Gen Digital Inc. (GEN) Q3 2016 Earnings Call Transcript
Published at 2016-02-04 23:14:08
Jonathan Doros - IR Mike Brown - President & CEO Thomas Seifert - EVP, CFO
Raimo Lenschow - Barclays Capital Keith Weiss - Morgan Stanley Pat Walravens - JMP Securities Walter Pritchard - Citigroup Andrew Nowinski - Piper Jaffray Gray Powell - Wells Fargo Securities Philip Winslow - Credit Suisse
Welcome to Symantec's Third Quarter 2016 Earnings Conference Call. Today's call is being recorded. At this time, I would like to turn the conference over to Jonathan Doros. Please go ahead, sir.
Thank you. Good afternoon and thank you for joining our call to discuss third quarter 2016 earnings results. By now, you should have had the opportunity to review our earnings release and supplemental information. We have also posted a presentation and prepared remarks to our Investor Relations events web page. Speakers on today's call are Mike Brown, Symantec's President and CEO; and Thomas Siefert, Executive Vice President and CFO. This is a live call that will be available for replay via webcast on our website. I'd like to remind everyone that all references to financial metrics are non-GAAP unless otherwise stated. Implied billings refer to revenue plus a change in sequential deferred revenue. We provide constant currency growth rates in our prepared remarks, except for statements about net income and EPS. I would like to take this opportunity to highlight a few dates for you. Mike Brown will be presenting at the Morgan Stanley Technology Conference on February 29 and attending the JMP technology conference on March 1 in San Francisco. Thomas Siefert will be presenting at the Raymond James Institutional Investor Conference in Orlando on March 7. We intend to announce fourth quarter earnings on May 12 and will be hosting a financial Analyst Day on May 26 in New York City. Please note, non-GAAP financial measures referenced during this call are reconciled to their comparable GAAP financial measures in the press release and supplemental materials posted on our website. Today's call contains forward-looking statements based on the environment as we currently see it. Those statements are based on current beliefs, assumptions and expectations, speak only as of the current date and as such, involve risks and uncertainties that may cause actual results to differ materially from our current expectations. Please refer to cautionary statement in our press release for more information. You will also find a detailed discussion about our risk factors in our filings with the SEC and in particular, in our annual report on Form 10-K in the year ended April 3, 2015. In connection with the Veritas sale, we have provided seven quarters of recast GAAP and non-GAAP financial income statements, third quarter and prior year-end balance sheets and GAAP cash flow statements of the trailing three quarters and FY '15. All non-GAAP revenue and expenses exclude the impact of Veritas; however, the continuing operations deferred revenue on the balance sheet and the change in deferred revenue from the cash flow statement includes a portion of Veritas deferred revenue from Symantec and Veritas bundled contracts entered into prior to operational separation. The Veritas deferred revenue from those contracts will amortize into discontinued operations. As a result, implied billings growth calculated from change in deferred on the balance sheet or cash flow statement will not be representative of standalone Symantec's performance, as it will include an impact from Veritas. This quarter and going forward, we will disclose the amount of deferred revenue on the balance sheet that will represent standalone Symantec for calculating implied billings. And now, I would like to introduce our CEO, Mike Brown. Go ahead, Mike.
Thanks, Jonathan and good afternoon. I am pleased first to announce that Silver Lake Partners has made a $500-million strategic investment which is a strong vote of confidence in both our transformation, as well as our future as a world leader in cybersecurity. Additionally, I'm excited to have Ken Hao, Silver Lake managing partner join our Board, given his deep expertise in technology and track record of creating value. As you know, we have been undergoing a three-year transformation which began in April 2014. At that time, we laid out five priorities that we had since successfully executed against. First, managing our businesses with a portfolio approach which included divesting Veritas and improving the profitability of our consumer business, while we invest for growth in enterprise security. Second, within enterprise security, we have been investing for growth by reallocating R&D spending to high-growth markets. Third, improving our cost structure where we have improved non-GAAP operating margins to 28% this quarter. Fourth, building a talented executive team, including new C-level leadership across most major functions. And fifth, returning significant cash to shareholders, with $2.1 billion in total share repurchases and dividends since April 2014. During this period, we also developed a well-articulated strategy for our security business which we call Unified Security. This strategy leverages our key competitive differentiator" the global scale and footprint of our large install base, where we can correlate threats that our products and services see with Symantec's global intelligence network, the 8 trillion objects we monitor globally and in real time. After completing the divestiture of Veritas we're a more focused Company as the world's leader in cybersecurity. The second half of our transformation plan began last October and is focused on four