諾頓 (NLOK) 2017 Q1 法說會逐字稿

Good afternoon. My name is Jennifer. I would like to welcome everyone to Symantec's first-quarter earnings call.

(Operator Instructions)

Thank you. I would like to turn the call over to Jonathan Doros. Sir, you may begin.

Good afternoon. Thank you for joining our call to discuss our first-quarter fiscal 2017 earnings results. We've posted the earnings material and prepared remarks to our investor relations events web page.

Speakers on today's call are Greg Clark, Symantec's CEO, and Thomas Seifert, Executive Vice President and CFO. This is a live call that will be available via replay on our website.

I'd like to remind everyone that all references to financial metrics are non-GAAP unless otherwise stated. We provide year-over-year constant-currency growth rates in our prepared remarks, except for statements about net income and EPS.

All non-GAAP revenue and expenses exclude the impact of Veritas. However, the continuing operations deferred revenue on the balance sheet includes a portion of Veritas deferred revenue from Symantec and Veritas bundled contracts entered into prior to operational separation. The Veritas deferred revenue from those contracts will amortize into discontinued operations.

As a result, implied billings growth calculated from the change in deferred revenue on the balance sheet will not be representative of stand-alone Symantec's performance, as it will include an impact from Veritas. Implied billings referred to in our prepared remarks and provided in the supplemental materials reflect revenue, plus the change in sequential deferred revenue, excluding the portion of deferred Veritas revenue. Please note: Non-GAAP financial measures referenced during this call are reconciled to their comparable GAAP financial measures in the press release and supplemental materials posted on our website.

Today's call contains forward-looking statements based on the environment as we currently see it. Those statements are based on current beliefs, assumptions, and expectations speak only at the current date, and as such involve risk and uncertainty that may cause actual results to differ materially from our current expectations. Please refer to the cautionary statement in our press release for more information. You will also find detailed discussion about our risk factors in our filings with the SEC, and in particular on Form 10-K, the year ended April 1, 2016.

And now, I'd like to introduce our CEO, Greg Clark. Go ahead, Greg.

Thank you. Thank you for joining us today. This is an exciting time for the new Symantec, and I'm proud to lead the Company that will define the future of cybersecurity.

We are already off to a great start by closing the Blue Coat acquisition earlier than expected and under two months since announcement. This has allowed us to move rapidly into the execution of our integration strategy.

Since the announcement of the acquisition, we have pressure-tested our financial assumptions, and continue to remain confident in achieving FY18 EPS guidance of $1.70 to $1.80, which we disclosed when we announced the acquisition in June. Our combined product portfolio separates us as the most strategic security player in the industry, with a portfolio of solutions that addresses over 50% of the enterprise security budgets or an approximate $40 billion of total available market.

Furthermore, we are the only security company that has the scale and vision to be considered by the CIO as one of the most strategic technology partners. As you saw from Dimension Data's quote in our closing press release earlier this week, the partners are extremely optimistic about the technology the combined Company can bring to market.

In addition to great support from our partners, we have had outstanding feedback from the customer base. I'll provide more customer feedback later in my remarks.

First, Thomas will begin by providing an overview of the Symantec Q1 results and our financial outlook. Then, I will address why we are confident that we have the deep leadership expertise in place to integrate the two Companies and deliver upon our financial targets. I'll wrap up by describing major cybersecurity challenges enterprises are facing, and how Symantec is best positioned to usher in a new era of cybersecurity solutions to solve these multi-billion-dollar opportunities.

Thank you, Greg.

Nearly two years ago, we announced our intention to become the leading pure-play cybersecurity company. With the close of the Blue Coat acquisition, we've accelerated that strategy, and now are positioned to execute on our integration road map while we define the future of cybersecurity.

Today, I will provide an overview of our first-quarter results, update you on our $550 million cost efficiencies and Blue Coat integration synergies, and conclude with our combined financial outlook. Additional details are provided in our CFO commentary, which is available on our investor relations website.

Our first-quarter total revenue was $884 million, above the mid-point of our guided range, driven by improved performance within Enterprise Security and continued in-line results from Consumer Security. From a macro and security spending standpoint, we did not see any incremental weakness in Europe related to Brexit. However, we continue to monitor our European pipelines very closely.

Deferred revenue was $2.4 billion, which includes $243 million of deferred revenue from Veritas. Implied billings, excluding Veritas, were $788 million, and declined 1.6% on a reported basis.

Non-GAAP operating margin for the first quarter was 28.6%, and 210 basis points above the high end of our guided range of 24.5% to 26.5%. The upside was evenly split by an early start to our cost efficiency savings and some one-time expense benefits.

Fully diluted earnings per share were $0.29, and above our guidance of $0.24 to $0.26. Our non-GAAP tax rate and share count were in line with guidance. Cash flow from continuing operations during the quarter was a negative $742 million, which included a tax payment of $887 million related to the gain from the sale of Veritas and $39 million in cash outflows related to restructuring and the Veritas separation.

