Search

Reimagining Lateral Security and Load Balancing for Private Clouds – Six Five On the Road

Reimagining Lateral Security and Load Balancing for Private Clouds - Six Five On the Road

On this episode of the Six Five On the Road, Daniel Newman and Patrick Moorhead are joined by Broadcom‘s Umesh Mahajan, VP & GM, Application Networking and Security (ANS) Division for a conversation on Broadcom’s acquisition of VMware and the innovative developments within the ANS division.

Their discussion covers:

  • The primary focus and opportunities for the ANS Division following Broadcom’s acquisition of VMware.
  • Challenges digital enterprises face in securing applications and data, and the main pain points customers are expressing.
  • The unique value proposition ANS security offers to tackle customer challenges and popular use cases.
  • The intersection of emerging GenAI and LLM technologies with ANS’s security solutions.
  • Special attributes and top use cases of the Avi Load Balancing solution, including its application in Kubernetes environments.

Learn more at Broadcom.

Watch the video below, and be sure to subscribe to our YouTube channel, so you never miss an episode.

Or listen to the audio here:

Disclaimer: The Six Five Webcast is for information and entertainment purposes only. Over the course of this webcast, we may talk about companies that are publicly traded and we may even reference that fact and their equity share price, but please do not take anything that we say as a recommendation about what you should do with your investment dollars. We are not investment advisors and we ask that you do not treat us as such.

Transcript:

Patrick Moorhead: Welcome to another Six Five On the Road here, a remote on the road. There’s one company that got everybody talking last year. It was VMware. VMware and Broadcom. The integration real stuff is happening. In fact, we got to meet most of the senior leadership team on the day one deal closed. It was quite an experience, Dan.

Daniel Newman: Yeah, it was day 0.5. We were there on the day talking to all of the senior leadership, including having the exclusive opportunity to talk to Hock Tan himself. And it has been one of the biggest newsmakers over the last year. This was a mega deal, Pat. This was more than $60 billion in the coming together of two very important players in the technology space with a vision of the future, which has a lot to do with taking the cloud and the multi-cloud opportunity, the data and the estate that is the enterprise, and driving more value. And of course with AI coming on so strong and unleashing AI being so important, Pat, it’s been a really fascinating journey to follow.

Patrick Moorhead: Yeah, VCF… I mean, Broadcom is all in on VCF. It’s super exciting and that’s essentially equipping the entire private cloud and whether it’s applications, networking, and security. It’s super fun. Let us introduce our guest. Umesh, how are you? Great to see you.

Umesh Mahajan: Hey, thank you, Pat. Thank you, Dan. It’s wonderful to be here today with you all. I’m excited. Like you mentioned the whole focus, Broadcom made a big acquisition. This was like a year and a half in happening, but it’s been done and behind us. And we are excited at what we are doing at Broadcom at this time.

Patrick Moorhead: Yeah, and sorry we didn’t get the chance to talk to you already. Right? We talked not only on day 0.5, I guess Deal Close Day, but we also had some great conversations at Mobile World Commerce. Sorry we missed you, but here we are.

Daniel Newman: So Umesh, let me jump in and ask you. We’re five months now past the close of this deal of VMware’s acquisition of by Broadcom. And of course it’s VMware by Broadcom, right? That’s kind of how it’s properly labeled. But in your world, in the ANS division, application, network, and security, what’s your big focus and what big opportunities do you see right now?

Umesh Mahajan: It’s really been an exciting five months post acquisition. At Broadcom, we completely focused on our mission. And our mission at ANS is to deliver zero trust lateral security and application load balancing for our strategic customers where VCF is focused. Now customers tell us security is top of mind for them. Due to relentless malware and ransomware attacks happening, breaches are occurring every day, whether it’s universities, banks, or other enterprise customers. So you have to deploy security and load balancing as VCF gets deployed.