priorities. Number one, delivering upon a product road map that leverages our Unified Security strategy; number two, building our enterprise security pipeline and go-to market capabilities; number three, improving our cost structure further; and number four, continuing to efficiently allocate capital. I'll now cover each one of these priorities, starting with the first, delivering upon a product road map that leverages our Unified Security strategy. On a daily basis, chief information security officers and security operations analyst are overwhelmed by the vast number of security alerts that make it difficult to pinpoint advanced threats attacking their IT environment. Moreover, attacks are constantly evolving and leveraging a variety of techniques. This leaves traditional point solution vendors, that are only focused on a specific attack method, at a disadvantage. Protecting against these advanced attacks involves a unified approach to security to guard against multiple attack methods and an understanding of global threats in real time. This is Symantec's strategy which leverages our install base and competitive differentiation in using a big data approach to understand more about the threat landscape than any of our competitors. The first generation of product, leveraging our Unified Security strategy, our new solution in the areas of advanced threat protection, data loss prevention, cybersecurity services and applications that run on our Unified Security analytics platform. In total, we have launched 6 of the 12 new enterprise security products we outlined last year at our financial Analyst Day. We plan to release the remaining half within the next two quarters and have an additional set of new products in the pipeline for the second half of FY '17. The first three of these, our newly released advanced threat protection or ATP solutions, harness threat telemetry from the major control point of endpoint, email and network to not only detect, correlate and prioritize but also remediate threats. This solution does this all from one console without adding an additional endpoint agent. Key differentiators of Symantec's ATP approach are a cloud-based expandable sandboxing capability that works without expensive on-premise hardware, as well as the ability to correlate threats across the control point within an enterprise and against Symantec's global real-time intelligence network. In recent independent third-party testing from NearCom and Dennis Technology Labs, Symantec's ATP solutions received the highest scores across all test categories against vendors including FireEye, Cisco, Palo Alto Networks and Fortinet, meaning we stopped more attacks and blocked more threats with fewer false positives than any of our competitors. Our ATP solutions build upon a key core offering, Symantec's Endpoint Protection or SEP which is our largest product line within enterprise security and which is delivering next-generation endpoint protection today. Many competitors are delivering only a subset of endpoint protection techniques. As a result, customers would be required to install numerous agents on their endpoints to match the same level of protection that we deliver today with SEP. This slows performance at the endpoint and is cumbersome to manage. Symantec Endpoint Protection already combines multiple advanced protection engines across intrusion prevention, white-listing, behavior-based machine learning, signatureless detection of malware and suspicious activity, automation, application control, clustering and remediation, all deployed from a single agent. This layered approach which includes multiple protection engines, goes far beyond antivirus in delivering next-generation capability which is already being delivered to our more than 300,000 endpoint customers, protecting over 110 million endpoints and enterprises. This is the install base for which we're targeting our ATP solution. In our cybersecurity service offering, Symantec is also delivering Unified Security capabilities to customers through our Managed Security offering. This service monitors Symantec solutions, as well as third-party security products, to correlate threats against Symantec's global real-time intelligence network. In many cases, our Managed Security service operate side by side in existing customer SoC to act as complementary protection capability or later defense against attackers. As Symantec has been named a leader 12 times in the Gartner Magic Quadrant for Managed Security services. Finally, we will also deliver Unified Security capability through new applications that will sit on top of our analytics platform and leverage the vast threat data we see globally and in real time. Risk Insight which benchmarks and enterprise security posture against peers, is the first in a series of applications we plan to build on top of this platform. The solution is currently running in beta at a large financial services company and will become generally available this quarter. We're excited about this wave of innovation at Symantec which is resulting in the most robust organically developed product cycle in our history. Now on to the second of our four priorities which is building enterprise security pipeline by improving our go-to-market capability. Building robust pipeline incorporates strong brand recognition, a robust channel program, lead generation and focus sales plays. To educate the channel on our next-generation security portfolio and product road map, we conducted partner conferences across our three major geographies at special training sessions which included meeting with over 1,000 partners. During the quarter, we saw early momentum from the global