VMware has signaled it plans to create a dedicated cloud security business unit in the wake of agreeing this week to acquire Carbon Black, a provider of an endpoint security service based on machine learning algorithms and Big Data analytics, for $2.1 billion.
During a call with industry analysts, VMware CEO Pat Gelsinger disclosed plans to build a VMware cloud security platform that includes technologies VMware currently delivers within its AppDefense, Workspace ONE, NSX and SecureState offerings in addition to the cloud services provided by Carbon Black.
As part of that effort, Gelsinger promised to integrate Carbon Black with VMware NSX, a network virtualization overlay, and VMware Secure State, a real-time security and configuration monitoring service. Carbon Black already has a technology alliance in place that integrates its service with AppDefense, a zero-trust cybersecurity framework layered on top of NSX, and the VMware vSphere platform. Gelsinger also noted that 30% of all NSX-related sales being made today involve cybersecurity use cases.
Gelsinger said that as a unit of Dell Technologies, VMware will be able to leverage both its own desktop virtualization software and the relationship with Dell to deliver endpoint security services. Dell also owns Dell SecureWorks, an IT cybersecurity services provider.
One of the attributes of Carbon Black Gelsinger cited that will play a larger role is its lightweight agent software, which Gelsinger said will reduce “bloatware” on endpoints. However, the agent is not limited to endpoints, as evidenced by its integration with VMware vSphere, he noted.
VMware disclosed that the Carbon Black service has 5,600 customers and the company has more than 500 partners globally. The Carbon Black service is leveraging machine learning algorithms to thwart more than 1 million cyberattacks per day, Gelsinger said.
In general, Gelsinger reiterated his view that cybersecurity is fundamentally broken—there are too many cybersecurity products and services for organizations to implement a comprehensive cybersecurity strategy effectively. VMware views acquiring Carbon Black as an opportunity to disrupt the cybersecurity market at a time when organizations are paying too much for cybersecurity products that don’t deliver enough value, Gelsinger said, noting that too much time is spent trying to remediate vulnerabilities after they have been discovered instead of preventing attacks from occurring in the first place. That issue has become more pressing as organizations embark on digital transformation initiatives that depend mainly on cloud-native technologies, he said.
It’s unclear to what degree the acquisition of Carbon Black will serve as a catalyst for consolidation across the security sector at a time when the number of cybersecurity platforms providers has never been greater. Chances are good VMware may need to build and acquire additional machine learning-infused products and services to force that issue. In the meantime, it’s clear that at the very least, the number of cybersecurity technologies and services any organization can license from one vendor will increase. Less clear is whether the number of products and services that will need to be implemented will be reduced.