Carbon Black parent VMware has launched a Next-Gen SOC Alliance with multiple SIEM (security information and event management) and SOAR (security orchestration, automation and response) software providers.
The alliance strives to help customers build modern SOCs (security operations centers) that deliver "unprecedented visibility and remediation capabilities across endpoints, networks, workloads, and containers," according to Tom Barsi, VP of alliances for VMware Carbon Black.
How will the SOC alliance potentially benefit MSPs and MSSPs? In response to that inquiry from MSSP Alert, Barsi said:
"We expect the Next-Gen SOC Alliance to be well received by our MSSP and MSP partners. Most of these service provider partners leverage these same SIEM/SOAR platforms in their managed SOC. With this announcement, our service provider partners will be able to fully leverage our XDR data within their SOC to respond to threats more quickly and make their resource constrained SOC analysts more efficient."
Carbon Black has a long history of working with both MSPs and MSSPs. The evidence:
- VMware acquired Carbon Black for $2.1 billion in October 2019. At the time, Carbon Black had more than 5,600 global customers supported by more than 500 MSSPs, VARs, distributors and technology integrators.
- As of mid-2018, partners influenced more than 90 percent of Carbon Black’s sales.
- By mid-2019, MSSPs were influencing some of Carbon Black’s largest customer wins.
Still, VMware Carbon Black faces intense competition from MSP- and MSSP-friendly endpoint protection software providers. Key rivals include BlackBerry Cylance, CrowdStrike, Cybereason, OpenText Webroot, SentinelOne and VIPRE, among others.
SOC Alliance Members
Key VMware Next-Gen SOC Alliance participants include:
Those systems integrate with VMware Carbon Black Cloud to deliver key "XDR capabilities and context into SIEM technologies that power the modern-day SOC," the companies say.
In a prepared statement about the alliance, Splunk Senior VP and GM Haiyan Song said:
“Splunk’s Security Operations Suite acts as the backbone for some of the most advanced SOC’s in the world. As the security industry continues to embrace data at the center of their security strategy, it’s more important than ever to combine the power of Splunk’s industry-leading SIEM and SOAR solutions with XDR to fight back against increasingly sophisticated cyber actors. We are pleased to bring Splunk Enterprise Security and Splunk Phantom to this alliance with VMware Carbon Black and look forward to helping our mutual customers around the world solve their toughest security challenges with data.”
Companies that would like to potentially join the SOC alliance can email [email protected].
SOC Alliance: Who's Missing & Market Reality Check
The alliance sounds like it's off to a promising start. But several SIEM Gartner Magic Quadrant companies -- such as AT&T Cybersecurity, Fortinet, LogRhythm, McAfee, Netsurion Event Tracker, Rapid7 and Securonix -- are noticeably absent from the kick-off effort. Plus, fast-growing options like Microsoft Azure Sentinel and Arctic Wolf Networks weren't mentioned in the kick-off release.
Still, more moves are coming. In a follow-up LinkedIn note from Barsi to MSSP Alert, he noted that VMware has existing relationships with AT&T Cybersecurity and LogRhythm, among others.
Meanwhile, the overall cybersecurity market remains healthy. But the industry has seen some targeted staff cuts and compensation cuts amid the coronavirus pandemic and associated economic fallout. For instance, VMware froze salaries and cut executive pay earlier this month.