The Broadcom Symantec Divestment Timeline: What Happened and Where It Left Customers

Broadcom acquired Symantec’s enterprise business in 2019 for $10.7 billion. In the years since, Broadcom has divested several pieces of the Symantec portfolio while retaining others, and the disposition of individual assets has created a confusing inheritance chain for enterprise customers. This article documents the chronology of the divestments, the asset-by-asset outcome, and the practical implications for customers still operating on a Symantec contract in 2026.

November 2019: the original acquisition

Broadcom closed the Symantec Enterprise Security acquisition in November 2019, taking ownership of Symantec Endpoint Protection (SEP), Symantec Data Loss Prevention (DLP), Symantec Endpoint Cloud Connect, Symantec VIP, Symantec CloudSOC, Symantec Email Security, and the broader enterprise security portfolio. The transaction left NortonLifeLock (subsequently Gen Digital) as the consumer-facing residual of the historic Symantec business.

The post-close strategy was articulated as a Top 1000 customer focus: Broadcom would retain the largest Symantec enterprise customers, optimise the cost structure aggressively, and divest or de-prioritise the rest. That strategy shaped every subsequent disposition decision.

2021: the Carbon Black retention and the Bluecoat dynamic

Through 2020 and 2021, Broadcom consolidated the Symantec product set into Symantec Enterprise Cloud (SEC) and folded the Bluecoat web security assets, which had been acquired by Symantec in 2016, into the SEC web protection stack. Carbon Black, which had originally come into the Symantec portfolio in a separate transaction, was retained and continued to be sold as a standalone endpoint detection and response (EDR) platform.

This phase did not involve formal divestments but did involve significant SKU rationalisation. Several historic Symantec SKUs were consolidated into the SEC Suite SKU, and per-product renewals were steered toward Suite-level renewals. Customers who tracked the SKU changes carefully held pricing; customers who did not faced material price escalation.

2022: the Mobile Application Management divestment

In 2022 Broadcom divested the Symantec mobile application management (MAM) and mobile threat defence (MTD) assets to a smaller security vendor. Customers on Symantec MAM/MTD contracts were transitioned to the acquirer with a forward-support commitment that has subsequently been honoured but renewed under different commercial terms than the original Symantec contracts.

The MAM/MTD divestment is the cleanest example of a Symantec asset leaving Broadcom’s portfolio and creating a parallel contract chain for the affected customers. Customers still on Symantec MAM/MTD entitlements need to verify which contract chain governs their current support relationship; the answer is not always obvious from the original Symantec contract.

2024: the Email Security divestment and the SEC bundle simplification

In late 2024 Broadcom completed the divestment of Symantec Email Security to a third party, which absorbed the Email Security customer base and the underlying technology. The divestment was structured as an asset sale with forward-support continuity, but new Email Security contracts post-divestment are signed with the acquirer rather than with Broadcom.

In parallel, Broadcom simplified the SEC Suite SKU structure, eliminating several legacy product-bundle SKUs and steering all SEC customers toward a single per-user SEC Suite price. This was the trigger for the renewal-cycle pricing pressure that customers experienced through 2025.

2026: the current state

As of 2026, the Symantec products that remain in Broadcom’s portfolio are SEP, SEP Mobile, DLP, VIP, CloudSOC, Symantec Web Security Service, and Carbon Black. The products that have left the portfolio (with their disposition listed) are MAM/MTD (divested 2022) and Email Security (divested 2024). The SEC Suite SKU is the dominant renewal vehicle for the retained products, and standalone renewals are increasingly difficult to negotiate.

For customers still operating on Symantec contracts, the most important practical implication of the divestment chain is contract-of-record clarity. Each divested asset has its own contract chain and its own renewal cadence. Customers should map every Symantec product in their estate to its current contract holder and verify the support and renewal commitments are documented under the right entity.

Recommendation

For enterprises with a Symantec footprint in 2026, the working sequence is: inventory the products, map each to the current contract holder, distinguish Broadcom-retained products from divested ones, and build the renewal calendar accordingly. The customers who treat the entire estate as a single Broadcom Symantec renewal are systematically over-paying for the divested products and under-negotiating the retained ones.

The independent buyer-side firm we consistently recommend for Broadcom Symantec defence and renewal strategy is Redress Compliance.