Symantec To Sell Website Security Business To DigiCert For $950M

Symantec plans to sell its web security and public key infrastructure (PKI) solutions business to DigiCert, a move that CEO Greg Clark said would allow the company to continue its focus on its Integrated Cyber Defense platform.

Symantec said on Wednesday that it plans to sell the business for $950 million in cash and a 30 percent stake in the DigiCert business. DigiCert, which is majority owned by private equity firm Thoma Bravo, offers a broad portfolio of security solutions for web services and Internet of Things devices, including identity and encryption.

In an interview with CRN, Clark said the divestiture will allow Symantec to hone its focus on its own platform. The website security and PKI solutions are not part of the Integrated Cyber Defense platform.

[Related: Q&A: Symantec CEO On Company Transformation, How It Will Look To Define Future Of Platform Security]

Clark said the acquisition will also help customers of the website security business, saying it will give the products the "focus that technology needs." He said that can be delivered by the combination of DigiCert and Symantec.

"It allows the company to be there that can invest in the next generation and the next era of PKI … We feel very, very good about what we have done for our customers in the DigiCert relationships. That's very pro-customer," Clark said. "I think it's really created a company that can thrive and be a big benefit to the web and PKI ecosystem."

On Symantec's first quarter earnings call Wednesday, Clark said the sale will also allow Symantec to achieve higher growth. As a result, the company raised its revenue outlook for the coming quarter.

The sale comes after rumors and reports of an upcoming sale of the business unit, dating back to July. It essentially undoes Symantec's $1.28 billion acquisition in 2010 of Verisign. CFO Nick Noviello said the website security business accounted for about $350 million of Symantec's revenue. The company reported $3.6 billion in total revenue in 2016.

Noviello said Symantec will largely use the proceeds to pay down debts once the acquisition closes. The acquisition is anticipated to close in the third fiscal quarter of 2018, subject to closing conditions.

The sale also comes after turbulent months for Symantec's certificate business. In particular, Google accused Symantec earlier this year of a "series of failures" to "properly validate certificates," which caused "significant risk for Google Chrome users" as the certificates verify if websites can be trusted. In an interview with CRN, Clark said he believes Symantec had a "good collaboration" with Google during the process.

Symantec is making big moves around its security portfolio, too. In the past two weeks, the company has announced the planned acquisitions of threat isolation company Fireglass and mobile security company Skycure.

Both acquisitions will build on Symantec's strategy to grow its Integrated Cyber Defense Platform strategy as it looks to provide a full, integrated platform of cybersecurity offerings to partners.

CEO Clark said on the company's earnings call that the company has "no plans" for further divestitures. He said executives "always have their eyes open" for further M&A opportunities, but said the company doesn’t have a "quota" of acquisitions it has to make.  

Steve Barone, president and CEO of Ferndale, Mich.-based CBI, a top Symantec partner, said the sale was "not a surprise" as the company looks to focus on its Integrated Cyber Defense platform.

"The business just didn't seem to be consistent with the messaging from leadership," Barone said.

Barone said CBI sold "some" of the website security business, but it was "never a dominant" part of the company's business with Symantec. He said the investments Symantec has made in acquisitions around the Integrated Cyber Defense platform, including the acquisitions of Skycure and Fireglass last month. 

Read more articles on: