WEBVTT 1 00:00:00.000 --> 00:00:02.880 Anna Delaney: Hello, I'm Anna Delaney and this is the ISMG 2 00:00:02.880 --> 00:00:05.820 Editors' Panel where we discuss the hottest themes in 3 00:00:05.820 --> 00:00:09.300 cybersecurity right now. And I'm very pleased to be joined this 4 00:00:09.300 --> 00:00:11.550 week by Matthew Schwartz, executive editor of 5 00:00:11.580 --> 00:00:15.000 DataBreachToday and Europe; and Michael Novinson, managing 6 00:00:15.000 --> 00:00:19.500 editor for ISMG business. Great to see you both virtually and 7 00:00:19.500 --> 00:00:20.400 soon in person. 8 00:00:22.460 --> 00:00:24.140 Matthew Schwartz: Off the heels of London, we'll be in San 9 00:00:24.140 --> 00:00:25.190 Francisco soon. 10 00:00:25.570 --> 00:00:29.020 Anna Delaney: Yes, we are getting in the mood for RSA. And 11 00:00:29.020 --> 00:00:34.750 there's a blue theme going on today with our skies. Matt, tell 12 00:00:34.750 --> 00:00:35.620 us about your sky. 13 00:00:36.400 --> 00:00:40.060 Matthew Schwartz: So this is spring time, possibly summer 14 00:00:40.060 --> 00:00:43.330 depending on how things go in Scotland. So this is just in the 15 00:00:43.330 --> 00:00:47.020 middle of Dundee. It's an area called Magdalen Green, it used 16 00:00:47.020 --> 00:00:50.770 to be some kind of chapel probably back in the day. And 17 00:00:50.800 --> 00:00:53.110 then it used to be actually water as well - so bunch of 18 00:00:53.110 --> 00:00:57.460 reclaimed space. So now it's a beautiful urban park where you 19 00:00:57.460 --> 00:01:00.730 can hang out, eat your lunch, see some music in the summer 20 00:01:00.730 --> 00:01:03.820 time, and soak up the sun when we get it. 21 00:01:04.840 --> 00:01:07.570 Anna Delaney: Love it. It has a sort of vintage feel about it as 22 00:01:07.570 --> 00:01:13.390 well. Nice. Michael, do explain. 23 00:01:13.930 --> 00:01:16.960 Michael Novinson: I will! Say hello to Nibbles Woodaway. This 24 00:01:16.960 --> 00:01:20.890 is also known as the Big Blue Bug. It is a long Interstate 95 25 00:01:20.890 --> 00:01:24.130 in Providence, Rhode Island. It is the world's largest 26 00:01:24.160 --> 00:01:28.630 artificial bug, nine feet tall, 58 feet long. I just really love 27 00:01:28.630 --> 00:01:31.210 these roadside attractions that give you a sense of place. I 28 00:01:31.390 --> 00:01:33.880 previously lived in Western Massachusetts, there is a giant 29 00:01:33.880 --> 00:01:37.690 inflatable polar bear for the Polar Seltzer. And my husband 30 00:01:37.690 --> 00:01:40.210 grew up in Albany where there's Nipper, the dog - a giant 31 00:01:40.210 --> 00:01:42.190 foundation on top of the building and then I grew up in 32 00:01:42.190 --> 00:01:45.460 Detroit, where there's a 200 foot Uniroyal Tire on the road 33 00:01:45.460 --> 00:01:48.820 between the airport and downtown Detroit. So just always nice 34 00:01:48.820 --> 00:01:52.060 passing these quirky roadside attractions, especially after 35 00:01:52.060 --> 00:01:54.010 being away for a while. It gives you a sense that you're back to 36 00:01:54.010 --> 00:01:54.370 home. 37 00:01:54.880 --> 00:01:56.260 Anna Delaney: And this one, of course, has a mask. 38 00:01:56.650 --> 00:01:58.510 Michael Novinson: Yes, it does. This photo is from the early 39 00:01:58.510 --> 00:02:02.590 days of COVID. They do dress it up for the holidays, puts on 40 00:02:02.620 --> 00:02:05.170 Santa hat for Christmas, puts on a costume for Halloween, 41 00:02:05.170 --> 00:02:07.990 different companies can sponsor it and dress it up for like 42 00:02:07.990 --> 00:02:12.310 really for life. So on the Providence local news, you'll 43 00:02:12.310 --> 00:02:15.670 often see the Big Blue Bug dressed up for the season. 