Nate Pollack - Symantec Corp. Gregory S. Clark - Symantec Corp. Nicholas R. Noviello - Symantec Corp..
Sarah Hindlian - Macquarie Capital (USA), Inc. Saket Kalia - Barclays Capital, Inc. Joel P. Fishbein - BTIG LLC Brad Alan Zelnick - Credit Suisse Securities (USA) LLC Keith Eric Weiss - Morgan Stanley & Co. LLC Michael Turits - Raymond James & Associates, Inc..
Good afternoon. My name is Ian, and I will be your conference operator today. At this time, I would like to welcome everyone to the Symantec's Second Quarter Earnings Call. All lines have been placed on mute to prevent any background noise. After the speakers' remarks, there will be a question-and-answer session. Thank you.
I'd now turn the call over to Mr. Nate Pollack. Sir, you may begin..
Good afternoon and thank you for joining our call to discuss our second quarter fiscal year 2018 earnings results. We've posted the earnings materials and prepared remarks to our Investor Relations Events webpage. Speakers on today's call are Greg Clark, Symantec's CEO, and Nick Noviello, Executive Vice President and CFO.
This is a live call that will be available for replay via webcast on our website. I'd like to remind everyone that all references to financial metrics are non-GAAP, unless otherwise stated. Please refer to the CFO commentary posted on the Investor Relations website for further definitions of our non-GAAP metrics.
Please note, non-GAAP financial measures referenced during this call are reconciled to their comparable GAAP financial measure in the press release and supplemental materials posted on our website.
We believe our presentation of non-GAAP financial measures, when taken together with corresponding GAAP financial measures, provides meaningful supplemental information regarding our operating performance for reasons discussed below.
Our management team uses those non-GAAP financial measures in assessing our operating results, as well as when planning, forecasting and annualizing future periods.
We believe our non-GAAP financial measures also facilitate comparisons of our performance to prior periods and that investors benefit from understanding of the non-GAAP financial measures. Non-GAAP financial measures are supplemental and should not be considered a substitute for financial information presented in accordance with GAAP.
Today's call contains forward-looking statements based on the environment as we currently see it. Those statements are based on current beliefs, assumptions and expectations, speak only as of the current date and, as such, involve risks and uncertainties that may cause actual results to differ materially from our current expectations.
Please refer to the cautionary statement in our press release for more information. You will also find a detailed discussion about our risk factors in our filings with the SEC and, in particular, on our Annual Report on Form 10-K for fiscal year ended March 31, 2017. Now I'd like to introduce our CEO, Greg Clark. Go ahead, Greg..
Thank you for joining us, and good afternoon. Q2 represented a strong quarter for Symantec and marks an inflection point in our journey of transformation. Our results came in at the mid-point of our revenue guidance and the lower end of our EPS guidance. With that said, we are very pleased with our Q2 results. Let me explain why.
First, we completed many critical milestones this last quarter, including our $550 million Symantec and Blue Coat cost reduction and integration synergy program, as well as our year one $30 million LifeLock synergies.
These cost reduction milestones were all achieved ahead of schedule and have resulted in significantly improved margins for our Enterprise segment and continued high margins for our Consumer segment.
Yesterday, we also completed the divestiture of our Website Security and PKI solutions to DigiCert, which enhances our long-term growth potential and sharpens our focus. After the completion of these transformational initiatives, Symantec is now a profitable and growing business across both its Enterprise and Consumer segments.
Our Enterprise business had a strong result in Q2. While Q2 revenue was flat from a year ago on an acquisition adjusted basis, deferred revenue for our Enterprise segment grew 12% year-over-year. We've also delivered 11 points of operating margin improvement in the Enterprise segment from a year ago, moving us towards our longer-term margin targets.
Our cross-selling strategy is working. More and more customers are choosing to standardize on our Integrated Cyber Defense platform because of our superior protection, cross-product integration, and lower overall cost of ownership.
Adoption of our Integrated Cyber Defense platform is leading to an increase in the number of larger and multi-product deals, which is a strong validation that customers are designing Symantec into their future security architectures. These trends are however also affecting our in-period revenue recognition.
The mix of our bookings is shifting towards more ratable revenue recognition as customers are increasingly adopting our cloud, subscription and virtual appliance products in multi-product deals. We anticipated this mix shift in our remarks at our last Financial Analyst Day, but the shift is happening faster than we expected.
Although these trends affected in-quarter revenue recognition for our Enterprise segment in Q2, they are positive leading indicators of future growth. Nick will discuss this topic further in his prepared remarks. Our Consumer Digital Safety segment overachieved our Q2 revenue guidance through growth in direct subscribers and an increase in ARPU.
Norton subscriber declines continued to moderate based on improved customer retention. We added a substantial number of new LifeLock members after the Equifax breach was announced in September, but this only marginally contributed to Q2 results.
The cross-sell of the Digital Safety solution into the Norton install base is on track and we expect it to gain momentum through the remainder of the fiscal year.
