VMware Acquires BlueLane: Further Differentiation Through Security
From Virtualization.com comes the news that VMware has acquired BlueLane Technologies
BlueLane is the maker of solutions that protect both physical and logical infrastructure which includes ServerShield and VirtualShield. The company has of late focused wisely on
the latter which provides application-aware firewalling, inter-VM flow visibility and analytics, application policy control, and intrusion prevention capabilities.
Coupled with the introspection capabilities provided by VMware's vNetwork/VMsafe API's natively, the integration of BlueLane's solution sets will add to the basal capabilities of the platform itself and will allow customers the flexibility to construct more secure virtualized operating environments.
The notion of enabling in-line patch-proxying as well as the "IPS-like" in-line vulnerability mitigation capabilities for VM's and additional VMM protection make this very interesting indeed. You can read more about BlueLane's approach on their website. I also interviewed Allwyn Sequeira on my blog.
VMware's acquisition of Blue Lane comes as no surprise as it became clear to me that in order to continue to strengthen the underlying platform of the hypervisor itself, I wrote earlier this month prior to rumors of Blue Lane's acquisition by other bloggers that as part of a successful differentiation strategy:
heretical given the delicate balance most "platform" providers keep with their ecosystem
partners, but VMware have already shown that they are ready to buy as well as build and
ally with prior acquisitions and security will continue to be a key differentiator for them.
They've done it once already with Determina, they'll do it again.
Of course, I actually talked about it a year ago when Determina was acquired…
I think it's actually an excellent move as it continues on the path of not only helping to ensure that the underlying virtualization platform is more secure, but the elements that ride atop on it are equally "security enabled" also.
This point was at the heart of my debate with Simon Crosby, Citrix Systems' CTO (see here and here);
focusing solely on VMM resilience and leaving the ISVs to sort out security was a bad idea. It leads to more siloes, less integration, more complexity and overall a less secure environment.
We need a unified secure ecosystem to start with instead of worrying about securing the ecosystem's products.
Form a business perspective it takes a mixture of resolve, market dominance, and confidence to cannibalize a section of your ecosystem, but it's the right thing to do in this case in order to offset competitive forces and help customers solve some really nasty issues.
I made mention of this point with emerging security ISV's at Vmworld, and was asked several times whether I really thought VMware would do this. The odd question that inevitably came next was "were does that leave security ISV's like us?" You can guess my answer. Honestly, I'm sure most of them were hoping to be bought for the same reason.
So, will this cause a run on alignment to support Hyper-V over VMware? I don't think so. ISV's who were hinging their hopes for success solely on VMware understand this risk. Microsoft has no API facility like vNetwork/VMsafe, so the options for reasonable and rational installation of their products are limited. Citrix is in the same boat.
This is the reason my next set of VirtSec presentations will focus on Hyper-V.
On a side note, I was one of Blue Lane's first customers for their patch proxy product and have been an ardent supporter of their approach for many years, despite taking quite a bit of crap for it from purists and pundits who had difficulty rectifying the approach in comparison to traditional IPS'.
This is a good thing for VMware, VMware's customers and Blue Lane. Congratulations to the BlueLane team.
Any word on pricing?
From what I could see, BlueLane never had a complete IPS story let alone a real solution for virtual security. I was told by prospects that VMware's VMsafe made them secure, then I was told that the Determina acquistion made them secure, now VMware would have the market believe that buying BlueLane will make everything secure.
VMware has an amazing product but the management and security problems that arise with virtualization are very real. Marketing PR and the purchase of a failed start-up will not make these problems go away. I think you need to put this purchase in the context of VMware's prior $3 million investment in BlueLane and the manner in which VMware gutted BlueLane's patch product with VMware Update Manager.
If there are going to be security benefits in ESX, we won't see them in 2009 — this acquistion is coming to late for any of BlueLane's technology to make it into ESX 4.
Customer's need real solutions to address how virtualization impacts security around their people, processes and technology. Most of the people I talk to need answers today, not two years from now.
Michael Berman
CTO Catbird
– they have bought them in pennies..it is result of poort execution from BlueLane's board and management.
Michael:
There's quite a bit of angst/anger in your comments and I can't see where I either directly suggested any of the things you're ranting about in your post.
Further, where exactly — since there have been no public comments from VMware on the acquisition — do you see VMware telling customers that the BL acquisition "will make them secure?"
I don't see, nor have I said, that any of the acquisitions will "make VMware secure." It's hard to argue, however, that adding security capabilities to the platform would not make them "more secure" or "better able to secure" the environment.
Of course the integration will take time! VMsafe will yield some results in 2009, regardless of the BlueLane acquisition. Where did anyone say this was going to be an instant win?
