諾頓 (NLOK) 2016 Q4 法說會逐字稿

Good day, and welcome to Symantec's fourth-quarter 2016 earnings conference call. Today's call is being recorded.

At this time, I would like to turn the conference over to Jonathan Doros. Please go ahead, sir.

Good afternoon and thank you for joining our call to discuss fourth-quarter and FY16 earnings results. By now, you should have had the opportunity to review our earnings release and supplemental information. We've also posted the earnings materials and prepared remarks to our Investor Relations events web page.

Speakers on today's call are Mike Brown, Symantec's CEO, and Thomas Seifert, Executive Vice President and CFO. This is a live call that will be available for replay via our webcast on our website.

I'd like to remind everyone that all references to financial metrics are non-GAAP unless otherwise stated. Implied billings refer to revenue plus the change in sequential deferred revenue excluding the portion of Veritas deferred revenue. We provide year-over-year constant currency growth rates in our prepared remarks except for statements about net income and EPS. Please note non-GAAP financial measures referenced during this call are reconciled to their comparable GAAP financial measure in the press release and supplemental materials posted on our website.

Today's call contains forward-looking statements based on the environment as we currently see it. Those statements are based on current beliefs, assumptions, and expectations, speak only as of the current date, and as such, involve risks and uncertainties that may cause actual results to differ materially from our current expectations. Please refer to the cautionary statement in our press release for more information. You will also find a detailed discussion about our risk factors in our filings with the SEC, and in particular, in our Annual Report on Form 10-K for the year ended April 3, 2015.

All non-GAAP revenue and expenses exclude the impact of Veritas. However, continuing operations deferred revenue on the balance sheet includes a portion of Veritas deferred revenue from Symantec and Veritas bundled contracts entered into prior to operational separation. The Veritas deferred revenue from those contracts will amortize into discontinued operations. As a result, implied billings growth calculated from the change in deferred on the balance sheet will not represent a standalone Symantec's performance as it will include an impact from Veritas.

And, now, I'd like to introduce our CEO, Mike Brown. Go ahead, Mike.

Thanks, Jonathan. As many of you know, we provided preliminary fourth-quarter results on April 28 and also announced that I will step down once our next CEO starts.

Last November, as we entered the second half of Symantec's three-year transformation, we outlined four priorities. First, delivering new products that leverage our unified security strategy. Second, building our go-to-market capabilities in Enterprise security. Third, further improving our cost structure to eliminate stranded costs from the Veritas transaction, and going further to achieve 30%-plus operating margins in FY18. And, fourth, continuing to efficiently allocate capital.

I'll cover our progress and plans on the first two of these. Thomas will cover in more detail the cost structure improvement work and updates to our capital allocation.

Let's start with a view of the threat environment, and then I'll share how our unified security strategy addresses what we're seeing. The threat environment continues to obstruct Enterprise's ability to efficiently conduct business and will cost our global economy in the neighborhood of $2 trillion to $3 trillion annually. To combat this, Chief Information Security Officers are looking to standardize on integrated security platforms which incorporate visibility, faster mediation, and analytics to secure their environments from advanced threats and manage more cloud-based workloads.

Through our unified security strategy, Symantec is bringing to market a wave of organically developed solutions to provide our customers with four key capabilities. One, visibility into a broader view of the threats. Two, automating repetitive tasks that security operations analysts face as well as enable these professionals to remediate threats not just monitor alerts. Three, protecting more cloud-based workloads through our new security as a service offering as well as provide visibility and protection to these workloads through our information protection solution. And, four, accessing Symantec's global intelligence network in realtime to help understand which of the 8 trillion objects we're monitoring are threats to that customer's environment.

Many companies offer the potential of security analytics, but only Symantec offers an unparalleled amount of data upon which to run these analytics. Many of the network security vendors in the market today such as FireEye and Palo Alto only provide threat protection offerings. These offerings are focused on keeping bad actors out of the network and do not provide protection for the data itself. Symantec combines the power of threat protection to keep bad actors out plus offerings we call information protection to secure the data and authenticate users.

These information protection offerings are DLP, encryption, identity and access management, and user behavior analytics. The combined power of our threat protection and information protection offerings along with Symantec's global intelligence network is our platform for not only protecting customers against threats but also authenticating users and protecting critical data. Symantec is the only security Company with a platform this broad or with the access to this much global realtime data on which to run analytics.

