Sanjay Poonen: VMware Will Out-Innovate ‘Fossils’ Symantec, McAfee
‘The traditional endpoint security space has always thought about it as client endpoints—laptops, Windows, Linux—they don’t talk about server endpoints. We have an incredible advantage in server endpoints. Why? Because we own 70 million VMs with vSphere,’ says Sanjay Poonen, VMware’s chief operating officer.
VMware Plans To ‘Completely Disrupt’ Endpoint Security
With the pending acquisition of Carbon Black, VMware plans to leave security competitors like Symantec, McAfee and CrowdStrike in the dust by taking Carbon Black to the next level and “completely disrupt the endpoint security space,” said Sanjay Poonen, chief operating officer at VMware.
“In endpoint security, the traditional players are not innovating. They’ve become fossils, almost— Symantec, McAfee,” said Poonen in an interview with CRN at VMWorld 2019. “Some of them are getting bought by hardware companies, some are getting spun out of hardware companies and put inside private equity companies. What’s happening to that talent, though, is that they’re leaving because the good talent doesn’t want to work for a hardware company or someplace that’s not innovating. … In VMware’s hands, Carbon Black will do better than they are doing on their own because of the distribution presence that we’ll bring to them, the integration possibilities of it, and so much more.”
Poonen, who has previously held top executive security positions at Symantec and SAP, discussed with CRN VMware’s plans to disrupt the “broken” market through organic security innovation, leveraging its massive vSphere customer base and Carbon Black.
“The traditional endpoint security space has always thought about it as client endpoints—laptops, Windows, Linux—they don’t talk about server endpoints,” he said. “We have an incredible advantage in server endpoints. Why? Because we own 70 million VMs with vSphere.”
Poonen also goes in-depth on how VMware changed its technology partnership philosophy. “The thing that changed the course of this company was finding ways by which [public cloud providers] became friends with VMware as a way [to ensure] the freeway gets built from this private cloud running on VMware to a public cloud,” he said.
How does VMware-Carbon Black stack up against the security endpoint competition?
In endpoint security the traditional players are not innovating. They’ve become fossils, almost—Symantec, McAfee. Some of them are getting bought by hardware companies, some are getting spun out of hardware companies and put inside private equity companies. What’s happening to that talent, though, is that they’re leaving because the good talent doesn’t want to work for a hardware company or someplace that’s not innovating. They’re going to modern startups that are building a different innovative platform and there’s just one or two companies doing that—Carbon Black is one of them. We felt they had really good technology. They have been integrating for us for a while. They’re just one of two companies doing this really well at scale.
What is the other company doing endpoint security at scale?
Carbon Black has more customers than CrowdStrike. I think CrowdStrike has 3,000 customers and [Carbon Black] has 5,600 customers. Carbon Black integrated with VMware, so we’ve gotten to know them better, they were further ahead in their integration. For example, AppDefense has already been integrated with them. We felt that we could really take the product and scale it better into integrating with endpoint management into Dell laptops, Dell servers, with SecureWorks. So the avenues of integration to VMware into vSphere, agentless; unified with Workspace One into a solution I call Workspace Security; inside NSX that will hopefully come out next year with threat analytics; integrated with Secure State for cloud security; integrated into the Dell channel just like we’ve done with Workspace One and SecureWorks—that gives us an tremendous amount of leverage.
Will VMware compete better now against Cisco or Palo Alto Networks?
So Cisco is a very reputable company, but in the network space. I don’t view them as an endpoint security player. Palo Alto [Networks] is also a reasonably reputable company in the firewall space, but not in the endpoint space. In the endpoint space it’s been a separate set of companies—Symantec, McAfee, and a couple of these new ones. So we felt with one of the newer assets in VMware’s hands, we can do a lot more modern things to integrate this with Workspace One, with vSphere, etc. A lot of our customers are saying, ‘Why do I have Workspace One or AirWatch on the client and then Carbon Black? These are two separate companies. I should be able to get endpoint management and endpoint security from one company.’ That was a prominent CIO telling me this. They had practices on Workspace One—some of them like CDW, Dimension Data—and we were talking to build practices with them around NSX or AppDefense and the same teams were also working with Carbon Black. Now it’s one family, pending close. You have a much broader security portfolio. I think we can completely disrupt the endpoint security space.