Based on our confidence in the Consumer business, we are forecasting higher Consumer segment revenue growth for the second half, exiting fiscal year 2018 in the mid-single digit revenue growth. We're extremely excited about the future of our Consumer segment as we continue to define the new category of Digital Safety.
For the second half of fiscal 2018, Symantec is well-positioned to achieve our plans. We have integrated our acquisitions and we have developed a compelling portfolio across Enterprise and Consumer. Our Enterprise sales capacity is now ramped and productive.
And we have an Enterprise sales pipeline that supports our second half growth target, including a record number of deals over eight figures.
Reaching our goals for the second half incorporates continued historical conversion rates of our pipeline, including these larger sales opportunities, and we are reaffirming our fiscal year 2018 revenue and EPS guidance, after adjusting for the impact of the divestiture of our Website Security and PKI solutions to DigiCert.
Let me now discuss the threat environment. Last quarter, there were several major cyber-attacks that received wide-spread public attention. Symantec products fared very well in these incidents, and that performance has driven increased long-term interest in Symantec as well as reaffirmed our relevance and leadership in the industry.
First, the Petya and WannaCry ransomware attacks caused significant and unprecedented economic damage to enterprises measured in hundreds of millions of dollars, making security top of mind in the board room as well as the general public. Ransomware attacks and cyber extortion are impacting enterprises as well as consumers.
During the first six months of 2017, 42% of ransomware infections globally occurred inside the enterprise, up from 30% in 2016 and 29% in 2015. The Equifax breach was also a significant event last quarter, reminding all of us about the importance of digital safety.
The Equifax breach is also a reminder for the enterprise boardroom that the protection of data is paramount. This reality coupled with regulations like GDPR make data protection more relevant than ever.
A significant consumer concern discovered last month labeled the KRACK vulnerability, which consisted of a vulnerability in WiFi devices, makes it possible for an attacker to intercept Web traffic. This vulnerability is very difficult to patch and as a result will be a problem for years to come driving demand for our consumer VPN.
We're also seeing a current trend of adversaries focusing on mobile devices. In October, our threat research team discovered eight apps on the Google Play store allowing the modification of characters in Minecraft Pocket Edition, but these apps actually contained a malware called Sockbot.
The apps have been quietly building a botnet as well as generating ad revenue for the creators. We believe up to 2.6 million Android devices have downloaded and been infected with the Sockbot malware. We recently released our Mobile Threat Intelligence report that found that unpatched operating system vulnerabilities are prevalent in mobile.
We predict that in the near future mobile cyberattacks will be the primary attack vector, even on closed operating systems, bolstering the demand for our recent acquisition of Skycure.
In September, the Symantec threat research team uncovered new activity by the Dragonfly attack group, which has recently been conducting reconnaissance into the operations of energy firms, allowing them to now potentially sabotage and disrupt power distribution.
This is an example of how our Symantec threat research team is a leader in discovering new threats and providing critical threat intelligence needed to block sophisticated attacks. Symantec has helped protect customers across the breadth of these threats and delivered substantial value to them during one of the most active attack quarters on record.
Now turning to our Enterprise business. Our Integrated Cyber Defense Platform is resonating with customers. As enterprises are rethinking their security architecture to deal with the evolving threat landscape, they are increasingly building their strategic security capabilities around Symantec.
Now let's turn to a strategic component of our Integrated Cyber Defense platform, which is our endpoint. Last year, we laid out our roadmap for innovation on endpoint, and we have delivered on these commitments with SEP 14 as the cornerstone.
Our latest major milestones were our releases last week of SEP 14.1, SEP Mobile, and ATP 3.0, our updated EDR product. With these releases, we're now delivering defense in depth across modern and traditional endpoints, providing an integrated, scalable, multilayer approach to endpoint protection that is delivered from a single agent.
We are the first in the industry to deliver deception, mobile threat detection and EDR in a single agent architecture. This achievement has been high on the wish list for our enterprise customers, who have been suffering fatigue from sourcing and managing different endpoint technologies across multiple vendors.
This also simplifies and optimizes enterprise IT environments, lowers costs, and improves security posture. SEP 14.1 represents a major new milestone for our Symantec Endpoint Protection product line and includes some breakthrough innovations.
It helps our customers improve their security posture providing them actionable intelligence into suspicious files in their environment, and allows them to set aggressive protection policies for specific groups and devices. One key innovation in SEP 14.1 is our new Deception technology.
SEP Deception uses sophisticated decoy to help customers uncover hidden adversaries who have been able to evade other defenses. We believe we're the only security vendor with this advanced technology integrated in our endpoint portfolio.
SEP 14.1 product continues to be well received with more than one third of our endpoint customer base now running SEP 14, which is resulting in improved renewal rates. We're also seeing displacements accelerate against both legacy and next-gen endpoint providers.
Our EDR solution, called ATP, has seen strong growth of 3x from a year ago, and we are now at over 7 million seats. ATP 3.0 further differentiates us adding a series of technology including file-less attack detection and enhanced adversary intelligence, and closes the gap versus our competition with flight recorder functionality.