With our new offerings this year, we will bring more of the power of this platform approach to customers to provide more secure outcomes. The first of our new offerings to leverage this unified security strategy is our ATP solution which consists of ATP Endpoint, ATP e-mail, and ATP network. Our ATP Management console provides a single pane of glass that correlates threats across our network, endpoint, and e-mail solutions to determine the highest impact threats to an organization and provide faster mediation. In addition, our ATP solution leverages the Symantec global intelligence network to spot threats that have affected any of our global base of 370,000 Enterprise customers and 65 million consumers to stop these threats from spreading.

In future releases of ATP, we plan to provide a complete set of third-party APIs and integrations into other major security products. We expect this third-party functionality to be released during our current fiscal year and will include out-of-the box integration to major SIM, network, and IT ticketing workflow products to help customers leverage their existing security investment.

Additionally, we will be adding an agent-less endpoint detection and response capability that will enable us to sell ATP into environments with competitors endpoint products. In other words, ATP will work with competitor endpoints to provide advanced protection and triple our addressable market for this ATP solution.

In FY17 beyond ATP, we will launch additional new and organically developed offerings which leverage our unified security strategy. First, Symantec unified endpoint protection, a fully SaaS-based endpoint security and management solution aimed at small and mid-size Enterprises. Second, data center security dot cloud, a fully cloud-based solution to discover and automatically secure cloud workloads on AWS and Azure. And, third, the next version of Symantec endpoint protection, or SEF, which will include further enhancements in areas such as cloud-based detection, proactive exploit protection, and machine learning.

As mentioned before, Symantec is unique in the industry in providing information protection solutions as part of its platform to protect data as it travels from on-premise to the cloud. In order to provide visibility into the movement of this data and these cloud-based workloads, Symantec combines its industry-leading data loss prevention and user authentication solutions.

During FY17, we plan to release additional DLP cloud enhancements for cloud services such as box, one drive, and salesforce.com, and user authentication enhancements for continuous and proximity-based authentication. We are already selling DLP cloud for Office 365 and Gmail. Additionally, we authenticate over 1 billion devices a year and provide millions of users with multiple factor authentication without the need for passwords.

Beyond our threat protection and information protection offering, the third part of our portfolio is cyber security services, which monitor third-party offerings as well as our own products and customer environments, making this service a source of additional data about the threat landscape while this service also benefits from our global intelligence network. As a result, these offerings also leverage our unified security strategy. We help customers during every stage of the attack life cycle by providing the security and threat intelligence expertise required to protect customers environments since security expertise is so scarce.

Now, let's talk about the second of those four transformation priorities, building our Enterprise security pipeline by improving our go-to-market capability. During FY16, we re-energized our brand to focus solely on cyber security, aligned marketing dollars against dedicated sales plays, and went to market with security-only sales professionals. Given the number of our new offerings coming, we are building a robust pipeline with our direct sales force and our channel complemented by new marketing efforts. We are investing in a more powerful lead generation engine to improve the quality of the pipeline marketing is delivering to sales.

We are adding 20% more quota-carrying field reps without increasing our sales spend by reducing further sales overhead. We are also continuing to focus on channel partners with more security expertise through our award-winning secure one program that certifies our partners on our products and provides better rewards for those partners that focus on Symantec. However, we also saw that during the fourth quarter, our new business mix was weighted towards subscription and rateable type contracts relative to on-premise licenses.

Considering the cloud-based nature of the new products we are bringing to market, the majority of these products will be sold as subscriptions. Beyond the changing cloud-based mix of our new products, customer buying preferences for our existing products are shifting to deals with more subscriptions or rateable revenue to lower their capital expenditures and provide increased security as a variable operating expense.

We expect this trend toward more subscriptions to continue, and as a result, we will see a head wind to the year-over-year comparison for our in-period license revenue which will be offset by a corresponding tail wind to deferred revenue. Thomas will further outline this business model transition in more detail in his remarks.

Now, let me provide an overview to our fourth-quarter results which reflect this shift to less in-period license revenue and more subscriptions sold. Enterprise security revenue was down 4% driven by declines in both threat protection and information protection that were offset by growth in cyber security services and other services.