44 00:02:16.540 --> 00:02:18.970 Anna Delaney: Very good! Responding to the times in real 45 00:02:18.970 --> 00:02:23.260 time. So I am getting in the mood for RSA. This is, of 46 00:02:23.260 --> 00:02:26.770 course, in San Francisco. And this was has taken on my last 47 00:02:26.770 --> 00:02:30.100 trip there in 2019. So hopefully, we'll get some 48 00:02:30.160 --> 00:02:35.020 equally blue skies next week. So perhaps RSA is a good place to 49 00:02:35.020 --> 00:02:38.890 start. What do you expect to be the hot topics this year at the 50 00:02:38.890 --> 00:02:40.690 conference? Matt? 51 00:02:41.230 --> 00:02:43.330 Matthew Schwartz: Sure, I'll jump in. So it depends who 52 00:02:43.330 --> 00:02:48.040 you're speaking with, of course, but from a review of the key 53 00:02:48.040 --> 00:02:52.450 notes that are going to be happening, a few of the dominant 54 00:02:52.450 --> 00:02:57.820 trends: privacy, once again; public private partnerships, 55 00:02:58.030 --> 00:03:02.890 especially with CISA now being a government agency, helping 56 00:03:02.890 --> 00:03:07.600 spearhead the business resilience push in the United 57 00:03:07.600 --> 00:03:10.120 States. We're going to see a lot of discussion about that. 58 00:03:10.780 --> 00:03:14.080 Topically or thematically, I think we'll see a lot on zero 59 00:03:14.080 --> 00:03:19.780 trust, enterprise detection and response or extended XDR sort of 60 00:03:19.780 --> 00:03:23.590 stuff is also always hot. There's going to be a lot of the 61 00:03:23.590 --> 00:03:26.380 business cybersecurity. We've seen a lot of M&A activity, I'm 62 00:03:26.380 --> 00:03:31.360 sure Michael will touch on that. And also securing the supply 63 00:03:31.360 --> 00:03:34.180 chain. We've got discussion continuing about his talks about 64 00:03:34.180 --> 00:03:38.500 bill of materials, and kind of know thy supplier, which of 65 00:03:38.500 --> 00:03:44.110 course always means also know thy suppliers. So deep, 66 00:03:44.470 --> 00:03:48.820 difficult issues, ripe for discussion. And I'm sure those 67 00:03:48.820 --> 00:03:51.820 will just be some of the topics that we hear about this year in 68 00:03:51.850 --> 00:03:52.630 San Francisco. 69 00:03:53.140 --> 00:03:55.810 Anna Delaney: Very good. And I noticed they have the 70 00:03:55.810 --> 00:03:58.030 cryptographers' panel back. 71 00:03:58.300 --> 00:04:01.480 Matthew Schwartz: I noticed that too. I'm so excited. That was 72 00:04:01.480 --> 00:04:06.070 not initially on the schedule. And I was doing a review of it 73 00:04:06.070 --> 00:04:10.270 recently to write a preview. And I noticed that it's back. And at 74 00:04:10.270 --> 00:04:14.500 its usual time, late on Tuesday morning. They've rescheduled the 75 00:04:14.500 --> 00:04:17.200 keynotes a little bit. They used to always be Tuesday morning in 76 00:04:17.200 --> 00:04:21.010 their entirety. Now they have some Monday afternoon, and 77 00:04:21.100 --> 00:04:22.900 they've sprinkled the rest around. But we've still got some 78 00:04:22.900 --> 00:04:25.840 Tuesday morning. I doubt there's going to be a music, dance and 79 00:04:25.840 --> 00:04:29.560 light show that they used to have like they used to have on 80 00:04:29.560 --> 00:04:32.230 Tuesday mornings. That was always fun. They bring in a 81 00:04:32.230 --> 00:04:34.900 celebrity who would do a monologue. Will they do that 82 00:04:34.900 --> 00:04:37.390 again? I don't know. I guess we have to wait and see. 83 00:04:38.650 --> 00:04:41.140 Anna Delaney: They're good. Michael, what's on your mind? 84 00:04:42.280 --> 00:04:43.570 Michael Novinson: I don't know. Matt covered a lot of the big 85 00:04:43.570 --> 00:04:46.630 points. But I think specifically on the business side, we do 86 00:04:46.630 --> 00:04:49.060 still have the storm clouds hanging over us. And I think 87 00:04:49.060 --> 00:04:51.820 especially for the VC firms in attendants and for the startups, 88 00:04:51.820 --> 00:04:55.210 it's going to be a lot of thinking around, what the future 89 00:04:55.210 --> 00:04:59.650 looks like for them. I know it is a somewhat smaller 90 00:04:59.650 --> 00:05:02.320 conference. As in previous years looks like about 400 vendors on 91 00:05:02.320 --> 00:05:06.280 the show floor rather than the 650 we were seeing in 2020. But 92 00:05:06.280 --> 00:05:10.540 I think there will be a lot of questions around when's the 93 00:05:10.540 --> 00:05:13.480 money