Exploring Application Networking and Security with Broadcom at RSAC 2025
Umesh Mahajan, VP & GM Application Networking at Broadcom, and Prashant Gandhi, Head of Products, Application Networking & Security Division at Broadcom, join theCUBE at RSAC 2025. They explore Broadcom's integrated approach to advanced security measures and load balancing within private cloud environments.
In this video, Mahajan and Gandhi discuss their roles in advancing Broadcom's capabilities in securing VMware Cloud Foundation. They emphasize the necessity of lateral security to monitor movements within networks and highlight how vDefend plays a crucial role in offering enhanced visibility and protection. The discussion, led by theCUBE's host, also highlights the importance of seamless integration with existing infrastructure.
Crucial insights from the discussion include the need for advanced threat protection and the benefits of a homogenous platform to manage cloud environments efficiently. According to Mahajan, prioritizing visibility is fundamental, while Gandhi elaborates on how a software-defined architecture aids in agile deployment. The conversation underscores Broadcom's commitment to enhancing security operations amidst an evolving threat landscape.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSAC Conference 2025. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For RSAC Conference 2025
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for RSAC Conference 2025.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSAC Conference 2025. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to RSAC Conference 2025
Please sign in with LinkedIn to continue to RSAC Conference 2025. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Umesh Mahajan & Prashant Gandhi, Broadcom
Exploring Application Networking and Security with Broadcom at RSAC 2025
Umesh Mahajan, vice president and general manager of the application networking and security division at Broadcom, and Prashant Gandhi, head of products, join theCUBE hosts at RSAC 2025. They explore Broadcom's integrated approach to advanced security measures and load balancing within private cloud environments.
In this video, Mahajan and Gandhi discuss their roles in advancing Broadcom's capabilities in securing VMware Cloud Foundation. They emphasize the necessity of lateral security to monitor movements within networks and highlight how vDefend plays a crucial role in offering enhanced visibility and protection. The discussion, led by theCUBE's host, also highlights the importance of seamless integration with existing infrastructure.
Crucial insights from the discussion include the need for advanced threat protection and the benefits of a homogenous platform to manage cloud environments efficiently. According to Mahajan, prioritizing visibility is fundamental, while Gandhi elaborates on how a software-defined architecture aids in agile deployment. The conversation underscores Broadcom's commitment to enhancing security operations amidst an evolving threat landscape.
VP of Products, Application Networking & Security DivisionBroadcom
Umesh Mahajan, VP and GM of the Application Networking and Security Division at Broadcom, and Prashant Gandhi, VP of Products, Application Networking and Security Division at Broadcom, talk with theCUBE’s Dave Vellante at the RSAC 2025 Conference. Their discussion centers on Broadcom’s approach to securing VMware Cloud Foundation through advanced visibility and integrated platform capabilities.
Mahajan outlines the role of lateral security in monitoring east-west traffic across cloud environments. Gandhi adds that Broadcom’s software-defined architec...Read more
exploreKeep Exploring
What are the key features and benefits of vDefend for securing VCF private cloud environments?add
What is the benefit of plug and play with VCF for security firewalls and IDS/IPS in a software defined distributed architecture?add
>> Welcome back to Moscone West. My name is Dave Vellante and we are here at RSAC 2025 live wall to wall broadcast from Monday to Thursday. John Furrier is here, Jackie McGuire, Jon Oltsik, the whole Cube team. Pleased to welcome Umesh Mahajan, who's the vice president and general manager for the application and networking and security division at Broadcom. I think you call it ANS. So we'll be talking about that acronym. And Prashant Gandhi, who's the head of products, application networking and security division. Gents, welcome. Really good to have you. We've been watching Broadcom for many, many years now and amazing company. You guys are serious people, serious engineers, product focus. Love it. Umesh, maybe start off and explain a little bit about the division, what the scope is and what your sort of responsibilities are.
Umesh Mahajan
>> I think once we got acquired, our CEO had a clear vision, right? The VCF private cloud, but then he felt like we have good assets within the company, VMware, for security and load balancing. So this division's focus is build those advanced services and make them work seamlessly with the VCF private cloud. So that's our mission and vision. Best of breed security and load balancing products for the VCF private cloud.