system integrators and now are focusing to further enable our VARs distributors service provider and cloud providers. Additionally, we have launched a set of focused field sales plays aimed at driving new product sales in our install base, as well as replacing competition. For example, our ATP cross-sell campaign has identified over 3,000 accounts that have an SEP installation which represent over tens of millions of control points. Within those accounts, we have identified a subset that our immediate candidates for our ATP solution over the next five quarters as they have an upcoming endpoint or email renewal. We're already seeing positive results, despite ATP only being generally available for just over 30 days. As of February 1, we had nearly 1,200 customers that have either attended an ATP webinar or engaged with a Symantec expert. Over 350 customers who were actively evaluating our ATP solution and dozens of initial wins. One of the most notable wins was with a U.S. food manufacturer and existing SEP and email customer who purchased our full ATP endpoint, email and gateway solution to monitor over 10,000 control points. This customer reviewed competitive offerings and selected Symantec, given our integrated suite, single console and no need to deploy a new endpoint agent. Another example of a new go-to-market offering is how we're helping customers securely transition to Office 365 by leveraging our recently launched bundle that includes DLP for cloud, user authentication and our dot cloud email solution. Our Office 365 solution provides customers a cloud-based solution that secures inbound and outbound data for customers as they transition those workloads and associated administration to the cloud. With cloud-based workloads, it's even more important to ensure an authorized user is accessing information, that it's encrypted traffic and that data that shouldn't leave a customer's environment doesn't leave. Symantec's bundle combines these security capabilities for our customers. We're currently in discussions with many existing and prospective customers who plan to migrate tens of thousands of users to Office 365. Some will be brand-new wins for us and others will be an upsell opportunity. Our third priority is continuing to improve our cost structure now that the divestiture of Veritas is complete. We're announcing today a target of $400 million in cost reduction to be achieved over the next two years. Specifically over the next 18 months, we plan to eliminate $130 million of TSAs and stranded costs resulting from the sale of Veritas, of which there are large opportunities in the areas of IT infrastructure and real estate. Beyond the impact of TSAs and stranded costs, we believe we can achieve further reductions across the Company. The majority of these incremental savings will benefit us in FY '18 and beyond. As a result, we expect to reach a 30% operating margin as we enter FY '18. Now our fourth priority, capital allocation. Our management team and Board believe proper capital allocation is key to maximizing long term shareholder value and we have demonstrated this with a consistent track record of returning capital through dividends and share buybacks. We continue that consistent track record with our announcement today that we will return $5 billion in additional capital to shareholders by the end of March 2017 through a special dividend and share repurchases, bringing our total capital return in connection with the Veritas transaction to $5.5 billion. Next I'd like to provide an overview of Q3 results. Enterprise security revenue increased 1% year over year, the third consecutive quarter of revenue growth driven by 15% growth from information protection. Specifically, DLP again grew double digits. We're witnessing a resurgence in DLP demand across industries beyond the traditional verticals of financial services and healthcare that we've sold into, as more organizations realize they need to secure their intellectual property. We're the best positioned Company to capitalize on this opportunity which is further demonstrated by our market share which is twice the size of the closest competition and our recognition as a leader in Gartner's January 2016 data-loss prevention Magic Quadrant. Moving to our consumer security business, revenues here declined 6% which was at the better end of our down 6% to 8% expectation and an improvement from Q2. During the quarter, we signed an agreement with a large Indian telco to provide paid mobile security services to their customers. This is significant, as monetizing the mobile opportunity is still in its infancy when compared with traditional form factor. We believe mobile security sold through partners will be one of the levers to return the consumer business to grow over the long term. As Thomas will describe in more detail, we're on track to convert our entire customer base to a subscription service and acquire more new customers directly online. Further, as we execute against our broader consumer product road map, we will expand the Norton offering to address broader personal privacy and home IoT security opportunities. In summary, I believe we're well-positioned for acceleration in FY '17. Our consumer business will see moderating declines, while remaining extremely profitable at greater than 50% operating margin. We expect our enterprise security business to continue to grow in FY '17 based on the strengthening product portfolio and building pipeline. Finally, we have a focused organization to execute against our priorities. Now I'll turn it over to Thomas to provide a review of our third quarter financial results and guidance for our fourth quarter. Thomas?
