Chipmaker Broadcom reportedly is in advanced talks to acquire Symantec, a move one analyst said would potentially be a bad deal for the cybersecurity giant.

Broadcom is close to finalizing the acquisition of Symantec for more than $15 billion, the Financial Times reported. An agreement could be delayed until after July 4, according to people briefed on the move.

A Symantec spokesperson said the company doesn’t comment on market rumors or speculation. Broadcom couldn’t be reached for comment.

Eric Parizo, senior analyst with Ovum, tells Channel Partners that buying Symantec would be a “smart move” for Broadcom.

Ovum’s Eric Parizo

“Though Symantec is perceived to be a software company, the organization has an underestimated amount of hardware expertise, given its acquisition of Blue Coat, a largely appliance-based business, and solid assets like its email and messaging gateways, the former Solera full-packet capture technology, and others,” he said. “Symantec would undoubtedly help Broadcom diversity its portfolio and its technical capabilities, especially in software.”

For Symantec, however, the move would be a “disastrous event,” Parizo said, calling it a “significant short-term business distraction, and in the long term would threaten to undermine the positive strategic trajectory [it] has developed in the past two years,” Parizo said.

“The plan has been to combine Symantec’s best existing technologies – namely endpoint, web and data loss prevention (DLP) – with cutting-edge acquisitions including Skycure and Fireglass, transforming it into the go-to vendor for securing users, devices, data and applications as enterprises shift their infrastructure to the cloud,” he said. “Symantec’s long-underrated innovation engine has also been making a comeback, particularly with its multifaceted, single-agent endpoint solutions and its emerging ICDx framework.”

Two other acquisitions highlight how difficult it can be to bring together large hardware and software businesses, Parizo said. Intel paid nearly $8 billion for McAfee in 2010 for similar reasons – to bolster areas like mobile/wireless and embedded security – but the synergies never developed, and Intel eventually dumped McAfee to TPG for about $3 billion in 2016, a fraction of the purchase price, he said.

And Symantec’s own “misguided union” with Veritas never fulfilled the promise of combining security and storage hardware, he said.

“Symantec has already been through a volume of change [in] recent years that would have devastated lesser organizations,” Parizo said. “With Greg Clark’s departure in May and the appointment of interim CEO Richard Hill, Symantec now has its sixth chief executive in 10 years. It has also made a slew of acquisitions and is not that far removed from shedding Veritas in a $7.4 billion sale. And an internal investigation recently resulted in $12 million of improperly recognized revenue, not to mention a pending shareholder lawsuit accuses Clark and others of intentionally manipulating revenue that affected executive bonuses.”