Stay ahead of cyber threats with immersion-style training in Reston, VA! Save $150 thru 1/29.

SANS Security Insights

VMware and Carbon Black: Cloud Heaven or Customer Hell?

Embedding Carbon Black capabilities with VMware core technologies could be a game changer for embedded security. It could also lead to the degradation of a top security product over time.

By Deb Radcliff, Creative Director, SANS Analyst Program

VMware's $2.1B purchase of Carbon Black, completed October 8, represents an opportunity to revolutionize the security industry with embedded, in-stack endpoint and network security. Or, the acquisition could end up diluting innovation around a known and trusted endpoint protection platform.

"This acquisition could be a game changer," says John Pescatore, SANS director of emerging security trends. "If VMware integrates and aggressively prices Carbon Black's endpoint software into its product line and enables effective endpoint detection and response to be baked into all workloads by default-without OS and application admins having the ability to remove, suspend or undermine the endpoint visibility and security controls-that would overcome huge obstacles to basic security hygiene."

Integrated Protections

As the deal closed last week, Sanjay Poonen, chief operating officer, customer operations, VMware said in a press release that the company plans to innovate around the Carbon Black predictive security cloud. "Carbon Black will integrate with VMware NSX, VMware Workspace ONE and VMware Secure State to "deliver a highly-differentiated intrinsic security platform across network, endpoint, workload, identity, cloud and analytics," he wrote.

Given VMware's ubiquity (with more than 70 million virtual machines operating around the world), Poonen also believes this acquisition will bring a "fundamentally new paradigm to the security industry." The merger provides the opportunity to build up VMware's platform to securely manage all devices and endpoints, regardless of whether they are cloud-based.

"People think of VMware as a virtualization vendor. Yet, its end user computing Workspace ONE product line can manage mobile devices, Mac and Windows devices," explains Matt Hathaway, Carbon Black's VP of product marketing. "The idea of managing and securing all those devices from one vendor seems pretty compelling."

Hathaway also points to new visibility that would help analysts identify leakage between cloud workloads and hypervisor, as well as leakage from hypervisor to the underlying O/S and kernel.

Impact on Innovation

However, success depends on how deeply and seamlessly the VMware and Carbon Black technologies merge and integrate, how well VMware continues to innovate around the Carbon Black product line, and how much business users will be charged for the added security.

Typically, large infrastructure companies are more focused around their core product line, which ultimately diminishes innovation around the security product they acquired, according to Pescatore. And, when large companies buy small innovative companies, the creative minds behind those acquired products tend to leave for new pastures, which can also impact future innovation.

Pricing will be packaged with VMware bundles, similar to how AppDefense is bundled in the vSphere Platinum package, according to Hathaway.

Impact on Enterprise Users

For Carbon Black's 5,600+ customers and 500+ business partners, the merger also brings up concerns around long-term customer support for their hybrid environments.

Carbon Black's former CEO, Patrick Morley, who now serves as the general manager for VMware's newly formed security division, announced in his August 22 blog that Carbon Black will continue to operate as an autonomous business unit and provide support for its existing customers.

"We don't see any change in the enterprises already using our tools," Hathaway adds. "I think our clients, if anything, should be excited because this merger gives them more that they can do with a single vendor they already trust-whether VMware or Carbon Black-or both."

The proof, as they say, will be in the pudding. Integration is already underway with new capabilities scheduled to roll out early next year. At that point, we should have a better understanding of where and how this merger impacts hybrid enterprises and security architecture in general.

Post a Comment


* Indicates a required field.