VMware To Buy Network Detection And Response Firm Lastline

VMware has agreed to purchase anti-malware research pioneer Lastline to better detect and contain sophisticated network threats before they disrupt business.

The Palo Alto, Calif.-based enterprise software vendor said its proposed acquisition of San Mateo, Calif.-based Lastline will increase the capabilities provided by the VMware Carbon Black Threat Analysis Unit (TAU) with network-centric threat research and behavioral analysis. Lastline will bring over a group of academic cybersecurity researchers who will be given room to continue doing meaningful research.

“Upon close of this deal, we will bring a world-class team of network-focused anti-malware researchers and developers, and go-to-market security experts, into the NSX team,” Tom Gillis, senior vice president and general manager of VMware’s networking and security business unit, said in a statement.

[Related: VMware To Acquire Kubernetes Security Startup Octarine]

Terms of the transaction, which is expected to close by July 31, weren’t disclosed. The deal has been approved by the boards of both VMware and Lastline, but is potentially subject to certain regulatory approvals. VMware’s stock remains unchanged at $148.08 per share in after-hours trading Thursday.

Lastline was founded in 2011, employs 156 people, and has raised $52.2 million in six rounds of outside funding, according to LinkedIn and Crunchbase. A source told TechCrunch that VMware will let go of 40 percent of Lastline’s employees – or about 50 staffers – as part of the acquisition. VMware declined to comment on the reported layoffs, while Lastline didn’t immediately respond to a request for comment.

“By joining forces with VMware, we will be able to offer additional capabilities to our customers and bring to market comprehensive security solutions for the data center, branch office and remote and mobile users,” Lastline CEO John DiLullo said in a statement.

Lastline has 15 PhDs and academics on staff, boasts several of the top 10 most published security threat researchers globally, and has been credited with bringing structure and rigor to the malware research world, Gillis wrote in a blog. Combining Lastline with the VMware Carbon Black TAU will foster a deep understanding of not just the threat, but also of the motivation and tactics behind the threat, he said.

The company’s core product is a malware sandbox that uses full-system emulation to look at every instruction the malware executes, according to Gillis. This yields a deeper understanding of how the malware works, which Gillis said in turn allows the Lastline team to detect and block the many derivative malware families.

“Lastline’s system detects twice the number of malicious files as a signature-based system,” Gillis wrote in the blog post. “Lastline detonates more than five million file samples daily, and the Lastline technology protects more than 20 million users across 1000’s of organizations around the world, including 5 of the 10 largest financial institutions.”

As part of VMware, Gillis said the NSX architecture will allow Lastline to perform network analytics at massive scale, across tens of thousands of cores, without the burden of tapping network traffic. Plus the Lastline malware analysis will become a critical feed for the Carbon Black Endpoint Detection and Response (EDR) and next-generation antivirus by providing greater workload context.

DiLullo said the combined company will offer an even broader array of integrated tools for both networking and security. This will complement many of VMware’s established offerings around cloud, data center, end user and workload protection, according to DiLullo.

“There are few security companies that have the breadth of network and endpoint capabilities as we expect the combined Lastline and VMware will have,” DiLullo wrote in a blog post.

The Lastline deal announcement comes just three weeks after VMware agreed to buy Kubernetes security startup Octarine to simplify DecSecOps and enable cloud native environments to be intrinsically secure from development through runtime. VMware got into cybersecurity in a big way nine months earlier when it agreed to buy next-generation endpoint security vendor Carbon Black for $2.1 billion.