Within threat protection, endpoint security again grew in total. ATP performed especially well during its first full quarter of availability as we sold over 1.2 million ATP subscriptions with a number of high profile wins across verticals. This initial penetration represents just a fraction of our total Symantec endpoint protection installed base.

We are seeing pricing for ATP endpoint well in excess of 100% of current SEF recurring revenue as we sell an ATP subscription for a multiple of our SEF renewal subscription. We already have a FY17 sales pipeline of well over $100 million for ATP across a variety of industries and customer sizes.

Within information protection, DLP revenue for Q4 declined 5%. The Q4 DLP decline was mainly the result of more new business shifting to subscription versions of DLP and lower-than-expected close rates of large DLP deals. For FY16, DLP grew 13%.

TSS revenue grew in the quarter 5%, and new business activity measured by billings increased at double-digit percentage rates. In the second half of 2016, we witnessed improved execution across our services business through the addition of sales specialists and our CyberOne offering. CyberOne provides the value of our CSS solutions in one comprehensive offering, our monitored service, incident response, threat intelligence and simulations training.

Revenue from our website security offerings to protect eCommerce grew 1%. During the fourth quarter, significantly we launched encryption everywhere which is a premium offering available through web hosting providers to integrate entry-level encryption into every website. We expect encryption everywhere to enable us to grow our unit market share dramatically and generate revenue upside from a range of security solutions as we convert newly acquired free customers to premium website services.

Moving to our consumer security business. The underlying fundamentals of our consumer business continue to improve driven by the move to subscriptions as well as acquiring new customers online and through partners rather than through OEMs. Later this year, we will expand our opportunity through new consumer upsell offerings for Wi-Fi privacy and identity theft protection.

As of March 2016, over 95% of customers in the US were enrolled in Norton subscriptions and renewed automatically. In line with our expectations, we saw higher year-over-year retention rates in March and April.

By this fall, customers worldwide will be renewing their Norton subscriptions automatically as we reach the one-year anniversary of transitioning customers to our subscription service in Europe and Japan. We continue to grow our online acquisition of customers which grew 10% during the fourth quarter and 15% for the full year. Norton Mobile offerings sold through our Telco partners grew 67% in Q4 and 50% for the fiscal year. This growth did not include any impact from the Indian Telco we announced last quarter where we expect to begin generating revenue during this fiscal year.

For FY17, we continue to expect the consumer revenue declines to moderate to down 6% to down 3% and be able to maintain operating margins in the low to mid-50%. And, for FY18, these declines will moderate further.

Now, I will turn the call over to Thomas.

Thank you, Mike. Today, I'll provide a brief review of our fourth-quarter results and capital structure, expand upon the key areas of our $400 million efficiency improvement program, outline our shifting business model, and conclude with our financial outlook. Additional details are provided in our CFO commentary which is available on our Investor 4elations website.

Fourth-quarter total revenue was $873 million, a decline of 6%. The US dollar strengthened slightly against most major currencies compared to the year-ago period which created a headwind of approximately $3 million to fourth- quarter revenue on a year-over-year basis.

Deferred revenue was $2.6 billion which includes $330 million deferred revenue from Veritas. Implied billings, excluding Veritas, were $1 billion and grew 3% year-over-year on a reported basis and benefited from a tail wind from currency. Non-GAAP operating margin for the fourth quarter was 25%, and fully diluted earnings per share were $0.22.

Turning to cash flow. Cash flow from continuing operating activities for the March quarter totaled $1.2 billion and include $74 million in outflows related to restructuring and separation costs and a $900 million benefit from taxes payable related to a gain on the sale of Veritas. In regards to this payable, we will pay approximately $900 million in cash taxes on June 15.

In line with our previous capital structure plans and in order to maintain flexibility in our capital structure by returning significant capital to shareholders, we have recently closed a $2 billion credit facility. $1 billion of this facility is a term loan which we fully borrowed at close. The loan matures in three years and is pre-payable. The remaining $1 billion is a five-year revolving credit facility and replaces our existing $1 billion revolving credit agreement. As a reminder, we've returned $4 billion of the Veritas receipts, and we will return $1.3 billion by the end of the current fiscal year.

