VMware Cloud Foundation Gets Security Breakthrough At RSA
VMware’s popular VMware Cloud Foundation is receiving a major shot in the arm with new security capabilities from Carbon Black and NSX as the virtualization star continues its march to make security intrinsic in all its products.
At RSA 2020 conference on Tuesday, VMware unveiled that VMware Cloud Foundation – which includes offers such as VMware Cloud on AWS and VMware Cloud on Dell EMC – has been injected with Carbon Black’s workload protection Real-time Workload Audit/Remediation technology as well as its Next-Generation Antivirus (NGAV) and Endpoint Detection & Response (EDR) solutions.
Additionally, VMware’s NSX Advanced Load Balancer with Web Application Firewall capabilities and NSX Distributed IDS/IPS has been added to VMware Cloud Foundation. The NSX and Carbon Black technology will tightly integrate into VMware vSphere.
[Related: VMware Licensing VP: CPU Pricing Change Has ‘Zero Impact’]
For more than a year, VMware has had its sights set on disrupting the security industry by tightly integrating security into every product, a strategy it dubs as intrinsic security.
Sanjay Poonen, chief operating officer, customer operations for VMware, said there has never been a more challenging time in security.
“Attacker sophistication, security threats, breaches, and exploits are becoming more prevalent with no end in sight. And with cloud, new applications, pervasive mobility, IoT, and data at the edge, the problem is only getting harder to solve. There must be a new approach to cybersecurity – one that is built-in, unified and context-centric,” Poonen said in a statement. “We believe the best strategy and approach is to make security intrinsic enabling organizations to leverage their infrastructure and its unique capabilities across any app, any cloud and any device to better secure the world’s digital infrastructure – from networks, to endpoints, to workloads, to identities, to clouds.”
VMware Carbon Black will be tightly integrated with VMware vSphere to create an agentless solution which eliminates the need to insert antivirus and other agents. VMware says endpoint telemetry will be managed and gathered via built-in sensors protected by the hypervisor.
Adding the scale-out software architecture of NSX Web Application Firewall to VMware Cloud Foundation will help confirm that web servers have enough compute capacity for maximum security filtering even under peak loads. VMware’s web application firewalls leverages its understanding of application, automated learning and app-specific rules to provide strong security with lower false positives.
With VMware Cloud Foundation now including NSX Distributed IDS/IPS, the offering will provide intrusion detection on many difference services to offer deeper visibility as well as enable advanced filtering to be applied to every hop of the application to reduce any blind spots.
In an interview with CRN last year, VMware CEO Pat Gelsinger said VMware has the ability to take the security market by storm.
“We have two assets that nobody else on the planet has. We have the VM. We’re building this intrinsically into the VM. A lot of problem with a lot of security today is they end up being agents that you add into the guest environment. If you’re an attacker, the first thing you do is turn off the agents. Right? Those techniques of turning off the agents or spoofing the agents, there’s probably 100 free kits you can download to do that. The VM can’t be turned off. This sits as a capability inside of the VM,” said Genslinger.
“[Then] with our NSX, I now have an enforcer point, where you can see the network traffic and see all of it from an application-centric [point of view]. So the VM is handing traffic into NSX and then to the microsegments — there’s nothing else sitting in-between that. You don’t have to hairpin to some remote firewall or some other service. You have that explicit point right at connectivity into the networking layer that either gives you visibility of all traffic coming in or enforcement of traffic going out,” said Gelsinger. “Those are two very powerful points that we don’t think anybody else is anywhere close to us in being able to do those two things for very fundamental, technical and market-based reasons.”
VMware made a huge splash in the security market in October with the acquisition of endpoint security leader Carbon Black for a value of $2.1 billion.
In addition to the new security features on VMware Cloud Foundation announced at the RSA 2020 conference, the Palo Alto, Calif.-based company launched new capabilities for the VMware Carbon Black Cloud.
VMware introduced automated correlation with MITRE ATT&CK framework Technique IDs — a which is a list of common tactics, techniques, and procedures — built into the VMware Carbon Black Cloud, allowing customers to discover potential threats and identify areas of improvements. Additionally, VMware Carbon Black will be adding malware prevention capabilities for Linux machines to enable customers to migrate away from other endpoint prevention solutions specific to Linux.