coming next and what does it look like? I mean, we had the 94 00:05:13.480 --> 00:05:17.200 high profile lease work, which would raise just $1.3 billion 95 00:05:17.200 --> 00:05:21.100 six months ago, announcing that it will be laying off 20% of its 96 00:05:21.100 --> 00:05:25.000 staff, roughly 200 people just last week. And I think that is 97 00:05:25.270 --> 00:05:29.890 kind of a sign of the time. So I'm sure a lot of startups both 98 00:05:29.890 --> 00:05:32.380 late stage and even getting into early century having to think 99 00:05:32.380 --> 00:05:35.680 about how can they extend their runway and make the money they 100 00:05:35.680 --> 00:05:38.320 have last longer. So I think that's going to be a major theme 101 00:05:38.320 --> 00:05:41.410 at the show, along with some thoughts around for some of 102 00:05:41.410 --> 00:05:48.670 these longtime public companies like Qualys, and what their 103 00:05:48.670 --> 00:05:52.180 future looks like. Our valuations are down. We've seen 104 00:05:52.180 --> 00:05:55.960 private equities have been looking for a good deal. And I 105 00:05:55.960 --> 00:06:00.160 think there's going to be some discussion around if we should 106 00:06:00.160 --> 00:06:04.060 expect to see some more value based acquisitions of 107 00:06:04.090 --> 00:06:06.400 publicly-traded companies by PE firms. 108 00:06:07.720 --> 00:06:09.400 Anna Delaney: And Michael, what do you hope to gain from the 109 00:06:09.400 --> 00:06:09.850 event? 110 00:06:11.890 --> 00:06:15.250 Michael Novinson: So yeah, I'm really hoping to broaden my 111 00:06:15.280 --> 00:06:19.960 horizons. I definitely do want to hear more on the supply chain 112 00:06:19.960 --> 00:06:25.870 side, what's going on there, and from a policy standpoint, some 113 00:06:25.870 --> 00:06:28.570 around the software bill of materials, as well as some of 114 00:06:28.570 --> 00:06:34.150 the policy-based stuff around ransomware attacks. But in terms 115 00:06:34.150 --> 00:06:43.690 of any policies around governing when folks can pay and kind of 116 00:06:43.690 --> 00:06:47.290 rules around disclosure. So I'm interested in seeing, obviously, 117 00:06:47.650 --> 00:06:51.790 the past 18 months, we've seen more proactive response from the 118 00:06:51.790 --> 00:06:53.890 US government in terms of trying to get involved with 119 00:06:53.890 --> 00:06:56.830 cybersecurity. So I'm interested in hearing from some of the 120 00:06:56.830 --> 00:06:59.350 policy makers in terms of what they're thinking going forward. 121 00:07:00.610 --> 00:07:05.980 Anna Delaney: Matthew, I mean, how much of Ukraine, Russia will 122 00:07:05.980 --> 00:07:08.050 dominate conversations, or maybe not at all? 123 00:07:08.830 --> 00:07:12.670 Matthew Schwartz: Definitely the Russia-Ukraine war, cyber war, 124 00:07:12.670 --> 00:07:15.460 although it never really was, except for maybe the Viasat 125 00:07:15.460 --> 00:07:19.360 satellite disruption, that's going to be a huge topic. That 126 00:07:19.360 --> 00:07:22.240 has been something obviously, everybody thought was going to 127 00:07:22.240 --> 00:07:26.950 really explode. And it's been occurring at a much lower level 128 00:07:26.950 --> 00:07:31.210 than predicted. And so that has reshaped a lot of notions about 129 00:07:31.210 --> 00:07:34.390 cyber war. Not that that's necessarily something that we 130 00:07:34.390 --> 00:07:37.600 talk about a lot, because it's not as much of a business 131 00:07:37.600 --> 00:07:42.190 concern. Unless, of course, you're in Ukraine right now. But 132 00:07:42.190 --> 00:07:45.460 some of the other topics, I think we'll be hitting Colonial 133 00:07:45.460 --> 00:07:49.690 Pipeline. It's been about a year since that happened. Obviously, 134 00:07:49.690 --> 00:07:53.260 that's an arbitrary date. We could talk about it six months 135 00:07:53.260 --> 00:07:57.070 ago, six months from now, but I think that a lot of people are 136 00:07:57.070 --> 00:08:01.510 using it as a touchstone to, like Michael was talking about, 137 00:08:01.660 --> 00:08:04.690 we were having a big