This flight recorder records all activity on the endpoint and provides valuable forensic data to incident responders with no new agent to install. We also introduced EDR Cloud last quarter for customers to quickly perform agentless scanning and automated investigation in environments without SEP.
Adding to our endpoint differentiation, we now have the ability to defend closed operating systems. With the acquisition of Skycure, we now call SEP Mobile, we are a leader in iOS and Android mobile protection.
SEP Mobile delivers multi-layered protection for mobile endpoints to customers to defend BYOD and corporate devices from advanced threats across Android, iOS, and Windows. We've also successfully integrated Skycure with our Global Intelligence Network, and we are already seeing great value from this data integration for our customers.
Now turning to our network defense solutions. Symantec's secure gateway and Fireglass isolation technology differentiates our Integrated Cyber Defense platform. Isolation is a game-changer in threat defense and is available in cloud, on-premise, and hybrid configurations.
The Internet is quickly going dark from encryption, which drives the need for Symantec across endpoint, email, and web. To this point, proxies are becoming more relevant as they are built to decrypt traffic efficiently and eliminate the encryption blind spot.
In line with the increasing adoption of cloud applications in the enterprise, our cloud access security broker is experiencing rapid growth. Cloud access security brokers are an outstanding control for adding data protection and multi-factor authentication to cloud applications delivering security and compliance to our enterprise customers.
Now for some customer examples that illustrate our Integrated Cyber Defense platform adoption.
A large insurance company facing a proxy refresh chose to adopt the Integrated Cyber Defense platform extending their footprint from on-premise proxies to include the cloud proxy and adding on additional defensive capabilities of CASB, isolation, and sandbox components of our platform.
This was driven by the ability to leverage integrations across these core solutions as well as integrating into their existing SEP endpoint deployment. This is a true platform win for Symantec, and showcases our cross-sell execution at the time of proxy refresh and how we mitigate against competitive loss from point vendors.
Another example where we see traction is with vendor consolidation. Customers can avoid the overhead of integration and sustainment across multiple vendors by choosing to adopt our Integrated Cyber Defense platform. Stitching together a portfolio of point solutions is typically complex, risky, expensive and fragile.
For example, a large medical device manufacturer who has been a long-time Symantec DLP customer, but an endpoint customer of one of our competitors, understood our vision and was impressed with our Integrated Cyber Defense platform. They purchased SEP, encryption, CASB, and cloud DLP, and cloud proxy for more than 30,000 seats.
We were selected not only for technology innovation but also for our cross-product integrations, which this customer concluded will improve their security posture, simplify their IT environment, lower their total costs and increase their SOC productivity.
Another example of vendor consolidation we are seeing involved one of Europe's largest retailers. This customer had been heavily invested in Symantec DLP and ProxySG, but last quarter purchased SEP and email.Cloud for more than 20,000 seats, displacing an incumbent competitor for endpoint and email.
The customer chose us for our solid EDR capabilities in a single agent and they saw Symantec as a partner for their journey to Office 365. Q2 is typically a large government spending quarter. I'm pleased that we saw solid federal procurement for our portfolio.
We closed several large deals with defense and government customers looking to build their security capabilities around Symantec. Moving to Consumer Digital Safety.
With our acquisition of LifeLock, and the launch of Norton Core and our WiFi privacy solution, we have created the digital safety category that spans across consumers' devices and information, and extends to protect consumers' identity.
The consumer threat landscape is evolving and demonstrates why consumers need a single partner in digital safety to protect their devices, identity, and home. LifeLock continues to have the strongest brand recognition for both identity protection and remediation. Many of our new customers stated that the Equifax breach was the proverbial last straw.
They knew what LifeLock was, knew they eventually wanted it, but were postponing adoption of an identity protection solution. When the breach happened, they signed up for LifeLock. This speaks volumes to the strong brand recognition for LifeLock.
One of the investment themes we discussed at the time of the LifeLock acquisition was the opportunity to cross-sell LifeLock into the Norton cohort. We're pleased with the solid early traction from our cross-selling campaign that launched in mid-September.
We will have more to share on the progress of our cross-sell efforts when we discuss our Q3 results. We also remain excited about the opportunity to expand LifeLock into overseas markets. Our Norton product continues to be more relevant than ever and customer retention continues to improve.
Recent headlines underscore that we are the most trusted brand in consumer security, which was reflected in our strong customer retention rate last quarter. As we spoke earlier, last month's KRACK vulnerability in the WiFi protocol highlights the importance of VPNs for consumers and how this is an important element for digital safety.
We're seeing continued strong momentum in sales of our Norton WiFi VPN product. We also rolled out Norton Core last quarter. It has been well-received in the market and we will be expanding our rollout this quarter. The transformation of our Consumer segment is succeeding.
We have exceeded our expected first half growth, adjusted for acquisition, as we laid out at Financial Analyst Day last June. We've transitioned our Consumer business from being focused on Norton Security for the PC and the Mac to a much broader digital safety solution and value proposition for the consumer.