How can VMware disrupt the endpoint security space?
The traditional endpoint security space has always thought about it as client endpoints—laptops, Windows, Linux—they don’t talk about server endpoints. We have an incredible advantage in server endpoints. Why? Because we own 70,000,000 VMs with vSphere. We can take AppDefense and Carbon Black and made it agentless on the server like nobody else can do. Nobody else can do that because we own vSphere. That technology gives us an integration path to compute workloads, server workloads, then potentially containers, compute workloads in the cloud. When people begin to see that vision, they’re like, ‘Wow, this is kind of like what we saw VMware do with AirWatch.’ It’s very exciting times in terms of what we’ll be able to do with Carbon Black.
Can you talk about competition with CrowdStrike?
There’s a perception that Carbon Black is behind CrowdStrike in the market in just terms of relative market share. I remind people, when we acquired AirWatch, they were No. 3 in the market—Good Technology was No. 1, MobileIron was No. 2, AirWatch was No. 3. In VMWare’s hands, through a strategy similar to [what we’re going to do with Carbon Black], we took them and made them the gold medal. So we have tremendous respect for all our competitors, but we feel very good that in VMware’s hands, Carbon Black will do better than they are doing on their own because of the distribution presence that we’ll bring to them, the integration possibilities of it, and so much more. Then in the long term, if there’s one or two players still solving this problem, that’s OK. We want to get our fair share of the market share from our accounts with our partner accounts like Dell. There will be multiple players long term to try to attempt something creative in endpoint security. We hope to be that leader in due course.
Why did VMware acquire Carbon Black?
Carbon Black is going to really bring us real credibility with our security team and we’ll augment and grow that team. We’ve announced that we’re going to move some resources of VMware that are focused on security into that business unit. [Carbon Black CEO] Patrick Morley (pictured), pending close, will become the leader of that security business unit and I’m the executive sponsor for that effort. I’m tremendously excited. For me personally, I use to work at Symantec 15 years ago, I ran the GRC [government, risk and compliance] business at SAP—so I know a fair amount about security. A few of us have been baking this strategy over the course of the last year or so in thinking about what we should do in security, and it was very clear that endpoint security is the area where VMware could make an impact. We’re augmenting what we’re doing in network security, we have some play in identity, some play in cloud security, and it also helps us in security analytics.
How do you think the security market is broken?
I use this analogy because there are a lot of parallels between security and medicine; they even use similar terms like ‘virus.’ Imagine that you went to a doctor and asked, ‘What should I do to stay healthy?’ The doctor says, ‘You have to take 5,000 tablets.’ And that’s what the security industry is, 5,000 vendors that you all need for some kind of antivirus or disease prevention. If you were to consume one tablet every 30 seconds it would take you a couple of weeks to eat 5,000 tablets. That’s the problem with this industry, it is broken. Too many consoles, too many bloated agents. Instead, you don’t eat 5,000 tablets, you have a good diet. You eat your protein, fruits, vegetables, you drink enough water— so you bake it into your diet. That’s what VMware plans to do—make security intrinsic to the platform. That analogy is really powerful. Rather than eating 5,000 tablets, bake it into the diet. Now you still may need five or 10 supplemental vitamins that you take per day that you add to your diet, but you eat a good diet so you don’t depend on those 5,000 tablets—those 5,000 security vendors. There will be supplemental security partners, but it doesn’t need to be 5,000. So our job as a platform is to bake these security capabilities into NSX, into Workspace One, into Secure State—that’s what we’re doing with Carbon Black.
So VMware plans to still partner with some security vendors?
We will still partner in some companies in parts of security. For example, in identity, we do some, but we also partner with Okta and Azure Active Directory—let’s keep doing that. In the cloud security area, we do some ourselves, but we also partner with Zscaler for web gateways and some of their cloud security capabilities for SD-WAN products—let’s keep doing that. We don’t believe that all of a sudden VMware is going to be doing everything in security.
