VMware Cloud Foundation - the suite the vendor advances as the best way for service providers to build private and/or hybrid clouds - has received a major update with new security capabilities from Carbon Black and NSX.
At RSA 2020 conference on Tuesday, VMware unveiled that VMware Cloud Foundation – which includes offers such as VMware Cloud on AWS and VMware Cloud on Dell EMC – has been injected with Carbon Black’s workload protection Real-time Workload Audit/Remediation technology as well as its Next-Generation Antivirus (NGAV) and Endpoint Detection & Response (EDR) solutions.
Additionally, VMware’s NSX Advanced Load Balancer with Web Application Firewall capabilities and NSX Distributed IDS/IPS has been added to VMware Cloud Foundation. The NSX and Carbon Black technology will tightly integrate into VMware vSphere.
For more than a year, VMware has had its sights set on disrupting the security industry by tightly integrating security into every product, a strategy it dubs as intrinsic security.
VMware Carbon Black will be tightly integrated with VMware vSphere to create an agentless solution that eliminates the need to insert antivirus and other agents. VMware says endpoint telemetry will be managed and gathered via built-in sensors protected by the hypervisor.
Adding the scale-out software architecture of NSX Web Application Firewall to VMware Cloud Foundation will help confirm that web servers have enough compute capacity for maximum security filtering even under peak loads. VMware’s web application firewalls leverages its understanding of application, automated learning and app-specific rules to provide strong security with lower false positives.
With VMware Cloud Foundation now including NSX Distributed IDS/IPS, the offering will provide intrusion detection on many difference services to offer deeper visibility as well as enable advanced filtering to be applied to every hop of the application to reduce any blind spots.
In an interview with CRN last year, VMware CEO Pat Gelsinger said VMware has the ability to take the security market by storm.
“We have two assets that nobody else on the planet has. We have the VM. We’re building this intrinsically into the VM. A lot of problem with a lot of security today is they end up being agents that you add into the guest environment. If you’re an attacker, the first thing you do is turn off the agents. Right? Those techniques of turning off the agents or spoofing the agents, there’s probably 100 free kits you can download to do that. The VM can’t be turned off. This sits as a capability inside of the VM,” said Genslinger.
“[Then] with our NSX, I now have an enforcer point, where you can see the network traffic and see all of it from an application-centric [point of view]. So the VM is handing traffic into NSX and then to the microsegments -- there’s nothing else sitting in-between that. You don’t have to hairpin to some remote firewall or some other service. You have that explicit point right at connectivity into the networking layer that either gives you visibility of all traffic coming in or enforcement of traffic going out,” said Gelsinger. “Those are two very powerful points that we don’t think anybody else is anywhere close to us in being able to do those two things for very fundamental, technical and market-based reasons.”
VMware made a huge splash in the security market in October 2019 with the acquisition of endpoint security leader Carbon Black for a value of US$2.1 billion.
In addition to the new security features on VMware Cloud Foundation announced at the RSA 2020 conference, the company launched new capabilities for the VMware Carbon Black Cloud.
VMware introduced automated correlation with MITRE ATT&CK framework Technique IDs -- a which is a list of common tactics, techniques, and procedures -- built into the VMware Carbon Black Cloud, allowing customers to discover potential threats and identify areas of improvements. Additionally, VMware Carbon Black will be adding malware prevention capabilities for Linux machines to enable customers to migrate away from other endpoint prevention solutions specific to Linux.
The RSA 2020 conference in San Francisco runs Feb. 24-28.