Dave Vellante
>> It's interesting, the last VM world, I think it was called VMware Explorer prior to the acquisition. I remember saying, I won't say his name, but the person who was running security, maybe it was security marketing at the time. VMware has a great security story. You don't tell it. Well, okay. And then now you guys have reorganized so that it's a fundamental part of the component. I see here you're really focused on lateral security. We were just talking to somebody and said, "Look, when the bad guys get in, assume they get in. What do they do? They traverse laterally in the network." So what is lateral security? Why do customers need it? When we think about zero trust for applications, you've got perimeter security, you've got your firewall set up. What is lateral security and why do people need it? You want to, guys?
Umesh Mahajan
>> So I think perimeter firewalls have been around for like 20, 30 years, right?
Dave Vellante
>> Right.
Umesh Mahajan
>> Apps used to be static. You set it up, the rules and the perimeter and you're good. Now neither are your apps static nor do you know who's talking to who. And they're a lot more apps and they get changed all the time by the developers and a lot of open sources used. So the threat posture or surface of these apps is quite varied and they can be attacked in many directions and now AI ML comes around and everybody's attack champion, right? Everybody's an expert and they can get in, compromise it.
So if perimeter firewall security was really good, no compromises should happen, but compromises are happening in the data center all the time because attackers can get through well-known protocol or you forgot to do something, human error. And once they get in, they move around laterally and cause a lot of damage. Absolutely you need lateral security. And perimeter firewall also doesn't have the visibility because when a packet gets in, going a little technical, when a packet comes in north south, it multiplies many times because an application is not a single instance, it's many VMs or many Kubernetes workloads. And then they talk amongst themselves before a response goes back. Perimeter firewall doesn't see all that traffic, so it doesn't see all that, it doesn't know what to protect. So you have to have lateral security to have the full visibility, then do microsegmentation and even threat detection and mitigation if you want to fully protect against ransomware. So other thing is some CISOs have gone, they bought these tools. Yeah, perimeter firewall is not good enough. I'll buy an IDS appliance, I'll buy anti-NDR from some vendor and they try to put it together. Easier said than done because they don't work with the underlying infrastructure properly. How do you pass the information across them? And we just don't have the visibility properly. They're finally coming to the realization that's not a good model, doesn't work. So we are not going to go down that. And something like vDefend, it's a full stack with all the layers. It's probably a preferred way of doing it and it provides greater visibility, easy to do and easier to deploy. So that's the success we are seeing.
Dave Vellante
>> Okay, so you guys take care of all that integration and so that the customer doesn't have to worry about it and make mistakes and vDefend is the product, right Prashant?
Prashant Gandhi
>> Right. Yeah.
Dave Vellante
>> What is so special about vDefend? What's the IP in there? What's the secret sauce? Why is it unique?
Prashant Gandhi
>> Yeah, absolutely. So vDefend is really purpose-built with the software defined principles for securing VCF private cloud. So you want a plug and play environment to deploy security quickly. One of the challenges with private cloud workload securing them is that the customers have relied and said, "Hey, perimeter security is there. Why do I need additional security?" But as ransomware has been on fire for the past many years that they're realizing that hey, you need security for these workloads and vdefend is purpose built for that. Now what do you need to fully secure? And that's what Umesh really highlighted. You need visibility. If you can't see, you can't secure. If you want to secure more, you got to see more. So visibility is fundamental. How do you get into the host? No one else has access to the host, but we do. We are hypervisor integrated. So that's really a fundamental value that it provides. Then you say, how do you segment workloads? That's the second capability that's needed. Then you have to say, how do I protect against threats and how do I mitigate in case there is a breach? So this entire chain of security capabilities are all built in and are plug and play. So that's really the value.
Dave Vellante
>> And segmenting the workloads obviously to isolate the area that the attackers can get into. And I seen this on a note here, it's full stack. You had mentioned that Umesh, it's not piece parts that you're putting together.
Umesh Mahajan
>> And they fall upon each other, right? Sometimes you have security tools which can detect something, but they can't enforce it. So somebody has to take that data, push it in another firewall. By the time they understand and do it, the attacker is long gone and compromised your stuff. So it has to move in real time all these things. With an integrated stack, if you detect something, right there, the rules get pushed into the lower part of the firewall. So that's a huge difference that our stack has.
