Cloud Security , Security Operations

VMware Doubles Down on Multi-Cloud, Lateral Movement Defense

VMware's New Platform Makes Launching Workloads as Easy as the Click of a Button
VMware Doubles Down on Multi-Cloud, Lateral Movement Defense
Tom Gillis, senior vice president and general manager of VMware's networking and advanced security business group

VMware has updated its network virtualization platform to enable users to launch an entire workload with a single click without having to open a ticket.

See Also: OnDemand | Securing Cloud Architectures: Implementing Zero Standing Privileges

The Silicon Valley-based virtualization giant has unveiled new capabilities at VMware Explore 2022 that enhance protection around east-west network traffic and make multi-cloud security simpler and less expensive. The company has condensed many of its security hardware and software capabilities into a miniature stack that can be attached to an application rather than residing in a single data center (see: How to Keep Business Flowing During a Ransomware Attack).

"The DMZ [demilitarized zone] used to be a rack where you put those expensive firewalls and load balancers and the like," Tom Gillis, senior vice president and general manager of VMware's networking and advanced security business group, says during a press briefing. "And so we're taking that concept and we're breaking it down into 10,000 pieces, and we deliver it sprinkled across the internet."

The new features come three months after Broadcom agreed to buy VMware for $61 billion, bringing together the $1.6 billion Symantec and $1 billion VMware and Carbon Black security practices. The Symantec business under Broadcom is focused on endpoint, network, information, identity and email security, while VMware's security business focuses on protecting endpoints, workloads and containers.

Extending Security Beyond the Perimeter

Gillis says VMware's new Project Northstar creates higher levels of operational efficiency for customers by extending security across a company's entire IT ecosystem rather than only having it reside at the perimeter. The design offloads networking and security functions onto data processing units connected to the hypervisor, which accelerates functionality without affecting the host CPUs, according to Gillis.

The data processing units, which are also known as SmartNICs, free up 15% capacity of CPUs, which Gillis says makes a strong economic case for the new architecture. The capabilities delivered through the SmartNICs include everything from web application firewalls and load balancers to advancement monitoring and management and SD-WAN.

Through Project Northstar, VMware has made its NSX Intelligence rule and policy generation console available, which Gillis says will make it easier for users to manage microsegmentation, anomaly detection and network traffic analysis. In addition, Gillis says, NSX gives users a single policy repository that can run at a global level across multiple data centers.

"The way that shows up is in user-facing services," Gillis says. "It's replacing all of the services you used to think of in the DMZ that were based on those rigid, expensive proprietary hardware appliances."

VMware has extended a similar philosophy to its new NSX Gateway Firewall that can run across eight different CPUs or nodes since the control plane is separate from the data plane, Gillis says. This allows customers to provision different amounts of capacity and scale up or down to meet demand automatically without having to open a ticket, and the architecture runs in the public or private cloud.

"Taken together, VMware is revolutionizing what you might have thought of as security in the data center and security at the DMZ," Gillis says.

Bringing Network Threat Visibility to the Endpoint

VMware also built network detection and response capabilities from its NSX network security platform into the next version of its Carbon Black endpoint sensors to provide a more unified view of intelligence. This approach will provide higher-fidelity data at a lower cost than peers whose network and endpoint security tools operate separately, according to the company.

Delivering network visibility through an endpoint sensor that everyone already uses and then feeding that information into the vSphere hypervisor will ensure that security is embedded into workloads as they're being developed. The new approach will result in shorter time to detect and respond to threats, a smaller number of false positives and less effort needed to pull data together.

VMware's unique vantage point gives the company an intrinsic advantage for understanding the inner workings of applications, Gillis says. The company is focusing on how to protect traditional VM-based applications as well as on how to protect modern container-based applications, he adds.

Security starts at the endpoint when it comes to VM-based applications, and VMware's Carbon Black technology provides a detailed view of device posture, user behavior around an application, and how apps interact with the underlying data, Gillis says. The embedding of network detection and visibility into Carbon Black Cloud's endpoint protection platform is available to select customers in early access.

VMware has brought advanced machine learning, business logic, inference and API call sequence monitoring into its service mesh capability, Gillis says, adding that this will allow the company to understand and protect APIs and see all of the connections in every conversation.

"In a container world, APIs are the new endpoint. So you need to be able to understand, observe and protect those internal APIs to stop the lateral movement of those attacks," Gillis says. "VMware has unique capabilities for east-west security that can stop the lateral movement of attackers in ways that no other vendor really can."


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.