VMware announced new capabilities that deliver strong lateral security across multi-cloud environments so customers can better see and stop more threats. VMware Contexa, a threat intelligence cloud powering VMware’s suite of security solutions, finds that cybercriminals make only 2-3 lateral moves to reach their target. 1 Preventing lateral movement requires an end-to-end view across users, devices, networks, apps, and data.
At RSA Conference 2023, VMware unveiled enhanced features for its suite of security solutions to address the increasing sophistication and scale of cyberattacks. These enhancements include:
* DPU-based acceleration using SmartNICs for accelerated VMware NSX performance.
* VMware Carbon Black Workload and Cloud Configuration for security that’s designed for cloud-native architecture.
* An enhanced Firewall Service offering to bring NSX Advanced Threat Protection capabilities to VMware SD-WAN edge appliances for simplified operations at the enterprise branch.
* VMware Secure App IX for more secure application connectivity across applications and clouds.
* VMware Workspace ONE updates for phishing and content protection, secure access, and patch management.
“As the cyber threat landscape evolves, our customers require their infrastructure to play a more active role in protecting their enterprise,” said Sumit Dhawan, president of VMware. “VMware is deeply committed to driving innovation in infrastructure, delivering enhanced protection against threats of today and tomorrow. I am proud of the innovations we are announcing at the RSA Conference to provide our customers with rich contextual visibility and enhanced protection against cyberattacks targeting their multi-cloud environments.”
Strengthening Lateral Security for Multi-Cloud
Over recent months, VMware made a series of announcements highlighting DPU-based acceleration for VMware NSX. Previously only available as tech preview but now with general availability in VMware NSX 4.1, customers can now leverage DPU-based acceleration using SmartNICs. This implementation allows customers to run NSX networking and security services on DPUs, providing accelerated NSX networking and security performance for applications that need high throughput, low latency connectivity, and security.
Applications are the lifeline for many businesses and, as such, security plays an integral role. Advanced load balancers provide a great vantage point to deploy multi-layer application security. For example, web application firewall, bot management, L7 DDoS protection and API protection have visibility across all application traffic and reduce security solution fragmentation. VMware announced new enhancements to VMware NSX Advanced Load Balancer (ALB) to help customers deploy application security faster, at scale and consistently across all apps and hybrid multi-clouds. VMware NSX ALB also provides a single elastic load balancing solution done entirely in software to help simplify app delivery and security. In addition, VMware NSX Advanced Load Balancer Pulse service now includes live threat intelligence feed, a unified central dashboard that provides a single pane of glass view, the flexibility to build custom dashboards with extensive API support, and the ability to improve interaction with all cloud enabled NSX Advanced Load Balancers.
Securing Multi-Cloud Workloads
As organizations move rapidly to the public cloud, it creates cloud chaos and widens the attack surface even further. Keeping multi-cloud environments secured is a shared responsibility and a top priority not just for IT and security teams, but for the C-suite as well. The introduction of VMware Carbon Black Workload and Cloud Configuration helps to address this need by delivering security designed for cloud-native architecture, therefore enabling customers to view security as a continuous process across a workload’s lifecycle. By bringing together the best of VMware Carbon Black Workload and VMware Aria Automation for Secure Clouds, VMware delivers deeper context powered by VMware Contexa to analyze threats, for better visibility on workload posture, stronger compliance, operational ease with fewer false positives and automated workflows, and reduced complexity.
“The more information we can get, the better action we can take, and the better comfort levels we can supply to our internal business stakeholders,” said Johan Marais, Platform Services Senior Manager, Discovery Limited, regarding VMware Carbon Black Workload and Cloud Configuration.
Compliance is an important element to protecting an organization from cyber threats and improving overall security posture, no matter where their workloads reside. CIS Benchmarks are the only consensus-based, best-practice security configuration guides both developed and accepted by government, business, industry, and academia. A new feature for VMware Carbon Black Workload provides an effortless way for organizations to evaluate CIS compliance and understand hardening status of the compute infrastructure in workload environments from the VMware Carbon Black Cloud console. Bringing an in-house benchmarking tool into VMware Carbon Black Workload allows for more flexibility for customers.