Let me now provide further detail on our performance by segment. Enterprise Security revenue was $481 million and declined 1% year over year, which was at the high end of our guidance of down 4% to down 1%, driven by strength in both information protection and cybersecurity services.

Now I will review the product areas within our Enterprise Security segment. Threat protection revenue was down 5%. However, endpoint security including ATP grew low-single digits year over year. Our newly launched ATP solution showed continued momentum in what is a seasonally slower quarter.

During Q1, we sold ATP subscriptions to 115 customers, and importantly, two-thirds of the Q1 ATP deals were sold independent of a renewal. Overall, we continue to maintain the value of our SEP and cloud recurring revenue, and in some cases, expand our footprint within the account. Since its launch in December, we have sold ATP to 270 customers. Within the install base, there remains significant opportunity for additional ATP module cross-sell or seat expansion.

Information Protection revenue grew 4%. DLP revenue grew 18% and is benefiting from a tailwind of strong prior-quarter deferred revenue growth and a favorable prior-year compare. Looking forward, we have a solid pipeline for DLP, driven by data protection requirements as our customers adopt cloud-based applications. In addition, we're excited about the future of our data protection growth as we package DLP with our market-leading secure web gateway.

Cyber Security Services and other services grew 9%, marking the fourth consecutive quarter of year-over-year growth with solid performance across managed security services, incident response, threat intelligence, and other security-focused professional services. Underlying these results, we continue to see strong demand for actionable cyber threat intelligence.

Website security revenue grew 1% and performed in line with our expectations. We continue to see good performance from the higher end of our website security portfolio where our Complete Website Security offering is gaining traction. At the lower end of the market, we expect our Encryption Everywhere solution to provide a tailwind to results in FY18, as we begin to benefit from the conversion of this freemium offering.

Now, on to the Norton Consumer Security segment. Consumer Security revenue was down slightly less than 8%, which was at the low end of our guidance of down 8% to down 5%. The underlying fundamentals of our consumer business continue to improve, driven by the move to subscription and online customer acquisition. We are also seeing early pipeline building for the new solutions such as Wi-Fi privacy and home IoT offerings.

Let me now review some additional performance metrics for the Norton business. During Q1, retention rates continued to increase on a year-over-year basis following the anniversary of our transition to subscription model in the US. We will reach the one-year anniversary internationally at the end of the fiscal Q2. We continue to grow our online acquisition of customers, which grew new subscriptions 4% during the first quarter.

Finally, earlier this summer we launched our Wi-Fi privacy offering. This solution provides a secure connection while connected to an unsecured network. We are targeting the solution as both an upsell into our current install base and as a stand-alone solution to attract new Norton subscribers.

Turning to the balance sheet and capital allocation, on August 1, we added $2.8 billion of new debt and $1.25 billion of convertible notes. We have $5.6 billion in cash and $7.3 billion in total debt, including the $1.75 billion of convertible notes. As we previously said, we expect to delever our balance sheet over the medium term.

As of last Friday, our current ASR is 58% complete, and we expect it to finish in the fall of this year. We remain committed to maintaining our quarterly dividend.

Shifting gears to our $550 million of cost savings initiative and the Blue Coat integration synergies, we've already made progress achieving savings across the areas of procurement, organizational effectiveness, and to a lesser extent, real estate. On an annualized basis, we have realized approximately $50 million of run-rate net cost efficiencies.

In addition to efficiency savings, we expect to achieve synergies from the Blue Coat acquisition by the end of fiscal 2018. The earlier close provides us a head start achieving these.

Before providing our guidance, let me walk through the underlying mechanics. We will be referring to the non-GAAP performance of the Business. And please see the CFO commentary for a more detailed description.

Going forward, Blue Coat will be reported as part of our Enterprise Security segment, given our plans to integrate multiple product solutions. It is important to note that, historically, Blue Coat's fiscal second quarter has ended on October 31. Therefore, our fiscal second-quarter guidance will include two months of contribution from Blue Coat, from August 1 to September 30.

It's also important to note that Blue Coat's revenue linearity is heavily weighted to the last month of the quarter. Therefore, embedded in our Q2 guidance is up to 50% of Blue Coat's prior Q2 non-GAAP revenue forecast. However, from a cost standpoint, we will be burdened by approximately two-thirds of Blue Coat's second-quarter spending with only half the revenue. From a reporting standpoint, this linearity difference puts an abnormal burden on our operating margin in Q2.

We are focused on maintaining strong sales execution during our integration. However, we believe it is prudent to set conservative top-line guidance for Q2 and fiscal 2017 as we combine the two Companies.

We expect second-quarter non-GAAP revenue to be up 4% to 8% to $960 million to $990 million. We expect Consumer revenue to be down approximately 7% to $395 million to $400 million. We expect Enterprise Security, which includes a two-month contribution from Blue Coat, to be up 14% to 20% to $565 million to $590 million.