discussion with the government talking 138 00:08:04.690 --> 00:08:07.480 about how to get better ahead of ransomware. And I think it's a 139 00:08:07.480 --> 00:08:12.130 really useful thing to look a year later from that attack at 140 00:08:12.250 --> 00:08:16.570 what all has changed. That's just the cybercrime aspect of it 141 00:08:16.600 --> 00:08:21.040 as well. We've seen so much with the rush at the beginning of the 142 00:08:21.040 --> 00:08:26.410 pandemic, to remote work. So the threats and risks that that has 143 00:08:26.410 --> 00:08:30.310 created, I think will be a huge thing. This is the first RSA 144 00:08:30.310 --> 00:08:34.240 that we've had in person. We had it virtually last year as a 145 00:08:34.240 --> 00:08:37.990 stand in. But now that we're all back in person, hopefully 146 00:08:37.990 --> 00:08:42.190 coexisting peacefully, I think that the fact of our new 147 00:08:42.190 --> 00:08:46.960 existence is going to be a huge topic. All of the remote working 148 00:08:47.080 --> 00:08:51.370 security challenges haven't gone away. Digital transformation is 149 00:08:51.370 --> 00:08:54.040 still happening at a huge pace. And I think a lot of 150 00:08:54.040 --> 00:08:57.880 organizations and a lot of IT administrators, CISOs are 151 00:08:57.880 --> 00:09:00.910 worried and trying to keep up with all of that. 152 00:09:02.200 --> 00:09:04.390 Anna Delaney: Well, I look forward to comparing notes as we 153 00:09:04.390 --> 00:09:08.230 go next week. So many other topics this week, other news 154 00:09:08.230 --> 00:09:11.620 stories: security researchers are tracking a zero day 155 00:09:11.620 --> 00:09:14.290 vulnerability in Microsoft Office. Tell us more. 156 00:09:15.230 --> 00:09:17.330 Matthew Schwartz: Yes, it wouldn't be a United States 157 00:09:17.330 --> 00:09:23.330 holiday weekend without some major flaw coming to life. So it 158 00:09:23.330 --> 00:09:27.380 was just Memorial Day weekend in the States, and security 159 00:09:27.380 --> 00:09:31.940 researchers unearthed a Microsoft Office zero day 160 00:09:31.970 --> 00:09:36.680 attack. Now, zero day attacks, it's tough to tell how many are 161 00:09:36.680 --> 00:09:40.490 out there in terms of how many new ones are being discovered, 162 00:09:40.520 --> 00:09:44.570 stockpiled, put to use, not put to use. But this one appears to 163 00:09:44.570 --> 00:09:48.500 date from April. It's been spotted being used in some 164 00:09:48.500 --> 00:09:53.090 campaigns that reference to that. Now, no attribution has 165 00:09:53.090 --> 00:09:58.130 been made about any of this, but you may remember phishing emails 166 00:09:58.130 --> 00:10:02.030 disguised as Tibet lures from such previous campaigns is those 167 00:10:02.030 --> 00:10:05.480 involving China. Not pointing any fingers, just noting. It 168 00:10:05.990 --> 00:10:09.650 could be a false flag, could be China, we don't know. But it's 169 00:10:09.650 --> 00:10:13.550 very interesting because this is a zero day exploit as I 170 00:10:13.550 --> 00:10:17.660 mentioned, which manages to bypass a lot of the protections 171 00:10:17.780 --> 00:10:22.670 built into Office. Microsoft has confirmed the flaw is working on 172 00:10:22.670 --> 00:10:25.940 patches. And what's really innovative about this is it 173 00:10:25.940 --> 00:10:30.860 abuses another piece of software that shouldn't necessarily have 174 00:10:30.890 --> 00:10:36.110 a connection with Microsoft Office. Specifically, there's a 175 00:10:36.110 --> 00:10:39.830 support tool called Microsoft Support Diagnostics Tool, or 176 00:10:39.860 --> 00:10:44.030 MSDT. I know it rolls off the tongue, but it's designed to 177 00:10:44.030 --> 00:10:47.750 collect information that can be sent to Microsoft so their 178 00:10:47.750 --> 00:10:53.030 support people can handle problems. What the attack does 179 00:10:53.060 --> 00:10:58.520 is it invokes this capability, uses it to execute some 180 00:10:58.550 --> 00:11:02.600 arbitrary code, PowerShell scripting, and then that 181 00:11:02.600 --> 00:11:06.590 PowerShell script is built