Thank you, Mike and good afternoon. Third quarter total revenue was $909 million, a decline of 2% year over year, was above the mid-point of our guided range on a constant-currency led basis. In Q3, approximately 88% of revenue is recurring in nature, 5% is perpetual and 7% is from services. Over time, we expect recurring revenue to become a larger portion of overall revenue, as more products are sold as a subscription. Deferred revenue was $2.5 billion which includes $396 million deferred revenue from Veritas. Implied billings, excluding Veritas, were $865 million. The U.S. dollar appreciated against most major currencies compared to the year-ago period which created a headwind of approximately $40 million to third quarter revenue on a year-over-year basis. Non-GAAP operating margin for the third quarter was 27.9% and exceeded our guided range. Excluding the impact from GSA cost, non-GAAP operating margin would have been approximately 30% which is in line with our margin target. Non-GAAP net income was $172 million. We saw that fully diluted earnings per share of $0.26, above the high end of our guidance. Let me now provide further detail on our revenue performance by product area. Enterprise security revenue was up 1% year over year. Enterprise security operating margins were 5%. To note, enterprise security carries a higher burden of stranded cost. Within enterprise security, threat protection was down 4% and within threat protection, endpoint protection grew in low single digits. Offsetting this growth was continued weakness in our endpoint management solution which will soon be refreshed with our new identified endpoint management platform available this quarter. Information protection revenue grew 15%, driven by both data loss prevention, DLP and user authentication were both up double digits year over year. During the quarter, we closed over two dozen new DLP deals greater than $300,000, including one of the largest healthcare systems in the nation, where we beat out the competition to replace the legacy installation with our market-leading DLP solution. Cybersecurity services, CSS, was flat year over year. During the quarter, we opened a Singapore SoC which would further accelerate our expansion internationally. We're seeing positive underlying trends in CSS from both a secular and an execution standpoint and expect the business to improve its revenue growth performance in FY '17. Website security grew 3%. We continued to be the de facto standard for enterprise-level customers to secure their websites which is a stable and profitable business. Beyond the enterprise, we see demand for encryption and authentication accelerating, as security and privacy imperatives and identify and applications like e-commerce grow among businesses of all sizes which we believe represents at least $40 million additional websites worldwide of opportunity for our solutions. Now on to the Norton consumer security segment. Third quarter consumer security revenue was down 6% and operating margins were 56%. However, we're seeing improvement in the underlying fundamentals of the customer business -- consumer business performance which gives us confidence that revenue performance will continue to improve. From a business modeling standpoint, we evaluate the consumer security business based on four primary factors, customer satisfaction, subscriber renewal rates, new subscriber growth and pricing. For competitive reasons, we do not quantify those metrics externally, but believe it would be helpful to directionally describe our performance. First, customer satisfaction. We track our progress through Net Promoter Score which is one of the highest in our industry and expect that metric to trend higher. Second, renewal rates. We have completed the transition to subscription globally. This quarter, we have reached the one-year anniversary of the [indiscernible] transition in the U.S. and will reach the one-year anniversary in Europe at the end FY '17 second quarter. Customers on subscription renew at a significantly higher rate than those not on subscription. We expect renewal rates to continue to improve over the medium term as we transition more customers to subscription and the acquisition makes continuous moving towards digital channels. Third, new customer acquisition. We're focusing on acquiring more customers online and through ISPs, as those channels have proven higher lifetime values. During the quarter, new subscriptions from online again grew 8% year over year. This represents approximately half of new acquisitions. Lastly, we expect pricing to remain healthy as we deliver increased value to our customers in the form of next-generation consumer endpoint protection. Given the steady improvement in both renewal rates and new customer additions, we believe we're exiting the trough of the consumer business declines. Turning to cash flow. Cash flow from continuing operations -- operating activities for the December quarter totaled $153 million and includes $56 million in outflows related to separation costs. Capital expenditures were $114 million in Q3. We expect capital expenditures for Q4 to be approximately $50 million to $60 million. Now turning to capital return. As we mentioned previously, we would update our capital return plan post the completion of the Veritas sale. We will now be returning $5.5 billion which include the $500 million ASR that we executed in Q3 and an additional capital return of $5 billion. The $5 billion will be executed through a $4 per-share special dividend which will amount to $2.7 billion and a $2.3 billion share repurchase program to be completed by March 2017. The record date for the special dividend payable to shareholders will be close of business on March 8, 2016 and the dividend will be payable on March 22nd. Once we complete the special dividend, we'll initiate our stock repurchase program. We expect to execute approximately $900 million of share repurchases within Q4. After the completion of the capital return, we will have returned more cash to shareholders than the net cash proceeds from the sale of Veritas. Lastly, we're adjusting our ongoing quarterly dividend to $0.075 a share, starting in the first quarter of FY '17. This adjustment reflects our lower domestic free cash flow post Veritas sale, but still represents a significant payout ratio on domestically generated free cash flow. We're committed to increasing this dividend as free cash flow grows over time. Now turning to guidance. Our constant currency Q4 revenue guidance of down 4% to flat is slightly higher than our previous guidance. We now expect non-GAAP operating margin to be 26% to 28%, down slightly from our previous guidance due to a negative impact from currency. We expect non-GAAP EPS of $0.24 to $0.27, in line with our previous guidance, as a lower tax rate offsets the decrease in operating margin expectation. We will provide FY '17 guidance when we report our Q4 results in May. In conclusion, we're seeing the underlying fundamentals of the business improve and we're well-positioned to execute on the second half of our transformation. Now I will turn the call back over to Jon.
Thank you, Thomas. Operator can you begin polling questions?
[Operator Instructions]. And we will take our first question from Raimo Lenschow with Barclays.
First, can you talk -- I know you don't guide for 2017, but can you talk a little bit about how you think about it? You're coming out of a lot of disruption and that should be the first clean year. How do you think and how should we think about that?
