Broadcom Beefs Up Security Business With $61B VMware BuyDeal Will Bring Together the $1.6B Symantec and $1B VMware Security Practices
Update - May 26, 2022: This story has been updated with comments Broadcom President and CEO Hock Tan and Broadcom Software Group President Tom Krause made during a conference call with investors Thursday.
Broadcom has agreed to purchase cloud and virtualization giant VMware for $61 billion, bringing together the $1.6 billion Symantec and $1 billion VMware security practices.
The San Jose, California-based semiconductor behemoth says it plans to incorporate its existing security offerings into the VMware portfolio and bring them to market under the VMware brand. The Symantec business under Broadcom is focused on endpoint, network, information, identity and email security, while VMware's security business is oriented around protecting endpoints, workloads and containers (see: How Broadcom Acquiring VMware Would Shake Up Cybersecurity).
"This transaction combines our leading semiconductor and infrastructure software businesses with an iconic pioneer and innovator in enterprise software as we reimagine what we can deliver to customers as a leading infrastructure technology company," Broadcom President and CEO Hock Tan says in a statement.
VMware began in the virtualization space, bringing more efficiency to on-premises data centers, and subsequently extended its platform to the private cloud to provide enterprise customers with more security, performance and control over their applications and underlying infrastructure, Han tells investors during a Thursday call.
"Together with Broadcom's existing software portfolio, we are positioned to create a uniquely powerful value proposition for enterprises, enabling them to develop, deploy and manage their applications securely and seamlessly across every type of cloud," he says.
Broadcom's software assets for the distributed enterprise complement and augment VMware's multi-cloud offerings across the entire application life cycle, enhancing operations management, value stream, DevOps management and security, Broadcom Software Group President Tom Krause tells investors on the call.
VMware's application management platform helps customers build, deploy, secure and operate applications in private, hybrid or public cloud environments, Krause says. That's complemented by VMware's end-user and security solutions that are designed to enable employees to securely work from anywhere anytime, according to Krause.
"We can secure these applications with the combined capabilities of Symantec's leading security portfolio along with Carbon Black's cloud-native endpoint security products," he says.
Software will account for 49% of revenue from the combined Broadcom-VMware business, and the acquisition is expected to close in the fiscal year starting Nov. 1, 2022. Michael Dell and Silver Lake, which own a combined 50.2% of outstanding VMware shares, have signed agreements to vote in favor of the acquisition. VMware was spun out in November from Dell, which had held 81% equity ownership.
"Together with Broadcom, VMware will be even better positioned to deliver valuable, innovative solutions to even more of the world's largest enterprises," Michael Dell, who is also chairman of VMware's board, says in a statement. "This is a landmark moment and provides our shareholders and employees with the opportunity to participate in meaningful upside."
VMware's stock climbed $3.79 - or 3.14% - to $124.36 in trading Thursday. Broadcom has offered to buy VMware for $142.50 per share, with VMware's continued lower stock price reflecting antitrust concerns. Broadcom's stock also rose $19.03 - or 3.58% - to $550.66 in trading Thursday. Bloomberg, The Wall Street Journal and others first reported Broadcom's interest in VMware Sunday night.
The Broadcom-VMWare deal will be the second largest enterprise technology acquisition of all time, behind only Dell's $67 billion purchase of storage giant EMC in September 2016. Although cybersecurity isn't a primary revenue stream for either Broadcom or VMware, both technology firms have sizable security businesses.
VMware's Approach to Security
VMware has long had some intrinsic security elements built into its virtual networking, end-user and compute offerings but really stepped up its security game through its $2.1 billion acquisition of Waltham, Massachusetts-based endpoint detection and response firm Carbon Black in October 2019. That purchase allowed VMware to reach the milestone of $1 billion of annual security revenue by early 2020.
The virtualization giant has not rested on its laurels since then, scooping up Kubernetes security startup Octarine in May 2020 to enable cloud-native environments to be intrinsically secure from development through runtime and application security startup Mesh7 in March 2021 to boost VMware's Kubernetes, microservices and cloud-native capabilities.
In the past year, VMware has debuted a cloud web security offering to fill out its Secure Access Service Edge portfolio as well as the industry's first application security edge, which enables networking and security infrastructure at the data center or cloud edge to flex and adjust as app traffic changes.
"Combining our assets and talented team with Broadcom's existing enterprise software portfolio, all housed under the VMware brand, creates a remarkable enterprise software player," VMware CEO Raghu Raghuram says in a statement. "Collectively, we will deliver even more choice, value and innovation to customers, enabling them to thrive in this increasingly complex multi-cloud era."
Broadcom first got into cybersecurity in November 2018 through its $18.9 billion purchase of CA Technologies, which brought CA's authentication, single sign-on, identity management and governance, and directory services capabilities under Broadcom's control. But it wasn't until a year later when Broadcom bought Symantec that the company became a formidable presence in the security market.
Since buying Symantec, Broadcom sold the company's 300-person Cyber Security Services business to Accenture for a reported $200 million to help organizations anticipate, detect and respond to threats. In May 2020, Broadcom sold most of Symantec's enterprise consulting team to HCL Technologies, giving HCL expertise across endpoint security, web security services, cloud security and data loss prevention.
"VMware's platform and Broadcom's infrastructure software solutions address different but important enterprise needs, and the combined company will be able to serve them more effectively and securely," Krause says in a statement. "We have deep respect for VMware's customer focus and innovation track record, and look forward to bringing together our two organizations."
Embracing the Channel
Broadcom's previous software acquisitions were well-suited to be sold directly to large enterprises, Krause says, with mainframes making up at least half of CA Technology's revenue when the company was acquired for $18.9 billion in November 2018. The mainframe technology is geared toward roughly 500 large, strategic accounts supported by a direct sales motion, he says.
Krause anticipated a lot of overlap between the organizations consuming CA's mainframe technology and those who would be interested in the data loss prevention, secure web gateway and cloud access security broker products offered by Symantec. This allowed Broadcom to reduce its go-to-market investment and drive operating margins to more than 70%, according to Krause.
But focusing almost entirely on selling direct to large enterprises meant that Broadcom ended up leaving revenue on the table, Krause says.
"I think there are some things we've learned relative to the CA and the Symantec acquisitions in terms of the value of the channel," Krause says. "We want to continue to support that [VMware] channel that's going to allow us to support a lot more revenue in a cost-effective way."
The situation at VMware is very different than at CA or Symantec, he says, as more than 300,000 customers currently use the company's vSphere cloud computing virtualization platform.
"When we look at the growth that the company [VMware] is driving with their more modern applications, whether it be for private cloud or public cloud, we see a much bigger opportunity," Krause says. "And so to support that opportunity, we need to invest in sales and marketing."