You can’t wait two years later, “I’ll deploy security or something.” No, that’s not the norm. And we have the right software defined architecture. We are completely plug and play with VCF and we provide the best comprehensive lateral security and load balancing. And that fits in with the Broadcom strategy and vision. VCF private cloud, and along with that, ANS delivers security and load balancing for the workloads.

Patrick Moorhead: Yeah, you’re really hitting on a confluence of megatrends here. And listen, the public cloud is 15 years old. The private cloud, let’s say, is about five years old. And as those private cloud stacks get more mature, like yours, a lot of enterprises are considering not just public cloud, but private cloud. And the other element here is to talk about data as it relates to AI, and of course analytics and machine learning, is in focus and how do I protect this, right? As our infrastructure has fractualized on the edge pretty much everywhere, our applications have fractalized too. No longer is it just one giant monolithic application. We have microservices, we have APIs, we have all these different things going on. What are the top security pain points to secure all this data right now?

Umesh Mahajan: You hit it on the head. Our customers are faced with all these challenges and their developers are banging on them. “I want to do Kubernetes. No, I want to a traditional virtual machine applications. I have a mix of everything. I want to be on-prem, I want to be in the public cloud, hybrid cloud, three different permutation combinations.” How do you deal with that? So what we find is customers tell us, “We’ve deployed parameter firewalls, but the reality is attackers are still getting in because that one FatPipe coming into the data center and putting 200,000 firewall rules over there doesn’t cut it. And traditional security appliances don’t work for lateral security because we need to protect every workload, not just three workloads, because you can get compromised there and then they can pass along and attack the other workloads. And the traditional architecture just doesn’t work. The racks on the side crumbling under traffic.

On top of that, the attacks are changing, right? The firewall alone doesn’t do it. AI could be next-gen firewall, so be it. But you need IDS, IPS, you need deep packet inspection. Signature-based attacks are coming in, then behavioral attacks are coming in. You need NDR, network, detection and response, if you’re going to prevent against ransomware, which is happening more and more. And it’s very difficult to take these appliances. And then, “Yeah, I have one of everything. How did you stitch it together?” Yeah, we hear that a lot, right? It’s very difficult to stitch all these security elements together into one uniform platform. And then you also need this full visibility and analytics you all talked about. Right?

If you don’t know what’s going on, how do you protect that? So that’s where you have to have the full visibility and provide rule recommendations in real time so that you can protect yourself because things change over time. Then there’s this other aspect. There’s tons of open source. And that’s a hacker’s delight, right? Open source is available, keep looking through the code, come in with and attack the vulnerabilities and get in into your data center. And open source is in everybody’s product, including ours. Right? So that’s how they get in. And very easily they find some vulnerability and get in. So our customers are telling us all these changes are happening and our developers want to move faster and faster. How do I provide comprehensive security and get it deployed fast?

Patrick Moorhead: Awesome.

Daniel Newman: Yeah. So you sort of started discussing there some of the challenges that customers are facing, obviously what open source and the vulnerabilities that that creates, just the growth of black hats and those that are trying to take advantage of multi cloud architectures and the vulnerabilities that are created by having lots of disparate systems. You must be focused right now though on building out the strongest, most compelling value proposition for ANS as you can. What is the value prop and the use cases where you’re finding the most alignment, Umesh? How are you finding, where are the customers coming to you? Where are you getting the big wins?

Umesh Mahajan: What we find is the sweet spot is lateral security because that’s where we shine. We have the right architecture, software defined distributed architecture, hypervisor integrated and scales horizontally. If you’re building a cloud, you’re using commodity servers. We just take a little bit of the CPU and scale horizontally, and we are managed from one location. So it’s like almost collapsing hundreds of firewalls or load balancers or elements like that, or IDS, IPS and making it into a one big firewall, one big IDS appliance or one big NDR appliance. But there are other aspects to security too. One is the architecture and the scale. It all works, but we think there are three aspects of security: visibility, detection, and prevention. Because I have a lot of security experts all the time. If you can’t see it, you can’t secure because you thought you put in some firewall rules, et cetera, along came somebody else two months later added a few things and that’s not protected.