Our strategy is working and we expect we will be significantly ramping the expansion of Digital Safety over the next two quarters. In summary, we believe our Integrated Cyber Defense platform and Consumer Digital Safety vision is resonating more than ever with customers and we are leading with cutting-edge innovation across both segments.
Now let me turn the call over to Nick to discuss the financials..
the impact of the divestiture and additional favorable foreign currency. The divestiture results in the exclusion of five months, November through March, of previously planned revenue and income of the Website Security and PKI solutions.
The combined impact of these changes results in full year revenue guidance of $5.0 billion to $5.1 billion from our previously guided $5.16 billion to $5.26 billion, a net decrease of $160 million.
At the midpoint of our guidance, we expect this represents approximately 3% total revenue growth in constant currency adjusted for acquisitions and divestitures. Now I'll provide guidance for revenue adjusted for constant currency, acquisitions and divestitures for our segments.
We now expect 2% to 5% Enterprise Security revenue growth compared to our previous guidance of 3% to 5%. As Greg indicated, supporting our Enterprise revenue guidance is a strong pipeline for the second half with a record number of large deal opportunities.
We are adjusting our FY 2018 Enterprise Security revenue guidance range down slightly to reflect the reduction of approximately $25 million of forecasted Q2 in-quarter revenue that showed up on the balance sheet as deferred revenue. And we now expect 2% to 4% Consumer Digital Safety revenue growth compared to our previous guidance of 1% to 3%.
Supporting our Consumer Digital Safety guidance is the subscriber, ARPU and retention improvements we have already seen through Q2, as well as member growth resulting from the Equifax breach. We expect operating margins for fiscal year 2018 of 35% to 36%, compared to previous guidance of 36% to 37%, primarily driven by the divestiture.
Finally, we expect EPS for fiscal year 2018 of $1.66 to $1.76, compared to previous (33:46) guidance of $1.79 to $1.89. The $0.13 reduction to our prior EPS guidance is driven primarily by the divestiture, as well as M&A and divestiture related costs incurred in Q2.
On our last earnings call, we indicated the divestiture would have a full-year impact of $0.20 to EPS, which had included the benefit of equity income of $0.01 to $0.02. Our revised guidance does not include the EPS impact of income from our equity interest. We now expect FY 2018 cash flow from operations of $800 million to $1 billion.
This compares to the guidance of $1.0 billion to $1.2 billion that we provided at Financial Analyst Day. This updated guidance includes the impact of restructuring, transition, and other related project costs, which we continue to expect to total approximately $500 million in FY 2018.
Our revised cash flow guidance from operations includes the following.
Approximately $100 million reduction associated with the operations of the divestiture, approximately $225 million of one-time cash taxes, fees, and expenses associated with the divestiture, and approximately $125 million of benefit from other cash items including deferred revenue. Moving to our third quarter outlook.
Our third quarter guidance excludes the November and December plan for the now divested Website Security and PKI solutions. On a nominal basis, we expect third quarter revenue of $1.25 billion to $1.28 billion, up 4% to 6% in constant currency adjusted for acquisitions and divestitures.
We expect revenues for our Enterprise segment to increase 5% to 8%, and for our Consumer Digital Safety segment to increase 2% to 4%, with both growth rates adjusted for constant currency and acquisitions and divestitures. We expect total company operating margins of 36% to 37%.
And we expect EPS of $0.42 to $0.46, reflecting an underlying share count of approximately 674 million shares. Now, let me close with our medium term outlook. Looking out to fiscal year 2019 and fiscal year 2020, we continue to be very excited about our future. We are reiterating the guidance we provided on our last earnings call.
We expect total organic revenue growth for fiscal 2019 and 2020 to be in the mid-to-high single digits, with operating margins in the high 30s, and EPS growth in the low teens. This is supported by strong positions and growth potential in each of our business segments.
We have turned the corner on what Consumer used to be at Symantec, and feel strongly that we have the strategy, the brands, the marketing dollars, and the breadth of the digital safety platform that together support Consumer Digital Safety organic revenue growth in the low-to-mid single digits with operating margins over 40%.
And on the Enterprise side, the power of our Integrated Cyber Defense platform, based on our engineering capability, our installed base presence, strong in-place sales capacity and cross and up-sell opportunity that we are already seeing take place support our Enterprise Security organic revenue growth of high single to low double digits, with operating margins in the high 20s, post the divestiture.
Now let's transition the call to Q&A. Operator, please take it from here..
Certainly. Our first question is from the line of Sarah Hindlian from Macquarie..
All right. Thank you very much. Hey, guys.
I just wanted to get into the Enterprise segment and deferred revenues a little bit, there are some divergence there, which sounds like is mix shift related, but we'd love some color on what is driving that mix shift description in in-period revenues within the business line? And then, Nick, just as a follow-up, maybe you can help me quantify that impact across some of the reported Enterprise segment results in the period?.
Okay. Sarah, thanks for the question. Greg Clark here. So a couple of things that are going. First of all, we're very pleased with the amount of business that we sold in Q2. It was a big step up for us as you can see in the sequential and also, I'd like to underscore the margin increase that we drove.
