It’s difficult to defend against something you can’t see. When Scott Lundgren and a handful of colleagues founded Carbon Black in 2012, one of their primary goals was to improve enterprise security by providing greater visibility into both good and bad behaviours. With that goal in mind, Carbon Black developed an endpoint protection platform that proactively identifies malicious behaviour and enables defenders to accelerate responses as they defend against a variety of attacks.
The vision of the Carbon Black team paid off for customers and caught the attention of the VMware leadership team. In 2019, VMware acquired Carbon Black to help enhance VMware’s intrinsic approach to security.
With the acquisition, Scott Lundgren has become chief technology officer and vice president of products for the VMware Carbon Black team. In this interview, Lundgren covers a broad range of topics, including the concept of intrinsic security, the challenges introduced by work-at-home trends and the development of the Cyber Range training solution.
Digital infrastructure is similar to physical infrastructure: You don’t think about it until the moment it’s gone. At that point, there can be significant ramifications, especially in industries where a cyberattack can create a very dangerous situation for people.
Take the airline industry. Airline maintenance control systems, flight scheduling systems, flight safety systems and aircraft systems are all run by software—and that means they can all be attacked. Airlines need confidence in the security of these systems. If they lose that confidence, how can they fly?
It’s similar in healthcare. If a hospital can’t control all of its software-based systems, it would have to shut down.
Security threats are also multiplying and evolving. We’ve all seen the explosion of digitisation in our society. It’s been a productivity enhancer. We can press a button today and do more work in less time than ever before. Unfortunately, that also means that bad people can do a lot more damage with a lot less effort and without physically putting themselves at risk.
Absolutely. There’s obviously a much more distributed nature of work as more of us work from home. And enterprise systems have to be adjusted in some way to protect endpoints and networks. Unfortunately, it’s a lot easier for an attacker to move quickly and exploit this new remote-work situation than it is for a defender to systematically address this large-scale change in the workforce. So, there’s a gap. And in this gap, we have higher risk.
Today, security can no longer be an afterthought. VMware has embraced intrinsic security as a better way to safeguard apps and data than traditional methods. Intrinsic means “built in.” It’s a new approach that builds security into infrastructure.
Traditionally, organisations would “bolt on” security. That’s like buying a new car and then purchasing an aftermarket security system. We did that 20 years ago, but today, more cars have built-in security, which is a better and more efficient way to protect vehicles.
VMware is in a unique position to provide intrinsic security because VMware is a powerhouse in delivering the back-end infrastructure that other applications run on. That infrastructure is reliable—just like a water utility. But it also has to be safe. If you open a tap and the water has dangerous bacteria in it, that’s not helpful. When VMware acquired Carbon Black, it was like a water utility bringing in a microbiologist to make sure the water is safe.
So, when organisations implement VMware infrastructure today, they experience not only reliability and uptime but also robust, intrinsic security. They can have confidence in the underlying security of the infrastructure—just like you can be confident that when you turn on the tap, clean, safe water will come out.
Pretty much any organisation would say they want built-in security. Why would anyone say no? But some organisations say to us, “We’re in a war right this second.” And they are willing to take a bolted-on solution if they think there is an incremental—or even just a perceived—improvement in their security posture. Sometimes we have to remind them that getting it right is important, because a single security breach could push them out of business.
Security can be super complicated. Some organisations spend a ton of their own resources trying to stand up a security solution, get it going and manage it.
Instead, security should be “consumer simple.” When you buy a new car, you just turn the key or press the button and off you go. We want to make security just as simple.
This was the first meaningful acquisition of a pure-play security company by VMware. Carbon Black was built with the DNA of a pure security mindset. By acquiring Carbon Black, VMware is able to match leading infrastructure software with leading security.
At a more granular level, the Carbon Black team has specialised expertise in endpoint detection. Now, as an intrinsic part of this amazing infrastructure company, we’re weaving in our expertise and innovation across the VMware solution portfolio.
Let’s say you were trying to reduce shoplifting at a mall. You might hire security guards. But if you just hire a bunch of people and say “go,” you won’t be successful. Those security guards have to be trained. They have to know what types of behaviour to look for.
In the digital world, security teams are monitoring bits of data flowing over a virtual wire. It’s impossible to see what’s going on and assess behaviour like a security guard would.
The goal of the Cyber Range solution is to help provide that visibility through training. We want to show people what bad behaviour looks like—show them what the typical patterns are, so they can investigate further. With greater visibility, organisations can investigate issues with greater confidence.
The VMware Carbon Black Threat Analysis Unit (TAU) is composed of some of the leading minds in cybersecurity research. They are focused on understanding the latest threats and attack techniques, and they continuously communicate with the product design team so we can build new insights into our solution.
The TAU sees the most novel and most nasty attacks across our entire customer base. We drive that information right back into the product to make it better.
As we enhance and improve our solution, we know that it has to be ready to respond to the latest threats. But at the same time, we also have to prepare for the long term. Our solution has to be adaptable so we can quickly adjust in the future to new threats. And of course, it also has to be simple to consume and operate. That way, organisations can stay focused on strategic priorities instead of constantly putting out fires. ▪