(This article has been updated with an extended review of Carbon Black to reflect Tom Barsi’s selection as theCUBE’s Guest of the Week.)
Don’t look now, but VMware Inc. has built a significant cybersecurity practice.
The August acquisition of Carbon Black Inc. for $2.1 billion represented a major step forward for the network virtualization vendor’s security business, yet the seeds were sown long before that.
The firm’s acquisition of AirWatch in 2014 gave it tools for mobile device security, and, in 2016, VMware deployed its “micro-segmentation” strategy for enabling security as part of its flagship NSX product.
The real push into the security realm didn’t begin until 2018. In the first half of that year, VMware bought CloudCoreo, a cloud security startup, purchased E8 Security, provider of artificial intelligence-assisted security tools, and added Tom Gillis, a security software industry veteran and co-founder of Bracket Computing Inc., to its executive team.
On August 15, VMware bought Veriflow, a network monitoring and verification firm and, less than a week afterward, purchased security startup Intrinsic. Forty-eight hours later, Carbon Black was suddenly part of the company as well.
“We dated, and it just became obvious that there was so much synergy between our leadership and theirs,” said Tom Barsi (pictured), senior vice president of business development at Carbon Black. “It was a super exciting week, and the culmination of a lot of work among an army of people to get us to where we are. There really is an opportunity to transform the industry.”
Barsi spoke with Dave Vellante and John Walls, co-hosts of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the VMworld event in San Francisco. They discussed Carbon Black’s previous work to integrate its technology into VMware’s products, the need to bridge security operations with information technology administration, how the new parent company’s track record with other acquisitions offered promise for Barsi’s firm and a mutual goal to make security intrinsic in the enterprise (see the full interview with transcript here).
This week, theCUBE features Tom Barsi as its Guest of the Week.
Fixing ‘broken’ industry
VMware executives don’t pull punches when they speak publicly about security. Their narrative is that security is a mess, and VMware intends to do something about it.
“It’s a broken industry with 5,000 vendors,” declared Sanjay Poonen, chief operating officer of customer operations for VMware, during his keynote remarks at VMworld 2019. “We looked at this industry and said, ‘There’s got to be a better way.’”
A glimpse into how VMware expects to address the security problem can be seen in its previous work with Carbon Black before the acquisition. Prior to VMware’s purchase, the companies had worked together for over two years, beginning with an integration to protect workloads through VMware’s AppDefense offering.
“We built that integration exclusively,” Barsi said. “For the first time, the security operations center had been able to have visibility into the hypervisor. That’s when we started to see the potential and the opportunity.”
Removing security friction
In addition to its workload protection through VMware’s AppDefense, Carbon Black provides endpoint detection and response, known as EDR, along with next-generation antivirus tools. The firm also offers LiveOps, a real-time endpoint query solution designed to provide system administrators with the ability to perform investigations and remote remediation from a single cloud-native protection platform.
Carbon Black sees its role as an enabler of closer ties between security operations centers and IT operations staff.
“We see the opportunity to eliminate that friction and create an opportunity between those two,” Barsi said. “There’s friction because the ‘SecOps guys’ are saying, ‘Take the server down if there’s a problem’ and ‘IT ops guys’ are saying, ‘I’ve got runtime; I’ve got to keep it up.’ Now you have the opportunity to identify a threat and the ability to seamlessly leverage VMware’s infrastructure management tools to instantly remediate and orchestrate a problem without the conflict with IT and security operations.”
From second to first
A case could be made that VMware’s multi-billion-dollar acquisitions have turned out fairly well. The company bought Nicira for $1.2 billion in 2012, which laid the groundwork for VMware’s highly successful software-defined networking product — NSX.
When VMware purchased AirWatch in 2014 for $1.5 billion, that firm wasn’t number one in the market at the time, but it has become quite successful as VMware’s Chief Executive Officer Pat Gelsinger pointed out during a recent earnings call.
In an interview at VMworld, VMware’s Poonen readily acknowledged that Carbon Black was second in the space behind endpoint security firm CrowdStrike Inc. Poonen said he was OK with that, yet Barsi felt that his firm’s status had the potential to change based on VMware’s previous history with other big-ticket acquisitions.
“It’s what they’ve done with Nicira, what they’ve done with AirWatch and WorkspaceONE, and their ability to take a business from no revenues to a couple hundred billion,” Barsi said. “I believe we can take our position as number two and be number one.”
Leveraging data
With over $11 billion in valuation for CrowdStrike versus Carbon Black’s $2 billion, it will take significant progress to reach a lead position in the endpoint security market. What could make that become reality?
VMware has moved quickly to retain Carbon Black’s key leadership even though the acquisition is not slated to be closed until 2020. Patrick Morley, Carbon Black’s CEO, will lead a security business unit that VMware is creating. And offer letters have been submitted to the company’s chief operating and chief product officers.
VMware’s network of 75,000 partners and 500,000 customers will also help. This ready-to-serve market, combined with access to the Dell EMC ecosystem, which includes security firms RSA and SecureWorks, provides Carbon Black with an opportunity to extend its platform in ways that were not available to it before.
Yet the ultimate “killer app” in this deal may VMware’s ability to radically reduce the attack surface through a massive amount of high-level data. Years of NSX microsegmentation across a sizable virtual machine footprint have produced robust telemetry that, when combined with Carbon Black’s own security cloud, could lead to threat analysis at a scale not achieved before.
“The best way to secure enterprise is to integrate security into the actual infrastructure,” Barsi said. “The opportunity is to leverage the infrastructure management and security portfolio that VMware has and sprinkle in the Carbon Black capabilities. By integrating it across that portfolio, you have the ability to transform the security space and now you’re coming up with intrinsic security.”
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s extensive coverage of VMworld 2019:
Photo: SiliconANGLE
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.