Moving on to our $400 million cost efficiency program. As you can see from our segment results, the consumer security business operates at a solid margin in the low to mid-50%.

Within the Enterprise security segment, our website security products are over 95% recurring revenue and operate at a healthy operating margin above our corporate average. As a result, the savings that result from our efficiency plan will mainly benefit our Enterprise security products.

Our net $400 million efficiency program is composed of savings across stranded costs from the Veritas divestiture, procurement, organizational effectiveness, real estate, and Enterprise security portfolio sensification. Let me quantify the approximate savings we expect to realize from each of these areas.

First, TSAs and stranded costs across IT and other shared services left over from the divestiture of Veritas. In total, we expect to achieve approximately $130 million of savings from eliminating these costs.

Second, procurement. We are tightening our focus on how we spend across the more than $1 billion of products and services we consume. We have identified over $100 million in procurement savings that we are in the process of achieving.

Third, we are improving our organizational efficiency to remove layers of management, consolidate operations and re-balance some positions to lower cost regions. These changes to the organization will result in just under $100 million in savings and reduce our net headcount by approximately 1,200 positions.

Fourth, we expect to improve our real estate utilization by 25% which will result in an estimated savings of approximately $35 million. And, finally, we are streamlining our spending within our Enterprise security product portfolio to invest in solutions that accelerate our unified security strategy. As part of this initiative, we are reducing the number of SKUs, and we are improving how we deliver our technology to customers. We expect to achieve approximately $50 million of savings from this initiative.

As part of our $400 million in net savings, we will be taking a $230 million to $280 million charge in restructuring to all our GAAP results over the next two years. Of the $400 million in reductions, we expect just over 50% to be realized in FY17 on a run rate basis, and this enables us to enter fiscal year at an operating margin of 30%. Let me now provide an overview of our Enterprise security performance during the fourth quarter and some insight into our shift to more subscription and ratable revenue.

Enterprise security revenue declined 4% as a shift in customer buying preferences resulted in less license revenue during the quarter and more revenue being deferred through future periods. This included a faster-than-expected shift within our product mix to subscription and ratable contract structures. Specifically, the move to a more ratable mix resulted in just over a $30 million revenue shortfall relative to our internal forecast, but our deferred revenue overachieved by a similar amount. This provides a tail wind to our FY17 revenue outlook.

However, we expect the trend of lower in-period license revenue to continue, and as a result, we expect a head wind to billings and revenue growth that will vary depending on the speed of this transition. Underlying this shift, we will still see solid demand for our solutions and expect sustainable long-term top line growth for our Enterprise security solutions.

Now turning to outlook. We expect Q1 revenue to be down 6% to down 3%. Operating margin of 24.5% to 26.5% and EPS of $0.24 to $0.26.

For Q2, we expect revenue frozen margins to be similar to Q1 and improve in the second half of 2017 as we benefit from the deferred revenue tail wind of more ratable revenue and start to see the results from our efficiency program. We expect FY17 revenue to be down 4% to down 1% from a segment standpoint. We expect FY17 consumer security revenue of down minus -- down 6% to down 3%, and Enterprise security revenue to be down 2% to flat. F17 operating margins and EPS are expected to be 26.5% to 27.5% and EPS between $1.06 to $1.10, respectively.

In summary, when you put all of these changes together, we believe that FY18 will be a much stronger year both for top line growth and for improved profitability. As we enter FY18, we expect total revenue performance to improve as we benefit from the declines in the consumer business moderating to down low single digits. The shift in more subscription and ratable revenue will provide a growth tail wind to our Enterprise security business. And, from a profitability standpoint, we expect to enter FY18 at 30% operating margins, and for the full FY18, we expect operating margins of 33%.

In conclusion, our consumer security top line declines are moderating, and profitability remains solid. Our Enterprise security segment is in the early innings of the most robust organic product cycle in the Company's history, and at the same time, we are focused on improving the profitability of the Enterprise security business to drive long-term value for our shareholders.

Thank you, Operator, we'll now take some questions.

(Operator Instructions)

We'll take our first question from Raimo Lenschow with Barclays.

Hi, thanks for taking my question. Two quick questions if you're okay with that. First one is if you look at the drivers for the Enterprise security business you laid out for 2017, can you talk a little bit more about those because at the moment so I get licenses going to being [subscribing]. Deferred is going to be better, but you have as an ongoing theme.