Security teams can’t protect what they can’t see, yet they often lack visibility and control in highly dynamic multi-cloud environments and in more constrained air-gapped systems. To better protect workloads, VMware Carbon Black Workload introduced a Sensor Gateway for Linux which enables VMware Carbon Black Cloud for air-gapped systems. All communication to and from VMware Carbon Black Cloud is directed through the Sensor Gateway. This additional control helps enterprises keep their workloads secure while further insulating them from Internet traffic, removing the burden of owning, managing, and budgeting for additional proxy servers. It also helps enterprises pass compliance audits and reduce the attack surface for workloads by directing sensor traffic through a trusted secure entity and enables even the most highly controlled environments to modernize. Thus, replacing legacy signature-only antivirus products with modern NGAV and leveraging true VMware Carbon Black XDR capabilities for stronger lateral security.
Achieving Borderless Governance for Applications in Multi-cloud Environments
VMware today announced VMware Secure App IX, a new offering designed to help organizations achieve governance and compliance by more securely connecting applications in multi-cloud environments and enabling application teams and lines of business (LOB) to accelerate their application and digital innovation initiatives. VMware Secure App IX provides capabilities that enable organizations to standardize and enforce consistent secure application connectivity policies, with real-time visibility and insights, for governance and compliance across single and multi-cloud environments. This helps to protect application end users, apps/APIs, and sensitive data in transit against ever-changing security threats and vulnerabilities.
Unveiling an Enhanced Edge Firewall
VMware today unveiled its enhanced Firewall Service offering, bringing NSX Advanced Threat Protection capabilities to VMware SD-WAN edge appliances, further strengthening the comprehensive VMware Secure Access Service Edge (SASE) offering. As with all other VMware SASE services, this offering will be integrated into the VMware SASE Orchestrator for simplified operations and obviates the need for separate security management. By combining the power of the NSX Advanced Threat Protection with the VMware SD-WAN Edge platforms, customers will be able to confidently eliminate legacy firewalls at the branch without sacrificing security and benefiting from simplified network and security operations, all while taking advantage of VMware’s investment in threat intelligence. Managed from the cloud along with VMware SD-WAN, Cloud Web Security, Edge Network Intelligence for AIOps, and the SD-WAN Client for remote access, the enhanced Firewall Service offering is another proof point of VMware’s leadership in the SASE market with a cloud-native, cloud-delivered SASE offering.
Delivering Security Everywhere to Enable Work from Anywhere
VMware today announced innovations to Workspace ONE spanning phishing and content protection, secure access, and patch management that will better enable organizations to secure their hybrid workforce. Mobile phishing campaigns targeting businesses have increased in number and impact over the past two years2. VMware Workspace ONE Mobile Threat Defense helps address the risk of threat actors sidestepping security controls – including corporate profiles on personal devices – by integrating phishing and content protection with the Workspace ONE platform. With Mobile Threat Defense, customers will be better able to protect against potential phishing activity across email, SMS, general web content, and messaging and social apps. Phishing and content protection is applied to all traffic, both external and internal, using a unique integration with Workspace ONE Tunnel. The conflict between phishing and content protection solutions and VPNs is targeted for elimination by consolidating phishing and content protection and secure access within Tunnel.
When employees have the flexibility to work from any location on any device, IT teams must navigate the complex balance of securing apps and data ubiquitously across any user. VMware Workspace ONE Tunnel will enable secure access without device management on all major operating systems including iOS and Linux, in addition to Android, macOS, and Windows. Organizations start the journey to Zero Trust on unmanaged devices by utilizing Tunnel to limit access to specific applications as opposed to exposing full networks, layer on additional authentication leveraging MFA with SAML 2.0, and gain additional insights via Workspace ONE Intelligence. Workspace ONE Tunnel for unmanaged devices is included in most Workspace ONE editions.
Patch management is fundamental to endpoint security. Today, VMware aims to continue accelerating the cloud-native patch management capabilities of Workspace ONE, which allows Windows OS updates to be delivered to PCs anywhere on or off the company networks. New introductions include an updated data-driven user interface that dynamically updates patch management controls independent of console releases; and new device query and sampling capabilities via Intelligent Hub that facilitate direct data collection and evaluation to inform update plans. Combined with the platform’s new Freestyle Orchestration capabilities, Workspace ONE can assess vulnerability exposure data from third-party sources and deliver the needed changes.
With the Workspace ONE platform, organizations can better ensure their device footprint is self-secured, with security policies segmented and tailored for employees to work from any location on any device. With automation and insights driven by intelligent learning, IT and security teams can become more efficient and proactive in managing their environments.