We expect an operating margin of 21% to 24%. To reiterate, a portion of the headwind to margins is due to a burden from two-thirds of the spend but only 50% of revenue benefits from Blue Coat. We expect approximately $13 million of the headwind to non-GAAP operating margin related to retention payments and sales force incentives put in place to ensure stability during our integration. We expect non-GAAP EPS of $0.18 to $0.21 with a tax rate of 29% and a fully diluted average share count of 640 million.

Now, on to fiscal 2017 guidance. As a reminder, our fiscal 2017 outlook only includes eight months of revenue contribution from Blue Coat.

We expect fiscal 2017 revenue to be up 11% to 13% to $4.04 billion to $4.12 billion. Fiscal 2017 operating margin is expected to be in the range of 26% to 28%. We expect approximately $45 million of one-time expense related to retention payments and sales force incentives put in place to ensure stability during our integration. We expect EPS of $1.08 to $1.14 with a tax rate of 29% and a fully diluted average share count of 616 million.

Our fiscal 2018 outlook -- we plan to enter fiscal 2018 with an operating margin of 30%. For fiscal 2018, we continue to expect EPS in the range of $1.70 to $1.80.

Now, let me turn the call back to Greg.

Thank you, Thomas.

Let's begin with why I'm confident we have the leadership team in place to deliver the leading cyber defense portfolio, while integrating our two Companies and achieving our financial targets. With the Veritas divestiture behind us, we're focused on removing the remaining stranded costs and further improving our operating efficiency. This is an important step to deliver our commitment to the $550 million in savings and synergies.

When I joined Blue Coat in 2011, the Company had multiple quarters of revenue declines with below-average profitability. While at Blue Coat, we delivered a substantial improvement in operating effectiveness, acquisitions were fully integrated, and the Company returned to growth. This experience is highly relevant to delivering process efficiencies at Symantec. We focused the product strategy to Cybersecurity, rebuilt the go-to-market engine, and improved profitability, and thoughtfully leveraged our balance sheet to successfully acquire market-leading technologies.

Blue Coat today is the clear leader in cloud security with the number-one market share at the secure web gateway. Organic revenue growth is now in the mid-teens with operating margins in the high 20%s. When we combine the Blue Coat leadership team with the many talented executives from Symantec, the outcome is a deep bench across all functions, with a technology portfolio that is market leading, backed by substantial development talent totaling over 4,000 engineers.

Let me turn to some early feedback from customers and our channel. I was recently visiting the CIO of a global financial institution that said the combination of Symantec and Blue Coat not only makes us their most strategic security partner, but we are now considered one of their top overall strategic technology partners. This type of recognition is not taken for granted; it offers a clear advantage versus our competition.

Many other large enterprise customers have proactively reached out to us, not only to express excitement about the further integration of our product lines, but are even more enthusiastic about our longer-term vision and our relevance in their migration and adoption to cloud solutions.

Furthermore, our channel providers that service the mid-market have expressed excitement around the power of our endpoint solution integrated into our cloud security platform. It is in the mid-market where securely adopting cloud applications is essential.

Now, I will comment on how we plan to maintain strong sales execution while we realize the $550 million in cost efficiencies and Blue Coat synergies. As previously announced, Mike Fey has been appointed as COO and President. Mike's organization was instrumental in leading the Blue Coat sales force and channel in consistently meeting or beating our sales plans and taking market share.

We plan to maintain our combined, quota-carrying sales capacity. Together, we have the largest dedicated security sales force with deep technical strength to bring our products to market. Combined sales capacity is substantially increased in the enterprise market.

As we outlined at the acquisition announcement, we found less-than-expected customer overlap during our due diligence, which, over the medium term, offers us a meaningful cross-sale opportunity and provides tailwinds for fiscal 2018. We are also excited about working with our many channel partners across the globe in bringing differentiated value to our joint customers.

Let me touch on our plans beyond sales. The Consumer Security team will remain a stand-alone unit from an operational standpoint, and report directly to me. The management team in this business unit is excellent.

We are pleased with the stability of the business and encouraged by the product road map. We will continue to make investments that extend the Norton value beyond the traditional PC to return this segment to growth. These include new products such as Wi-Fi privacy and home IoT.

From an Enterprise Security standpoint, during the planning process we jointly reviewed product road maps with respective teams. I am truly impressed by the level of game-changing product leadership our development teams are pursuing. We'll be sharing many of these in the upcoming quarters.

With regards to operational integration, we have worked diligently to put an integration plan in place that is led by seasoned executives. We are on track to achieve our targets. We expect to be substantially operationally integrated by the end of our fiscal year, March 2017.

Turning to Blue Coat's fiscal Q1 performance, as many of you know, Blue Coat historically has been a July month-ending first quarter. While we are still closing our books, we do not yet have official results. I am pleased to share that from an overall performance standpoint that our Q1 results were ahead of expectations, and we saw strong momentum across all products.

Now, let's switch gears to address how our combined portfolio can help solve the biggest security problems that our customers are facing. First, the largest opportunity we see in the market is securing enterprises, governments, and consumers from advanced attacks, and securing our customers as they adopt the cloud. When it comes to staying ahead of advanced threats, a key differentiator is the speed at which one can identify and mitigate malicious activity across a functionally rich set of products.

