When you think about VMware and cybersecurity, two products have always stood out. NSX has evolved into a common micro-segmentation tool for east/west traffic within ESXi, while AppDefense monitors applications, determines “normal” behavior, and detects anomalies.
Now, VMware has other security capabilities, but few cybersecurity pros know a thing about them. Why? Despite its strong technology, VMware has never established itself as a cybersecurity vendor. Many VMware sales people have a cursory understanding of the company’s security capabilities while partners often complain that beyond its Palo Alto headquarters, VMware isn’t proficient at driving security go-to-market programs with channel partners or its global sales organization.
To its credit, VMWare recognized two things:
- Its future hybrid cloud leadership needed a much greater security presence.
- It couldn’t get there on its own.
For these reasons, VMware acquired Carbon Black last week. Yes, this acquisition can help VMware address its historical cybersecurity shortcomings, but Carbon Black has the potential to contribute much more. The combination of VMware and Carbon Black can:
- Provide a security bundle for Workspace One. VMware’s “intelligence-drive workspace platform” offered security features for identity and access management but lacked any native device/virtual device security safeguards. Armed with Carbon Black, VMware can provide an integrated secure workspace, similar to what Microsoft does with ATP. Beyond endpoints, Carbon Black can also be bundled with core ESX.
- Bring VMware into the growing market for threat detection and response. According to ESG research, 76% of organizations believe that threat detection and response is more difficult today than it was 2 years ago. Reasons commonly cited for this include an increase in sophisticated/targeted attacks, an increasing cybersecurity workload, and a growing attack surface. To address this, 89% of organizations plan to increase spending in this area, with 47% increasing threat detection and response spending significantly. Threat detection and response really depends upon 5 security technologies: EDR, NTA, file sandboxing, threat intelligence, and security analytics. With Carbon Black, recent acquisition Veriflow, and its vRealize product, VMware now covers the whole threat detection and response enchilada. Oh, and VMware also gets Carbon Black’s managed services for the growing population of customers who need a helping hand with threat detection/response.
- Further complement its hybrid cloud strategy with security. In its quest to anchor hybrid cloud infrastructure, VMware recently purchased Intrinsic, a company focused on securing serverless workloads. While Carbon Black doesn’t currently support cloud workload security, these capabilities should become part of the offering by early 2020. When this development is completed, VMware will offer customers security controls for physical endpoints and servers, virtual endpoints and servers, and cloud-based workloads of all types (i.e., virtual servers, containers, serverless, etc.).
Aside from technical assets, Carbon Black has a global security-savvy salesforce and strong partner program execution. These capabilities further address VMware’s historical security weaknesses.
While VMware has its checkbook out, it could further bolster its security stance with a few additional acquisitions in:
- Network traffic analytics (NTA). ESG research indicates that 43% of organizations consider NTA the "first line of defense" for threat detection and response. Rather than build security capabilities into vRealize, perhaps VMware should buy a pure-play security expert like Corelight, DarkTrace, or Vectra Networks.
- Security analytics and operations. This would be a big move for VMware but it’s certainly demonstrating bold behavior. Could Exabeam, Jask, or SumoLogic be in the cards?
Regardless of future moves, VMware just took a major step toward becoming a cybersecurity leader while shaking up the security industry. My learned colleague Dave Gruber and I will be watching and reporting on further progress and developments.