We are seeing an increased commitment to our Integrated Cyber Defense platform. We are seeing a bigger uptake in our subscription product. This is driven by couple of things. We are at a point now where the feature parity between say a virtual client and an appliance is the same.
In fact there are some configurations where virtual clients even perform better than some physical appliances as there have been substantial improvements in things like VMware and the hardware underneath these platforms. So this is driving where we are seeing a capacity increase. We're seeing a very strong uptake of our ProxySG refresh.
We are seeing a movement to subscription there. We're also seeing as we have in our DLP product, a very powerful instance of the same DLP product cloud delivered. This does create the shift of in-period revenue to subscriptions. We are not cutting abnormal terms.
We're seeing normal terms and standard discounting, and this mix shift is driving an increase in deferred revenue. And as you can see from Nick's remarks, we are reaffirming our revenue guide and you noticed in the cash flow comments that we are increasing our fiscal 2018 cash flows.
So there is a strong correlation between the deferred revenue and actually selling the right amount of business in the quarter. Nick, anything ....
Yeah. Sarah, let me add a couple of points for you as well. So I indicated in the script that basically $25 million of forecasted in-quarter revenue moved to deferred revenue on the Enterprise side of the fence. So we can all kind of do the math on that.
And I think some of the deferred revenue statistics are pretty exciting here, and we've actually disclosed that on our CFO commentary, where we have done a full walk to really work through from GAAP deferred revenue, through purchase accounting, through Veritas, through LifeLock and through the divestiture, really what's going on at the time of deferred revenue lines.
And that is the underpinning to my comments about Enterprise deferred revenue growth, which is, let's say, clean of Website Security and PKI. That's up 12%. We've got growth on both the short term and the long-term side of the fence, but we're really excited about that deferred revenue growth.
And we look at the combination of in-quarter recognized plus deferred as really giving us a perspective on really the business conditions and the business performance in the quarter..
Also, Sarah, just at the financial Analyst Day, we added to the reporting metrics the deferred revenue because we wanted to be able to give people the ability to get a better handle on growth. Revenue plus deferred is the way to do that. We did anticipate mix shift. It's happening a little faster than we thought. And we're excited about it.
It's actually a good news story..
And our next question is from the line of Saket Kalia from Barclays Capital..
Hey, guys. Thanks for taking my questions here. Greg, maybe we'll start with you. Qualitatively if we look at the Enterprise business in the second half of this year excluding SSL, can you just walk us through the drivers for acceleration. And I've got a follow-up for Nick after that..
Yeah, definitely. I think one of the key things and we mentioned this in our comments on Financial Analyst Day. We now have a ramped sales force, and we saw that kick in, in Q2. We also have – the second half is bolstered by the Blue Coat refresh and the cross selling that goes on around that.
There were some examples of that in the prepared remarks, and we really have, I think, now seen enough evidence that we can execute the cross-sell in the Integrated Cyber Defense, which really that strategy is working.
We talked through a number of larger deals in the prepared remarks to give you some hands-on examples of that, and we have a pipeline now that is really commensurate with that ramped sales force. We're very excited about the size of it, and we still have work to do to close those transactions.
As we mentioned, there are some large ones in there, but we believe we'll be successful across all that. The other thing that's happening is competitors don't have the same value proposition.
And as you move to the cloud, and now you've got to get some cloud stuff to go, you've to get three or four cloud vendors to work in concert trying to deal with that SLA is really hard. So I think we've got a big leg up on the competitor.
And if you try to hold together those point solutions, especially in the cloud era it's very difficult for the CIO to do that, it's expensive, it's fragile.
And so we put all that together and we think that we've got ramped capacity, we've got the right product and we've got what we need as we look at our pipeline to deliver the growth in the second half. And that's given us a lot of confidence as you can see today reaffirming our outlook..
Got it. That's very helpful.
And for my follow-up maybe for you, Nick, can you just remind us how you recognize sales commissions? We talked about the $25 million that moved to the balance sheet, but can you remind us are you amortizing those sales commissions? Or do we have a little bit of a mismatch with upfront commissions and more ratable revenue?.
Those are amortized over time. So we see that and that is a policy that's been in effect at Symantec and it's something that any, in fact, any acquisition we do we move to that policy..
And our next question is from the line of Joel Fishbein from BTIG..
Good afternoon, guys. Just two quick ones, a question and a follow-up. Greg, obviously, the Integrated Cyber Defense is resonating here with the customers.
Are there any areas in that you think that you're falling short or where you need to augment the Cyber Defense platform going forward? And how are you feeling about current valuations that are out there right now?.
So I think we are very pleased with the portfolio that we have, both on the Enterprise Integrated Cyber Defense side and also on the Digital Safety side on Consumer, there are very strong portfolios. We have also driven a lot of integration with third parties, as well.
So we do have a really strong ecosystem of other ISVs that we work with in our portfolio. But right now, I think we like the product set that we have. And to talk about valuations, I think they change all the time. We're very disciplined around M&A.
We do small acquisitions, as you saw a few through the year that we can absolutely control our destiny and we really work out with our customers, make sure we can sell those. Those are definitely not going to upset anything in our finances.
