When you think about VMware and cybersecurity, two products have always stood out. NSX, which has evolved into a common micro-segmentation tool for east/west traffic within ESXi, and AppDefense, which monitors applications, determines “normal” behavior, and detects anomalies.
Now, VMware has other security capabilities, but few cybersecurity pros know a thing about them. Why? Because despite its strong technology, VMware has never established itself as a cybersecurity vendor. Many VMware salespeople have a cursory understanding of the company’s security capabilities, while partners often complain that beyond its Palo Alto, California, headquarters, VMware isn’t proficient at driving security go-to-market programs with channel partners or its global sales organization.
To its credit, VMWare recognized two things:
- Its future hybrid cloud leadership needed a much greater security presence, and
- It couldn’t get there on its own.
For those reasons, VMware acquired Carbon Black last week. Yes, this acquisition can help VMware address its historical cybersecurity shortcomings, but Carbon Black has the potential to contribute much more.
Carbon Black gives VMware the potential to become a cybersecurity leader
The combination of VMware and Carbon Black can:
- Provide a security bundle for Workspace One. VMware’s “intelligence-drive workspace platform” offered security features for identity and access management but lacked any native device/virtual device security safeguards. Armed with Carbon Black, VMware can provide an integrated secure workspace – similar to what Microsoft does with ATP. Beyond endpoints, Carbon Black can also be bundled with core ESX.
- Bring VMware into the growing market for threat detection and response. According to our research at ESG, 76% of organizations believe that threat detection and response is more difficult today than it was two years ago due to an increase in sophisticated/targeted attacks, an increasing cybersecurity workload, and a growing attack surface. To address this, 89% of organizations plan to increase spending in this area – 47% will increase threat detection and response spending “significantly.” Threat detection and response really depends upon five security technologies: EDR, NTA, file sandboxing, threat intelligence, and security analytics. With Carbon Black, its recent acquisition of Veriflow, and its vRealize product, VMware now covers the whole threat detection and response enchilada. Oh, and VMware also gets Carbon Black’s managed services for the growing population of customers who need help with threat detection/response.
- Further complement its hybrid cloud strategy with security. In its quest to anchor hybrid cloud infrastructure, VMware recently purchased Intrinsic, a company focused on securing serverless workloads. While Carbon Black doesn’t currently support cloud workload security, these capabilities should become part of the offering by early 2020. When this development is completed, VMware will offer customers security controls for physical endpoints and servers, virtual endpoints and servers, and cloud-based workloads of all types (i.e. virtual servers, containers, serverless, etc.).
Aside from technical assets, Carbon Black has a global security-savvy salesforce and strong partner program execution. These capabilities further address VMware’s historical security weaknesses.
Other acquistions that would help VMware
While VMware has its checkbook out, it could further bolster its security stance with a few additional acquisitions in:
- Network traffic analytics (NTA). ESG research indicates that 43% of organizations consider NTA the “first line of defense” for threat detection and response. Rather than building security capabilities into vRealize, perhaps VMware should buy a pure-play security expert such as Corelight, DarkTrace, or Vectra Networks.
- Security analytics and operations. This would be a big move for VMware, but it’s certainly demonstrating bold behavior. Could Exabeam, Jask, or SumoLogic be in the cards?
Regardless of future moves, VMware just took a major step toward becoming a cybersecurity leader while shaking up the security industry. My learned colleague Dave Gruber and I will be watching and reporting on further progress and developments.