VMware buys Kubernetes Security Startup Octarine

VMware Carbon Black kicked off its Connect 2020 virtual conference today announcing that it will acquire Kubernetes security startup Octarine. It also formed a coalition with leading security information and event management (SIEM) and security orchestration, automation, and response (SOAR) providers Splunk, IBM Security, Google Cloud’s Chronicle, Exabeam, and Sumo Logic.

Octarine is a three-year-old Silicon Valley company. Its software provides visibility into cloud-native workloads and also integrates into the DevOps process to analyze application risks at time of build, before they are deployed into production.

VMware plans to integrate Octarine with vSphere, NSX, VMware Cloud Foundation, and its newer Kubernetes-focused Tanzu platform. It will run alongside service mesh frameworks such as Tanzu Service Mesh to provide native anomaly detection and threat monitoring for cloud and container-based workloads.

Octarine Kubernetes Security

During a keynote address, VMware Cabon Black SVP and GM Patrick Morley said Octarine’s technology will allow VMware’s security platform “both the opportunity to scan when you are building your container, but also as you’re running those containers and applications, ensure the security of those containers and applications. You will see us over the coming quarters pull that workload security capability onto our core platform.”

This integration will further reduce the need for additional sensors in the stack — something that VMware has been working toward since it acquired the endpoint security firm last summer. At RSA Conference in February, VMware announced that Carbon Black’s workload protection technology no longer requires installing an agent to provide antivirus protection or endpoint detection and response. And in an interview at the annual security conference, VMware COO Sanjay Poonen told SDxCentral that the vendor planned additional integrations to further reduce agents.

“VMware is investing in security,” Morley said. “We are committed to the security market and investing aggressively in it.”

Next-Gen SOC Alliance

Also during his keynote, Morley announced the Next-Gen SOC Alliance between VMware, Splunk, IBM Security, Google Cloud’s Chronicle, Exabeam, and Sumo Logic. The alliance aims to provide security operations center (SOC) teams with these SIEM and SOAR vendors’ visibility, prevention, detection, and response capabilities using the VMware fabric and its console to centralize security events and provide context. It will also automate and orchestrate threat investigation and response, which VMware says will allow SOCs to scale and standardize their processes.

VMware’s security platform integrates with 350 different products. The Next-Gen SOC Alliance is “all about ensuring that the integrations we provide between VMware, and all the telemetry we can see, and what your SIEM and SOAR providers are doing, that we can unify all that and ensure you can get the strongest ROI as possible,” Morley said.

VMware’s $1B Security Biz

VMware started building its security business on top of its networking virtualization platform NSX several years ago. It launched its initial standalone security product, AppDefense, in 2017 with Carbon Black as a partner, and last August announced a deal to buy the endpoint security vendor for $2.1 billion. VMware since renamed its security business VMware Carbon Black.

The virtualization giant also has a multi-cloud security product called Secure State. It’s based on cloud security posture management technology that VMware acquired when it bought CloudCoreo in 2018.

Two quarters after the Carbon Black acquisition, VMware boasts a $1 billion security business representing 100% year-over-year growth, Morley said. For context, the company’s fiscal year 2020 revenue topped $10.8 billion.

It also secures more than 10 million endpoints and processes more than 1 trillion security events per day, Morley said.

―SDX Central