So, are we flying blind a little bit because we don't know what's going on? Or, can you help us a little bit understand on the different puts and takes there? And then, I have a follow-up, please.

Yes, we aren't flying blind. Like many other Enterprise software security companies, we are dealing with similar changes in how new products are sold and how buying preferences are changing. That should not be a surprise. We have seen the first impact of that in Q4, and we tried to anticipate that with the guidance we give for F17.

FY17, if you compare original expectations to where our guidance is now, I think there's three moving parts. For sure, there is a deferred revenue tail wind from our performance in Q4. We said we overachieved our deferred revenue expectations by about $30 million. That is a tail wind moving into FY17 for sure.

We have adjusted our assumptions on product mix and yield and the linearity we see because of that, and we put some conservatism on the numbers to make sure that this transition is predictable from a communication perspective. If I had to give color then that is probably a 70/30 mix in terms of the factors that I just talked about.

Raimo, maybe if I could just add -- if you step back and look from the model changes as we talked about, we're extremely enthused about the new products that are coming. And, of course, we're getting a second year now of a focused marketing and sales effort on security only.

So, we've learned a little bit from what we did this year, and we're making those improvements I talked about on my prepared remarks as we go into FY17. I think the overall strength of the portfolio is improving, and I think if you were to look at the business separate from this model shift to increasing subscriptions and rateable business, you'd see continued strength.

In fact, we saw the Enterprise security business in total up about 1% for each of the quarters this year. If you modeled in the revenue -- if it appeared in-period in Q4 versus going on the balance sheet in deferred, you'd see a similar trend for Q4.

And, we expect the strength of those new products, the market demand for what we're doing, and the improvements in go-to-market would result in similar improvements as we go into FY17. But, the guidance that we give now reflects what we're seeing in terms of this shift in the customers' buying preference, and, of course, the shift in our offerings to be more cloud-based.

Okay, that helps. And then, a question on the consumer side. Now that you have more guys on subscription in the US and then turning into Europe, et cetera, as well. What's the story around the OEM business?

You mentioned on the call you have less business from OEM because the [average] demand drivers are working, but should you not be able to monetize the OEM channels better given that your customer lifetime, you should be better with subscription?

Yes, that's exactly right. As we look at the business today, we're still seeing declines from the OEM channel. So, of our total customer mix, OEM is a much smaller proportion. That's what we reflected in the prepared remarks.

However, you're correct. If we look at the customer lifetime value given the higher retention rates, we have higher lifetime values for customer which will allow us to be more competitive as we look at OEMs that we might want to bring on in the future. And, we are having those discussions now.

But, as we've said so many times in the past, this isn't about adding revenue as fast as possible. It's really about making sure that revenue is profitable. So we are not going to be quick to jump into any deal that doesn't look attractive to us.

Let me add to that. I think there is a strength in the changes in the business model are really that we are interacting with our customers directly, and I think this direct access and communication with our customers has helped us to rebuild the business model and get to the subscription and enrollment rates we enjoy today. We always have to be aware that an OEM deal is indirect model to get to business, and that's why what Mike said is so important.

For us adding and keeping the profitability and the health of this business segment, we have worked hard to keep that is key. That doesn't mean that we do not engage into OEM deals, but they have to be well thought through and they have to add to the model we have put in place.

I think you might have been going rather to the question of the guidance included any OEM deals, and the answer to that is no. We've assumed no OEM deals in the guidance we talked about.

Okay, thank you.

Thank you.

We'll go next to Andrew Nowinski with Piper Jaffray.

Good afternoon. Thanks a lot. Just have a few questions for you. First, I think you said you're seeing ATP pricing well in excess of 100% of your current SEP recurring revenue. Is that pricing all incremental to your SEP recurring revenue? Or, is that more of a replacement?

It's incremental. We're seeing a number of factors when we're selling ATP, Andrew. The first is that we're seeing the SEP maintenance pricing or the renewal pricing hold much more firmly. So, that's a positive.

We're seeing the renewal rates for SEP improve, and in some cases, we're able to expand our footprint as customers are expanding the number of SEP endpoints that are under protection. Those are all three very positive trends.