to download malware and to infect 182 00:11:06.650 --> 00:11:11.750 the system. Voila! So again, these attacks were seen in 183 00:11:11.750 --> 00:11:16.220 April. I mean, the attacks that we're seeing specifically point 184 00:11:16.220 --> 00:11:19.280 to some websites, which are no longer active. So that attack 185 00:11:19.280 --> 00:11:25.490 isn't happening anymore, but the vulnerability persists. So is 186 00:11:25.490 --> 00:11:29.600 there a big cause for panic here? Not at all. Microsoft has 187 00:11:29.600 --> 00:11:34.850 detailed some mitigations. And from a cybersecurity interest 188 00:11:34.880 --> 00:11:38.090 standpoint, it's always fascinating to see what the 189 00:11:38.090 --> 00:11:42.710 latest, greatest unexpected sort of exploit is, because attackers 190 00:11:42.710 --> 00:11:46.460 continue to be so innovative. They continue to pummel Windows 191 00:11:46.460 --> 00:11:50.150 in ways that probably nobody anticipated and defined 192 00:11:50.150 --> 00:11:53.990 vulnerabilities like this, which security researchers would have 193 00:11:53.990 --> 00:11:57.530 expected wouldn't have existed. There's no reason you should be 194 00:11:57.530 --> 00:12:00.080 able to call this functionality in the way that it's being 195 00:12:00.080 --> 00:12:03.500 called. So Microsoft has a little bit of work ahead of it. 196 00:12:03.500 --> 00:12:06.920 It hasn't said when it will patch the issue yet. But 197 00:12:06.920 --> 00:12:08.960 hopefully, we will see a patch soon. 198 00:12:10.120 --> 00:12:12.490 Anna Delaney: So right now, what's your advice to security 199 00:12:12.490 --> 00:12:13.030 teams? 200 00:12:14.350 --> 00:12:19.180 Matthew Schwartz: Review your exposure. So look at the 201 00:12:19.210 --> 00:12:23.410 applications that you have, currently. Multiple versions, 202 00:12:23.410 --> 00:12:29.620 but not all versions of Office are at risk. And also see if you 203 00:12:29.620 --> 00:12:34.180 are logging the kinds of calls that would get made by this 204 00:12:34.180 --> 00:12:38.110 attack, because it's abusing this functionality in unexpected 205 00:12:38.110 --> 00:12:42.250 ways. Actually, you would not typically be logging the 206 00:12:42.250 --> 00:12:47.140 behavior that this attack would demonstrate. So if you go back 207 00:12:47.140 --> 00:12:49.810 and try to look for evidence that you've been exploited in 208 00:12:49.810 --> 00:12:53.830 this manner, you're not going to find it, unless you now 209 00:12:53.860 --> 00:12:57.220 specifically go and put the right kind of logging in place. 210 00:12:57.640 --> 00:13:00.880 And at the same time you do that, you can create alerts as 211 00:13:00.880 --> 00:13:04.300 well, in case someone tries to exploit this. That way, your 212 00:13:04.300 --> 00:13:07.990 security team, your security operations center, will get a 213 00:13:08.320 --> 00:13:10.540 heads-up that someone's trying to do something with this 214 00:13:10.540 --> 00:13:10.960 exploit. 215 00:13:12.610 --> 00:13:16.540 Anna Delaney: Great analysis and advice, Matt. So Michael, talk 216 00:13:16.540 --> 00:13:19.360 to us about Broadcom. Interesting news this week. 217 00:13:19.990 --> 00:13:23.680 Michael Novinson: Of course! So Broadcom announced on Thursday 218 00:13:23.680 --> 00:13:27.760 that they'd be acquiring VMware for $61 billion. This is the 219 00:13:27.970 --> 00:13:30.490 second largest enterprise software acquisition of all time 220 00:13:30.490 --> 00:13:36.070 behind only Dell's acquisition of EMC, which closed back in 221 00:13:36.070 --> 00:13:39.070 September of 2016. From a security standpoint, it's 222 00:13:39.070 --> 00:13:41.320 interesting that the security businesses of both companies get 223 00:13:41.320 --> 00:13:43.750 somewhat overlooked. But from a revenue standpoint, we're 224 00:13:43.750 --> 00:13:46.810 talking about some pretty sizable businesses. And neither 225 00:13:46.810 --> 00:13:49.630 company has disclosed their security revenues very recently, 226 00:13:49.630 --> 00:13:53.890 but the last time Broadcom did, they said that they