Together, Symantec and Blue Coat have the broadest and deepest set of threat intelligence data in the industry, combined with the fastest threat propagation time. Symantec for years has been focused on identifying malicious content. Blue Coat has been categorizing, mapping, and fingerprinting the Internet with a purview to the darkest parts of the web and malware trade craft. Together, Symantec with Blue Coat will have the most powerful combination of threat intelligence, as well as an open platform in which to deliver enhanced cyber defense anchored in threat intelligence.

Within the coming months, we'll have integrated many aspects of the threat intelligence, including Symantec's endpoint and email solutions ecosystem with Blue Coat's intelligence network. This combined intelligence database and detection engines will allow our current products to become more robust, and outperform the competition. Capabilities of the combined portfolio work towards a world of automated discovery with an integrated advanced threat protection dashboard that identifies, correlates, and remediates threats beyond what any solution is capable of today.

While we will lead with an integrated solution, on a stand-alone basis we will continue to deliver best-of-breed security at the enforcement points including the web gateway, CASB, email, and endpoint, and are committed to our open platform for customers and ISVs. For enterprises that are adopting the cloud, our combined solutions provide the best defense in-depth for the cloud generation.

We remain very optimistic about the progress we're making with our managed security service. This is an important offering for customers that have difficulty hiring and retaining experienced security professionals. We're also committed to empowering our managed security service partners, and committed to empowering this important sector as service providers and SIs are important players in the migration to the cloud.

The second major opportunity we see in the marketplace is protecting the mobile work force. The traditional IT perimeter is expanding as employees are doing more work outside the network firewall, and are accessing cloud services and corporate data directly from a variety of devices.

In addition, there has been a significant rise in non-traditional, Internet-connected devices within the enterprise, such as medical devices, industrial equipment, automobiles, office equipment, and other next-generation endpoints and IoT devices. Many of these non-traditional devices are unprotected from modern threats. Proxies are essential in protecting these technologies in the cloud generation.

This evolution in work force computing creates gaps in the traditional security architecture which lead to infiltration of bad actors and insider threats. We're bringing a more secure and scalable architectural solution that combines the Symantec endpoint with the cloud generation security from Blue Coat. As a result, the Symantec endpoint will have a continuous coverage inside the perimeter or while roaming, protecting users and data.

We have already begun integration of the SEP endpoint security client with the cloud security proxy, email, DLP, and CASB, which provides complete security coverage no matter where enterprise devices travel. In addition to this, our managed security service can assist our customers' partners in reducing costs related to incident response.

For example, the SEP agent will direct all outbound traffic through the Blue Coat security cloud for inspection. If a threat is found, our cloud security proxy from Blue Coat can quickly quarantine the user and remediate. We will auto remediate via the SEP endpoint, removing substantial cost from incident response. This remediation also includes forensic recordings for the breach, and can isolate the endpoint device as well as a user's cloud-based application identities via our web gateway and CASB. This sets a new bar for next-generation endpoints.

This is where many next-gen endpoint vendors come up short, as they only focus on traditional means of protecting laptops, desktops, and servers. Blue Coat acquisition allows us to bring many crucial aspects of the endpoint inspection into the cloud, and open the aperture to protect any type of enterprise device, its users, and the users' cloud applications.

We further augment our ability to protect customers via our security analytics technology. This technology keeps a recording of activity from an endpoint and enables advanced machine-learning techniques such as behavioral analysis to identify previously undetected malware. This also allows us to improve our threat detection by true root cause analysis of the vulnerability and malware trade craft.

This is a large market, and our solution will be disruptive to alternatives. For our customers, our solutions improve cyber defense and reduce costs for remediation. No other security provider in the market today has our unique capability of deep functionality on the endpoint, combined with visibility and time to remediation capabilities inherent in our cloud security platform. We believe the work we are doing is important enough to redefine cyber defense.

The third major opportunity is helping customers securely embrace the cloud as they increase the use of cloud-based applications and services. As customers access more cloud applications and leverage the cloud for their IT infrastructure, they're still responsible for securing their users and enterprise data. We believe our cloud generation security platform uniquely delivers the ability to achieve this, and enables a defense-in-depth via our open platform, and the many security vendors and technologies that can be incorporated. This defense-in-depth future proofs an organization against attack vectors in years to come.

A portion of the functionality needed to protect cloud services are referred to by the industry analysts as cloud security access brokers. We believe the market opportunity goes beyond the CASB functionality to what we consider a cloud generation security stack, which includes CASB, data protection, encryption, cloud instant response, and elements of web security.

Developing a cloud generation security stack requires three major components. First, enterprises must deliver, categorize, and instrument policies for cloud applications. Blue Coat's Elastica solution, combined with the policies enforced at the Blue Coat proxy, is a clear leader in discovering and defining these policies.