And then, additionally, we sell ATP as a subscription which we're selling for multiples of what the SEP renewal rate is. So, it's at least 100%, and in many cases, much bigger factor than that. When you put that all together, we're pretty excited about what we're seeing both with the adoption of ATP and with what the revenue uplift can be.

Okay, thanks. And then, just a quick question on your sales capacity. I think you said you're adding 20% more quota-carrying field sales reps. But, can you give us any color on how your sales force was structured maybe even prior to the sale of Veritas?

What I'm trying to understand is did you lose sales reps as part of that split so that net increase to the sales force is less than 20%? Are you actually giving us of the net increase there with the 20%?

It's a net increase. We separated the sales force but that happened at the beginning of FY16 to Veritas and Symantec. We're saying relative to the base we started with in FY16, we've now added 20% more quota-carrying, and we're doing that by just adjusting the mix of what folks are doing within sales. So, fewer folks in sales that were non-quota-carrying, we were adjusting that down to give more capacity in the field itself.

Got it, thanks.

We'll go next to Matt Hedberg with RBC Capital Markets.

Great. Thanks for taking my questions. I had another question on your consumer business. It sounds like you are not assuming any real uplift from OEMs. I'm also curious to what extent could you talk to us about your renewal assumptions embedded in that guidance? And then, you've talked about this Indian Telco deal before. Do you assume any uplift from that deal in your down 6% to down 3% guide?

From which deal?

Indian Telco.

Yes, so you're correct. We aren't assuming any OEM deals in the guidance so the guidance would change if we do an OEM deal. We haven't really given renewal rates as you know for the consumer business, but we have seen a dramatic improvement for those customers who are already on the subscription.

They renew automatically. There's no what we used to call a auto renewal process so if someone's credit card is current, they basically get notified that their subscription is continuing and they don't need to take any action.

And, as with so many consumer products that we're all familiar with, the retention rates for those customers in a subscription is so much higher. We're seeing the benefit of that. We commented that we particularly saw that in March and April as we're now seeing the one-year anniversary of when we moved those customers into subscription.

And then, the Indian Telco that we announced, which is one of the examples of monetizing mobile protection for consumers, we expect that to contribute to FY17 revenue for Norton.

Okay. And then, for Thomas. Can you help us with your cash flow assumptions from ops next year? I know you have talked about, I believe, a $700 million rate ex-one-time items. Is that the right way to think about cash flow from ops next year?

The $700 million is still the right baseline before we hit one-time impacts like from restructuring. We just talked about the restructuring charge we expect to incur over the next two years -- $230 million to $280 million.

It will not be exactly even across the two years so you would have to expect a little bit more front-end loaded. 60% in the first year, 40% in the second year. But, net of these effects, there's a natural run rate of $700 million in the near term and then improving once we take full benefit of the $400 million of cost reductions.

Great, thank you.

(Operator Instructions)

We'll go next to Keith Weiss with Morgan Stanley.

Excellent. Thank you for taking the question. I wanted to dig into your Symantec endpoint protection business and the impacts on the competitive environment that you've seen from now having the new ATP solution out there. One of the bear cases around Symantec had been these next-generation endpoint vendors are starting to wear away at the base.

So, I guess two-part question. One, can you comment on how well that base is sustaining? And, two, does the new product change that competitive dynamic at all?

Yes. Thanks, Keith. We're seeing that our endpoint protection is holding up quite well. In fact, growing as I mentioned even in the face of some other parts of the portfolio that are declining. We continue to be very enthused about how SEP is doing, and I think that's because many of these other endpoint protection companies out there -- one, require you to put an additional agent on to get a level of protection. And, two, are boasting about some of the protection that goes beyond anti-virus.

Symantec's endpoint protection, or SEP, already has that. We are already -- as we've talked about so many times before. We are already putting multiple protection engines into the SEP capability, and we continue to add to that.

One of the 12 new products that I've talked about coming for this fiscal year that started with ATP is the next generation of our SEP offering which includes as we talked about some of those key capabilities. More detection in the cloud which shifts some of the workload to the cloud versus the agent itself makes it so much more efficient.

Proactive exploit protection which gives us the ability to see different behaviors of malware and block those by understanding how those typically manifest themselves. And then, more advanced machine learning. We continue to improve on what SEP is capable of doing.