And then we also are very disciplined around doing things that are good for our equity, as we mentioned in the past. We're disciplined around M&A and we like the setup we have right now, and we're totally able to execute our plans with what we have..
Great. And then just as a quick follow-up. You talked about the threat environment driving some adoption of proxy.
Can you just tell us where you think we are with proxy refresh? And if you think the threat environment will be driving quicker adoption there?.
I think I'll answer your refresh question first. We are seeing a strong adoption of the next platform in the new set of technologies in the refresh. Those rates are consistent with the last refresh. There may be some (46:46) running around for some of our competitors that are saying that's not going well. That's going very well.
And you can see in the deferred revenue build a lot of the cloud-based stuff is in the deferred revenue build and deferred revenue is larger than the whole world of many of those other competitors.
And so we're doing extremely well in cloud, and that is driven by the physical form factor moving to our virtual appliances which support software defined which is what a lot of our major customers and telecom players like.
And in addition to that, the pure cloud offering is growing very strong and we've got some great partnerships around the world on that. So we do think that that is happening and there's a very, very strong bright spot in our Cloud Access Broker, in our CASB front, that is posting some very impressive growth rates and some wins.
Again, it's all ratable to cloud delivered. And the threat environment, we are seeing some pretty strong reasons in the cryptography. The Internet as reported by sort of the conservative folks, is 50% encrypted, and I've had some telecom companies telling me and say, they think it's more like 85% encrypted right now.
And proxies and isolation, and there's the Fireglass acquisition, really deliver around being able to really hunt these threats down out of there and protect against that. So proxy demand is strong. It does not require infrastructure ownership to deploy, which means if you're using cloud and someone else is running it, you can still put proxy in.
So we do see strong demand for proxy, and that part of our business is alive and well. Again, there is a delivery platform that is ratable in the refresh. And we are excited about that because we are being designed into the future networks. And so as I mentioned before, this is something that we are excited about that mix shift. It is not an issue..
And our next question is from the line of Brad Zelnick from Credit Suisse..
Thanks very much, guys. I've have got one for Greg and a follow-up for Nick. So Greg, on the Consumer business, I think it's stronger than any of us would've imagined, even just a year ago.
Given that strength, would you consider spinning that business out to unlock value for shareholders and open it up to additional partnership opportunities?.
So I think the Consumer business, you're right, is fixed. It is a very strong growth engine and we are seeing that even outside of the influence of the Equifax breach that definitely had some very strong tailwinds. As I mentioned in the prepared remarks, there's a number of vectors in there. They're all going well. And we are ahead on the integration.
And we're ahead on that case and, as such, we're raising our outlook for that piece of the business. Also Financial Analyst Day, we talked about margins in the low 40s, and you can see they're coming in at the numbers that we're posting in the last couple of quarters.
So I would – if we go back a year and we took a look at what the overhang was on Symantec, it was that we had double-digits and high-single digit declines in a very big piece of the cash flow. That is fixed. We are now forecasting strong growth rates in that business at the size of business that it is.
Moving to your question as to would we spin it off, we like it right where it is. It is doing a good work. It is – we have two organizations in the business, one that focus on Enterprise, and one that focuses on Consumer, but I am extremely excited about this.
And as people work from home and mobile really sets in, in the world, even more than it is now, and work in business process, we think the clean home is a clean enterprise, and we definitely see a strong correlation between what we're doing in Norton Core and a much safer enterprise network.
And so we are excited about this, and we also have conversations in the service provider industry about what we're doing in digital safety that are very encouraging.
And so I'm very happy to report that after a year, if you take a look at the Consumer business when, last August, and you take a look at it today, that is a completely different situation. And I'm proud of the company and the team and the partners that helped us really deliver to that outcome..
That's helpful color.
And for Nick, just a follow-up on Joel's question, if we think about the shift to more cloud and virtual adoption for ProxySG and then we relate back to the Analyst Day expectation that you threw out for $1 billion refresh opportunity, now as the take rate, as we shift to more cloud and virtual, how should we be thinking about that? Or perhaps if you can't size it that way, just remind us when you think about the trade-off and the impact to what can be recognized in revenue to what gets deferred, how do we think that opportunity through?.
So I'd say, first of all, we laid out at our Financial Analyst Day, actually a couple of slides that showed the difference between the physical, the virtual and the cloud delivery model just in business in general, but certainly that refresh could be a perfect example for that.
Look, we knew actually in Q4 of last year before that Financial Analyst Day, and we hit that parity point on the engineering side between those platforms as well. So as we came into this year, we expected that this was going to be the case, and as it goes though, we have to expect a little bit of variability.
We saw a little bit of variability this quarter in business in terms of what we expected in-quarter versus deferred. We look at that go forward, we expect a little bit of variability go forward.
At the end of the day, and I think we've said this in a couple of different forms, at the end of the day, we have to be able to and we want to be able to help customer in whichever delivery mechanism they want. We have built in a move towards more ratable into our forecast and into our guidance for the year as it happens.