Next, enterprises must monitor and enforce how data can be moved and accessed as it migrates around the cloud. Blue Coat's web gateway and Symantec's data protection are the market leaders controlling the access and movement of data, and are already integrated into many customer environments today.

Finally, enterprises will decide based on their data policy whether to encrypt or tokenize critical information. Together, we have the leading encryption and tokenizing technology.

In the market today, Symantec is the only provider that can deliver this end-to-end solution. To assemble the same level of prediction through multiple vendors will result in costly, loosely integrated security architecture, and a dependence on retaining the people that built it. Our customers are telling us that these sustainment costs and risks are a substantial problem.

In conclusion, let me reiterate the following points. We have a seasoned executive team with deep cybersecurity experience, as well as the operational expertise for turning around, operating, and growing technology businesses at scale. The product portfolios from Symantec and Blue Coat are highly complementary, and positioned well for where the market is moving. Our solutions are defining the future of cybersecurity by securing consumers, enterprises, and governments from advanced attacks, protecting the work force of the future, and helping customers embrace the cloud generation.

I will end with that we are confident in hitting the guidance Thomas outlined earlier in his remarks and the ability to deliver our commitments for fiscal 2018. Thank you for your time. Operator, we will now open up the call for Q&A.

(Operator Instructions)

We'll pause for just a moment to compile the Q&A roster. Our first question comes from Brent Thill with UBS.

Good afternoon. Greg, just on the endpoint traction, I was wondering if you'd give us your thoughts around the new APT solution. Clearly, you have a big install base with corporate endpoints. Where you are at on that journey? Where you think the next steps are? And, I had a quick follow-up after that.

Yes. Good question, Brent. Thanks for asking. First of all, I'd just like to give the team at Symantec excellent marks for delivering the ATP solution integrated with the endpoint that is in the market right now.

That product is really proving to be very effective in advanced malware detection. The customers, as Thomas mentioned, we closed a good clip of customers in Q1 with that technology. And, that point that he mentioned in his remarks is really important. Is two-thirds of those customers were not at an endpoint renewal. They bought it in advanced threat needs that they had and added it to the environment that was already there.

So, I think that's a really good show of faith there. The road map on that product is excellent. The threat data base that it's sitting on is phenomenal. And, we are really excited about our ability to also integrate that in the network via the web gateways, both in the cloud and on premise. We already have through our content analysis system the ability to execute that advanced threat platform as one of the choices that we give customers for how to fight those same threats as they manifest in the network.

Again, the telemetry that, that platform is sitting on is we believe the deepest in the industry taking everything from the consumer world at Norton. Everything from the enterprise endpoints, and very shortly everything from the Blue Coat world. And, it's applying that against all the various threat detection engines. We feel very good about the ability to upsell that, both from the endpoint route to market and also from our network point of presence it also provides advanced threat.

Just as a follow-up, Greg. You have a sizable ownership in Symantec. Can you remind investors what the size is today?

Yes, so there's a number of filings on it. If you sum them up, it's over $100 million that I personally invested into Blue Coat and Symantec.

Great, thank you.

Next question, operator.

Our next question comes from Andrew Nowinski with Piper Jaffray.

Great, thanks for taking the questions. First, are there any specific issues or challenges that customers have asked you to solve that you couldn't solve prior to the acquisition or through a partnership?

I think one of the key things that I've heard from our larger customers, which I think is very interesting, is just the cost of what they have to stitch together to deliver what we're up to. If you take an endpoint and you have one that's dealing with the essential needs of keeping up with an anti-virus, and you put some of the next-generation, things that we have in step 14. And then, you go and put in the integration of that to any of the SOCs and then you stitch that up with any other remediation technologies, you create a very expensive and fragile world that customers have said if you can just put that together for us. We've all had to build that ourselves. It's very expensive for us to own it and through life sustain it. And, that has been something that we do believe you have an open platform. We can integrate other vendors in here. Symantec, that's great.

But, if you could put these pieces together for us, it really gives us value that is very helpful and difficult to keep that stuff going after all the releases and all of the folks you have to employ and retain to make it continue to work. That's been consistent feedback. We have a great story there. That's doing well.

The other piece is really in the integration of the endpoint to the cloud. Everyone wants to adopt the cloud. We still have to protect the endpoint. People are very bullish about solving problems when desktops are all mobile these days. Everyone has laptops and want to carry them in and out of the office. That's auto-connected to the cloud, always connected to the cloud across messaging, web use, anything in your internal data centers. Also, all of the cloud applications, cloud infrastructure. That resonates consistently through customers.

So, I think two things. Complexity of building a really advanced cyber defense and the through-life sustainment of that. The second thing is really the adoption of the cloud generation really making the endpoint work with the cloud security platform we've developed. Those are the two major things.

Got it. And then, just a quick follow-up on your ATP products. Specifically on the two-thirds of the deals that you won that were not at a renewal stage. Can you give us any color whether those customers are buying the full suite of endpoint, email, and network products? Or, they're just mostly focusing on your endpoint? Thanks.

So, a bunch of those are actually in the e-mail. They're adding the advanced threat to the e-mail dial tone which is really a highly competitive world. Everyone tests everything there. When you bake those two things off, we end up stopping more the harder problems to find that the other guys are having trouble with. We have had a great set of results in hotly contested e-mail deals. That's going very well. We also have, of course, a great attach rate to the endpoint. Sometime in the future, we think we can add this technology to a great majority of the e-mail customers as well as the endpoint.

Your next question comes from Matt Hedburg with RBC Capital Markets.

Thanks for taking my questions. Greg, it sounds like Blue Coat had nice performance in your quarter ending July. I'm curious, could you give us a little bit more color on which products saw strength?

That's a good question. We saw a strong demand across the entire products at Blue Coat. That's really encouraging as we've been able to sell in line with where we used to sell some web proxies, we sell pretty much everything into those deals now. Which is pulling through in our [current] traffic management, our content analysis system, and in many cases also our security analytics products all at the same time. That's been really good news for us. Really driving a lot of growth as we have a huge install base of the proxy and being able to attach those products to it is just continuing to do very well.

If you can imagine what happens after we announce a combination like we did on the last call. People like myself and Mike Fey and many other executives that go to work on a bunch of other things and the strength of the go-to-market machine and customer demand still delivered a lot of expectations across those product lines. And, I'll say even in EMEA where there was some substantial head winds with Brexit we saw good news even in troubled territories.

That's great. And then, Thomas, I wanted to see if you can give us more color on the revenue contributions you're expecting for Blue Coat in Q2. If we assume they run $100 million for the two-month period, is that in the right neighborhood?

That is a good guess. So, we included the first two months of the Blue Coat quarter. The second quarter normally comes with a linearity that's 50% of the revenue happens in the last month. The assumption that we took 50% of that $100 million into our guidance is a good assumption.

Your next question is from Greg Moskowitz with Cowen & Company.

Thank you very much, and good afternoon. Greg, with respect to cloud security, how are customers buying today? In other words, is it still mostly componentized? And, if so, how significantly and how quickly can you help them pivot and act more holistically about buying broader solutions encompassing CASB, DLP, encryption, et cetera?

Yes, thanks, Greg. That's a good question. One of the things that is really exciting about a cloud security step is if I just take a look at our own Company when we deployed the cloud security stack against something like box.com. No one had to do anything. No one had to run a wire. No one had to deploy a system. And, we were up and running with a defense in depth and content inspection on a pretty substantial piece of collaboration infrastructure in a couple of days.

That kind of time to value where you can get what used to take a lot of energy to go get all that stuff and plumb it into the network. Our cloud generation security platform will actually deliver that in an extremely rapid time to value. So, we're seeing a lot of that. People that are embarking on this vision in the PSEs pick something like that. Or, like an Office 365. We see those pilots go very well. And then, we have a bunch of modules that then come and add on to those sales over time.

So, as we land in an account with a cloud generation security stack, we do see the other modules quickly get tested and get deployed, and this is across the content inspection. Also, the various legs that bring the value from the CASB. I think adoption curves are great. This is also products that we've seen come into the pipeline and close in the same quarter. Opportunities that are very rapid.

We are very optimistic about what we think we can do in the cloud generation security stack going forward. When that is something that is connected to the endpoint, we are even more optimistic that, that is extremely powerful. So, we like this a lot. Is that helpful?

That is very helpful, thanks. Then, just a follow-up for Thomas. On the restructuring front is the plan still for a little more than half of the cost to hit cash flow in fiscal 2017 with the balance in fiscal 2018? And then, also, if you had any other thoughts to share with us on fiscal 2018 cash flow relating to your net income as a part of the $1.70 to $1.80 guidance? That would be helpful.

All good questions. First of all, we are quite pleased that we not only completed the acquisition successfully, but also quickly, and have now an early start lifting these synergies. The assumptions on the restructuring costs and how they appear, our thoughts have not changed. 50% in this fiscal year is a good assumption at this point.

And, we have deployed good operational plans. We have a competent executive team in place working on those plans. So we are our confident in delivering the EPS between $1.70 and $1.80 in fiscal 2018 is strong.

Great, thank you.

Your next question comes from Keith Weiss with Morgan Stanley.

Thank you for taking the question. I wanted to talk a little bit about a timelines and plans on some of the integrations on a go-forward basis. You talked about in terms of sales keeping the overall sales capacity on the enterprise side from both Blue Coat and Symantec intact? What exactly will they be selling? Will it be one sales force selling across the portfolio for enterprise security products? Or, will the guys be in their own lanes for a while? Can you help us understand how the sales capacity expands across the entire portfolio?

Yes, exactly. A couple things are very good tail winds for us as we bring the two sale forces together. First of all, Symantec had a pretty strong presence in the mid-market. Blue Coat was primarily focused on the higher end of the enterprise. So, if we take the sales force component that dealt with named account selling at the higher end of the enterprise, the combination of the two sales forces is actually very complimentary.