We think about next generation as having a couple of key aspects. One, are you providing advanced protection beyond AV? We're already doing that today -- have been doing it for years. Many of these new competitors are, as I said, crowing about one slice of what's required in protection that's beyond AV.

The second would be what can you protect across different control points? Can you control for threats that would come in across e-mail, across the network, and across endpoint? Obviously, our ATP capability does that. What can you do to remediate threats so do you have EDR capability?

And then, the fourth, very importantly, can you scale to hundreds of thousands of endpoints without affecting performance? So, we believe in fact that Symantec is the only vendor that can provide all four of those in what we'd call next-generation endpoint protection.

And then, I'll just point to the third-party view. In February, we announced that pretty rigorous testing organization AV-Test gave us the number one award on consumer and Enterprise. It was the first time that was ever given to the same Company with 20 different endpoint providers were tested, and we came out number one. Blocking more threats effectively with fewer false positives. So we believe we have got third parties verifying what we're saying about endpoint protection from Symantec.

That's helpful and one follow-up. In terms of the outlook you now have for additional lending capacity, how should we think about your view on M&A on a going-forward basis. Part of the purview of Symantec is to pull more security under the umbrella. Does that include M&A in the near term? Or, is it mostly going to be on the back of organic development?

I would say primary in our thinking is organic development. You can see that's where our emphasis has been. M&A is clearly not the solution to getting Symantec growing again.

Having said that, I think we've been very upfront that we have been and will continue to look at M&A opportunities. They need to fit very tightly with the strategy we've talked about, and they need to make sense financially. You can see by looking at our history that we've been very careful as we've thought about opportunities. There has been no shortage of things to look at, but we're very strict with our criteria.

Excellent. Thank you very much.

Thank you, Keith.

We'll go next to John Difucci with Jefferies.

Thank you. You're surprised at the customer uptake of subscription-based products or their buying behaviors. Just curious, are there any other things that are surprising you now that you're seeing in the market in terms of customer buying patterns? Either something more challenging for you, or even something more beneficial?

Well, I'd say we think that this trend towards more subscription business is going to be beneficial for us in the long run. It provides a head wind near term, but we think that it's obviously going to make us much more predictable long term, and we think that it's frankly we'll provide more staying power with existing customers by giving them on a subscription basis.

The same way we're already seeing that benefit in the Norton business. So, I'd say as we have invested in our portfolio to bring some solutions out that are more cloud-based, we expect that to directly coincide with customer buying preferences.

The other key trend I'd say is a real positive for us is the increased focus on the endpoint. As networks become more porous and more cloud-based workloads, there's less emphasis on next-generation firewall.

That doesn't mean they are not going to be important or that those vendors are not going to be successful, but we're seeing that there's more of an emphasis on what can you do to protect those workloads in the cloud. Even with those workloads in the cloud, endpoints still have to be protected, and then that also lends some tail wind to our information protection offerings which clearly are very beneficial for customers that are doing workloads in the cloud.

Thanks, Mike. As a follow-up, that goes with that endpoint comment. It seems like in security anyway from observation, it doesn't seem like anything really goes away. But, we get more and more technologies, and Symantec has been a Company for years now and not the only one that says, listen we have to help our customers to integrate this.

There's some talk out there of providing -- some companies trying to provide everything as a platform. And, there's also the talk that well maybe that's not the best way to go so there's a little bit of debate out there.

But, the real problem here is the customer needs something because it seems when I talk to customers anyway, they just want someone to bring it altogether for them. And, it just seems like it's just too difficult to do. But, you said something about the agent-less ATP functionality. That's going to work in concert with others' endpoint, and I find that really interesting.

Is there any work right now being done within Symantec that is still trying to pull everything together? Whoever's products those are? Whether those peers and sometimes competitors are working with you? Or, not necessarily working with you? Is this just a pipe dream, or is this something you think can still really happen?

Well, I think it's a bit of a mixed bag, John. I think thinking you are going to get everything all under one console is a bit of a pipe dream, and the reason is because the problem becomes ever-more complex. The attacked surface whether you want -- when you consider mobile, cloud-based, IoT -- any of the productivity-enhancing trends in IT bring their own security issues along with it. So, as the attack surface expands, it's difficult to think I'm going to consolidate everything under one pane of glass.

