VMware needed its own endpoint security solution, and Carbon Black has been looking for a graceful exit – so VMware's $2.1bn all-cash acquisition of Carbon Black is mutually beneficial, and should benefit both sets of customers. But now VMware and Dell face the challenge of rationalizing an increasingly unwieldy security product portfolio and outlining a strategy.
VMware, Carbon Black consummate long courtship
Carbon Black was in a pinch: it was too small to make the sizable acquisitions necessary to grow its addressable market beyond its core endpoint detection and response (EDR) focus, and it was too large to be acquired by most potential suitors. Even after its modestly successful 2018 IPO, it hasn't been able to grow its way out of the nearly $200m in legacy private equity funding.
VMware, meanwhile, has long been rumored to be interested in acquiring an endpoint security solution, and talks with Carbon Black and others have been rumored as far back as two years ago. For VMware, there's little question that the acquisition of EDR vendor Cylance by unified endpoint management (UEM) rival BlackBerry accelerated its urgency.
VMware and Carbon Black have had a go-to-market partnership for several years. VMware's AppDefense (hypervisor security) and Workspace One (UEM) already integrate with CB Defense. It is likely that a key VMware objective is to more deeply integrate or even combine Carbon Black with Workspace One to counter security-centric UEM plays from BlackBerry, MobileIron, and even Microsoft. VMware will also benefit from exposure to Carbon Black's sizable network of managed security services partners. There's no question that VMware will continue to advance Carbon Black's technology, and both sets of customers should benefit.
But now VMware and parent company Dell face the even greater challenge of rationalizing their enterprise security portfolio. Dell (via the former EMC) already owns RSA Security, which has its own NetWitness Endpoint security product, among other disparate security solutions. Dell also owns managed security services provider SecureWorks, which also has an endpoint security solution. Furthermore, Dell last year announced a major go-to-market partnership with top Carbon Black rival CrowdStrike, offering it as an optional add-on for newly sold Dell desktops and laptops. Figuring out which products stay, which come together, and delineating the behemoth's overall enterprise security strategy will be no easy task.
Finally, Carbon Black, Cylance, and even Symantec (following its recent acquisition by Broadcom) prove that endpoint-centric security vendors may be an endangered species. Ovum believes enterprises will increasingly expect xDR solution sets that provide integrated protection, detection, and response across endpoints, networks, and the cloud, supplemented by managed services as needed. Endpoint vendors must prepare to build, buy, or partner for the xDR capabilities they don't have today. Otherwise they may risk following Carbon Black to the exit.
"Broadcom's acquisition of Symantec's enterprise business ignores history's lessons," INT005-000024 (August 2019)
Market Landscape: Digital workspace, ENS001-000059 (June 2019)
2019 Trends to Watch: Cybersecurity, INT003-000295 (December 2018)
On the Radar: Carbon Black defends against malware and file-less attacks, IT0022-001039 (July 2017)
Eric Parizo, Senior Analyst, Infrastructure Solutions