Insight

I had the opportunity to attend Juniper’s analyst event at its Sunnyvale, California headquarters on September 10. Truth be told, Juniper has been fairly quiet on the security front for the last few years, so I was interested to get up to speed on the company’s direction. Juniper divested the Pulse Secure portion of its portfolio in 2014 and since that time has not always articulated a consistent vision around, or emphasis on, security. My impression after listening to CEO Rami Rahim and CTO Bikash Koley lay out Juniper’s corporate vision and how the Connected Security approach ties in, is that they do see security as a core component of the overall strategy, especially as it relates to expanding the company’s enterprise footprint. Admittedly, there weren’t a lot of specifics provided relative to security announcements, but I’m an optimist and believe there will be some meat put on the bone sooner rather than later.

(more…)

I first came up with the SOAPA concept in late 2016. Here’s the blog I wrote in November of that year describing the architecture and its rationale. 

(more…)

If it’s not clear yet, elastic cloud gateways are a major focus of ESG’s network security research. I discussed the idea in a previous blog…and video…and second video. As a refresher, ECGs are multi-channel, multi-mode, cloud-delivered security gateways built on a globally distributed, cloud-native microservices platform. ECGs automatically scale to provide end-user access and threat prevention to a range of cloud services, with tightly integrated data loss prevention (DLP) capabilities utilizing a centralized control plane and scalable data plane to arbitrate access and inspect content.

(more…)

When you think about VMware and cybersecurity, two products have always stood out. NSX has evolved into a common micro-segmentation tool for east/west traffic within ESXi, while AppDefense monitors applications, determines “normal” behavior, and detects anomalies.

Now, VMware has other security capabilities, but few cybersecurity pros know a thing about them. Why? Despite its strong technology, VMware has never established itself as a cybersecurity vendor. Many VMware sales people have a cursory understanding of the company’s security capabilities while partners often complain that beyond its Palo Alto headquarters, VMware isn’t proficient at driving security go-to-market programs with channel partners or its global sales organization.

To its credit, VMWare recognized two things:

1. Its future hybrid cloud leadership needed a much greater security presence.
2. It couldn’t get there on its own.

For these reasons, VMware acquired Carbon Black last week. Yes, this acquisition can help VMware address its historical cybersecurity shortcomings, but Carbon Black has the potential to contribute much more. The combination of VMware and Carbon Black can:

• Provide a security bundle for Workspace One. VMware’s “intelligence-drive workspace platform” offered security features for identity and access management but lacked any native device/virtual device security safeguards. Armed with Carbon Black, VMware can provide an integrated secure workspace, similar to what Microsoft does with ATP. Beyond endpoints, Carbon Black can also be bundled with core ESX.
• Bring VMware into the growing market for threat detection and response. According to Enterprise Strategy Group research, 76% of organizations believe that threat detection and response is more difficult today than it was 2 years ago. Reasons commonly cited for this include an increase in sophisticated/targeted attacks, an increasing cybersecurity workload, and a growing attack surface. To address this, 89% of organizations plan to increase spending in this area, with 47% increasing threat detection and response spending significantly. Threat detection and response really depends upon 5 security technologies: EDR, NTA, file sandboxing, threat intelligence, and security analytics. With Carbon Black, recent acquisition Veriflow, and its vRealize product, VMware now covers the whole threat detection and response enchilada. Oh, and VMware also gets Carbon Black’s managed services for the growing population of customers who need a helping hand with threat detection/response. 
• Further complement its hybrid cloud strategy with security. In its quest to anchor hybrid cloud infrastructure, VMware recently purchased Intrinsic, a company focused on securing serverless workloads. While Carbon Black doesn’t currently support cloud workload security, these capabilities should become part of the offering by early 2020. When this development is completed, VMware will offer customers security controls for physical endpoints and servers, virtual endpoints and servers, and cloud-based workloads of all types (i.e., virtual servers, containers, serverless, etc.). 

Aside from technical assets, Carbon Black has a global security-savvy salesforce and strong partner program execution. These capabilities further address VMware’s historical security weaknesses.

While VMware has its checkbook out, it could further bolster its security stance with a few additional acquisitions in:

• Network traffic analytics (NTA). ESG research indicates that 43% of organizations consider NTA the “first line of defense” for threat detection and response. Rather than build security capabilities into vRealize, perhaps VMware should buy a pure-play security expert like Corelight, DarkTrace, or Vectra Networks.
• Security analytics and operations. This would be a big move for VMware but it’s certainly demonstrating bold behavior. Could Exabeam, Jask, or SumoLogic be in the cards?

Regardless of future moves, VMware just took a major step toward becoming a cybersecurity leader while shaking up the security industry. My learned colleague Dave Gruber and I will be watching and reporting on further progress and developments. 

With the recent announcement by VMware that it will be acquiring Carbon Black, VMware will be adding much needed security expertise and technology to its already strong portfolio.

(more…)