Well, Raimo, I think we can talk a little bit about how we see the guidance directionally and of course, we'll be providing complete guidance when we announce next quarter. So here's how we're thinking about it. From a revenue standpoint and thinking about the two segments on the consumer side, we expect consumer business to perform basically in line with the outlook that we've been providing, so moderating decline as we go forward. Our guidance is really is consistent with what we provided at Financial Analyst Day. Our consumer business very much on track. On the enterprise side, of course, it's more difficult to forecast and we're in a period now where we have so many new products, as I talked about in my remarks. And until we have some better visibility into the traction that we see converting that pipeline into revenue, we would rather be conservative with our thoughts about the enterprise side. But I think it's fair to say that we'll be looking at where we finished Q4 and we will expect that would be the starting point and we would expect to grow modestly from where we finished Q4 as we go throughout FY '17. On the margin side, we should keep in mind a few things. Number one, seasonality -- from a seasonal standpoint, margins are typically down for us from Q4 to Q1. And as we've also talked about, we have a significant amount of these stranded costs supporting Veritas and then the stranded costs obviously that we need to take out. That accounts for about 200 basis points of margin. If you add those 200 basis points to the margin we reported today, you'd see we were at -- which was 28%, you'd see we were at the 30% target. But as we go forward into FY '17, we're expecting that the reported, as reported non-GAAP margins, where we're not able to adjust for those stranded costs, will be about the 200 basis point lower than what we see in FY '16. So lower operating margins and then that's our task as we begin this effort to take out $400 million in costs over two years to ensure that those are eliminated. So that as we start the following fiscal year, FY '18, we will be able to start that back at our target of 30%. That gives you a little bit of the feel of how we're thinking about it.
Okay and then one follow-up question more on the business. If you think the endpoint is the one where you see a lot of extra competition coming in at the moment. You have a new product set there. How do you think about the trajectory for you to reverse the trend there?
Did you say to reverse the trend?
Reverse the -- start to stem the decline and then bring that back into growth again?
You mean on the enterprise side I think is what your--
The enterprise side, at the early endpoint yes. Sorry
I think the first thing I'd want to say is enterprise endpoint has been growing for us all year long, so I think we can do better there. I think when we think about the capabilities that we're bringing, especially with ATP, we see that as a big opportunity. As many of you all on the call have commented, 2016 is likely to be the renaissance of the endpoint, now that we're through a major refresh of firewalls, next-generation firewalls, many CISOs are turning to the endpoint because that's where unencrypted data live and that's where they are looking to be more effective against attacks. When we think about the combination of capabilities that we're offering, we think it's unparalleled in the marketplace. Just a couple of examples, we believe we're the only player effectively providing advanced attack protection across all vectors, so that's what our ATP solution does. You're really able to stop attacks and correlate them that might have been aimed at the network or email or endpoint, we could correlate those. The second, as I talked about in my remarks, we're using multiple advanced techniques that go well beyond static signatures, things like behavior monitoring, machine learning, global intelligence, advanced analytics. So we've already got multiple protection engines that are incorporated in step. The third would be the ability to remediate attacks; that comes with our ATP solution, so it's not just about protection but what can I due to remediate a situation. And then one of the things that Symantec has a strength in relative to some startup competitors is obviously delivering endpoint protection at scale without performance drag, because we can provide all these capabilities with a single agent. So we think we're really in an unmatched position now and adding the ATP capability gives us even stronger leadership. So we're still, as you'd expect, very excited about the endpoint. We think the capabilities we're adding with the ATP solutions really make us the leader again, in terms of the technology to protect, as well as remediate attacks at the endpoint.
And we will go next to Michael Turits with Raymond James.
Jerry Benatar [ph] in for Michael. Just staying on enterprise endpoint, what do you see customers doing in terms of their existing antivirus? Are they supplementing it with next-gen endpoint or are you seeing some churn there maybe? Thanks
Thank you for that question, because I think this is the source of a lot of confusion about what's happening in the endpoint. There's a feeling that Symantec, as being a legacy vendor, really providing an antivirus protection and that's all. What's true is we're providing antivirus, but when I talk about multiple protection engines, antivirus is just one of those. We often call that signature-based technology or protection, but here's where we're adding those multiple layers. So we've spent years developing, through our advanced research, these multiple techniques to protect you so that we can see what attacks are frankly coming in across the network. So frankly, the capability that stops more attacks than antivirus is something called intrusion prevention that's really scanning what is the traffic coming in over the network. That blocks more attacks than antivirus today. And we combine that with other techniques that we talked about, behavior, we use wisdom of crowds to understand what are the reputations that endpoint users might go out to access other files or URL addresses. And again, the vast telemetry the we collect keeps reputations on those 25 billion files, 30 billion URLs. So we will block the user from going to an infected site or opening an infected file before they do that. So it's again, these multiple protection engines and techniques that allow us to provide that best protection at the end point. A lot of competitors like to think we're just antivirus, but it's far from the truth.