However, one of the key thrusts behind our unified security strategy, and we talked about our platform approach is to bring more of that visibility under a single pane of glass. I talked in my prepared remarks about how we're doing that with ATP.

I think in the future, you could see our threat protection and information protection be brought together under one pane of glass, and that's much broader than anyone else in the industry, in our view, has the capability to do. So, pipe dream to think it's all going to happen and it's going to happen near term, but we are clearly moving in that direction.

Our capability -- Mike talked in his prepared remarks, but we will provide APIs to put our ATP on top of other competitors' endpoints. I think that is certainly a move from our perspective in this direction of having more visibility in one console and providing visibility to our customers even if the traditional endpoint protection is not coming from us.

Right. Perfect example.

Great. Thanks.

Thank you, John.

We'll go next to Walter Pritchard with Citigroup.

Hi. I'm wondering if you could help us understand on billings for next year? It seems like almost revenue is becoming difficult to use as a basis to see how you're performing in the business in this year where you have the significant transition going on. Any guidance around billings? Or, anything directional relative to what you're growing billings right now for next year?

We talked about our implied billings performance in Q4. I think it's also fair to say that if we follow the arguments and the trends and sectors we outlined for this FY17, we expect to enter FY18 with a deferred revenue balance that's going to be up year-over-year reflecting the shift in a more ratable structure.

So, we expect our deferred revenue balance for ES to be up 3% to 5%. I think that gives you an indication of the direction which we are going, and we will, over the course of Q1 and Q2, move ourselves in a position where we can report better and more detailed billings data moving forward.

Got it. And then, I'm not sure for which one of you but on the ES business, could you talk about what percentage of that business you see as a growth business versus how much of that business is still a business where you'll have to work through headwinds in 2017 and possibly 2018 as parts of that may still decline?

I think we've talked historically about the fact that 60% of the portfolio is growing and about 40% is declining. We've talked about the key areas. If we look over the year certainly our SEP -- our endpoint security has been growing. We've seen DLP grow at some very fast rates. We saw that up double digits for the year even though it was down for the quarter.

We're going to expect to see obviously fast growth in these new offerings. We saw that with ATP. We've got a number of new cloud offerings coming. We've got the first analytics applications coming for unified security so a number of key growth areas.

What we've talked about declining is endpoint management so that's about a $100 million business now for us. It has been in decline for some time.

One of the new offerings which we're calling the unified endpoint management and security is going to essentially replace, because it incorporates both security policy management as well as the traditional endpoint management or configuration management. So, we expect that will to a large degree over the time that it's introduced in FY1,7 replace what we have had with traditional endpoint management which is an on-prem product.

We'll take our next question from Pat Walravens with JMP Group.

Oh, great. Thank you. Mike, let me first say that I'm sorry to see you go.

Thank you.

That's my personal view, but seems to me there's been enough leadership change at this Company already. That being said and I realize this could change with the new CEO, but I would love to hear your thoughts as to whether it makes sense to split this business even further at this point? To be even more focused, or if things are good where they are?

Well, I think you probably already knew my answer to that before you asked the question. We took a long look at the configuration of the business back the summer two years ago and decided that it made sense to be a security Company, and that's when we made the decision about Veritas.

I think all three of the businesses that -- or all three of the product line areas we have today so an Enterprise security, our website security product line plus the enterprise security business that we've been refocusing on and then consumer security are all contributing very significantly.

Both to the strategy and we've talked about that before, we wouldn't have access to all that information about the threat landscape if you took away any one of those key product areas. And then, I think that helps us to bring more to what customers are looking for so they can buy more from fewer vendors.

Back to the question we were talking about -- I think it was with John a few minutes ago. Customers are looking to do more with fewer vendors rather than continue to proliferate this best of breed, buy from 100 different vendors, and integrate. I think the breadth gives us a lot of advantage when we're working with customers.

Terrific. Thank you.

That concludes our question-and-answer session. I'd like to turn things back to Jonathan Doros for any closing remarks.

Thank you for joining us on the call today. If you have any follow-up questions, please e-mail Investor Relations. Thank you.

Thank you, everyone. That does conclude today's conference. We thank you for your participation.