IDCUKI Dominic Trott

Dominic Trott                                    
Research Manager, European Security
Read full bio

Transaction Highlights

The $4.7bn acquisition of Blue Coat extends Symantec’s position as the largest specialist security vendor in Europe and globally. Meanwhile, the complementary nature of the two portfolios extends the range of markets where Symantec operates, promoted as an ‘end to end’ proposition.

Blue Coat adds cloud, mobile and web security to Symantec’s strengths in authentication, data protection, email and endpoint security. So while Symantec has focused on security ‘within’ the enterprise (and consumers), Blue Coat secures ‘outside’ the enterprise. This combines Blue Coat’s growing focus on mobile and cloud security, allied with traditional strengths in web security.

The acquisition extends Symantec’s significant scale in Europe. Combined revenue for EMEA surpassed $1.2bn in FY 2016.

European Implications

As well as the additional scale that the merger will provide, there are two themes that will have a particular impact in Europe:

1) Threat Intelligence

A key opportunity is to make the combined entity’s threat intelligence capability greater than the sum of its parts. Symantec’s advanced threat protection portfolio for detecting zero-day exploits and targeted attacks is underpinned by the threat intelligence that Symantec gains from the telemetry data generated by the endpoints and messaging exchanges it protects. The quality of this threat intelligence can be enhanced in tandem with Blue Coat’s security analytics appliance, the Solera Networks DeepSee recorder for forensics, deep packet inspection, classification, on-demand session replay.

As posted by IDC in our broader coverage of the acquisition (see here), this could create a new threat intelligence giant to compete on a level playing field with the likes of IBM and its Q-Radar Security Intelligence Platform and the Dell-RSA Security Analytics platform, for threat detection, incident response and forensics investigations.

Although these are key players in the global market, it is important to note demand for threat intelligence tailored to the needs of local markets. Specifically, while the ability to generate global threat intelligence is crucial, there will always be demand for providers with a local flavor. For example, major regional telecom operators such as BT, T-Systems and Telefonica are key players in Europe. These organizations gain insight into the threats that are impacting the local market through the scale of their local network infrastructure.

Symantec must understand the full breadth of its competition. While those able to throw ‘big numbers’ at the threat intelligence problem will be competitive on the global stage, this is not the whole picture. Customers will not limit themselves to one source of threat intelligence, and local providers may be important rivals as customers seek to ‘fill in the gaps’ with local understanding.

2) Data Loss Protection and GDPR

A second target theme is DLP. It is worth mentioning that analyst call explaining the transaction, it was mentioned that the enlarged organization will have an even greater emphasis on helping customers to achieve regulatory compliance.

Within Europe, there is perhaps no greater regulatory concern at present than the EU’s General Data Protection Regulation (GDPR). While this is a concern for enterprises, it is also an opportunity for security vendors. IDC’s research indicates that by 2019 GDPR will create a $1.8bn per annum market for security. Through this research, IDC identifies seven key categories within security that are expected to drive demand related to GDPR, with DLP falling under one of them (discovery, segregation and classification of data).

Symantec already has a firm grip on GDPR, with capabilities in areas such incident response and data usage tracking that are also GDPR drivers. However, the combination with Blue Coat could also help to assuage buyer enterprise concerns around the transfer of corporate data into the cloud. Specifically, the combination of DLP from Symantec with Blue Coat’s web gateway means that encrypted traffic is not only secured against data loss, but its content can be scanned for security purposes.


The merger will please shareholders through greater revenue, higher growth potential and cost reductions. But it also provides opportunities to add value to the proposition. For Symantec, it accelerates the cloud strategy, while providing the foundations for a more solutions to be delivered across a Unified Security Management (USM) platform. For the enlarged organization, there is an opportunity to significantly enhance the company’s threat intelligence capabilities.

These ring true from a European perspective. The transaction has an immediate impact on market scale, both firms already major vendors in their respective fields: IDC’s research shows Symantec to be the European leader in security software while Blue Coat is the leader in secure web gateways. When merged, the topics of threat intelligence and DLP, supplemented by a focus on GDPR, can help to further entrench these leading positions.

Taking customers along in the merger is a key challenge, and Symantec must demonstrate the value on offer. However, the reaction has been positive. Symantec’s share price closed 7% up on the announcement, while IDC’s discussions with partners suggest optimism around the opportunity to sell more products to more customers, in a more integrated fashion. Having warmed up with several acquisitions during his tenure at Blue Coat, the trick for Greg Clark, CEO-designate for the enlarged organization, will be to pull off the biggest merger of his career.

For more information on this matter, or a better understanding of European Security issues, please contact Dominic Trott. You can also watch Duncan Brown‘s video on European IT Security: Drivers and consequences to learn more.