There could always be a little bit of variability, which we will give you full transparency on. I actually would also say around that full transparency point, if you go to that CFO commentary and you look at deferred revenue, actually taking out $300 million of WSS and PKI helps you see Enterprise all by itself.
So you have full transparency as to what's going on there, and we'll show you that quarter-after-quarter including all of the pieces from GAAP to non-GAAP. So I hope that's helpful. But built into this year was a view that the refresh would be occurring. We talked about that for the second half.
In fact, we also had indicated that front half of the year was going to be impacted by integration. We'd be ramping up the new combined sales force in the first half.
We'd be ramping them up on all the new products, new relationships with the channels, et cetera, and that would be coming to pass and coming through in top line, business and bookings growth and revenue growth in the second half, and we are on that path. We feel very good about it..
And our next question is from the line of Keith Weiss from Morgan Stanley..
Thank you, guys, for taking the question. I'm actually going to do a one-two punch, similar to my colleague, Mr. Zelnick, there. Starting off on the Consumer side of the equation, it seemed like you guys got a really nice bounce from Equifax.
Fran was out talking very bullishly about the impacts we saw, I think it was like six days after the subscriber adds that came from that breach. How should we think about kind of the curve of that impact? Obviously, it's going to be most front end loaded like when it happened, you guys try all the search terms, and we got shunted to LifeLock.
But how durable is that spike going to be? Or how quickly does it peter out and become normalized? And then longer term, does LifeLock or I'm sorry, Equifax having to give away more credit monitoring for free? Does that impact you negligibly long term or is that not really an issue?.
So, yeah, good questions, Keith. There was a ton of questions on Equifax. First of all Equifax didn't impact the Q2 revenues. It happened towards the end of the quarter, and the ratable recognition of that stuff didn't impact those results. It was de minimis in the Q2 results.
So a couple thoughts for you, and I went into some details in the prepared remarks. Equifax was good, and it definitely increased member counts in a significant way.
But what we also saw when we would offer the combined Digital Safety bundle that we've been talking about for a number of quarters to the Norton cohort when it came up for subscription or even in period work we were doing with them, we're seeing a much better uptake than we had modeled in our acquisition case of Norton folks just taking up for more money the LifeLock value proposition.
You also saw if you look at the search terms that people searched for LifeLock in substantial passion when they just think about identity.
So the strength of that brand is big, and we do think that there is a new normal for uptake in identity protection following Equifax, and that is more, it was very strong at the beginning but even weeks later it is sustained in a way that's different than some of the other big breaches like Anthem.
So something else happened, which also I think drives to the power of the digital safety concept. When the KRACK vulnerability came out and everybody talked about how dangerous roaming around on Wi-Fi was, now you could have pretty much easy access to traffic on the Wi-Fi through that vulnerability.
So if you were sitting in a Starbucks and some kid had some software and knew how to do it they could be siphoning off your communications. The spike in the VPN product is also very, very substantial and that product is a strong product, it's a $30 to $50 a year adder, and we're seeing that at very powerful growth rates as well.
And so the Norton conversion is good, the LifeLock uptake is very good, and we're also seeing the other products in the digital safety realm really lift as well. And then we bring in Norton Core, and we announced Norton Core at the beginning of the year, it won some accolades. We've had it in the market as a version one.
So we're careful with the introduction, and we're really starting to ramp that now. And we anticipate strong uptake there. So I think also coming back to identity protection, LifeLock does a ton more than just credit.
Credit it's very good at, but it also takes care of all the other kinds of identity theft, and so the bad guys that have all those identities and many of which they already had are used for other kinds of identity crime, such as criminal drivers' licenses, people buying guns in your name, people changing the address of registered properties and then working on various things, tax returns, other things.
And also if you have your identity stolen, which still happens all the time, the remediation and recovery of that is really delivered well from LifeLock.
So we are seeing better retentions, and we are seeing more uptake but I can tell you we're confident enough now to say that we believe that adjusted for acquisition the Consumer business is going to grow sustainably and at a strong clip.
And so in our guidance we're talk about mid-single digit growth rates, and we are seeing the de-risking of the business from the PC declines happening way better than we thought. And also we are within striking distance of PC unit growth. It's not far away.
And put all that together, and there was a lot of negative analyst comments on Consumer rightfully so a year ago, and we're hoping that this information is changing the outlook on that. And we're really proud of what we've accomplished there, that's one of the better turnarounds in my knowledge base..
Got it. That's super helpful. And, Nick, just on the full year 2018 guidance, I want to make sure I fully understand the bridge from the guidance prior to the – or the guidance coming out of last quarter to guidance coming out of this quarter. So there's the puts and takes.
You impacted for like $25 million in revenue that got put on to the balance sheet this quarter. The divestiture taken out of the guidance and you sort of added back some incremental benefit from FX.
Is there any – have you kind of adjusted your expectations about ratable versus getting license upfront in the back half as well? Meaning do you now have like an assumption for more ratable revenue coming from the Blue Coat side of the equation into the back half as well?.
