Carbon Black acquisition bolsters VMware's security play
VMware announced an agreement to acquire endpoint security vendor Carbon Black in an effort to boost its cloud security offerings; the all-cash deal is valued at $2.1 billion.
VMware is continuing a string of acquisitions with the purchase of Carbon Black, an endpoint security company, with the aim of providing more secure cloud offerings.
The Carbon Black acquisition will be an all-cash transaction for $26 per share, which is a company valuation of $2.1 billion. VMware expects the acquisition to close in the second half of VMware's fiscal year 2020, ending Jan. 31.
In VMware's Q2 2020 earnings call, CEO Patrick Gelsinger noted that his company has been working with Carbon Black for the past two years on VMware's AppDefense product, and said that time has been a way of "de-risking this acquisition" and "building a shared go-to-market with them."
Gelsinger told reporters during the earnings call that the Carbon Black acquisition will address security challenges "as businesses move applications to the cloud and access it over distributed networks and from a diversity of endpoints." He added that the acquisition will lead to integration through VMware's "extensive endpoint footprint" and create a unified workspace solution covering both endpoint management and endpoint security. VMware also plans to leverage partnerships with Dell and SecureWorks to "accelerate the adoption of Carbon Black in the enterprise."
Gelsinger acknowledged that part of the impetus for the Carbon Black acquisition is due to VMware's plan to build a security cloud platform.
"Together we think VMware and Carbon Black will uniquely provide customers advanced threat detection, in-depth app behaviors, insight to prevent sophisticated attacks and accelerate responses across that platform," Gelsinger said. "This idea of individual products that are bolted on and patched on is just ineffective for customers."
The Carbon Black acquisition follows other moves by VMware to strengthen its presence in the security industry. Earlier this week, the company acquired Intrinsic, a startup focused on application runtime security, for an undisclosed amount and also confirmed its $1.45 billion purchase of software development firm Pivotal.
In addition to those deals and other security acquisitions this year, VMware introduced its Service-defined Firewall at RSA Conference 2019; the product is designed to secure traffic within a distributed environment by permitting only "known good" behavior of applications while blocking all other activity. At the conference, Gelsinger hinted at a larger cybersecurity play for VMware while criticizing the "nightmare" state of the market, which he said was overwhelmed with too many products that were chasing specific threats instead of reducing attack surfaces.
Gelsinger echoed those comments during VMware's earnings call Thursday evening and said his company plans to fundamentally "fix" the security market. "As enterprises increasingly become digital, cyber security and protection of enterprise apps, data network endpoints and identity … is a primary concern across the C-suite and boards," he said. "Yet, as I have said before, the current cyber security industry is simply broken and ineffective with a plethora of fragmented tools, bloatware agents and no cohesive platform architecture."
Gelsinger added that current market disruptions, which are affecting "legacy players," have opened up an opportunity for VMware. "We're out to change the security industry," he said.
Analyst response
Josh Zelonis, principal analyst serving security and risk professionals at Forrester, said rather than changing the security industry, VMware's Carbon Black acquisition was confirmation of a larger trend already under way.
"EDR is traditionally endpoint detection and response and traditional endpoints are workstations and laptops. This acquisition is part of a growing trend in the industry to make it something much bigger than that," Zelonis told SearchSecurity. "What VMware is doing is they're now allowing you to build EDR products by default in all your virtual machines. So all your workloads that you're managing through VMware can now instantly be benefitting from what is essentially the logging and detection of an EDR product."
J. Craig Lowery, a vice president analyst at Gartner, said the Carbon Black acquisition aligns with the strategy VMware set out on several years ago.
"[VMware is] moving from a legacy virtualization business to a new business in cloud management software and services, specifically with an eye towards cloud-native solutions built on containers," Lowery told SearchSecurity. "However, there are serious challenges to this strategy, as even these new additions to VMware's portfolio will not likely significantly increase VMware's appeal to developers. It will, however, be meaningful for those VMware customers that are looking for a more conservative path to cloud-native outcomes."
Zelonis pointed out that both Palo Alto Networks and Trend Micro have recently started using the XDR branding to imply EDR plus integration with all of their other technologies. He also pointed out that Microsoft has the Intelligent Security Graph, which Zelonis described as tying together "all the intelligence that's coming in from all their EDR products, all their email products and the Office products, [which] all have application level capabilities for detecting misuse."
"Big picture is everything is moving toward leveraging this type of detection in every environment in your organization," Zelonis said. "The bigger trend that everybody needs to look at is how we're going to be moving forward with the security analytics and the SIEM space to be integrating these point solutions in a better fashion. My hope is to see that these SIEM products become so heavily focused on being able to ingest anything that we're able to treat everything like a portfolio solution and not a bolt-on."