had $1.61 227 00:13:53.890 --> 00:13:57.100 billion of revenue from the Symantec business, or VMware was 228 00:13:57.130 --> 00:14:00.250 talking about having about roughly a billion in security 229 00:14:00.250 --> 00:14:03.190 revenue as recently as 2020. So you bring the two of those 230 00:14:03.190 --> 00:14:05.920 businesses together, and you're talking about one of the 231 00:14:05.920 --> 00:14:08.890 probably five largest security vendors in the world by revenue 232 00:14:08.890 --> 00:14:12.040 behind the likes of Microsoft and Cisco and Palo Alto Networks 233 00:14:12.040 --> 00:14:19.060 and Fortinet, but not too many others. So I think a lot people 234 00:14:19.060 --> 00:14:22.420 are nervous right now. Broadcom has made acquisitions before in 235 00:14:22.420 --> 00:14:26.260 the software space. Notably, they bought CA Technologies back 236 00:14:26.260 --> 00:14:29.500 in 2018, and then Symantec in 2019. And a lot of people 237 00:14:29.500 --> 00:14:33.760 haven't seen them as a very good steward that it's really going 238 00:14:33.760 --> 00:14:37.990 to cost take out play. Granted, neither of those companies were 239 00:14:37.990 --> 00:14:40.390 growing. In the case of Symantec, they were both their 240 00:14:40.390 --> 00:14:43.420 enterprise business. The business that Broadcom acquired 241 00:14:43.420 --> 00:14:48.520 was both flat in terms of growth and was losing money. So 242 00:14:48.550 --> 00:14:53.800 Broadcom's strategy was really to take out costs. They cut 243 00:14:53.800 --> 00:14:57.580 operating margins up from the high 30s into the 70s. They cut 244 00:14:57.580 --> 00:15:03.550 R&D, they had massive layoffs, and really the Broadcom strategy 245 00:15:03.550 --> 00:15:06.100 historically for all of their technology has been to really 246 00:15:06.100 --> 00:15:09.910 focus on the largest enterprise. It's really the largest 600 or 247 00:15:09.910 --> 00:15:13.810 so companies in the world and really focus on selling to them 248 00:15:14.050 --> 00:15:19.960 and broadening their stack. And then essentially, letting the 249 00:15:20.170 --> 00:15:23.140 tail-end wither, pretty much anybody below that doesn't 250 00:15:23.140 --> 00:15:26.890 receive much support or much service. So what that meant for 251 00:15:26.890 --> 00:15:30.760 Symantec in particular, was that they had a lot of endpoint 252 00:15:30.760 --> 00:15:33.220 customers, antivirus customers, endpoint protection customers, 253 00:15:33.220 --> 00:15:35.110 who really just stopped having their phone calls returned 254 00:15:35.110 --> 00:15:37.930 whether it was end customers or partners that just couldn't 255 00:15:37.930 --> 00:15:43.210 reach Broadcom at all and now that a large portion of those 256 00:15:43.210 --> 00:15:50.020 have switched over to Sophos, to Webroute, to ESET, to any other 257 00:15:50.020 --> 00:15:54.340 company that answers their phone calls. I mean, IDC just put out 258 00:15:54.700 --> 00:15:57.220 data yesterday on endpoint security market share. 259 00:15:57.250 --> 00:16:01.900 Broadcom's endpoint security market share is down or their 260 00:16:01.930 --> 00:16:06.220 endpoint security business is down 10.6% from 2020 to 2021. 261 00:16:06.220 --> 00:16:09.370 They're the only company who saw their endpoint security business 262 00:16:09.370 --> 00:16:15.460 strength between those two years. Broadcom was trying to 263 00:16:15.460 --> 00:16:18.010 reassure folks in the VMware side that this time is going to 264 00:16:18.010 --> 00:16:20.140 be different. That VMware is a different company, they're a 265 00:16:20.140 --> 00:16:24.820 company that is growing double digit growth. They're a market 266 00:16:24.820 --> 00:16:27.850 leader in virtualization, they're a technologically 267 00:16:27.850 --> 00:16:30.910 forward company. And in particular, they talked about, 268 00:16:31.810 --> 00:16:37.480 during the call with investors, that VMware has a lot of small 269 00:16:37.480 --> 00:16:40.690 and midsize customers 300,000 customers using vSphere. They're 270 00:16:40.690 --> 00:16:44.560 not