VMware continues to make progress toward its security-focused future with a series of announcements that aim to simplify adding security capabilities to its virtualization platform.
The most visible announcement is the VMware Security Product Suite, which combines new and existing technologies to secure internal workloads and network traffic at multiple levels of the stack through software. The new part of the product suite is VMware Advanced Security for Cloud Foundation, which combines VMware Carbon Black technologies, VMware NSX Advanced Load Balancer with Web Application Firewall capabilities and NSX Distributed IDS/IPS. Keeping with the company's intrinsic security focus, all three products will tightly integrate with VMware vSphere.
In a conference call last week, Tom Gillis, VMware's general manager for networking and security, explained how the technologies will work together.
The acquisition of Carbon Black has allowed VMware to integrate vulnerability scanning with vSphere and make it agentless. That makes it much more difficult to make a mistake and easier to operationalize at scale, he said.
The new offering also provides security filtering at the micro-segmentation level via NSX Intelligence, which allows it to visualize how applications are behaving. In addition, the solution analyzes all data center flows and automatically generates security policies, providing a workflow to ensure that those security policies are fully implemented.
"The web server is the 'front door' of the data center, and NSX Advanced Load Balancer/Web Application Firewall safeguards this frequent point of attack," Gillis explained. The scale-out architecture of the NSX Web Application Firewall helps ensure that web servers have enough compute capacity for maximum security filtering, even under peak loads, he said.
Finally, NSX Distributed IDS/IPS, a new capability of the VMware NSX Service-defined Firewall, will provide intrusion detection on the services that make up an application. The solution includes advanced filtering, along with automatically generated and enforced policies on an application-specific basis.
In addition to VMware Security Product Suite, the company announced new auto-remediation capabilities to Secure State and enhancements to the Carbon Black Cloud, which it acquired along with the rest of Carbon Black.
VMware Secure State's new auto-remediation capabilities will help users automate actions across multicloud environments and more tools to remediate violations.
"We have a philosophy of creating a set of guardrails or basic principles that make sure that no matter what a developer does in a self-service environment, basic security controls are going to be enforced," Gillis said. "It allows us to create an environment where the security team and the DevOps team can work together [while still giving] developers the flexibility and freedom of a self-serve environment."
VMware also has added features and integrations to Carbon Black Cloud. The solution now is fully integrated with the MITRE ATT&CK framework and the Microsoft Windows Antimalware Scan Interface (AMSI).
"The integration of MITRE ATT&CK terminology should help teams communicate more effectively. The framework has seen considerable rise in usage recently and is a good way of normalizing information about attacks across multiple sources of information," said Fernando Montenegro, principal analyst for information security at 451 Research. He added that the AMSI integration is more tactical and should help when investigating scripts that have been obfuscated by attackers.
VMware Carbon Black also now includes malware prevention capabilities for Linux machines, which Gillis said will help users migrate away from other endpoint prevention solutions specific to Linux and consolidate their security programs.
VMware's Intrinsic Security Focus
All of these announcements dovetail with VMware's continued focus on what it calls intrinsic security.
"Security is never as good when it's an afterthought," Gillis said. "If we think about [security] in the design phase, we can build security in a way that's not only more elegant and more easy to operationalize, [but] it's more effective."
Taken together, these solutions help broaden VMware's security functions at all layers of most applications and fit right into VMware's stated goal of wanting to have a bigger role in security, Montenegro said.
"They touch on different layers—endpoints, Web applications and the communications between various components," he said. "And Carbon Black's workload protection capability brings endpoint-centric security functionality that VMware didn't really have before, and customers had to rely on other vendors for."
Montenegro said he expects VMware to funnel significant resources into these offerings as well as potential forays into other areas. "Security is vast, and there are synergies involving infrastructure, user information, data security and business processes," he said.