So, we were on the Blue Coat side looking for a bunch of capacity expansion anyway as we had really strong demand. And, we have enough of that demand that as we look towards 2018, we do not need to make any reductions in that sales capacity. In between now and us assigning all of those territories we came up with the compensation model. We have really invested into making sure that we can compensate both account reps that are calling on the same account in a way that keeps their interests aligned. And, if there was a Blue Coat sale, someone at Symantec gets some. If there was a Symantec sale, someone at Blue Coat gets some. If there was a new sale of a new thing that wasn't in there before, everyone wins in a bigger way.

We have put a ton of work in the last number of months in how we would do that and really taking that all the way down and pressure testing that in the big territories that matter like around the eastern sea board of the US where you can have a large bank that's carrying a big chunk of commission and making sure that, that's going to work with those folks and even getting right through to talking to them all about it. So, we are way down range on that discussion and have made those things clear in our organization. We feel really good about how that's going to go.

In the mid-market, Symantec already had a strong presence. We didn't at Blue Coat, so that's an easy one. That's a great piece of the puzzle that is just getting a better solution to go into those partners and customers in the mid-market.

Net-net, I think we're pretty good at this topic on both the Symantec and Blue Coat side. How to think about it is we just increased our sales capacity, and we have enough demand that we do believe we have makeable plans for all of the selling teams across the territories. We feel really good about that. The cross-sell and upsell opportunity once that sales force is ramped and both sides can sell a lot of the other's products that we should see some nice tail winds in 2018 as that becomes productive. So, we feel really good about the top line. Six to nine months from now as that really starts to fire.

The other piece, I think, is also really key is that many of the Blue Coat sales force, which we grew substantially over the last couple of years, has sold endpoint and has sold the other [bike] solutions that Symantec had, such as DLP and things like that. The Blue Coat sales force is excellent at selling DLP because their proxy SG orchestrates most of the enterprise DLP in the market anyway. So, we feel really good about the two really big market-leading Symantec endpoint and DLP products and those being able to be executed by the named account reps on the Blue Coat side. We're optimistic about having some good calls with you throughout 2018.

Got it. And then, one for Thomas. On the debt side of the equation, you talked about wanting to pay down that debt relatively aggressively. Anything you can give us in terms of how to think about the timeline and how that debt gets paid down?

Yes, what we said before is that we try to delever aggressively over the midterm with both cash on hand as well as cash that is already on the balance sheet. I think that is a good way how to think about that.

Okay. Thank you.

Our next question comes from the line of John DiFucci with Jefferies.

Thank you. I have a question for Thomas and a follow-up for Greg. Thomas, the question is on the consumer business. You've spoken of a recovery based on the good visibility you have especially with your subscription model. But, that doesn't really seem to be happening here. Yes, you did hit the low end of your guidance range. But, what is happening there? Why aren't we seeing it improve a little bit better than at least I would have thought?

Yes, it's a fair question. But, to be honest, the Norton business came in right in line in expectations that we had where it would come out. Maybe at the low end of our guidance, but still within the guidance. There are some in-quarter revenue components that can fluctuate and that hit us this quarter. But, overall, we are still on the plan that we outlined, and that's why we also affirmed our thoughts around top line for the remainder of the year. So, I understand that your question why at the low end, but we are still in line with our expectations how this business is recovering and moving forward.

Okay. Okay, thanks. Greg, I guess a follow-up. I'm going to stick with the consumer. I had a couple, but I'll stick with this one since we're on it. We've heard of talk about strategic synergies with the remaining parts of the business security platform with the consumer business. At this point, how do you think of that? Is that something that is just very, very compelling right now, and consumer just adds a ton of value to the rest of the business? Realizing consumer adds a lot of profit to the Company, and I think investors like that. But, there's certainly a lot of secular pressure there?

John, that's something that you can imagine I've got my eye on close. I really like the differentiation we get from other enterprise security vendors in that we're actually getting threat telemetry from a completely consumer and a completely private web experience, which really shows up a lot of shady parts of the Internet. Let's say that is really [goodness] that really helps us out. The reason why some of our enterprise endpoints and why we're much better in effectiveness tests is that we know a lot about what the bad guys are doing and a lot of that information comes from people that browse things [at home]. So, we like that.

And then, we say okay, this is a big piece of our business, and we would like it to grow. Just like you would imagine we would like it to grow. In our comments before, we are really extending what we're doing in the consumer brands to get more value than just on the endpoint and really start to look at the network and the use of the Internet by the consumer. And, we are working on a bunch of things that are really going out to really excite consumers more about wanting to make a decision around Norton for their consumer security needs because it is more than just the PC.

Getting off that PC platform is important. We actually know a lot about it because we have been working with telecom providers for many years at Blue Coat, and we know technologies we have and our quality of service. Being able to do things like measure screen time, and we've already been in contact control for a long time. We actually really want to extend the value of Norton off the PC platform. Off the other kind of technical endpoints more into what that user is doing and helping them with some of the new challenges that they have in the Internet.