looking to abandon those customers, they're looking to 271 00:16:44.560 --> 00:16:47.440 continue to leverage the channel that VMware has built with 272 00:16:47.470 --> 00:16:50.260 value-added resellers and managed service providers to 273 00:16:50.260 --> 00:16:53.110 continue to service those customers, which would probably 274 00:16:54.460 --> 00:16:57.610 bleed into the security business as well. From a 275 00:16:57.610 --> 00:17:00.430 security-specific standpoint, the biggest things you have 276 00:17:00.430 --> 00:17:05.290 coming together here is the old Symantec business, which was of 277 00:17:05.290 --> 00:17:09.880 course endpoint but also was data loss protection with secure 278 00:17:09.880 --> 00:17:13.600 web gateway from the acquisition of Bluecoat Software. And you 279 00:17:13.600 --> 00:17:16.120 have that coming together with VMware security business, which 280 00:17:16.120 --> 00:17:20.170 is the Carbon Black endpoint business, along with some VMware 281 00:17:20.170 --> 00:17:22.330 investments they've made around application security and 282 00:17:22.330 --> 00:17:26.470 container security and cloud security. To speak specifically 283 00:17:26.470 --> 00:17:30.370 on the endpoint side, just because we do have this new IDC 284 00:17:30.370 --> 00:17:35.650 data, in endpoint, Broadcom was the sixth largest vendor by 285 00:17:35.650 --> 00:17:39.370 revenue in 2021. VMware was eight so you bring the two of 286 00:17:39.370 --> 00:17:42.250 them together, and they become the fifth largest endpoint 287 00:17:42.250 --> 00:17:45.220 security vendor in the world behind CrowdStrike, Microsoft, 288 00:17:45.250 --> 00:17:48.340 Trend Micro, and Trellix, with Trellix being the combination of 289 00:17:48.550 --> 00:17:54.190 McAfee and FireEye. So yeah, Broadcom-VMware combination, 290 00:17:54.190 --> 00:17:56.140 fifth largest endpoint security vendor in the world that 291 00:17:56.140 --> 00:18:01.180 leapfrogs over Sophos now falls to six. On a final note, I would 292 00:18:01.180 --> 00:18:06.040 say is that from a structural standpoint, Broadcom is clear 293 00:18:06.040 --> 00:18:10.300 that they are essentially folding in Symantec and Broadcom 294 00:18:10.330 --> 00:18:13.990 into VMware. So they're going to become kind of business units 295 00:18:13.990 --> 00:18:18.250 within the VMware organization. They're going to go to market 296 00:18:18.250 --> 00:18:19.570 under the VMware brand. 297 00:18:20.410 --> 00:18:23.320 Matthew Schwartz: Fascinating always to see how the antivirus, 298 00:18:23.470 --> 00:18:27.340 back in the day, right, market continues to evolve. Interesting 299 00:18:27.340 --> 00:18:31.540 that they're deciding to try to jettison the brand names. I'm 300 00:18:31.540 --> 00:18:34.630 curious to see if it works out. McAfee tried to do that. And it 301 00:18:34.630 --> 00:18:37.990 didn't work at least once or twice. And then eventually now 302 00:18:37.990 --> 00:18:41.560 they've tried it again with Trellix. So, fascinating how the 303 00:18:42.070 --> 00:18:44.560 longevity of these businesses is. That's all I wanted to say. 304 00:18:44.000 --> 00:18:48.680 Michael Novinson: Yeah, that is interesting. Because Broadcom 305 00:18:49.160 --> 00:18:51.650 bought the rights to the Symantec name, the consumer 306 00:18:53.000 --> 00:18:55.400 business now those by NortonLifeLock. And they didn't 307 00:18:55.400 --> 00:18:57.470 really use the Symantec name much. They sunsetted the 308 00:18:57.470 --> 00:19:00.200 website, they sunsetted their social media pages. In the past 309 00:19:00.200 --> 00:19:02.600 six months, they started going back to the Symantec name. The 310 00:19:03.080 --> 00:19:06.590 Twitter account woke up after being asleep for two years. So I 311 00:19:06.590 --> 00:19:10.190 think that you realize that Symantec has a brand power. 