Dave Vellante
>> So this is a really important point you're making because when ransomware is on fire and it literally is, at first the reaction was, okay, they're going maybe go after the backup corpus and I'm not going to be able to recover, so I have to air gap. Great. Maybe I do a local air gap, maybe a virtual air gap, maybe I do a physical air gap. Okay, great, I'm going to be able to recover. And the hacker said, "Oh, that's fine, but we still have your data and we're going to release it if you don't pay us." And I think a lot of practitioners and customers went, "Oops. We have to have a solution like vDefend like you just described because we can't allow them to leave with our data." So that's what this is about. There's a lot of diversity in customer environments. There's a lot of heterogeneity. I've listened to Hock Tan very closely last year at VMware Explorer about the benefits of homogeneity. I've heard that argument before. I've heard it for many years. I've been in this industry a while. His was quite compelling. And he just talked about the different levels of expertise and cobbling together, whether it was different clouds or different vendors' products. What's your philosophy there? I heard it again from Hock, but I'd love to hear it from you as it relates to zero trust. I wonder if you could help the audience understand that philosophy of the greater the homogeneity, the better control that you're going to have. And you're going to argue better TCO and I have another question about that, but let's start with just the technical benefits.
Umesh Mahajan
>> First is, when it comes to perimeter firewall is a very slow moving animal. They're used to it. You have to get 15 people to sign off before you can insert a firewall rule. It's slow and steady and that's how it's worked, right? Because nobody can make a mistake in security. But this day and age, you have the developers who want to roll out applications and make changes and update the code all the time because that's the speed at which, that's the lifeline of companies in this digital era. So how do you match that? I think what we find is the security staff is always under the gun because the developers or the DevOps want to move much faster to roll out the applications and they want to go at the slow pace because that's how typically they've done. But we have to get them moving forward and that's where we have invested a lot in visibility, analytics, providing them the tool so they can see everything. It becomes really easy for them, okay, this is what's really going on. This is good connectivity, this is bad connectivity. How should they turn it off? We can get them firewall rule recommendations and they can easily click on that and decide, okay, I can cut it off, and guide them through all the steps because that is the part where they're not clear. They don't know what is secure and what is not secure in this changing data center environment where applications are getting spun up and upgraded all the time. So we can provide them that information so that they can act quickly on it, then it's very beneficial for them. And they have limited staff. I haven't met a customer who said, "I have security which was sitting idle." So how do we make them very, very productive? Prashant, do you want to-
Prashant Gandhi
>> And when we had the internet era, everything was hardware defined, heterogeneity was celebrated, but when it came to cloud, as we moved forward from internet to cloud, homogeneity became important because customers could find simplicity, they can find speed with that. And as we enter to AI, massive performance is going to be required. So what architecture is needed is you cannot take that hardware defined architecture of the internet era and try to fit it into a cloud era or the AI era. And that's where a software defined scale out architecture is needed. So our firewall, for example, the lateral security firewall, or you can say East-West firewall, it's fully distributed, can give you today, it can scale up to nine terabits, start with nine gigabits, go to nine terabits, and we have plans to get to 20 terabits by a software upgrade. You don't need massive big boxes coming in, going out and reinstalling. None of that is required. So that's really the fundamental difference where homogeneity of the platform is beneficial.
Dave Vellante
>> And there's a TCO aspect. I had Drew Nielsen on last year, I presume you know who he is and he's like the TCO guy. TCO, that's not fair. It's really economic analysis inside of Broadcom's VMware. I know a little bit about TCO. I've done a lot of TCO modeling. I really pushed him hard and I thought he made a pretty compelling case. And I understand the homogeneity. Sometimes there are trade-offs. But how have customers responded to the TCO argument, the cost argument?
Umesh Mahajan
>> So what we try to do is we are trying to, it's not only the CapEx side, there's the OpEx side-
Dave Vellante
>> sure....
Umesh Mahajan
>> and usually this OpEx side, which is a little hazy and customers don't fully get it. So you have to convince them on the CapEx side of, hey, in our case, first of all it's software. So there's no active standby hardware load security firewall. You don't have to buy two of everything, just one. And it can be spun up anywhere in time. So you don't need to buy five years capacity right now. So you can buy two years. You don't want one day it's capacity, but you can buy two, three years and then once you run out you can come back and buy more. So it's not like you have stranded assets sitting around, one active, one standby. This guy told me you run out of capacity. So I bought a hundred gig, I only needed 10 gig right now. So one is savings out right over there. Second is in our model, you spin up these security firewalls wherever you want them in whichever host. It's not like, hey, you have to do it in this corner in the service rack. Take all the traffic there. So wherever you find the CPU codes availabe, you spin it up there and you connect the traffic, do it. So a lot of savings from that point. Then we have the cloud operating model. Everything is API driven, declarative policy, API. So the DevOps people can programmatically put it in their tool chain, roll it out or reverse it. When the application goes away, the firewall is also removed. It's not like you are just capacity, capacity, capacity. It's optimal usage, quick setup, and quick turn down. And with Kubernetes, you absolutely need that.
