Virtualization software giant VMware Inc. said today it has agreed to buy an anti-malware research startup called Lastline Inc. to help it better detect sophisticated network threats.

VMware said the acquisition of Lastline, which is expected to close at the end of July, will boost the capabilities of its Carbon Black Threat Analysis Unit by adding network-centric threat research and behavioral analysis. Lastline counts among its employees a group of academic cybersecurity researchers who’ll continue their work with the support of VMware.

“Upon close of this deal, we will bring a world-class team of network-focused anti-malware researchers and developers, and go-to-market security experts, into the NSX team,” Tom Gillis, senior vice president and general manager of VMware’s networking and security business unit, wrote in a blog post announcing the deal.

Lastline employs 156 people and has raised $522 million in six rounds of funding since being founded in 2011, according to Crunchbase. However, TechCrunch reported that VMware is planning to lay off about 40% of Lastline’s staff once the deal is done. VMware and Lastline both declined to comment on that report.

“By joining forces with VMware, we will be able to offer additional capabilities to our customers and bring to market comprehensive security solutions for the data center, branch office and remote and mobile users,” Lastline Chief Executive John DiLullo wrote in his own blog post.

Lastine counts 15 Ph.D.s and academics on its staff, including several of the world’s most published security threat researchers. The company has also been credited with bringing “structure and rigor” to the world of malware research, Gillis said. By combining Lastline with Carbon Black, VMware will gain a much better understanding of the motivations and tactics of malware creators, he added.

Gillis explained that Lastline sells a product that uses “full-system emulation” to look deeper into every instruction executed by malware, providing researchers with a much deeper understanding of how it works. In turn, this enables Lastline to detect and mitigate various related kinds of malware.

“Lastline’s system detects twice the number of malicious files as a signature-based system,” Gillis wrote. “Lastline detonates more than 5 million file samples daily, and the Lastline technology protects more than 20 million users across 1000s of organizations around the world, including five of the 10 largest financial institutions.”

VMware’s NSX architecture will help Lastline to massively scale its efforts and perform network analytics across tens of thousands of cores, without needing to tap into network traffic, Gillis said. The malware analysis will become a critical part of Carbon Black’s Endpoint Detection and Response service by providing much greater workload context, he said.

DiLullo said Lastline will help VMware to offer a much broader array of network security tools that will complement its existing offerings around cloud, data center and workload protection.

“There are few security companies that have the breadth of network and endpoint capabilities as we expect the combined Lastline and VMware will have,” he said.

VMware has made a big push into security in recent months, beginning with its $2.1 billion acquisition of Carbon Black in August 2019. Then in January, it bought the networking analytics startup Nyansa Inc. in order to improve monitoring, network visibility and remediation on its VeloCloud software-defined wide area network platform. And just three weeks ago, VMware added Kubernetes security startup Octarine Inc. in order to beef up its Carbon Black Cloud and AppDefense security products.

“Almost like clockwork, we see another VMware tuck-in acquisition,” said Constellation Research Inc. analyst Holger Mueller. “The acquisition has an acquihire flavor with a considerable braintrust for network security joining VMware. The case for Carbon Black has only gotten better with the exponential increase in remote work, making it even more critical for enterprises to secure their networks.”

Photo: Elchinator/Pixabay