312 00:19:10.190 --> 00:19:13.340 Similarly, we've seen with Cylance, which was acquired by 313 00:19:13.340 --> 00:19:16.880 BlackBerry several years ago, that they really retired Cylance 314 00:19:16.970 --> 00:19:19.160 pretty much altogether and then their executives have been 315 00:19:19.160 --> 00:19:22.640 talking about how that was a mistake. And when people hear 316 00:19:22.640 --> 00:19:26.300 BlackBerry, they think of mobile phones, and they realize that 317 00:19:26.300 --> 00:19:28.430 Cylance meant something to people. They've really been 318 00:19:28.430 --> 00:19:31.250 trying to reinvigorate the Cylance name there. So yeah, I 319 00:19:31.250 --> 00:19:34.460 don't know going forward if they're going to use the 320 00:19:34.460 --> 00:19:36.980 Symantec name in any fashion, even for the antivirus stuff, or 321 00:19:36.980 --> 00:19:39.560 if that's going to now be called Carbon Black, VMware Carbon 322 00:19:39.560 --> 00:19:42.980 Black, VMware. But yeah, certainly the Symantec brand has 323 00:19:42.980 --> 00:19:45.380 power. So I think they should think carefully about what they 324 00:19:45.380 --> 00:19:45.890 want to do. 325 00:19:47.830 --> 00:19:51.220 Anna Delaney: Great comments, Michael. Thank you very much. 326 00:19:51.820 --> 00:19:55.690 Well, as we are approaching RSA and conference season in 327 00:19:55.690 --> 00:19:59.440 general, what has been the most memorable moment for you? 328 00:19:59.440 --> 00:20:01.630 Conference moment that stands out. 329 00:20:01.000 --> 00:20:06.970 Matthew Schwartz: I'll go first, if I may. I flashback to the 330 00:20:06.970 --> 00:20:12.010 year 2000. A fateful year, of course, in computer circles, 331 00:20:12.430 --> 00:20:17.410 when I was a cub reporter covering the DEF CON conference 332 00:20:17.440 --> 00:20:22.510 in Las Vegas. And we were getting a briefing, or we're 333 00:20:22.510 --> 00:20:25.780 meant to be getting a briefing in the press room from the CIA 334 00:20:26.260 --> 00:20:29.650 of all organizations. But there was this wonderful delay where 335 00:20:29.650 --> 00:20:34.900 the brass attache for DEF CON came into the room with a bit of 336 00:20:34.900 --> 00:20:40.060 delay, and said, "I apologize for the delay. CIA is caucusing 337 00:20:40.120 --> 00:20:40.930 in the men's room." 338 00:20:46.270 --> 00:20:47.770 Anna Delaney: Michael, can you beat that moment? 339 00:20:48.400 --> 00:20:50.620 Michael Novinson: I cannot. I have been through a number of 340 00:20:50.620 --> 00:20:53.740 conferences over the years. I've heard a lot of interesting 341 00:20:53.740 --> 00:20:59.200 speakers. I think the most interesting I've heard was the 342 00:20:59.200 --> 00:21:03.160 captain of the US Airways plane who landed it on the water just 343 00:21:03.160 --> 00:21:04.240 outside of New York. 344 00:21:05.620 --> 00:21:06.040 Matthew Schwartz: Sully! 345 00:21:06.730 --> 00:21:08.110 Michael Novinson: I heard him a couple of years ago, and then 346 00:21:08.110 --> 00:21:13.150 very randomly, Thomas Dolby, the musician behind She Blinded Me 347 00:21:13.150 --> 00:21:16.630 With Science was randomly on the stage of the show and performed 348 00:21:16.630 --> 00:21:20.470 that using instruments on stage, which I can say I never expected 349 00:21:20.470 --> 00:21:25.150 to hear live. So that was a very unusual surprise. 350 00:21:25.000 --> 00:21:28.876 Anna Delaney: And I was going to say, well, there was that party 351 00:21:28.953 --> 00:21:31.900 I gate-crashed once at the last RSA... 352 00:21:31.000 --> 00:21:32.110 Matthew Schwartz: A party, Anna, you didn't say. 353 00:21:31.657 --> 00:21:35.074 Anna Delaney: Rooftops and cocktails. I'm not sure that 354 00:21:35.158 --> 00:21:40.493 will happen again. I'm not sure I can get away with that. But we 355 00:21:40.576 --> 00:21:45.828 were all young once. So looking forward to next week. Thank you 356 00:21:45.912 --> 00:21:49.580 very much, Matt, Michael. Always a pleasure. 357 00:21:49.580 --> 00:21:51.330 Matthew Schwartz: I can't wait. Will see you in San Francisco. 358 00:21:51.000 --> 00:21:53.610 Michael Novinson: Can't wait to meet you both in San Francisco. 359 00:21:53.670 --> 00:21:56.100 Anna Delaney: Exciting! And thanks so much for watching. 360 00:21:56.130 --> 00:21:56.940 Until next time!