The Expert's View with Michael Novinson

Endpoint Detection & Response (EDR) , Endpoint Protection Platforms (EPP) , Endpoint Security

What's Next for Carbon Black Now That Broadcom Sale Is Dead?

A Carbon Black-Symantec Marriage Would Combine 2 Low-Growth Endpoint Security Teams
What's Next for Carbon Black Now That Broadcom Sale Is Dead?

It looks like the knot between Carbon Black and Broadcom will remain tied after all.

See Also: Realities of Choosing a Response Provider

The marriage between the security software vendor and the semiconductor giant was expected to be short-lived after Broadcom inherited Carbon Black as part of its $69 billion acquisition of virtualization titan VMware in November. Just 15 days after the deal closed, Broadcom revealed plans to divest both Carbon Black and VMware's end-user computing unit, which will account for $2 billion in sales this year.

"We focus very much so on - in any acquisition - where we see the biggest value for our business model. And basically, we then do not want to be distracted by noncore focus," Broadcom President and CEO Hock Tan told investors Dec. 7. "We prefer now to divest them. We’ll find good homes for them because there are a lot of very interested parties who are more than happy to take those assets."

Broadcom on Monday announced a good home for VMware's end-user computing business, saying it will offload it to private equity giant KKR later this year for approximately $4 billion. But Carbon Black won't be getting a new residence anytime soon after indications of interest in the organization fell short of Broadcom's expectations, Bloomberg reported Monday.

Palo Alto, California-based Broadcom had been looking to fetch $1 billion for Carbon Black - including debt - but offers at that dollar figure remained elusive, according to Bloomberg. That's less than half of the $2.1 billion VMware paid to buy Carbon Black in October 2019. VMware's endpoint security market share fell from 3.9% in 2021 to 3.2% in 2022 as the unit's 6% growth rate fell well short of the industry growth rate.

How Carbon Black, Symantec Stack Up to the Competition

Bloomberg reported it's possible that Broadcom could opt to try and sell Carbon Black again, though Techzine reported a major round of layoffs is expected for Carbon Black in March followed by a merger with Symantec, which Broadcom bought for $10.7 billion in fall 2019. Broadcom declined to comment to Bloomberg and didn't promptly respond to an Information Security Media Group request for comment.

A union between Carbon Black and Symantec would create an $869 million endpoint security business, which would be the industry's fourth-largest behind only Microsoft, CrowdStrike and Trend Micro and ahead of antivirus stalwarts such as Trellix and Sophos. But unlike the total endpoint security industry - which grew by 29.2% in 2022 - the joint Symantec-Carbon Black business expanded by just 1% in 2022.

The combined business would have a sizable presence across various facets of endpoint security, but it has consistently lost ground in recent years to both established players such as Microsoft and CrowdStrike as well as new entrants such as Palo Alto Networks and SentinelOne. Market share losses would likely continue if the business units combined as Broadcom looks to eliminate redundancies and product duplication.

The combined Carbon Black-Symantec device security practice generated $679.5 million of revenue in 2022, slotting in at fourth just behind Trellix and well behind Microsoft and CrowdStrike. When it comes to physical server and cloud workload security, Symantec and Carbon Black generated $189.5 million of sales in 2022, good for bronze and trailing only Palo Alto Networks slightly and Trend Micro significantly.

How Analysts See Carbon Black, Symantec in Endpoint Security

Carbon Black and Symantec both were named as niche players by Gartner in its 2023 Endpoint Security Magic Quadrant, while Forrester named Symantec a strong performer and Carbon Black a contender in this year's Endpoint Security Wave. Gartner praised Carbon Black for having a mature endpoint detection and response capability and more coverage of air-gapped and cloud environments and Windows Server OS.

But Gartner criticized Carbon Black for a lag in the debut of innovative endpoint protection capabilities such as host firewall management and limited third-party security ecosystem integrations. At Symantec, Gartner celebrated improved incident visualization capabilities, protection against malicious URLs delivered in text messages, and restricted execution of apps running on the endpoint.

But the analyst firm criticized Symantec for lacking credible MDR service and XDR product strategies as well as for having limited first-party integration between Symantec XDR and Broadcom's CASB tool. Forrester lauded Carbon Black for sturdy prevention and runtime protection engines as well as a deep application control tool that stops sophisticated attacks from getting started.

But Forrester chided Carbon Black for missing core features such as data security and for relying on external management for mobile device security and requiring a lot of tuning to reduce false positives. Forrester lauded Symantec for having deep application control functions and for allowing security practitioners to control the actions taken by approved apps within their environment and to block malicious actions.

Forrester went after Symantec for not including functions such as data security or patch and vulnerability remediation as part of its endpoint security offering as well as a poor customer experience following Broadcom's acquisition.

Longtime Carbon Black CEO Patrick Morley led VMware's security business unit following the October 2019 acquisition until he departed the company in December 2021. Jason Rolleston joined Carbon Black in August 2021 to spearhead product strategy and execution and became general manager for the whole business in December 2022. Umesh Mahajan has led VMware's security unit since December.

The leadership teams at Symantec and Carbon Black will face an uphill battle keeping customers happy if Broadcom decides to bring the two businesses together.

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.