VMware Acquiring Carbon Black to Boost Security PortfolioVirtualization and Cloud Giant Also Buying Pivotal
VMware is acquiring cloud security firm Carbon Black in a $2.1 billion cash deal to bolster the virtualization giant's security portfolio, especially around endpoint and application protection, the two companies announced Thursday.
When the deal is finalized in January, Carbon Black will become the security unit of VMware, says Carbon Black CEO Patrick Morley.
"VMware has more than 500,000 customers and more than 70 million virtual machines around the world," Morley says. "The opportunity here for Carbon Black to truly disrupt the security industry - and ultimately help more customers stay safe from cyberattacks - has never been bigger."
On Thursday, VMware also announced a deal to acquire Pivotal, a company that focuses on helping its customers build applications in the cloud as well as through new technologies such as containers. The acquisition values Pivotal at about $2.7 billion, according to the announcement.
Carbon Black's Journey
The company that became Carbon Black was founded in 2002 as Bit9. In February 2014, Bit9 merged with the startup firm Carbon Black and adopted its name. The company had its initial public offering in 2018, with a market value of about $1.25 billion at that time. The company’s market value on Thursday stood at $1.8 billion.
Carbon Black's stock price ended the day Thursday at $24.50 per share, and VMware plans to pay $26 per share in the deal.
Carbon Black says it currently has about 5,600 enterprise customers.
Impact of Deals
For VMware, which has been focusing more and more on hybrid and multicloud architectures, the two acquisitions create a way for the company to not only deliver the infrastructure its customers need for their digital transformation initiatives, but also new ways to build and update applications and then to secure those apps once they are deployed, CEO Pat Gelsinger says.
"As digital transformation accelerates in enterprises, we see three secular trends becoming stronger: First, multicloud is the new model for enterprise IT; second, digital transformation is driving accelerated pace of cloud native app development," Gelsinger said Thursday during the company's second-quarter earnings call when both acquisitions were announced. "Last, but not least, as businesses move applications to the cloud and access it over distributed networks and from a diversity of endpoints, security has become a significant challenge and priority."
Through its acquisition of Carbon Black, VMware will significantly boost its security portfolio by providing customers tools such as advanced threat detection and in-depth application behavior insight that can prevent sophisticated attacks, especially those that target modern applications, as well as accelerate the response time for when attacks do happen, Gelsinger says.
VMware’s acquisition of Carbon Black is further evidence that the cybersecurity industry is under a period of consolidation, especially as businesses invest more in security and older, more establish players look for ways to diversify their revenue streams, says Jeff Pollard, a principal analyst focused on IT security at Forrester Research.
"It's not surprising to see consolidation in the cybersecurity market, especially in the endpoint space, which is still quite crowded," Pollard tells Information Security Media Group. "Enterprise software companies are turning to cybersecurity companies for the promising growth rates in the industry, and to build out a more diverse portfolio that appeals to the various stakeholders involved in cybersecurity - IT, security and developers."
Earlier this week, security firm Splunk announced it would pay a little over $1 billion for SignalFx, which provides real-time cloud monitoring capabilities to customers and can help IT and security teams detect anomalies in network traffic.
In the months before the latest announcements, private equity firm Insight Partners announced its own deal for Recorded Future, and Palo Alto Networks and FireEye boosted their own offerings (see: Sale of Recorded Future a Highlight of Big InfoSec M&A Week).
Gelsinger told analysts Thursday that the security market has become too fragmented with too many offerings. VMware will use Carbon Black's technology to offer customers a way to secure all their endpoints, from physical devices to app living in the cloud, he added.
"As I have said before, the current cybersecurity industry is simply broken and ineffective with a plethora of fragmented tools, bloatware agents and no cohesive platform architecture," Gelsinger said. "But today we are taking a huge step forward in security by bringing Carbon Black into the VMware family to deliver an enterprise grade platform to protect workloads, applications, and networks, from device to cloud."
In his presentation, Gelsinger offered a brief roadmap of how Carbon Black's offerings will eventually fit into some of the products that VMware offers.
For instance, VMware plans to integrate some of Carbon Black's technology into the company's software-defined network offering called VMwareNSX.
"We've also been organically building the NSX security capabilities with our micro-segmentation for several years, and we're going to be embedded Carbon Black technology into that," Gelsinger told analysts.
VMWare also has plans to integrate technologies from both companies into VMware Secure State, a cloud configuration, security and compliance platform that VMware released in August 2018. Other integrations and offerings are also in the works, Gelsinger said.
With its acquisition of Pivotal, VMware plans to delve further into the cloud, including application development and containers. Pivotal recently went all-in on Kubernetes, the container orchestration and management platform backed by Google.
(Managing Editor Scott Ferguson contributed to this report.)