Years in the making: Carbon Black is the capstone for VMware’s security business strategy
This article has been updated with an extended review of Carbon Black to reflect Tom Barsi’s selection as theCUBE’s Guest of the Week.)
Don’t look now, but VMware Inc. has built a significant cybersecurity practice.
The August acquisition of Carbon Black Inc. for $2.1 billion represented a major step forward for the network virtualization vendor’s security business, yet the seeds were sown long before that.
The firm’s acquisition of AirWatch in 2014 gave it tools for mobile device security, and, in 2016, VMware deployed its “micro-segmentation” strategy for enabling security as part of its flagship NSX product.
The real push into the security realm didn’t begin until 2018. In the first half of that year, VMware bought CloudCoreo, a cloud security startup, purchased E8 Security, provider of artificial intelligence-assisted security tools, and added Tom Gillis, a security software industry veteran and co-founder of Bracket Computing Inc., to its executive team.
On August 15, VMware bought Veriflow, a network monitoring and verification firm and, less than a week afterward, purchased security startup Intrinsic. Forty-eight hours later, Carbon Black was suddenly part of the company as well.
“We dated, and it just became obvious that there was so much synergy between our leadership and theirs,” said Tom Barsi (pictured), senior vice president of business development at Carbon Black. “It was a super exciting week, and the culmination of a lot of work among an army of people to get us to where we are. There really is an opportunity to transform the industry.”
Barsi spoke with Dave Vellante and John Walls, co-hosts of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the VMworld event in San Francisco. They discussed Carbon Black’s previous work to integrate its technology into VMware’s products, the need to bridge security operations with information technology administration, how the new parent company’s track record with other acquisitions offered promise for Barsi’s firm, and a mutual goal to make security intrinsic in the enterprise (see the full interview with transcript here).
This week, theCUBE features Tom Barsi as our Guest of the Week.
Fixing ‘broken’ industry
VMware executives don’t pull punches when they speak publicly about security. Their narrative is that security is a mess, and VMware intends to do something about it.
“It’s a broken industry with 5,000 vendors,” declared Sanjay Poonen, chief operating officer of customer operations for VMware, during his keynote remarks at VMworld 2019. “We looked at this industry and said, ‘There’s got to be a better way.’”
A glimpse into how VMware expects to address the security problem can be seen in its previous work with Carbon Black before the acquisition. Prior to VMware’s purchase, the companies had worked together for over two years, beginning with an integration to protect workloads through VMware’s AppDefense offering.
“We built that integration exclusively,” Barsi said. “For the first time, the security operations center had been able to have visibility into the hypervisor. That’s when we started to see the potential and the opportunity.”
Removing security friction
In addition to its workload protection through VMware’s AppDefense, Carbon Black provides endpoint detection and response, known as EDR, along with next-generation antivirus tools. The firm also offers LiveOps, a real-time endpoint query solution designed to provide system administrators with the ability to perform investigations and remote remediation from a single cloud-native protection platform.
Carbon Black sees its role as an enabler of closer ties between security operations centers and IT operations staff.
“We see the opportunity to eliminate that friction and create an opportunity between those two,” Barsi said. “There’s friction because the ‘SecOps guys’ are saying, ‘Take the server down if there’s a problem’ and ‘IT ops guys’ are saying, ‘I’ve got runtime; I’ve got to keep it up.’ Now you have the opportunity to identify a threat and the ability to seamlessly leverage VMware’s infrastructure management tools to instantly remediate and orchestrate a problem without the conflict with IT and security operations.”
From second to first
A case could be made that VMware’s multi-billion-dollar acquisitions have turned out fairly well. The company bought Nicira for $1.2 billion in 2012, which laid the groundwork for VMware’s highly successful software-defined networking product — NSX.
When VMware purchased AirWatch in 2014 for $1.5 billion, that firm wasn’t number one in the market at the time, but it has become quite successful as VMware’s Chief Executive Officer Pat Gelsinger pointed out during a recent earnings call.
In an interview at VMworld, VMware’s Poonen readily acknowledged that Carbon Black was second in the space behind endpoint security firm CrowdStrike Inc. Poonen said he was OK with that, yet Barsi felt that his firm’s status had the potential to change based on VMware’s previous history with other big-ticket acquisitions.
“It’s what they’ve done with Nicira, what they’ve done with AirWatch and WorkspaceONE, and their ability to take a business from no revenues to a couple hundred billion,” Barsi said. “I believe we can take our position as number two and be number one.”
With over $11 billion in valuation for CrowdStrike versus Carbon Black’s $2 billion, it will take significant progress to reach a lead position in the endpoint security market. What could make that become reality?
VMware has moved quickly to retain Carbon Black’s key leadership even though the acquisition is not slated to be closed until 2020. Patrick Morley, Carbon Black’s CEO, will lead a security business unit that VMware is creating. And offer letters have been submitted to the company’s chief operating and chief product officers.
VMware’s network of 75,000 partners and 500,000 customers will also help. This ready-to-serve market, combined with access to the Dell EMC ecosystem, which includes security firms RSA and SecureWorks, provides Carbon Black with an opportunity to extend its platform in ways that were not available to it before.
Yet, the ultimate “killer app” in this deal may VMware’s ability to radically reduce the attack surface through a massive amount of high-level data. Years of NSX micro-segmentation across a sizable virtual machine footprint have produced robust telemetry that, when combined with Carbon Black’s own security cloud, could lead to threat analysis at a scale not achieved before.
“The best way to secure enterprise is to integrate security into the actual infrastructure,” Barsi said. “The opportunity is to leverage the infrastructure management and security portfolio that VMware has and sprinkle in the Carbon Black capabilities. By integrating it across that portfolio, you have the ability to transform the security space and now you’re coming up with intrinsic security.”