Does Broadcom’s Acquisition of VMware Put Carbon Black in Play?

In a crowded endpoint protection market, Broadcom may meet resistance in finding buyers at a higher multiple.

Yes, and here is why I think so. 

First, a little about VMware for context: VMware was founded in 1998 by five graduate students at the University of California Berkeley. VMware innovated how organizations architected IT enterprises. The company’s virtualized cloud computing technology revolutionized many aspects of application design and infrastructure deployment and management. 

In 2004, EMC acquired VMware for US$625 million, or over US$1 billion in today’s dollars. In 2007, EMC sold 15% of the company in an IPO; that pre-Broadcom acquisition created a market cap of US$61.52 billion. In 2015, EMC was acquired by Dell Technologies for US$67 billion in cash and stock. In 2022, Broadcom announced its intent to acquire VMware for US$61 billion. The consummation of this deal on November 22, 2023, ended up at US$69 billion after adding US$8 billion in assumption of debt. The 18 months that the acquisition dragged was caused by seeking legal clearances from approximately 12 countries and the EU.

Broadcom is no stranger to large acquisitions, as evidenced by its US$18.9 billion acquisition of Computer Associates in July 2018 and its US$10.7 billion acquisition of Symantec in 2019. Once Broadcom adds the US$28.39 billion in debt to fund the VMware acquisition and its US$8 billion in assumed debt to its existing US$41.2 billion outstanding debt, it will carry US$77.59 billion in debt versus the combined Broadcom and VMware annual revenue of US$46.05 billion. This level of debt will likely cause Broadcom to look for ways to streamline operations, reduce its global workforce, and divest certain businesses. This analysis may already be underway, as Reuters reported on November 29, 2023, that End-User Computing and Carbon Black are under strategic review.

So, what is Carbon Black? It is a cloud-native endpoint protection company that VMware acquired on October 8, 2019, in an all-cash deal worth US$2.1 billion. At the time of the acquisition, Carbon Black generated US$241 million in annual revenue from 5,339 customers. Under VMware, Carbon Black likely grew at less than 10% CAGR. 2022 is estimated at $320 million. Using a multiple value of 7.5x, Carbon Black is likely worth a little more than its 2019 sale price or $2.4 billion.  

In a crowded endpoint protection market, Broadcom may meet resistance in finding buyers at a higher multiple. Since the VMware acquisition, Carbon Black has come under increasing competitive pressure from Palo Alto NetworksSentinelOneCrowdStrike, and Field Effect. Carbon Black’s product is generally well regarded, but many competitors point to replacing or winning major deals from Carbon Black. I suspect the uncertainty of the Broadcom sale will create headwinds in Carbon Black’s growth. 

Broadcom has likely already reached this conclusion and sees this as the right time to sell off this cybersecurity product asset, especially when it has competing products from Symantec’s endpoint protection products. 

Integrating Carbon Black and Symantec would be difficult owing to their vastly different software architectures. Culturally, there would be no way to integrate Carbon Black with Symantec; they have been bitter rivals for years. Broadcom has also crafted Carbon Black as an independent business unit, making it an easy play to spin off. Broadcom could use the nearly US$3.5 billion Carbon Black could fetch to reduce debt with a marginal impact on its annual revenue. 

Now may be the time to give Carbon Black a new lease on life. But Broadcom shouldn’t wait long. The recently announced layoffs of thousands of VMware employees are likely spooking Carbon Black employees, and competitors could easily poach great talent. 

Contact me here to share your thoughts on the potential sale of Carbon Black. If you want to keep up with my cybersecurity company news blogs, go here.