VCF renewals ▲ 31.4% YoY· Symantec EDR true ups ▲ 18%· Carbon Black avg quote uplift +22%· Mainframe MIPS capacity squeezes ▲· Audit notices ▲ 47% QoQ· Our last 10 deals avg −41% on quote· VCF renewals ▲ 31.4% YoY· Symantec EDR true ups ▲ 18%· Carbon Black avg quote uplift +22%· Mainframe MIPS capacity squeezes ▲· Audit notices ▲ 47% QoQ· Our last 10 deals avg −41% on quote
Wednesday · 27 May · MMXXVIIssue II
Independent · Buyer SideLive
DLP and ProxySG
Network DLP · Discovery DLP · ProxySG · Enforcement posture The clauses being read more carefully in 2026 than at any point since the acquisition. Not affiliated with Broadcom Inc.
The Lead · Product Brief · DLP and ProxySG

The DLP clause that nobody read for ten years is now being read.

Two live DLP and ProxySG renewals this quarter. Average reduction 41 percent on the opening quote. The licensing clauses being enforced more aggressively than at any point since the acquisition.
By The Negotiation Desk · 2 live · trailing avg −41% on quote

Network Data Loss Prevention and Discovery Data Loss Prevention have always been priced separately, but the clause that defines what counts against each entitlement was rarely audited. Through 2025 and into 2026 that has changed. Audit notices into the DLP installed base are running ahead of the rest of the Symantec portfolio. Buyers who have not mapped current deployment against the licensing definition tend to discover the gap when the notice arrives.

ProxySG has the opposite problem. The hardware is end of life on a published schedule, and the renewal cycle is increasingly priced as a forced migration to Cloud SWG. Buyers who do not have a current migration cost map have nothing to compare the new quote against. The desk's job is to produce that map before the renewal conversation begins, so the buyer can negotiate on the basis of the actual alternatives, not the seller's framing.

"The DLP audit found exposure on a clause we had not read since the original contract was signed. The defense found it was less than half what the seller's audit team had calculated."Director Security · Retail conglomerate

The DLP work begins with a current usage map. Endpoint DLP, network DLP, discovery DLP and cloud DLP each have separate entitlement definitions. The cross product audit posture has tightened. The desk maps each component against the deployment, identifies the clauses being read more strictly in 2026, and rewrites the contract to match how the buyer actually uses the product, not how the seller's audit team currently classifies it.

The ProxySG work is migration economics. What does Cloud SWG actually cost across a multi region deployment, what does a third party gateway cost as comparison, what does the contract say about the migration window. The buyer who has all three numbers negotiates a different renewal than the buyer who has only the seller's quote.

§ 02

Outcomes on DLP renewals

Verified · Net of fees · Signed contract delta
Typical reduction
41%
Average across trailing DLP and ProxySG renewals.
▲ range 30 to 52%
Largest delta
$9.2M
Three year savings on a global retail DLP and ProxySG combined renewal.
▲ Q4 2025 case
Exposure cut
68%
Avg reduction in DLP audit exposure on settled compliance reviews.
▲ settlement verified
Renewals delivered
12+
Combined DLP and ProxySG contract cycles closed by the practice.
▲ Q2 cumulative
§ 04

What we negotiate

DLP and ProxySG · The clauses being read more strictly in 2026
#Contract elementWhat we changeTypical liftDifficulty
01
DLP entitlement definitions
Endpoint, network, discovery and cloud DLP mapped against deployment.
The clauses being read more strictly by the new audit team.
−12 to −25%Medium
02
ProxySG migration window
Hardware end of life timing and Cloud SWG conversion terms.
Currently being priced as forced migration. Negotiable on timing and price.
−10 to −22%Medium
03
Audit posture
Closing open DLP audit posture at signature, future definition locks.
DLP audits are arriving more frequently. Settlement at renewal closes both.
−68% avg exposureHigh
04
Multi region structure
Region by region pricing on combined DLP and ProxySG deployments.
Multi region quotes are routinely priced as if every region runs at the same tier.
−8 to −18%Medium
§ 05

Field notes · DLP

Quarterly intelligence from live DLP and ProxySG desks
Symantec · TrapQ2 · 9 min read

The DLP licensing clause Broadcom is enforcing more aggressively in 2026

Network DLP and discovery DLP have always been priced separately. The clause that defines what counts against each entitlement has been re read by the new audit team. Buyers without a current map carry exposure they did not know they had.

Read essay →
Symantec · LeverQ2 · 8 min read

The ProxySG renewal lever most enterprises miss

ProxySG renewals look like forced migrations to Cloud SWG. The migration is real. The forced part is negotiable. Here is what the desk does in the renewal window before the migration conversation begins.

Read essay →
Symantec · AuditQ2 · 9 min read

What to do when a Symantec audit notice arrives

Audit notices arrive sixty to ninety days before renewals more often than not. The first seven days set the posture for the whole defense. Here is the desk's standard sequence.

Read essay →
Adjacent product · Endpoint and EDR desk →   Cloud SWG and Email desk →
Correspondence Invited

Write before the quote becomes a position.

Two analyst calls. No pitch. We tell you what we would do, what the leverage actually is, and whether we are the right firm. If we are not, we will say so.
Who we work for. Buyer side only. No reseller relationship with Broadcom. No partnership of any kind. We do not earn anything from products sold or renewed. Only from outcomes delivered against the contract.