NW: Didn't VMware have a distributed firewalling capability?
MC: They had the stateless firewall capability before.
NW: Did you leverage some of that?
MC: Absolutely. When we came in there was an enormous team here with this set of assets. We came in with another set. That's why it took us a year and a half to integrate these things.
NW: I presume you add other security services in time?
MC: I think you can do load balancing, you could probably do WAN optimization, I think you can do it for IPS, but there are some tradeoffs we're going to have to make. Web application firewalling, I'm not sure. It would be interesting to see.
But we can also start getting into things like vulnerability assessment. Vulnerability assessment is normally a box that sits on the network and scans things and it's like, "Oh, my database says this is vulnerable based on the responses given me from the network." Instead, we can actually run a little bit of code that looks directly into the applications, at the files in the memory so they can't be tricked by, and then mitigate the problem so it can't reach the network. Which is exciting because, wow, now we have an entirely new approach to address security concerns.
NW: How much of this security work will you do internally versus with partners?
MC: Ours is very much an ecosystem approach. We're really good at building distributed services, but I'm not an expert in IDS, I'm not an expert in virus detection. So we want to provide a platform that will provide context that others can't get, and even provide native distribution capabilities, but otherwise it's very much an ecosystem play.
NW: But the firewall was home built?
MC: The firewall was home built. But again, it's fully distributed. We're going to have to lead with a few core products that demonstrate this capability in order to drive the ecosystem because nobody wants to invest money speculatively if they're in a growing business.
Palo Alto Networks is a good example. They provide a next-generation firewall and are a huge partner. They run a virtual appliance with integration in the kernel and we handle the operational side of distribution and provide additional context by allowing them to peer into the hypervisor. So there's quid pro quo here. For us, our platform gets more attractive and we get to sell a layer that adds value, and for them, they get an insertion vehicle and the insertion vehicle to a large market.
NW: They're not threatened by your own firewall?
MC: We're not a next-generation firewall. They're a $600 million company, or something like that. We're focused on kind of a minimum thing internally. It's very difficult to have absolutely zero overlap in partnerships. But we're not going after their core business at all. We're partnering as much as we can as best as we can. The only time we've built up functionality is to kind of lead the space and to address our customer demand.
Sign up for Computerworld eNewsletters.