So you have to have real time visibility and you have to be able to see everything before you can truly say, “I’m secure.” And then once you have the visibility, then you can use something like distributed firewall and micro segment your entire environment. You start with your key application and then you spread out. You do macro segmentation. Then you get finer grained and you do micro segmentation. And our visibility analytics tool can even help you with that, can show you what is an application, it can show you what is secure, what is not secure. So it gives the health score, “This is secure, this is not secure.” You better be sure this is the way you want it and then you can lock it down. Then the other software vulnerabilities, the Log4j, it was a big hoo-ha a year back. And while we provided four fixes to our customers, it took them at some time, like three months to deploy.

That’s a very long time. With IDS. IPS technology, if it’s deployed one or two rules and you can protect against that. But the most dangerous kind is the NTA, NDR ransomware. Things are moving around laterally. How do you detect that? The signatures or the telltale and anomalies which are disguised because they’re using well-known protocol. How do you correlate them, figure out as a threat campaign, alert the SOC team? And finally, I kind of initially mentioned ours is not a disparate set of products. We are like a full-stack security architecture. So these are not different appliances. They’re just layered on top of each other and they build upon each other, so you get all elements of security. You can just start with firewall and you can go all the way up to NTA and NDR and protect against ransomware, fully integrated with VCF, and really easy to deploy as a single product. But that’s where I think we shine and that’s what our customers like about us.

Patrick Moorhead: Gosh, have we really made it this far in and not talked about LLMs? I mean, I floated kind of AI and Gen AI, but, Umesh, I have to ask, how does all of this intersect with generative AI and LLMs? We talked a little bit about the importance of data. Is there anything beyond that or is it all about the data?

Umesh Mahajan: No, it’s certainly, I think AI has come to the forefront. AI/ML were excellent. There was a lot of buzz, but I think Gen AI has just taken it to the next level. And you have to use that technology. You have to use it because it can let you do so much more like humans that you just can’t bypass it. So the way we are doing is we’ve been using AI/ML for visibility and threat analytics because you have to deduce certain things. You have to learn, “Hey, this is an attack. Is this also an attack? And how do you protect, et cetera.” But Gen AI is, you can use it very differently. And the most complicated security product we have is the behavioral analytics because there’s no guarantee. You’re seeing, okay, if this talks to this, then it went here, then it went there… Oh, this is an attack.

Maybe it’s an attack, maybe it’s not an attack. But that’s where Gen AI comes in and that’s where we are able to look at these alerts, sift through them, and figure out this is the true campaign and the rest is the alerts maybe, maybe, but these for sure are real attacks. We can take like a hundred alerts and you’ll come up with five alerts, which we think are useful, give you the context. And then beyond that, we can tell you, “Hey, this is a real attack. If you agree, very quickly, this is how to protect it.” So these sophisticated attacks, what’s happening is… And they are increasing.

Trust me. The hackers are really, really smart people, sometimes super smart. So they’re not going to rest easily. They’re going to attack in very complicated fashions. If we are able to take this large volume of data, reduce it, make sense out of it, now the security admins or the SOC admins can quickly prevent it and deploy it. They always wanted something to protect, but they were worried they’re going to make a mistake. So they don’t know which way to go. Left? Right? So with this kind of investment, which we have, we feel we can guide them and make them very successful in a short period of time.

Daniel Newman: So let’s get a little technical here, Umesh. I mean, load balancing-

Patrick Moorhead: I think he’s up for it. I think Umesh is up for it.

Daniel Newman: I know, I know. But you and I, we like to play in the cloud. We take selfies and pictures. No, I’m kidding. Well, we do like that stuff, but we also like to get kind of nerdy. I mean, for instance, talk a little bit about Avi load balancing a little bit. This seems to be something that’s a bit of a secret sauce. It’s special. It’s something that ANS is able to do. What are the top use cases for it?

