VMworld 2019: Intrinsic security at the core of VMware’s latest offerings
Customers empowered to implement security that delivers automated, pervasive, and proactive protection
14 November 2019 | 0
Much of the cloud architecture leader’s security-centric announcements reinforced those made at VMworld 2019 US last August; it gave the low-down on new partnerships, advanced features for existing solutions and the further integration of Carbon Black products. At the core of many of its plans was intrinsic security.
Intrinsic security vision
VMware wants to provide its customers with a modern, intrinsic security cloud platform for any application, running on any cloud, and on any device. It envisages that this will make security more automated, proactive and pervasive across the entire distributed enterprise. As such, intrinsic security should lower risk to critical applications, sensitive data, and users by shrinking the attack surface across clouds, data centres, end users, and the enterprise edge.
Explaining intrinsic security, Sanjay Poonen, chief operating officer, customer operations, VMware said: “VMware believes we have to stop adding more and more complexity in an effort to solve cybersecurity challenges, and instead use our infrastructure as part of the solution. In short, we must make security intrinsic.
“VMware is delivering intrinsic security through a comprehensive portfolio spanning the critical control points of security: network, endpoint, workload, identity, cloud, and analytics.
“Because we’re built-in, we’re everywhere where apps, devices and users reside. This gives us a unique vantage point to be informed about what’s happening in a customer’s environment. With this knowledge, we can be proactive in hardening customers’ environments to better prevent threats.
“The paradigm has shifted from traditional security – that is bolted on, not very intelligent, and is often reactive – to something that is all intrinsically built-in, where all the security building infrastructure is intelligent, smart and driven by AI. It has become proactive rather than reactive.”
The company asserted the idea that security should be built into all levels of the cloud stack upfront and is realising this vision through an intrinsic security portfolio that spans numerous control points.
“We needed intrinsic security built into every layer – the infrastructure layer, the cloud infrastructure layer, the application layer and the devices layer,” said Poonen.
Carbon Black solutions
A major step towards achieving this vision is by integrating security provider Carbon Black’s cloud solutions deeply into its infrastructure. With the acquisition now done and dusted, VMware plans to offer several Carbon Black Cloud solutions to its customers.
The offerings include a next-generation antivirus, Carbon Black Endpoint; an advanced cloud workload protection add-on for VMware vSphere, Carbon Black Workload; Workspace Security, which combines best-in-class behaviour threat detection, next-generation antivirus, digital workspace analytics and remediation solutions; and Carbon Black Endpoint Standard with Secureworks Threat Detection and Response which combines best-in-class next-generation antivirus and endpoint detection and response with an advanced security analytics application.
Poonen also announced the launch of a new security business unit under the leadership of former Carbon Black CEO Patrick Morely. The unit will provide customers with comprehensive endpoint and workload protection and advanced cybersecurity analytics.
If managing endpoints has become too complex a task for customers, it was revealed that Carbon Black Cloud will be the preferred endpoint security solution for Dell commercial customers.
Redefining internal data centre and multi-cloud security
VMware NSX made micro-segmentation financially and operationally feasible for the first time. Now, it set to launch NSX Distributed intrusion detection and prevention (IDS/IPS), to take its Layer 7-capable firewall to the next level. The solution will make an application and match IDS/IPS signatures to specific parts of it – meaning an Apache or Tomcat server will only receive relevant signatures. According to the company, the results will be higher-performance and more accurate thanks to a lower false positive rate.
It also announced NSX Intelligence, which automatically generates security policies from analysis of workload traffic. NSX Federation will enable customers to deploy and enforce security policies generated by NSX Intelligence across multiple data centres. This new capability will help enterprises simplify disaster recovery and avoidance, share application resources across data centres, plus it will simplify the overall security architecture and make it easier for customers to manage security policies.
According to the company, this system cannot be matched by traditional appliances as there is a major difference between legacy and proprietary hardware-defined systems, and open, scale-out software solutions such as NSX.
Secure Access Services Edge
It has applied its intrinsic security approach to Secure Access Services Edge (SASE) via a global, multi-service cloud network that extends from on-premises to cloud to edge to end user, and integrated networking and network security capabilities delivered by VMware SD-WAN. To meet enterprise security requirements, its SD-WAN branch firewall performance, flexibility and usability features will be further enhanced. This will enable simple policy definition, improved performance, and logging. Now, customers can enjoy built-in security and automated, policy-based access to partners’ advanced security services.
Secure State and Zero-Trust security
VMware Secure State was also on the receiving end of a security boots; it will be updated to reduce public cloud risk and improve security posture. Secure State delivers an interconnected security approach that enables deep visibility into cloud service relationships and correlates risk due to misconfigurations and threats across multi-cloud infrastructure. To make security more active, automated and scalable for multi-cloud users, it continuously verifies the overall security and compliance posture.
When companies can detect security and compliance issues earlier, they can scale security at cloud speed; minimise risk; and accelerate time to market for realising public cloud applications.
Further, its Zero Trust security architecture will help customers to modernise their approach to digital workspace security, with a special focus on its Workspace One Trust Network. VMware said that this architecture outlines how to bring together device management and compliance; conditional access; app tunnel and proxy; risk analytics; and automated remediation and orchestration. This helps customers to determine how to enable a zero trust security model, simply.
“The security industry is broken”
Between these announcements and the acquisitions of Pivotal and Carbon Black, VMware is more security-driven than ever. Describing VMware’s more advanced approach to security, Poonan said; “We thought we should do more because we have seen what’s happening in the security industry today, and it’s fundamentally broken.”
To illustrate his point, Poonan drew a comparison between security and health. “If you went to a doctor, for example, and asked him how to stay healthy, and he said you need to take 5,000 tablets, that would mean if you took a tablet every 30 seconds, it would still take you a week to consume the entire 5 000. And unfortunately, this is like the security industry today. There are 5,000 vendors, tools, solutions, with different, fragmented agents sitting on people’s laptops, all of them on your console, and there’s a lot of manual labour needed to pull this all together.
“Quite frankly, it’s broken. And when you think about healthcare, the reason you don’t have to pop 5,000 tablets every week, is because you adopt a different approach to your healthcare.”
The new VMware Carbon Black Cloud solutions, SD-WAN branch firewall capabilities, and Secure State Findings API are expected to be available by February 2020. VMware NSX Distributed IDS/IPS and NSX Federation are expected be in beta in late 2020.