And could you also walk us through -- thinking behind the decision to go with the higher special dividend and reduce the regular dividend? Thanks.
Yes, I think the special dividend is a reflection of returning the proceeds we received from Veritas transaction in a very efficient and timely manner to our shareholders. And we found and the Board found that the combination of the special dividend, combined with a buyback program, is going to achieve that in a very efficient manner. The reduction on the dividend is more a reflection on the operations and the size of the operations moving forward and keeping the operational flexibility to take care of what is in front of us in terms of adjusting our cost infrastructure, investing in the business. And then we said we're going to increase the dividend if cash flow allows for that. But I think those are two separate topics. One is the capital return, a very efficient capital return of the Veritas proceeds and the other position is around how we adjust to the smaller footprint. But keep in mind, we're still -- even the reduced dividend is still the majority of our domestically generated cash flow moving forward.
And we will go next to Keith Weiss with Morgan Stanley.
One top-line question and then one more strategic question. On the top-line question, focusing on the consumer side of the equation, it sounds like starting to trend in the right direction. Can you talk to us about how you guys are thinking about distribution on a going-forward basis. You're seeing good traction with the electronic distribution. Is there a potential of extending that back out into maybe putting your toe in the water, getting back into some of the OEM relationships? How should we think about how you're going to get the net new subscribers from here on out, how you're going to turn that ship fully around and actually start to get growth in the consumer side of the equation? That's the revenue question. Then the strategic question is just given the big chunk of cash return that's coming from Veritas, how does this impact how you guys think about M&A and the potential for doing deals on a going-forward basis? Does this have to steer you toward smaller deals versus something larger, given that you are giving back so much of this in cash?
Keith, thanks for the question on consumer business, because it gives us an opportunity to say our goal is to get the -- return the consumer business to grow. And we think that is achievable over the long-term, meaning, over the next several years. So while we're not forecasting that for next year, as we continue to work through the transitions that we've already begun in the consumer business, we clearly see that as an opportunity, meaning returning the business to top-line revenue growth over a longer time frame. And distribution is a key part of that. Most important for us was making sure that we built a stronger foundation for the business. That had to do with reducing the churn rate and of course, what we've done primarily there is moved to a subscription. And what we're seeing as we're now reaching the one-year anniversary of customers who started in a subscription is that the retention rate of those customers is significantly higher than what we had before with an auto renewal program where they needed to proactively sign up year after year. So staying in a subscription, of course, means that they continue to be protected and pay us year after year without an opt in. And the retention rates are significantly higher, we're already seeing that in the business. That's important because that gives us a stronger model from which to approach OEMs. So if we had lower retention rates, higher churn rates, an OEM customer doesn't make as much back. So now that we're fixing the foundation in the business, meaning improving the retention rate, now there's an opportunity to think about expanding distribution. So today, we're primarily acquiring new customers through online acquisition. And Thomas talked about the fact we're up 8% year over year in terms of our online acquisitions. So one part of our channel growing there. The second part that's growing, from a channel perspective, is the new customers we're acquiring through large partners. These tend to be cable or telco companies and I talked in my remarks about the fact that a new opportunity for us there is monetizing mobile customers. We're starting to do that really for the first time. Then as we look at retail and OEM, OEM has been in decline for us, but now with a stronger model, it will be time for us to think about OEMs again. And in fact, we're competing for a major OEM contract this year. So we'll have to wait and see how that plays out, but with the stronger model, we'll be in a great position to be competitive there and have that be profitable to business for Symantec which of course, as we've talked about was different with some of those OEM contracts before. They weren't profitable for us and our churn rate was such that we weren't able to generate the right lifetime customer value. Moving on to your second question about our balance sheet and strategic flexibility, we do not believe that the capital return program limits our strategic flexibility in the least. As you are aware, we'll have a very strong balance sheet going forward. We estimate we will have something in the neighborhood of $5 billion in cash, as we end up FY '17,with strong cash-flow generating capabilities. We do not feel it limits our strategic flexibility and we're going to continue to think about what are the right other capabilities that we'd like to add to Symantec that are tightly aligned with this Unified Security strategy.
And we will go next to John DiFucci with Jefferies.
This is [indiscernible] on for John. Thanks for taking my question. If we could talk a little bit more about the enterprise business. Margins in that segment contracted a bit this quarter. How do you think about the potential for margin expansion there and balancing investing to drive growth, but also get to your corporate margin targets?
I think I said it in my part that their slight decrease in enterprise margin, in part is a reflection of the higher burden of stranded costs that business had to carry this quarter and also to be honest, in FY '17. I think the $400 million cost improvement that we announced is going to be largely reflected in improvement in the margins of the enterprise security business, because Norton is already performing at a very profitable level and we've done our homework there already. You would expect that the margin for a standalone software business in this space is getting double-digit and I think with the improvement plans that we have put in place today and talked about today, this enables that path. And we get -- will get more specific when we talk about FY '17 guidance and beyond on our next earnings call. But without doubt, we have work in front of us, but we're serious about getting that done.
