Dominic Trott (Research Director)

IDC has just released its latest vendor share report for the Western European security software market. There are several dynamics at play, such as the rapid growth of identity & access management (IAM) vendors and the continuing rise of non-signature based vendors. IDC will explore these broader themes in an upcoming release – watch this space!

But the most noticeable trend is strong performance from an unexpected source: the endpoint-centric giants that dominate security software market share.

Despite being a less  dynamic group in recent years, these big beasts showed a return to form in 2016. The most notable performer here is McAfee, posting a larger increase in market share than any other security software vendor in the Western European market in 2016. McAfee’s share rose to 7.7%, re-enforcing its position as the third largest player behind Symantec (11.3% share in 2016) and IBM (8.1%).

While McAfee’s performance in 2016 is notable, it was not the only endpoint-centric big beast to show dynamism. Symantec returned to growth in the Western European security software market in 2016, with revenue up 2.6%. Further, its recent financial announcements point to accelerating growth in 2017. So, what is going on? How have these big beasts bucked the trend? IDC identifies three key drivers:

  1. Platform Security

In many ways, the success of the major endpoint vendors in 2016 was down to their impact outside the endpoint space through their vision to help customers answer broader problems. This is evident in the development of unified security propositions. Here, market majors such as McAfee and Symantec are harnessing their broad portfolios and third-party integrations to play a more strategic role.

First, platform security ties together internal portfolios to offer a more unified proposition, making them easier to consume for buyers. Second, they act as a hub for integration with third party partner solutions, filling the gaps in their portfolio. The big beasts are driving business not through the technical capabilities of their products, but via their ability to simplify the management of security.

  1. Portfolio Evolution

2016 saw the established vendors step up their game in reaction to the emergence of so-called ‘next-generation endpoint’ upstarts. The likes of Carbon Black, Crowdstrike and Cylance have addressed the market from a new angle, identifying unknown threats through techniques such as artificial intelligence (AI), machine learning, and behavioural analytics, rather than blocking known threats with signatures.

These new players forced a reaction from the established order. This resulted in the integration of non-signature-based security solutions into their portfolios. In this way, the big beasts have not just stepped up to the challenge set by the new entrants, but turned the tables on them: by incorporating next-gen endpoint into broader portfolios, they have turned the concept from a market to a feature. Linked with platform security, this is a space where the established vendors are better positioned to compete.

  1. Acquisitions and Divestments

McAfee and Symantec are both undergoing significant M&A activity, with a significant impact on performance. In McAfee’s case, 2016 was the last full year under the Intel umbrella. Intel announced in September 2016 its plan to divest a majority share in the former Intel Security Group to private equity group TPG, creating an independent company under its original name – McAfee – in April 2017.

It is no surprise that McAfee would emphasise sales ahead of its spinout. Reading between the lines, it is likely that revenue which might otherwise be deferred until 2017 (and beyond) might now be recognised immediately, helping to maximise the company’s attractiveness to the new owner. This would explain the more subdued performance posted in the region in H1 2017.

For Symantec it is a series of acquisitions have accelerated growth. Fuelled by the $7.4bn divestment of data storage business Veritas, 2016 saw two ‘mega-acquisitions’: web gateway (and cloud security gateway) provider BlueCoat for $4.7bn and identity theft prevention provider LifeLock $2.3bn. In 2017 Symantec describes its acquisitions as being‘tuck-in’, targeting smaller vendors that fill portfolio gaps. Namely: Fireglass (web isolation), Skycure (mobile security) and SurfEasy (consumer VPN).

The impact of all these acquisitions has been twofold. First, they significantly expand Symantec’s repository of threat intelligence. Not only in the sense that the number of users and devices has expanded, but also in that the telemetry arises from a growing range of sources, resulting in ‘higher fidelity’ intelligence. Second, they serve to fuel Symantec’s platform security strategy as outlined above.


At the heart of McAfee and Symantec’s success is the appeal they have developed beyond their heartlands of endpoint protection. It is their scale that has allowed them to react to market developments such as the emergence of advanced analytical techniques (e.g. AI and behavioural analytics) and the secure enablement of digital transformation initiatives.

More strategically, it is this same scale that positions them as platform partners through which broader questions can be answered. Instead of engaging with customers on a technical level – proposing new point products to expand capability – it becomes a business discussion. For example, which provider can help me to migrate to the cloud securely? Who can help me embrace the mobile workforce? Who can pull together a security supply chain that prepares me for GDPR compliance?

That is not to say that these two vendors have the platform security market wrapped up. Rival endpoint-centric vendors such as Sophos and Trend Micro have their own aspirations. Meanwhile, the likes of Cisco and Fortinet approach the topic from a network-centric perspective. Further, the likes of BT and IBM highlight the benefits of platform security delivered through managed security services (MSS).

In any case, the pressure will be on McAfee and Symantec to harness the benefits of their scale to remain relevant, without becoming too unwieldy to react to future developments in the marketplace. The development of closer customer relationships and reacting to, or ideally predicting, their evolving needs will be critical to their success.

If you want to learn more about this topic and other related European Security trends, please contact Dominic Trott.