Dave Vellante
>> Got it. You can-
Umesh Mahajan
>> In Kubernetes, you absolutely need that.
Dave Vellante
>> So okay, so we've talked about micro-segmentation and check-
Prashant Gandhi
>> Maybe one more item, right? The east-west traffic, the lateral traffic Umesh highlighted can be 4X to 5X more than the north-south traffic. So now you are looking at terabits of traffic. When you try to redirect all that traffic to physical hardware firewall, first of all, it's very complicated, it's hard to troubleshoot, but it's very expensive. You need dozens of boxes to be able to do that. And that's where the TCO really comes from. And the hard savings are, we have seen customer examples where if they were to take hardware files versus this vDefend, you can get up to 50% off in TCO.
Dave Vellante
>> Okay, so we talked about micro-segmentation, check, visibility, check, lateral movement. Okay, great. That's assuming they're getting in because you have to make that assumption. How do you detect them? But I guess maybe as importantly, how do you prevent them from getting in? What are your thoughts there, products, solutions, philosophies?
Umesh Mahajan
>> So we have two SKUs, right? One is the basic firewall SKU, distribute firewall, that's our strength. But we have also invested over years on advanced threat protection. How do you detect threats? How do you mitigate them and how do you eventually turn them off? So a huge area of investment for us because there's that layer, right? There's malicious malware attacks, there's vulnerability attacks, all applications use open source. Nobody writes code without using open source. Open source always has vulnerability. That's how attackers get in. So what do you do? So we have the full stack over there. IDS/IPS distributed, scalable, and it used to scale to three terabits. Now upcoming release in a few weeks we'll get it to scale to nine terabits. One controller and distributor scale. Suddenly attacks like Log4J which happened, which meant you have to upgrade. We still have customers who haven't upgraded three years later. But they said, "If you had something like IDS/IPS, this distributed stuff you have, and if we had bought it and deploy it, we can quickly provision a rule and it's called virtual patching. We can wait when we are ready to upgrade our software."
So a lot of our customers we using distributed firewall and now moving on to this advanced threat protection SKU of ours, doing IDS/IPS and then also for ransomware attacks, NTA NDR with full AI because they want to see the full benefits. There's so many different attacks in a full attack chain, which happens. Lateral movement, host vulnerability, they detect vulnerabilities, which can IDS/IPS, et cetera can stop compromise the host, then move laterally, which our distributed firewall can stop. Then finally capture the data and end up somewhere. And that's where all the NTA NDR stuff comes in to prevent that.
Dave Vellante
>> Is this where, all software based, is this where the Avi acquisition comes in?
Umesh Mahajan
>> No, this is where the Lastline acquisition comes in.
Dave Vellante
>> Lastline. Okay.
Umesh Mahajan
>> We acquired that company five years ago. They had a sandboxing and then they had NTA NDR, so that's totally integrated into our solution.
Dave Vellante
>> Explain Avi.
Umesh Mahajan
>> AVI is a load balancer, but because it's a forward proxy, there are security areas like web application firewall and API security, which needs a proxy because you need to sit in the middle, track everything. So it's a perfect place for web application firewall and API security. And again, thank you ransomware, WAF was okay, but last two years, suddenly we see a lot of interest in WAF. Customers suddenly want to deploy it because they want to protect that every year. They don't know how the attackers coming in and compromising them. So we are investing a lot of energy in that area, WAF, and then API security. And both these are very pertinent for Kubernetes because in Kubernetes workloads also, you can get same security attacks and our Avi load bouncers use an ingress load bouncer because it's distributed, agile, and very easy to deploy and turn down, perfect for Kubernetes workloads. So people are using it for WAF and API security, especially in Kubernetes a lot more APIs get used, right? It's live and die APIs.
Dave Vellante
>> Of course. Yeah.
Umesh Mahajan
>> It's a perfect area for that.
Dave Vellante
>> It's another seam, right?
Umesh Mahajan
>> So that's where the Avi angle is coming in for the security side. We're seeing tremendous usage and uptake in WAF and API security with the Avi platform that we have.