Well, we had more ratable coming into the entirety of the year. So in terms of the first half/second half, I think that we have $25 million in Q2 that showed up as deferred revenue on the balance sheet. We have strong business activity and business activity on track to plan and guidance.
So as we go into the second half, we have a very, very strong pipeline. We feel very good about it. In terms of that ratable recognition, there's a significant amount of ratable business already happening here. We know that that can be a little bit variable or on the edges. So we have to be conscious of that.
We've tried to guide appropriately for those types of things in the second half of the year. And in terms of the Website Security business, and the Website Security and PKI solutions, in that second half guide, there's really no difference versus what we had talked about before on a full-year basis.
But you just have to remember that we're taking it out for the month of November through March. So in terms of walking prior guidance to current guidance, it is pretty basic in terms of just the two pieces, the divestiture and a little bit of FX rolling through there..
I think Nick makes a good comment. Looking at the second half, it's a big ramp in the second half. We understand that. We've got a pipe to support it. We've got capacity to support it. We have to execute the closure of that pipe. We feel good about our ability to do that. We do have a good mix of transactions in there.
Some are very large because the Integrated Digital Safety platform is working which is driving deal size up. There may be some timing in there, but we are definitely confident about the outlook, and especially the long-term outlook for what we're up to..
And our next question is from the line of Michael Turits from Raymond James..
Hey guys. Two quick ones if I can squeeze in. First of all, Greg, you talked a lot about SEP 14 and ATP and the new versions there. So what if any the impact that we see on renewal rates and/or ASPs, and I have a second question..
Yeah, it's a very good question. So first of all, I'd like to just remind everybody that we said we were, and I think predictability is extremely important in what we're doing. And a year ago, we said we were going to come after these gaps in our unified converged endpoint around EDR.
And some of these other things we actually innovated some more there and delivered a deception blade in there as well. But we have completed with SEP 14.1 a very solid piece of work around EDR and flight recorders. We believe we have now reached feature parity with the point solutions that did that and we have one major footprint with that.
We have 7 million odd deployments now of the EDR capability. So it is being battle hardened, and we believe that that is a huge footprint, and if you look at some of the folks that just specialize in that, I think we are going past their installed bases already.
So we do think that we have a very strong upsell capability around those value propositions that are delivered in SEP 14.1. SEP 14 also has been doing extremely well. And as we mentioned, we got a really good conversion rate in SEP 14 in our installed base.
And we do see strong improvement in what was less than acceptable renewal rates in prior periods before SEP 14 for the SEP agent. We've absolutely turned that around, and I think we are leading even in these advanced zero-day malwares, our AI detected WannaCry, stopped it, no signatures.
So we've got the proof that that's working and we continue to innovate that. And I think it's just a testament to the capacity and engineering that we have behind that problem. We shut that gap down in 12 months with quality product. And again, I'm really proud of that team.
I think they're really distinguishing themselves in the industry, and that set of threat researches that comes with them is differentiated. So I think we're going to do very well in Endpoint. As the Internet goes dark, Endpoint is going to become extremely, extremely important. And Mobile Endpoint is where the future lives.
And we're one of the only large vendors that's vending with our own technology, a full suite across Windows, Apple products, including Mac and iOS and Android. And so I think we're very well set up on the Endpoint. This is a space we're super serious about and we've got a lot of talent on it. And we're going to be there for the long haul..
Great. Thanks. Greg, my follow-up was I think for Nick. If I try to adjust for next quarter for pulling out two months and then pulling out (1:06:09) for five months on the full-year, it seems like you still even adjusting for that, you still came in below for third quarter but you're pretty close on the full year.
So it seems as if it's more of a fourth quarter versus third quarter skew.
Is my math right? And if so, why do we get this skew?.
In terms of the overall business, say on Enterprise, or what specific things you're talking about there, Michael?.
Yeah. Total numbers on revenue. A little bit....
Total numbers on revenue? Yeah. So, first of all, you do have to adjust for that Website Security and PKI in Q3. So we're talking about taking out and leaving in one month, basically. The overall revenues for the back half are pretty much what we expected them to be for that side of the business.
So there's really not much difference there in the terms of build-up versus our original view of the year. Obviously, we never gave like specific Q2, Q3 type of ramp. But as we look at the revenue stream for the second half, we're very satisfied and feel very strong in our position there.
As you may have seen, we tweaked a bit the Enterprise down basically by the Consumer. I'm sorry, by the second quarter $25 million Consumer up, basically the same amount inside of that overall revenue guidance for the year. That's pretty much all we've done to it. So we feel on track for what we're planning to do.
We feel like we've got the pipeline on the Enterprise side, the position, as Greg indicated, the sales capacity in place. And then, obviously, the consumer metrics as well supporting that side of the fence. So we feel quite good about it..
Okay..
And at this time I'm showing that we are at time.
Presenters, do you have any closing remarks?.
I'd just like to thank everybody for joining our calls and thanks for your support. And I look forward to next time. Thank you very much..
Ladies and gentlemen, this concludes the Symantec second quarter earnings call. We thank you for your participation. You may now disconnect..