Umesh Mahajan: Yeah. So when you look at load balancing, traditionally you’ve had vendors, FI, Netscaler, et cetera, which, they haven’t changed a lot over time. It’s still a box-based or an appliance-based architecture scale up, some improvements. Of course, there’s a lot of software there, but those architectures are box-based architectures or metal boxes as some people call them. So where Avi comes in, it’s the only software-defined architecture in private cloud. In public cloud, yes, Amazon has a load balancer, elastic load balancer. But in the private cloud, there’s nothing like Avi. And we have built over the years, a distributed load balancer. And again, all the features are there. It scales very nicely, elastic load balancer, and it brings in this massive operational simplification. You don’t have to manage the few hundred load balancers or tens of load balancers. You just manage from one place.

The other part we’ve done with Avi is we made it completely plug and play with VCF. Now, when it comes to load balancers, you have to get the traffic to the load balancer, load balance it, and then bring it back. Because if you don’t do it properly, you won’t get the traffic to the right place. So that’s where we are able to assess, discover the VCF tag, do the routing properly, stitch it together, customer doesn’t need to do anything. Then we are fully integrated with the vRealize Automation. So app owners can deploy the workload, can deploy the Avi load balancer at that same time. No later on, no special tickets are needed. Okay, we haveload balancing… How are we going to do that?

And finally there is the other secret sauce is the application analytics within the Avi platform. If we are using an application, all of us want the response instantly, right? We don’t want any latency or, “Okay, it’s okay to take two minutes before we get the answer.” So with Avi, we have the analytics built in, it looks at the data can do, and it can tell you, “Hey, the latency is going up, and X, Y, Z may be the reason.” So load balancing admins and IT admins just love it because otherwise they’re going to get paged or call later. They want to know it before the fact so that they can-

Patrick Moorhead: Yeah.

Umesh Mahajan: So again, that’s one of our key differences.

Patrick Moorhead: No, I love it here. Avi has its own special name. Isn’t that nice? So listen, VMware is noted and famous for a lot of things and virtualization. You’re one of the first companies to do that. But I thought we’ve moved on from virtualization. We’ve got a lot of virtualization, but there’s a lot of container as an application transport. Great things about containers, you can throw them across the hybrid multicloud regardless of where you want them. And as long as you do it in a standard way, you are good. Does Avi bring anything unique to Kubernetes workloads?

Umesh Mahajan: Absolutely. Because like you correctly pointed out, customers are building applications both way, the traditional virtual machines manner and with Kubernetes and containers. So that is something which has been happening for the last several years and will continue to happen. So how does Avi fit in? First of all, Kubernetes workloads tend to be dynamic. You never say, “I’m going to migrate this in a non-destructive fashion.” This is like developers driven. They want to program it, they want to change it, they want to bring it down, they want to spin it up somewhere else very quickly. They want that control. So what better architecture than a software defined architecture can spin up load balances anywhere?

We have an API, you can programmatically control everything in the AVI load balancer. So that’s really, really powerful about Avi. But at the same time, Avi is hardened because large enterprises and service providers are using it. Unlike open source, metal load balancer, some other load balancer, which has X number of features, which are good, but doesn’t have Y kind of features. A real enterprise needs those other features to which they’ve been using for a long time. And then some of the open source stuff doesn’t scale properly. Looking at Brownfield environments, how do you deal with Brownfield? But that’s where Avi shines and we support all the Kubernetes distributions.

Patrick Moorhead: Love it.

