VMware Announces Intent to Acquire Lastline

By Tom Gillis, SVP and GM, Networking and Security Business Unit, VMware

EDITORIAL UPDATE: On June 18, 2020 VMware officially closed its acquisition of Lastline. The blog post below has been amended to reflect that announcement.

VMware announced its intent to acquire Lastline, a pioneer in anti-malware research and AI-powered network detection and response, and on June 18, 2020 the acquisition closed. This is an important step forward for VMware’s vision of Intrinsic Security, as it allows us to further take advantage of the intrinsic attributes of our virtualization platform to yield innovative security capabilities. Our aim is not to replicate that which exists today, but rather to build security solutions that we can uniquely deliver, spanning from the heart of the data center to users in a branch office and all the way to mobile users at home or on the road.

In the security industry, the nature of threats changes so rapidly that security technology is constantly being re-invented. In this context, it is not the algorithms per se that matter; it is the people that make the algorithms. Great people build great products, and great products build great companies. And that’s why we are so excited about the combination of Lastline and VMware. We are bringing a world class team of network-focused anti-malware researchers and developers, and go-to-market security experts, into the NSX team. Lastline boasts several of the top 10 most published security threat researchers globally, and the Lastline team has been credited with bringing structure and rigor to the world of malware research. This is reflected in the fact that the Lastline team has 15 PhDs and academics on staff. At VMware, we will amplify the academic focus of the Lastline team, and, by joining forces with the Carbon Black Threat Analysis Unit (TAU), continue to foster their deep understanding not just of the threat, but of the motivation and tactics behind the threat.

This rigorous analytical approach can be seen in Lastline’s products. Lastline’s core product is a malware sandbox. Most sandboxes treat malware as a black box and inspect how that black box interacts with the operating system (syscall inspection). Lastline goes deeper, using full-system emulation to look at every instruction the malware executes, effectively peering into the black box. This yields a deeper understanding of how the malware works, which allows the Lastline team to also detect and block the many derivates of malware families. As a result, Lastline’s system detects twice the number of malicious files as a signature-based system. Lastline detonates more than 5 million file samples daily, and the Lastline technology protects more than 20 million users across 1,000’s of organizations around the world, including 5 of the 10 largest financial institutions. Many of the most recognized online applications including online payments, financial management, tickets, retail, and streaming media are protected by the Lastline platform.

This same philosophy of analyzing core malicious intent is applied across the entire network. The Lastline system uses machine learning that recognizes essential elements of an attack, unlike the narrow signature-based systems that miss the many variants an attacker may use. The Lastline approach is not just anomaly detection – anomaly detection treats every outlier as bad and results in many false positives. Lastline leverages the deep understanding of malicious behavior to flag clearly bad activities such as East-West movement, command and control activity, and data exfiltration.

This brings us to the powerful combination of VMware and Lastline. VMware NSX has deep visibility into network traffic, touching every packet. The NSX architecture will allow Lastline to perform network analytics at massive scale, across tens of thousands of cores, without the burden of tapping network traffic. Furthermore, NSX has an intrinsic understanding of application topology and speaks Layer 7. So it knows the difference between a web server and a database and understands what an application is doing. We will combine this context with the deep understanding of the host provided by Carbon Black. Lastline malware analysis will become a critical feed for our Carbon Black EDR and NGAV platform, which currently helps secure more than 10 million endpoints and workloads around the globe. And the combination of NSX plus Carbon Black will also allow the Lastline algorithms to analyze a particular interaction with greater workload context, effectively saying: “this web server has a new process that looks suspicious and that process is connecting to this database and asking for data in a manner that looks similar to a tactic other attacks have used.” This broad context will enable very high-fidelity security decisions, and be operationally simple to deploy, allowing us to bring Intrinsic Security to the enterprise at scale.

There are few security companies that have the footprint of end point AND network sensors to deliver this broad security context. Together, Lastline, NSX and Carbon Black will further enable VMware’s vision of Intrinsic Security.

With the close of the acquisition, we welcome the Lastline team into the NSX family!

Forward-Looking Statements

This blog contains forward-looking statements including, among other things, statements regarding VMware’s intention to acquire Lastline, Inc., the expected benefits of the acquisition and complementary nature and strategic advantages of combined offerings and opportunities after close. These forward-looking statements are subject to the safe harbor provisions created by the Private Securities Litigation Reform Act of 1995. Actual results could differ materially from those projected in the forward-looking statements as a result of certain risk factors, including but not limited to: (1) the ability of the parties to satisfy closing conditions to the acquisition on a timely basis or at all; (2) market conditions, regulatory requirements and other corporate considerations that could affect the timing and closing conditions to the acquisition; (3) the ability to successfully integrate acquired companies and assets into VMware; (4) the impact of the COVID-19 pandemic on our operations, financial condition, our customers, the business environment and the global and regional economies; (5) VMware’s customers’ ability to transition to new products, platforms, services, solutions and computing strategies in such areas as containerization, modern applications, intrinsic security and networking, cloud, digital workspaces, virtualization and the software defined data center, and the uncertainty of their acceptance of emerging technology; (6) competitive factors, including but not limited to pricing pressures, industry consolidation, entry of new competitors into the virtualization software and cloud, end user and mobile computing, and security industries, as well as new product and marketing initiatives by VMware’s competitors; (7) VMware’s ability to enter into and maintain strategically effective partnerships; (8) rapid technological changes in the virtualization software and cloud, end user, security and mobile computing industries; (9) other business effects, including those related to industry, market, economic, political, regulatory and global health conditions; (10) VMware’s ability to protect its proprietary technology; (11) VMware’s ability to attract and retain highly qualified employees; (12) adverse changes in general economic or market conditions; (13) changes in VMware’s financial condition; and (14) VMware’s relationship with Dell Technologies and Dell’s ability to control matters requiring stockholder approval. These forward-looking statements are made as of the date of this blog, are based on current expectations and are subject to uncertainties and changes in condition, significance, value and effect as well as other risks detailed in documents filed with the Securities and Exchange Commission, including VMware’s most recent reports on Form 10-K and Form 10-Q and current reports on Form 8-K that we may file from time to time, which could cause actual results to vary from expectations. VMware assumes no obligation to, and does not currently intend to, update any such forward-looking statements after the date of this release.