There will be a stand-alone use case for Carbon Black too, absolutely, as our security cloud solution, but the more you integrate into the platform the less you need one more tool, one more agent. That’s a very important strategy to how we think about the future of all of these five control points of security: the network, endpoint, identity, cloud and security analytics. We see VMware in a very good position over the next many years to become an intrinsic security platform that is leading in many of those categories.
From a very high-level market view, can anyone else match VMware and Dell Technologies?
We have to stay humble and hungry. So I wouldn’t say any of the big vendors can’t compete, but the fundamental difference is it’s very hard for hardware companies to manufacture a software DNA overnight. The beautiful aspect of VMware and Dell is that Dell has incredible focus on hardware and its efficiencies between Dell servers, EMC storage and Dell clients, while VMWare has an incredible focus on software infrastructure. We certainly integrated to optimize Dell platforms, but we’re not tethered to them. We also work on top of HPE, NetApp, Cisco, etc. So that strategy of having a software company in infrastructure, the only place where that plays out in scale is the public clouds—AWS, [Microsoft] Azure, Google.
Speaking of AWS, Azure and Google, can you talk about VMware’s partnership strategy with the public cloud leaders?
I think the pivotal part of this company’s strategy has been to partner with those guys because the logical competitors for VMware would have been Amazon, Google, Alibaba, Azure, IBM, Oracle Cloud. We had to make a significant decision. I think the thing that changed the course of this company was finding ways by which every one of them over time—we started with Amazon, they are our first and preferred partner—became friends with VMware as a way [to ensure] the freeway gets built from this private cloud running on VMware to a public cloud. It could go both ways, it could go there and come back, and we worked really hard on that. Look, Freddie Mac is moving 600 applications all into VMware Cloud on AWS. It’s incredible. They plan to do this over the course of the next 12 to 18 months. People are like, ‘That’s not possible.’ But look, they’re doing it—that’s VMware Cloud on AWS. Now on the other hand, the company Gap, they’re optimizing some things on-premise and some of the workloads Gap is moving to Azure. But again, VMWare is part of it. Now you add on top of it not just the migration story, but the modernization story that Pivotal is bringing us in Tanzu, it’s very effective.
What is VMware’s broad vendor partnership strategy?
So No. 1 is you want to get as many of the big vendors who could potentially be competitors to you as your partners because all of a sudden, you offset this worry. Quite frankly, if they’re competing with each other, it’s OK. VMware has to be the middle of your ecosystem, which is why partnerships [and] our ecosystem is super important to VMware. There are going to be smaller companies that try to do pieces of it. Look at Nutanix in hyper-convergence. We came from behind that space. Four or five years ago, Nutanix was legitimately No. 1. What’s happened? Look at the market share. VMware has now overtaken them in software and Dell has overtaken them in engineered systems. HCI has become a VMware and Dell market primarily. It’s just focused execution. Our story there is a little bit like the movie “Seabiscuit,” we came from behind, humble and hungry and not doing all these fancy ads that is trying to create a war between VMware and another company. No, we just stayed humble and hungry and focused on customers. Now you can see the market share and the growth of our business relative to their decline. So smaller companies like them will exist to challenge us. I would say the same thing in the container market.
So what is VMware’s philosophy in terms of competition?
There will be point competitors. But the thrust of VMware isn’t focused on these point competitors in various different places. I would say at the broadest level, the potential big competitors, we’ve made our friends—the public cloud players. I think that’s important. Especially I would say in the course of the last six months with Microsoft. Because Microsoft was probably the most competitive to VMware in so many different parts of the stack, but I think the partnership that Michael Dell orchestrated with [Microsoft CEO] Satya Nadella and [VMware CEO] Pat Gelsinger was a really game-changing moment because there are elements that are both client and cloud. Microsoft is a very important partner to Dell. We have a very big-tent philosophy. … Have a big-tent philosophy to welcoming anybody to work with us, while we may have small point competitors. And even where you have point competitors, allow them to run on top of VMware. If somebody picks Citrix, they must run on top of VMware. If somebody picks Nutanix for HCI, they should be supported with VMware running underneath it. If someone picks OpenShift, it should run on top of VMware. But with that said, with those products, we will compete too.