Vista. Microsoft finally allowed Symantec access to its new kernal code, allowing Symantec to continue development of its products for upgrade releases. The companies made nice this month at a European conference on SafeCode, agreeing to work together to provide customers reliable products. Nonethelss, Microsoft looms as a major threat on Symantec’s future prospects.

There is also threat from two other large competitors – IBM and Cisco – both with their own Security market agendas and positioning.

Like many of its peers, Symantec is yet another large software company that cannot innovate internally. As a result, they have historically been a large acquirer of security startups, making many entrepreneurs and venture capitalists rich. Recent Symantec acquisitions include Altiris in April 2007, a management software for servicing network endpoints (increasing security, identifying threats, and addressing repairing needs at endpoints).

Symantec is also expected to announce that it will buy Vontu for $300-350 million, adding $30 million in revenue. Vontu is a leader in data leakage prevention (DLP) software, controlling the flow of sensitive information across networks. Vontu will give Symantec a new foothold in the data leakage market, a popular service for companies seeking protection from exposure, particularly highly-regulated businesses. However, Symantec is already behind the curve, with McAfee having purchased Onigma, a DLP provider, in 2006 and now Safeboot to bolster encryption and device access control features.

Symantec’s current market cap is approximately $18.6 billion with a stock price range between $16 to $20/share. Unfortunately, the stock does not have much reason to rise. Symantec is betting most of its eggs on Altiris. If the Altiris bet goes sour, Symantec may find itself unable to generate replacement revenue. The DLP market is not large enough to sustain Symantec’s size and girth.

I am bullish on the Managed Security Services market, especially with the growth in Software-As-A-Service (SaaS) as a delivery model, and Small Medium Enterprise (SME) markets experiencing growth. Symantec’s lack of operational excellence, however, waves a huge red flag against its prospects in this market, as its operational challenges are significant.