I would just like to add that the stranded costs we talked about which start with some large legacy IT infrastructure and real estate, the large proportion of those of course would get allocated to the enterprise business, as Thomas said, get reflected in those margins. So it doesn't mean that we will be investing less and making the enterprise business the growth business. But we'll have to attack those costs which are now burdening that segment P&L.
And maybe one quick high-level follow up. Now being a pure-play security vendor and also having the very large install base that you have, you have unprecedented insight into the macro demand environment for security products. Can you talk a little bit and you touched on it, but could you go a little bit more in depth on the demand environment that you're seeing in calendar 2016 for security overall?
We've seen no slowdown in terms of the demand for security products and services. They both have tremendous market opportunity. I think we would all agree that the market opportunity is a significant multiple of what we're showing in growth rate. The market opportunity we feel is there. Customers who have engaged with our strategy, seen our new products, are very excited about what they see. So I think our challenge is really how do we participate in that market growth to a greater extent? Which means better execution on our part, getting out these new products, making sure we're building the pipeline and that will allow us to grow the enterprise business a bit faster so that we're achieving more closely the market growth rate. But given the number and severity of attacks that we see with the global intelligence network that we have, there's no slowdown in terms of the attackers or attacks and customers continue to reach out saying they need help with this problem.
And we will go next to Pat Walravens with JMP.
Mike, I was hoping you could talk just a little bit about M&A and how you're thinking about it. And in particular, what valuation guidelines you guys use as you evaluate opportunities? Because that's an area of concern I hear from investor sometimes, that you're going to spend all the money on something that's super expensive.
We hear those same concerns. I hope today's announcement of a capital return program alleviates some of those concerns, as we've now returned all the proceeds or in process of returning all the proceeds of the Veritas transaction to shareholders, because I think that was a concern. As I said before, when Keith and I were talking though, we don't feel this limits our flexibility in terms of looking at potential acquisitions down the road. We have a very strong balance sheet and strong cash flow. But we will be very judicious as we think about this. If you look at our track record for the last 18 months or so, we've only done two small acquisitions. Those were very tightly aligned with the strategy that we've talked about, meaning they significantly add to the Unified Security. And in part, that was because we saw that the valuations were such that it was very difficult to make an acquisition, have the right level of returns for ourselves and our shareholders. We're going to continue to be very judicious as we think about what are the right assets that need to be tightly aligned with the strategy and they need to make financial sense over a similar timeframe, meaning a couple year time frame for us. It can't be something that's going to pay off 10 years from now. One of the additional capabilities we'll have now is Silver Lakes' extensive capability in assessing companies. They are interested in helping us with this issue as well, both from the standpoint of looking at the opportunities, but also in making sure that we understand the targets that we're looking at in depth.
And we will go next to Walter Pritchard with Citi.
Quick question, one just on the capital return I just want to make sure I understand how you fund it, because I do understand you're returning all the dollar amount of the proceeds from Veritas but not all those are in the U.S.. Should we expect you to raise incremental debt or do you intend to repatriate some of the funds that coming in from the Veritas deal?
A good question, Walter. When we talk about the special dividend that is going to be paid in March and also the first step in the buyback program that we announced, if you consider how much domestic cash we have after the Veritas proceeds, then add the money that we get from Silver Lake, we're in good shape to cover that first step. On top of that, there's operational cash flow and then there will be some additional debt involved during the full way, at least until we can bridge a more efficient way to repatriate capital. But I think this is something where we have not crossed all Ts and dotted all I's, that is work that is in process. But I think for the first step, the special dividend and the first step towards an efficient buyback in starting already in the fourth quarter. If you look at the domestic cash on hand, we're in good shape to do that.
And then one other question for you, just on the billings, you gave the billings number ex-Veritas for the December period. Could you provide the comparable billings for the prior year or maybe just the growth rate or constant currency growth rate, something to help us put that in context?
I understand that request. There is a lot of [indiscernible] to be done separating the Veritas numbers and the Symantec new numbers on a historical perspective. And as those numbers -- historical numbers become available, we'll be able to talk about it. Since we just closed the transaction the better part of a week ago, we're not there yet in terms of providing historical numbers.
Just maybe at a higher level, your revenue was down about 2% on the security side. Is it safe to say that your -- whatever measure of what you're thinking that business is growing, is it in that range or did -- I don't necessarily need a billings number calculated exactly but is it something you can give us [indiscernible] what those business did?
I think if you look at it from a bookings -- or from a billings perspective, we have outperformed revenue growth in the third quarter. Let's leave it there.
