Short on security professionals, enterprises are desperate for more automation of security processes as their infrastructure gets more complex while cyberattacks grow in number and scope. A recent partnership by VMware aims at offering some relief.
VMware has teamed up with Carbon Black, an advanced endpoint security company, to offer a new joint data center security solution that promises better protections against old and new threats in addition to automated forensics and remediation.
It could also help speed the transition to virtual environments, said Eric Ogren, founder and principal analyst at 451 Research.
"Security is a huge objection to shifting workloads into hosted services," he said. "I actually believe this signals a trend in delivering security services in architectures appropriate for cloud-based data centers and hybrid environments. I fully expect to see similar activity from AWS, Microsoft Azure, and Google."
VMware and Carbon Black's solution, which will be available within the next couple of months, takes advantage of VMware's recently announced AppDefense platform -- a hypervisor-focused white listing approach to virtual machine security.
Meanwhile, Carbon Black offers intrusion detection based not only on known malware signatures but also on behavioral analysis and other advanced methods that can detect previously unknown threats.
According to a report Carbon Black released today, 52 percent of all cyberattacks this year have been file-less attacks that don't involve traditional malware being installed on a machine. That makes the attacks harder to detect.
The company currently counts more than 3,500 enterprises as customers and says more than 15 million endpoints are under its protection.
Carbon Black CEO Patrick Morley said the partnership with VMware creates a robust and holistic approach to securing mission-critical applications running in data centers.
The partnership is good news for data center security, experts say.
"The protections they offer are complimentary and customers will benefit greatly by the combined solution from a deployment and integration perspective," said Ambuj Kumar, co-founder and CEO at Fortanix, a Mountain View, California-based security firm.
But it's not a perfect solution, he warned. Relying on the hypervisor to keep applications secure hasn't always worked well.
"What happens if attackers target the hypervisor itself?" he asked. "In past, we have found multiple zero-day bugs in various hypervisors themselves leaving them vulnerable to various attacks."
The white listing approach can work well to guard against unknown threats, but creating a list of allowed applications is typically a challenge for administrators.
"With the integration that is being proposed here, this problem goes away," said Rishi Bhargava, co-founder at Demisto, a security automation company. "The virtual infrastructure can update the list of good known applications with Carbon Black." That makes policy enforcement easier.
Carbon Black will leverage automation tools built into VMware AppDefense to provide automatic remediation of problems including options like creating a snapshot of a virtual machine, suspending the machine, quarantining it, and performing forensic analysis. This should speed up response time to security incidents.
Many companies are looking to security automation to solve the problem posed by attacks increasing in number and damage capability at a time when the industry faces a critical shortage of security professionals.
"There simply is not always time to fire off an alert for the hosting service to examine and then pass along to the customer, schedule a conference call to figure out what to do, then implement a fix," said 451's Ogren. "People are busy. The data centers are definitely pleading for automated responses."
According to a survey conducted by the Enterprise Strategy Group earlier this year, more than half -- 54 percent -- of IT and cybersecurity professionals said that they are forced to ignore security alerts or events that they believe should be investigated. And 45 percent of organizations have a "problematic shortage" of cybersecurity skills. As a result, 96 percent are either planning to launch security orchestration projects or have already done so.
Even if an organization doesn't roll out full automation for security responses and keeps people in the loop, just having the forensics done automatically will be a big help.
According to the ESG survey, the task that took up the most time for their security team was gathering together all the data related to an attack, selected by 35 percent of respondents.
But VMware and Carbon Black alone might not be enough to do a complete automated response to security problems, said Demisto's Bhargava. "The response requires many other pieces of security infrastructure and deeper understanding of the entire security stack," he said.