Daniel Newman: So we’ve got a few minutes left, Umesh, and thanks so much for being so generous with your time, really enjoying this conversation very much. I would be missing a big opportunity now that you’re giving us a five-month later playbook, but this is really still early days. I love to say it’s… The market loves to say AI has been decided or the cloud has been decided. And after almost two decades, we’re only 25% of workloads in the cloud. We’re only at 40 years into AI algorithms, but we’re really only a year or two into the real AI deployments. And it’s still early days. And guess what? For the Broadcom and VMware deal, it’s still early days. So for ANS, talk to me a little bit about what you see on the horizon for you, your team, and your portfolio.

Umesh Mahajan: So we’ve been talking to our customers even before the acquisition and definitely after the acquisition with a focus on strategic customers, which are the larger customers. So we’ve kind of seen, hey, what are the challenges they have? So we are laser focused to deliver quickly on the results so that they can deal with those challenges. So one is they’re challenged with deployments. How do they deploy security and load balancing? So we talked about visibility analytics. We are working even harder on those tools to make it easier and easier to deploy and operate. We see everything, we give the recommendation, and then they can quickly deploy with the best practices.

Next is advanced features. We talked about the ransomware, behavioral security, behavioral attacks. How do we deal with that? That’s where the Gen AI Project Cypress came in. So we want to deliver it in the latter part of this year, Q3 or somewhere there we are going to deliver that. And for Avi, we are doubling down on application analytics and Kubernetes. Kubernetes is a very sweet area for Avi. Those are the greenfield opportunities we enter from there, and then we can penetrate the rest of the customer. And there are 5G use cases, service providers, the traditional load balancers are just too cumbersome and expensive for them.

And the final part of the puzzle is the applications are growing fast, whether they are virtual machine based, especially their containers, people are cranking out application. They almost don’t want to talk to each other. Let’s write an app. We will communicate via than app. So the apps are growing not by 10%, 20%. They’re growing 2x, 3x, 4x. So our security and load balancing needs to scale in the same fashion. So this year we are going bonkers about increasing our scale, 3x, 4x for security and load balancing, and we’re going to deliver it in the summer. So that’s what we are up to.

Daniel Newman: Well, Umesh, I want to thank you so much for joining us here. It’s been a lot of fun having you on the Six Five On The Road Virtual Edition. There was a lot to learn here. And you got us all the way through, Umesh, kind of from the business and overview all the way to a bit of the geek in all of us when you talked about everything from load balancing to the biggest challenges that CISOs and security organizations are facing with networking. I would love to have you back on the show sometime soon, Umesh, if we can make that happen. But for this one, I’m going to set you free and let you go and let’s talk again soon.

Umesh Mahajan: Thanks Dan and Pat. It was great talking to you. Looking forward to future conversations.

Daniel Newman: And everyone out there, hit that subscribe button. Join us for all of our episodes here on The Six Five. We appreciate our partner with Broadcom and VMware here for this particular episode. But for this one, it’s time for Patrick and myself to say goodbye. See you all later.

Author Information

Daniel is the CEO of The Futurum Group. Living his life at the intersection of people and technology, Daniel works with the world’s largest technology brands exploring Digital Transformation and how it is influencing the enterprise.

From the leading edge of AI to global technology policy, Daniel makes the connections between business, people and tech that are required for companies to benefit most from their technology investments. Daniel is a top 5 globally ranked industry analyst and his ideas are regularly cited or shared in television appearances by CNBC, Bloomberg, Wall Street Journal and hundreds of other sites around the world.

A 7x Best-Selling Author including his most recent book “Human/Machine.” Daniel is also a Forbes and MarketWatch (Dow Jones) contributor.

An MBA and Former Graduate Adjunct Faculty, Daniel is an Austin Texas transplant after 40 years in Chicago. His speaking takes him around the world each year as he shares his vision of the role technology will play in our future.

SHARE:

Latest Insights:

The Six Five team discusses Oracle Q4FY24 earnings.
The Six Five team discusses enterprise SaaS reset or pause
The Six Five team discusses Six Five Summit 2024 wrap.
The Six Five team discusses Apple WWDC 2024.