And we will go next to Andrew Nowinski with Piper Jaffray.
I just have a follow-up to the macro question prior. You constantly hear about how enterprises are losing the battle against hackers and as you said, there's no slowdown in breaches. However, are you guys seeing any shift in priorities within the broader spending environment?
I would say that the shift that we're seeing is towards how can you integrate some of the capabilities as opposed to buying more and more point solutions. Many of our customers are saying, I'm overwhelmed with the number of point solutions that are out there, people coming to me saying they've got a clever new way to block this single exploit. Or what can we do that might help stop one type of attacks and they are looking for something that's a more integrated solution here. How do I get a view across my enterprise? How do I protect myself knowing that there are threats that might have occurred in another part of the world aimed at the same vertical that I am in? That's where I think our strategy is really resonating. So if you think about what we described with ATP, we're giving customers a view across their entire enterprise and then we're giving them access to the global threat intelligence that we have. We're finding that customers are looking for that ability to find a needle in the haystack. How do I see that attack? If I'm a bank that's occurred in an Australian bank today, because the attackers are trying to leverage their business model, but really they are just replicating whatever attacks that worked with another vertical, another part of the world. So that's where I think the Symantec intelligence network really pays off. And then for individual customers, not only that, but again, how do I get an integrated view versus I don't want to be the integrator of 50 different technologies. Those are some of the trends that we're seeing.
And then just a quick follow-up on the recent launch for your ATP products, I know you said it was only available for 30 days in the quarter. But does it have any revenue impact in the quarter?
There was revenue impact, a small one. Obviously, we wouldn't call that material for the December quarter, but we're thinking that's going to be a 10 X improvement as we look into the March quarter. And the pipeline is building rapidly. Again, the reason for that is, number one, we're looking at the install base as the opportunity. And we have this idea, I talked about, of focused sales plays where we're out talking to those customers who are going to be renewing email or endpoint. And we've spent so much time with partners educating them about the solution. They're starting to be a multiplier effect, even though it's very early days.
And we will go next to Gray Powell with Wells Fargo.
Obviously, there are a lot of one-time costs impacting free cash flow this year. How should we think about the normalized free cash flow margin in FY '16 for security? And then if operating margins improve over the next couple of years, what kind of flow-through should we expect at the free cash flow line? Thanks.
I have waited for this question until we give guidance for FY '17. We had a lot of moving parts with the separation and the restructuring cost. Also CapEx impacted us on the separation side really, being able to separate that, especially the IT infrastructure. So a normalized operating cash flow number, globally is probably in the neighborhood of $700 million. And then we will have to look at FY '17, the gives and takes that are coming from putting a more efficient capital structure in place, that will have an impact and also how we approach the cost reduction of $400 million is going to have an impact on that number. So there will be a baseline and we'll have to make gives and takes on that number. And then as we generate and make progress on the $400 million cost reductions, that will be a significant tailwind moving forward. I think the run rate number I gave is a good run rate number. And then we'll be more precise at our next earnings call, because I think by then, we understand really what the gives and takes are going to be over the FY '17.
Probably the tailwind, it'd fair to say, Thomas, will be really heavy at the end of the year. Certainly second two quarters; I wouldn't expect as many in the first quarter.
And we will take one last question from Philip Winslow with Credit Suisse.
Just wanted to focus in on the consumer commentary you gave there about getting back to growth. And obviously you outperformed your expectations this quarter. You talked about distribution, but what are the puts and takes that you see there longer term and getting that back to growth? And then also in what margin context do you think about that?
If you think about the broader macro environment, the PC market we're all reading is declining. So what we view this in is that the install base is growing, but growing slowly at this point, so that's the broader context. Now an opportunity for us is to move beyond traditional PC form factor into mobile. We talked about that a bit today. We also talked about additional products that we can add the used Norton's capabilities. We talked about other capabilities like privacy in the home, like what we could do for IoT as we protect other devices in the home. I think there are other product opportunities that go beyond the traditional PC form factor, but the overwhelming proportion of our business today obviously is PC. And then as we look at the changes we've made in Norton which are primarily from a channel perspective, significant declines in OEM and retail as we focused on online acquisition and partners. Now that we have a stronger model, as we discussed earlier which means higher lifetime customer value that we achieved by moving people to subscription, we can look again at where does it make sense to grow in retail and OEM. In fact, retail for the regions outside of North America is already growing again. We don't have that growing in North America, but that's something that we have as a goal for this coming year. And then we talked about earlier in the call, given the strength of the model, we can also look at OEMs as well. So I'm quite optimistic that over the long term, there are enough opportunities for Norton to be able to grow. It's just going to take us a little while to realize those opportunities.
Thank you, everyone. That does conclude today's conference. We thank you for your participation.