However, you're also assuming that the only way VMware will integrate the product is directly into the VMM — they could also roll it out as a VMsafe-enabled Virtual Appliance. That's doable in 2009.
I'm having difficulty rationalizing your hyperbole especially since you're ranting about the same (which don't seem to have been made…)
Yes, people have real problems now. Yes, a lot of the solutions are coming late. Ultimately, short of your disdain for BlueLane, what is your point?
/Hoff
Hey /Hoff,
I did not mean my comment as a rant. For an example of me ranting see here: http://grok-security.blogspot.com/2008/09/7-years…
My apologies, I was just trying to provide some data, and I am not hiding the fact that I am from Catbird and may have some bias in this discussion.
This might all be blogosphere hot air until VMWare makes an announcement. Word on the street is that VMware paid an additional $15 million. That's roughly what the VC had put in to date, not a great exit for all the folks who worked 100 hour weeks.
Heard from VMware: (1) "Virtual machines are more secure than physical machines," (2) "People think of virtualization as this very different architecture, It isn’t actually." (3) "Even VISA does not have IPS in their data center."
From your post, "… the integration of BlueLane's solution sets will add to the basal capabilities of the platform itself …" — I'm sorry but I saw nothing in your post to make me think this was anything but an immediate benefit.
I don't believe VMWare will market a BlueLane appliance: (1) it kisses the security ecosystem goodbye (2) inline deployment breaks VMware's performance and availability solutions.
If VMware uses this buy to address their primary controls problem that's good news for the market and Catbird. I really hope that's what will happen. This purchase further validates the virtually security market and enables Catbird to continue to provide great value and significant cost savings for our customers.
Michael (at catbird dot com)
links:
(1) http://www.stanford.edu/~talg/papers/HOTOS05/virt…
(2) http://www.gcn.com/print/27_18/46730-1.html?page=…
(3) (protected source)
The real troubling aspect of this deal is the supposed price of 13.5M? They raised ~18M. Doesn't bode well for virt-sec M&A activity in the near future.
From the Virtualization.com hosted press release…
"Blue Lane was in search for a buyer since last Summer because of lack of sufficient capital"
Seems they should have been able to raise cash to avoid this apparent fire-sale.
Any thoughts from Hoff on why such a low figure?
I'm not one to speculate on the financial elements of the deal. Since I don't know the terms of the deal, I can't even fathom to guess. I leave that sort of analysis up to people who know WTF they are talking about in that department.
Until either BL or VMW publish the terms officially, it's all gossip. Don't get me wrong, I'm not suggesting it wasn't a low price, I just don't know.
I'm really not sure it's a bellweather indicator of VirtSec M&A potential, however. Raising capital has been tough lately, especially late round funding. BlueLane has been around for quite a while.
Again, I'd rather focus on the TECHNICAL merits of the acquisition and not get mired elsewhere.
/Hoff
Yes but Hoff you often comment on the viability of the virt-sec industry. Seems like these business issues (like virt-sec startup funding or lack there of) would be relevant in a blog like this but I understand your purist approach toward the subject and am fine letting the pundits work it out in due course.
I wonder how a technology that seems to have had difficulty finding its footing will fair in the larger context of the VMware portfolio. Will they sell it or give it away as a feature? Given their apparent difficulty selling VirtualShield on their own, I'm wondering if it will be any easier once a part the larger, more trusted VMware. Seems consumers will be more likely to buy a shim firewall/ips from the likes of a VMware than from a tiny startup.
@Adam:
Fair enough. I posted about my thoughts on VirtSec as a legitimate market in response to one of Rothman's rants here: http://rationalsecurity.typepad.com/blog/2008/06/…
Once the big boys move in via VMsafe, and now that Cisco is in the mix, if the little companies haven't secured a sugar daddy soon they're in trouble…or at least going to have to get comfortable with a very small share of the pie.
As to the plans for BlueLane's technology within VMware's roadmap? Well, I think it has a couple of obvious directions (a couple of them you allude to above) but I haven't asked yet…
If I had to guess, I think the IPS functions could become a feature for disposition per vNetwork/VMsafe and the in-line patching a pay-for-play license addition to work in conjunction with the Updater (they are complementary.)
Then there's the potential to keep VirtualShield alive as a virtual appliance and sell it too, but folks don't think that's very realistic and now that I reflect on it more, I tend to agree — at least in the long term. They may have to keep it alive until they can EOL it, depending on what the licensing agreements/maintenance contracts say.
I'll go ask and see if I get an answer 😉
/Hoff
I have heard that VM is planning to keep some of the staff and Executives from BL, I wonder who is advising VM to keep such a doomed staff who has already proved in BL that they are worth of failure; May be VM is planning same route as BL…