Why Every CISO Should Be Looking at VMware
VMware’s acquisition of Lastline adds tremendous value, helping to reduce noise without reducing the amount of information being inspected. Lastline will enhance VMware’s ability to prioritize and reduce intel down to what is actionable.
The cybersecurity landscape is horribly crowded — and fragmented.
With close to 5,000 different vendors spread out across many categories (i.e., network, endpoint, identity, cloud, encryption, services), it’s largely up to IT professionals to stitch together these different solutions from different vendors.
Now, I grew up watching MacGuyver on television, but even he had an easier job than CISOs today. How do you report to a board on cybersecurity (single topic), when it feels as if the entire program is held together with "Scotch Tape" and "rubber bands"? Those terms are codenames for poorly written APIs and road-mapped features.
The cybersecurity landscape suffers from a long history of innovation, without a strong strategy to bring different technologies into a cohesive solution. It is bolted-on, siloed and centered on threats. VMware has a vision for something else, however — a portfolio that is unified around the protection of apps and data (not just endpoints) in a multicloud, remote worker world.
Who, or rather what is Lastline?
Lastline is an anti-malware research startup that VMware acquired on June 18, 2020. Lastline boasts several of the top 10 most published security threat researchers globally, and the Lastline team is known for bringing value to the world of malware research (examples below).
- Know Your Achilles’ Heel: Automatic Detection of Network Critical Services (ACSAC 2019), Christopher Kruegel, Lastline Co-Founder and Chief Scientist
- Most Ransomware Isn’t as Complex as You Might Think (BHUSA 2015), Engin Kirda, Lastline Co-Founder and Chief Architect
- Full System Emulation: Achieving Successful Automated Dynamic Analysis of Evasive Malware (BHUSA 2014), Christopher Kruegel, Lastline Co-Founder and Chief Scientist
The company’s core product is a malware sandbox that uses full-system emulation to look at every instruction the malware executes. This yields a deeper understanding of how the malware works, which in turn allows the Lastline team to detect and block the many derivative malware families.
Lastline detonates more than 5 million file samples daily, and the Lastline technology protects more than 20 million users across thousands of organizations around the world, including five of the ten largest financial institutions. Many of the most recognized online applications including online payments, financial management, tickets, retail and streaming media are protected by the Lastline platform.
In the security industry, the nature of threats changes so rapidly that security technology is constantly being re-invented. In this context, it is not the algorithms per se that matter, it is the people that make the algorithms.
The ink is still drying on the paper, but I believe there’s a promising future ahead:
- NSX architecture will allow Lastline to perform network analytics at massive scale, across tens of thousands of cores, without the burden of tapping network traffic.
- Carbon Black will gain a critical feed in Lastline for its EDR and NGAV platform, which currently helps secure more than 10 million endpoints and workloads around the globe.
As Lastline integrates into VMware’s Intrinsic Security portfolio, expect an increasingly rich level of visibility. Tom Gillis, SVP and GM, Networking and Security Business Unit, VMware, provides this example:
“This web server has a new process that looks suspicious and that process is connecting to this database and asking for data in a manner that looks similar to a tactic other attacks have used.”
This broad context will enable very high-fidelity security decisions, and be operationally simple to deploy, allowing us to bring Intrinsic Security to the enterprise at scale.
Any customer, any sector
Security faces a lot of daunting questions today:
- Are we secure?
- What is our current highest risk?
- Is my current view integrated?
- Does my team have the time and tools to react?
The landscape is changing from being reactive and starting to normalize on tactical solutions.
Organizations are starting to understand that patching and IT hygiene are fundamentals, but even when we are doing the right thing, we still have to watch the network and find the bad guys that are sophisticated enough to find the vulnerability that not yet has a patch. This brings us to having better visibility not just on the network but across our tools that hopefully are fully integrated.
The biggest challenge with additional visibility and detection is the growth of false positives. The reality of security today is that we need to automate, simplify and streamline.
VMware’s acquisition of Lastline adds tremendous value, helping to reduce noise without reducing the amount of information being inspected. Lastline will enhance VMware’s ability to prioritize and reduce intel down to what becomes actionable.
The effective use of AI to provide security through behavioral analytics is a tall order. Companies in the past have applied algorithms to determine identity and log in behavior to enhance security. Lastline adds these types of capabilities to VMWare's strategy so it can detect threats at the network level.
It is a nice addition of hunters to their current offering and it makes their entire platform more appealing. Extending their current vast visibility play into actual threat hunting makes a great addition not just to the portfolio, but also to engineering- and threat-focused talent that is very hard to find.
Financial services: Why this matters
It’s well-known that financial institutions have the highest level of security among the 16 critical U.S. industries — and by far the most stringent regulatory requirements, with GLBA, GDPR, the California Consumer Privacy Act and more.
This current environment we now live in provides financial institutions of any size a good opportunity to re-evaluate the adequacy of their safeguards and architectures to protect against various types attacks, as well as evaluate their defense-in-depth strategy of both on-premises and cloud environments to detect anomalous behavior.
The financial services sector is four times more likely than other industries to be the victim of hackers, and cybersecurity is at the center of every digital and security transformation effort. When financial institutions apply the appropriate cybersecurity and risk management foundational principles and risk mitigation techniques, they can reduce the risk of a cyber attack's success and minimize the negative impacts of a disruptive and often destructive cyber-attack.
VMware’s acquisition of Lastline is compelling and no doubt enhances the capabilities of the Carbon Black Threat Analysis. This acquisition will allow deep integrated security solutions for both networking and security and complement many of VMware’s world class solutions for cloud, data center, end user and workload protection.
Global service provider: Why this matters
For our service provider clients, all networks are critical to their business. This includes their own network along with the security of their customers’ networks. These large-scale carriers require near-perfect network availability, high performance, scalability and flexibility.
Due to the complexity and scale of these networks, lack of visibility is a major problem (e.g., assets, data and threats). That’s just the first step. Beyond that is the problem of detection and responding to security threats.
The ability for VMware to perform network analytics at massive scale is going to be a game changer for global service providers who are looking to form a unified perspective of the enterprise, from multicloud to on-prem data center.
While Lastline is a phenomenal addition to the VMware portfolio, that alone isn't enough. It will provide best-in-class network security analytics, and it’s going to take an already phenomenal solution and upgrade it even further. But take a look at this list below.
Here are the VMware acquisitions that have been made in the security space:
- Uhana (Jul 25, 2019): AI/ML technology supporting low latency big data pipelines to manage and optimize applications and mobile networks.
- Veriflow (Aug 16, 2019): Solution that applies continuous verification to networks, preventing outages and vulnerabilities that lead to astronomical losses.
- Intrinsic (Aug 20, 2019): Serverless computing solution for cloud platforms that involves automatically triggering a system to operate when certain things happen.
- Carbon Black (Oct 8, 2019): Industry-leading endpoint security solution for pre-breach protection and post-breach response with audit and remediation capabilities.
- Nyansa (Jan 21, 2020): Advanced IT analytics software technology for enterprises and managed service providers.
- Octarine (May 13, 2020): Enforces a Zero Trust security model for cloud-native apps to ensure organizations can preserve their security and compliance.
- Lastline (Jun 4, 2020): Network-centric threat research and behavioral analysis.
We believe VMware has the portfolio to compete directly in network and endpoint security. Of the company’s $10.8 billion in revenue last year, approximately $1 billion was security-related (predominately network security and endpoint security). That number is only going to grow.
VMware has the scale and size to pull off this, frankly, disruptive vision of a unified, built-in, context-centric security framework. And CISOs and businesses will be all the better for it.