Prashant Gandhi
>> If you look at, I mean, CISOs have always talked about defense in depth. You need multilayer security, right? But then for every layer you get a new shiny toy and then deployment becomes a nightmare. So you never end up deploying, the strategy never gets to execution. And so your risk exposure is not changing. And so that's really what vDefend and Avi, fully integrate it, make it simple and plug and play so they can turn on the security layers that they need.
Dave Vellante
>> Deployment and it's an integration nightmare. Okay, so you've got another trend. You got the application development team and you got the SecOps team. Developers go fast. They're serving the business, time to value, security department, the department of no. How are you reconciling that? Can your products help?
Umesh Mahajan
>> Yeah, so again, with the policy layer, obviously in our architecture, we made it easy for the DevOps people. Hey, you can, whether it's your tool chain, CI/CD pipeline, you can provision it and it's a whole software defined distributed architecture. And we plug and play with VCF. What I mean plug and play with VCF is for security firewalls, IDS/IPS you have to get traffic in and out of the engine. It doesn't miraculously show up from somewhere. So we stitch that because we know the VCF stack, Broadcom VMware stack, customer doesn't have to say, "Oh okay, I'm going to put a VLAN here, take it through this port. A lot of mistakes are made. So we automatically stitch that underneath. So suddenly a DevOps person can spin up the firewall. Anything in any instance anywhere, the connectivity will be there because we have plug and play with the VCF and we get the traffic there. So now they can turn things on fast and they will work. And you don't, usually the firewall people are security people because they had to go to the networking people, get the VLAN, move the traffic there, come back, it used to take weeks and months. Now all that-
Dave Vellante
>> Take that away.
Umesh Mahajan
>> So now suddenly they can move much faster and with the visibility and then we give rule-based access control. So the security key people can keep the key infrastructure that these developers won't mark with.
Dave Vellante
>> So the RBAC is built in.
Umesh Mahajan
>> RBAC is built in. They can keep that, they don't have to give that access. So they only give the application layer to the DevOps people so you can muck around. If you screw up, you screw up-
Dave Vellante
>> You're not going to-
Prashant Gandhi
>> So the security team loves micro-segmentation.
Dave Vellante
>> Of course.
Prashant Gandhi
>> DevOps team want as code. So we have combined it. We offer micro-segmentation as code. So both teams are happy. Then there are some developers who want it as self-service. So we have combined them to say micro-segmentation available as self-service through a service catalog. So at the end of the day, now micro-segmentation gets deployed at the speed of application. And so both teams are happy.
Dave Vellante
>> Guys, I got to go, but give me the bumper sticker on AI. What's your...?
Umesh Mahajan
>> So AI, I think it's cool technology, especially with GenAI. We were always doing AI and ML-
Dave Vellante
>> Yeah, of course....
Umesh Mahajan
>> for our learning, discovering applications. How do you come up with firewall rules? But suddenly GenAI comes around. So our first use of GenAI, we've decided, okay, for the most complicated security, right? NTA NDR, behavioral analytics, there you can generate hundreds of alerts. So how do you crunch them down to a few alerts so that some human can make sense out of them? And then how do you also give the context and say what you should do? So that was our first GenAI usage and we released a copilot last year. Fantastic feedback on it. Customers who headed down that journey are beginning to deploy it. The second area where everything in AI is important is not a documentation read. A lot of people are using, oh, copilot it take you through a doc, we will also have that, but it's triage. Customers tell us when a problem happens, we get hammered. Must be the firewall, which is dropping the package. We won't provide the answer with, "No, no, no, we are not doing it. Look, we can show you." But that's where the copilot can tell them, it's dropping it, where exactly doing it, who changed the rule, why did it happen within a few milliseconds. Today can take them days and weeks to figure out in this complicated network what's going on. So we really want to make that triage simple. Then as you know, VMware is working on VMware Broadcom and Private AI. Private AI, we have a partnership with NVIDIA. We're trying to, for enterprises and federal customers, use GPUs and virtualize them and provide that. And a lot of that, those workloads will be Kubernetes workloads, Kubernetes workloads the software defined security architecture with full visibility and analytics is perfect. And that's where vDefend can shine.
Dave Vellante
>> Very focused story guys, with a really hardcore engineering culture. Thanks so much for coming on theCube. Really a pleasure.
Umesh Mahajan
>> Thank you, Dave.
Dave Vellante
>> Umesh and Prashant, thank you. All right, and thank you for watching. Keep it right there. After this short break, we'll be back for more coverage from RSAC 2025. You're watching theCube.
Dave Vellante