Kathy Gibson reports from VMworld 2020 – VMware has quietly become a leader in the security business.

The company’s security business is now worth $1-billion, and serves 20 000 security customers, says Sanjay Poonen, chief operating officer: customer operations at VMware. “Analysts call us the best-kept secret in the security world.”

There are many security solutions available in the market. But, in many organisations, security is effectively broken because there are just too point tools, Poonen says.

“Our strategy is to layer security into every part of the VMware strategy – on any app, any cloud, any device. We bake security into all control points: virtual machines, workspaces, networks and endpoints.

“This is how we are changing the game for information security and network security, for end users and cloud teams – because they all need to work together.

“Amid global disruption, the key to survival for many companies has meant an accelerated shift to the cloud and ultimately, bolting on security products in their data centers,” Poonen points out.

“But legacy security systems are no longer sufficient for organisations that are using the cloud as part of their computing infrastructure.

“It’s time to rethink security for the cloud. Organisations need protection at the workload level, not just at the endpoint. The future of cloud must be met with a better way to secure data and applications.”

Patrick Morley, senior vice-president and GM: security business unit at VMware, points out that the “new normal” has meant that security teams have had to change the way they work.

“When Covid hit, many CISOs felt they were well prepared to work with users working remotely,” he says. “And this may have been true when a small percentage of the team was distributed. But when 100% of the team is working remotely, combined with changing dynamics of cloud application and IaaS, security teams had to change too.”

As organisations continue their journey towards cloud transformation and application modernszation, they require modern security solutions that are both powerful and easy to operationalize.

VMware Carbon Black Cloud Workload delivers advanced protection purpose-built for better securing modern workloads to reduce the attack surface and strengthen security posture. It combines prioritised vulnerability reporting and foundational workload hardening with industry-leading prevention, detection and response capabilities to protect workloads running in virtualised, private and hybrid cloud environments.

Tightly integrated with VMware vSphere, VMware Carbon Black Cloud Workload provides agentless security that alleviates installation and management overhead and consolidates the collection of telemetry for multiple workload security use cases.

The unified solution enables security and infrastructure teams to automatically help secure new and existing workloads at every point in the security lifecycle, while simplifying operations and consolidating the IT and security stack.

Workload security is especially complicated in hybrid data center architectures that employ everything from physical, on-premises machines to multiple public cloud infrastructure as a service (IaaS) environment to container-based application architectures.

For security teams, VMware Carbon Black Cloud Workload will offer:

* Visibility to identify risk and harden workloads;

* Prevention, detection and response to advanced attack; and

* Simplified operations for IT and security teams.

VMware will introduce expanded offerings for Carbon Black Cloud Workload later this year including a new module for hardening and better securing Kubernetes workloads. The new capabilities will give security teams governance capabilities and control of Kubernetes environments.

 

The future of security operations

Security incident detection and response has never been more critical or more challenging. A July VMware Carbon Black report found 94% of organisations worldwide suffered a data breach from March 2019 to March 2020.

Security operations teams need detection capabilities that go beyond discovering malicious software to discovering software being used maliciously. They need a broader set of “camera angles” that include endpoint, workload, network, user, and application. And they need a more holistic approach to responding to those threats given the connected nature of workloads and the applications they compose.

Extended Detection and Response (XDR) provides a unified approach to security incident detection and response that can leverage multiple domains – from endpoint to workload to user to network.

VMware is announcing its approach to XDR that includes cross-platform integrations from various solutions including Workspace ONE, vSphere, Carbon Black Cloud, NSX Service-defined Firewall and more.

 

Security for the distributed workforce

The distributed workforce introduces a number of challenges ranging from employee on-boarding, visibility and compliance, security, employee safety and more. To enable a differentiated approach, VMware has launched expanded capabilities for the VMware SASE Platform, Workspace Security VDI and Workspace Security Remote.

The new solutions will deliver end-to-end zero trust security controls, and simplified management – where VMware’s Secure Access Service Edge, Digital Workspace and Endpoint Security technologies work harmoniously across any application on any cloud to any device.

 

VMware NSX Advanced Threat Prevention

This expanded offering will bring together sandboxing, network traffic analysis and network detection and response capabilities acquired from Lastline with the NSX Firewall.

VMware NSX Advanced Threat Prevention uses AI-powered network traffic analysis to analyze network traffic and uncover anomalous activity caused by an active threat in the network. These NTA capabilities use unsupervised and supervised machine learning models to accurately identify threats and minimise false positives compared to other network traffic analysis tools.

The solution delivers an industry-first ability to apply virtual patches at every workload, something traditionally only implemented at the perimeter for advanced security for distributed workforces.

 

One-Click integrations with Zscaler

VMware and Zscaler are introducing new end-to-end visibility and protection for distributed workforces. The one-click integrations will enable mutual customers to stop zero-day threats from impacting endpoints and enable true zero trust conditional access to internal applications.