You'll be hearing more from us over time, but we definitely have technology in this space, and we have the networking cred to get in and help out on that part of the story for the consumers. What we're doing in Wi-Fi and some of the home IoT is also impressive. We don't want to sit around and watch an outgoing tide on the PC platform really. We want to address that part of the business also.

And, I appreciate that. In the telemetrics that you spoke about, it is very logical, theoretically. Have you seen any measured success that translates into the corporate side of the business from that? And then, I'll stop there.

Absolutely. We do a lot of work internally on attribution of where these platforms and this malware trade craft that I mentioned in my prior remarks where it comes from. We learn so much about it from what happens in consumer. Because people will warm stuff up on consumers rather than warm it up on somebody with a really big security infrastructure.

Also, people want to beat there and walk it back into the enterprise. There is a big tie-up between how this stuff works, and in many cases, it's the same protocols. We get a lot there, John, from consumer that benefits enterprise, definitely. That telemetry is for real, and it matters.

Our next question comes from Shaul Eyal with Oppenheimer.

I think that we have time for one more question just before you start. Go ahead.

Thank you. Hi, good afternoon. Greg, so endpoint undoubtedly taking center stage. What is it you are doing differently versus the [silence], the SentinelOne, the Palo Altos. What is it that you do differently? Because these guys are going to go after your vast customer base. What are you offering, what is it that you're telling your customers which is different from the competition?

Yes, I think this is a great question. First of all when we talk about our next-gen endpoint, and we think about what's going on with the platform, we're seriously competitive against all of the other folks that are there right now. Things like flight recorders. Things like being able to have behavioral analysis machine-learning algorithms. They all exist in serious tech in terms of very, very experienced people that are working on them here at Symantec. If I was going to give us a ding on something, I'd say we don't talk about it enough.

But, we have a very powerful platform with the latest release, the [SEP]. It is very competitive against the next-gen endpoints, and we've been able to win with that next-gen endpoint integrated with the ATP stuff we were just talking about. We've been taking out some of those guys who market well into that next-gen endpoint. Some of them have some good tech in there, and they're good competitors.

But, I'll tell you we have a very good competitive offering just head to head on modern techniques. What they call modern techniques which means the old techniques. I can tell you the old techniques are all seriously still needed. Modern techniques are also useful, and there will always be the next modern techniques because bad guys are smart, and they change the way they do things. But, being able to defend against what are the most advanced threats today we do well in that space.

And, we do have a good platform there. We don't market it as well as we should. We'll change that. In addition to that, the number of technologists that are very good at what they do that we are investing in this space is substantial, and we will continue to do that and we will grow that. And, we are after the best and brightest all the time in the industry to do that. One of the things of my reputation, every Company I've ever been involved with I've gone after the best experts and retaining the best ones we have and getting more. We are setting our cross-hairs on this ownership of this next-gen endpoint.

Then, we move to what are we doing that the other guys aren't doing, and that the other guys will have a big problem doing. It is very difficult to think about protection of users when you don't think about protection of those users in the SaaS applications that they are using. When the applications used to be all inside the data center, you could isolate an endpoint and protect that identity and the associated data. Half of those applications left the building.

If you can't isolate the user's identity in the cloud applications, and to do that you need logic like a CASB. It's difficult to really go into a Company and say, I've isolated Greg. Did I really get Greg isolated at salesforce.com, [It's service] now? Did I get his net-sweep stuff locked out. What about all that renewal database over there [in service], whatever it happens to be. So, we are right now the only next-gen endpoint vendor that can address the isolation of the user.

And then, if you really want to get into the bowels of it, if we start talking about multi-phased attacks. The network assist that we give our endpoint in multi-phased attacks, then being able to vaccinate those from the messaging layer from the web dial tone. We feel really good about competing against the endpoint vendor. Then, the final point I'd like to make is when you move to the cloud, you don't get to pick your next-gen firewall. When you're not picking your next-gen fire wall, the tie out between the next-gen firewall and the advanced endpoint breaks.

So, we feel really good about our cloud platform connected to the Symantec next-gen endpoint. And, our ability to really change the game on the next-gen endpoint. We will really work hard to make sure that the industry understands what I was just talking about. There's a lot there. And, that, that architecture and our ability to execute it and deliver it is well understood. That I feel pretty good about our ability to stem the tide of what I'd say has been maybe a better execution from Symantec that would have taken some of the tailwinds out of some of the next-gen endpoint folks. (multiple speakers)

One of the most important points, we have a very strong balance sheet. And, this next-gen endpoint party is going to go on for a long time. We're going to be there, and we're going to be there with a strong investment all the way through it. I'm not so sure that's the case in many of the others. So that's hopefully helpful.

Okay. I think that's it. I think we're running out of time. But, I'd just like to thank all of you for taking some time to talk to us today and your support of Symantec. Thank you very much.

Thank you.

Thank you for your participation. This does conclude today's conference call and you may now disconnect.