Print Friendly, PDF & Email

 

Over the last year and a half, VMware has been aggressively bolstering its network security capabilities, whether with the acquisition of Velocloud (Nov. 2017), Avi Networks (June 2019), Carbon Black (Oct. 2019), Octarine (May 2020), or Lastline (June 2020).

Today, VMware took another significant step with its new Secure Web Gateway(SWG)/Secure Access Service Edge (SASE) solution in collaboration with Menlo Security and expanded partnership with Zscaler.

In the last couple of months, I had the opportunity to sit down with senior VMware and Menlo Security executives to understand direction and aspirations. As I look back at today’s announcement against those conversations, three key takeaways come to mind:

1. VMware has strong fundamentals to deliver cloud-based security with Velocloud

We expect the physical appliance market for network security to decline 5% this year according to our data. Meanwhile, the virtual appliance and SaaS (i.e., cloud-based) markets for network security will grow 6% and 27%, respectively. 2020 is trending to be the first time the physical appliance market does not grow while virtual and SaaS markets do. The ongoing pandemic has hit the physical appliance market in two ways, by decelerating physical infrastructure projects and accelerating preference for cloud-delivered security.

VMware is banking on its Velocloud business unit to provide the platform and know-how to excel in the cloud-based network security space. Since its founding in 2012, Velocloud has been perfecting how to deliver cloud-based SD-WAN solutions over an ever-increasing global footprint, now with over 2700 cloud gateways across 130 points of presence (POPs). I believe the experience and knowledge gained from their SD-WAN solution will translate well to running a network security application, like SWGs. While Velocloud’s global network size may not be on par with Akamai or Cloudflare, two content-delivery/edge-compute vendors who are also entering the SWG space, they are on par with direct competition, such as Cisco Umbrella or Zscaler. With time we can expect that Velocloud’s scale will continue to increase, but even today is already a suitable foundation for delivering cloud-based security.

2. VMware needs to own the SWG, but until then, a partnership with Menlo Security is a good bridge on the journey to SASE

According to our data, the Secure Web Gateway market has been on a tear recently, growing 17% Y/Y in 1Q20 and 14% Y/Y in 2Q20. We expect it to close out the year with 15% Y/Y growth. This growth is remarkable, considering the challenging market environment created by the pandemic. For example, we expect the firewall market to post low single-digit Y/Y growth for the full year 2020, which has not happened since the great recession of 2008. With SWGs hot and firewalls not, VMware is the latest vendor to enter the SWG market in partnership with Menlo Security.

Menlo Security was founded in 2014 and is a late-stage startup that we started tracking here at Dell’Oro recently. Only this year did they begin introducing feature sets, such as CASB (Cloud Access Security Broker) and DLP (Data Leakage Prevention), for them to qualify for our SWG tracker. Most of their history, they’ve been better known for their work in web and email isolation technology and products.

I believe a vendor should directly own all core technology and expertise for their solutions in a perfect world. However, I see the partnership between VMware and Menlo Security a good bridge since making any acquisition takes time, and time is of the essence for VMware. Moreover, Menlo Security isn’t an unproven, early-stage startup, but also not so large to immediately give rise to competitive or strategic direction challenges. It remains what VMware is planning long term – I have no direct knowledge – but I stand by my assessment that VMware should own all the core technology, in particular, to improve the chance of success for the emerging SASE market. I’m currently working on a SASE Advanced Research Report and, in a future blog will hit on some of the key takeaways.

3. VMware hedging bets by keeping Zscaler close

On the one hand, VMware announced their intent to enter the SWG market today, but on the other, they also announced extending their strategic partnership with Zscaler. According to our data, Zscaler has been growing aggressively in the SWG market, as evidenced in 2Q20 with a 19% market revenue share and overtaking Cisco (Umbrella) for the #2 market spot. If they continue current growth velocity, they may take the #1 position before long.

VMware recognized that Zscaler isn’t going away, and customers will continue to seek best of breed deployments, with Zscaler owning the SWG and VMware owning SD-WAN. Few details were released on how VMware and Zscaler will further integrate, but on the face, I see a détente between both vendors, all aiming to reduce thrash near-term.

In summary, VMware continues to deftly expand its sphere of influence in the network security market, and we will be watching their developments with keen interest.