VMware builds security unit around Carbon Black tech

VMware has wrapped up its $2.1 billion buy of cloud-native endpoint-security vendor Carbon Black and in the process created a new security business unit that will target cybersecurity and analytics to protect networked enterprise resources.

When VMware announced the acquisition in August, its CEO Pat Gelsinger said he expected Carbon Black technology to be integrated across VMware’s product families such as NSX networking software and vSphere, VMware’s flagship virtualization platform. “Security is broken and fundamentally customers want a different answer in the security space. We think this move will be an opportunity for major disruption,” he said. 

Integrating what Carbon Black offers – a cloud-based endpoint security system that gathers network and application data to determine threats and trigger incident response – will be key to what VMware envisions for the future of enterprise security. Some integration has already been done as the companies worked to enhance VMware’s AppDefense security product in 2017. The companies also offer a cloud-based security threat-detection and remediation package.

“With Carbon Black we are in a very unique position to integrate security into everything we offer,” said Tom Corn senior vice president and general manager of security products at VMware at the company’s recent VMworld gathering.  “We are in position to proactively secure private and public clouds or any application and device across the network.”

The general idea is to offer integrated security rather than bolted-on piece-parts, Corn said. 

With the close of the acquisition, VMware is creating a new security business unit that led by Carbon Black CEO Patrick Morley who will become general manager of this new group reporting to Sanjay Poonen, VMware’s COO for customer operations. Carbon Black technology will form the nucleus of VMware’s Security offering.

Morley wrote of the deal: “VMware has a vision to create a modern security platform for any app, running on any cloud, delivered to any device – essentially, to build security into the fabric of the compute stack. Carbon Black’s cloud-native platform, our ability to see and stop attackers by leveraging the power of our rich data and behavioral analytics, and our deep cybersecurity expertise are all truly differentiating.”

Poonan said, “The Carbon Black platform, along with VMware NSX, VMware Workspace ONE, VMware Secure State and our future innovations, will deliver a highly differentiated intrinsic security platform across network, endpoint, workload, identity, cloud and analytics.”

Analysts said the Carbon Black deal will bring VMware into customer security discussions that the company may have been left out of in the past. 

“The acquisition can help VMware address its historical cybersecurity shortcomings, but Carbon Black has the potential to contribute much more,” wrote Jon Oltsik, a senior principal analyst with Enterprise Strategy Group in a blog about the deal. “For example, armed with Carbon Black, VMware can provide an integrated secure workspace, similar to what Microsoft does with [Windows Defender Advanced Threat Protection]. Beyond endpoints, Carbon Black can also be bundled with core ESX [hypervisor],” he wrote. 

“With Carbon Black, recent acquisition Veriflow, and its vRealize [hybrid-cloud management] product, VMware now covers the whole threat detection and response enchilada. Oh, and VMware also gets Carbon Black’s managed services for the growing population of customers who need a helping hand with threat detection/response,” Oltsik wrote. 

VMware has made moves to beef up its hybrid-cloud offerings with the recent purchase of Intrinsic, which is focused on securing serverless workloads, he wrote. And while  Carbon black doesn’t support security for cloud workloads now, he wrote that they whould by early 2020. “When this development is completed, VMware will offer customers security controls for physical endpoints and servers, virtual endpoints and servers, and cloud-based workloads of all types (i.e., virtual servers, containers, serverless, etc.).”