Today at VMworld 2019 Europe, VMware, Inc. detailed new and expanded security solutions that advance the company’s vision of intrinsic security, making it more automated, proactive and pervasive across the entire distributed enterprise. With intrinsic security, VMware reduces the risk to critical applications, sensitive data, and users by shrinking the attack surface across clouds, data centers, end users, and the enterprise edge. In support of its intrinsic security vision, VMware today announced the following:
Dell will make Carbon Black Cloud, along with Dell Trusted Devices and Secureworks, the preferred endpoint security solution for Dell commercial customers
New VMware NSX Distributed Intrusion Detection and Prevention
New VMware NSX Federation for consistent, centralized network and security policy configuration and management for large-scale NSX deployments
Enhanced VMware SD-WAN branch firewall performance, flexibility and usability features
VMware Secure State updates that reduce public cloud risk and improve security posture
A new Zero-Trust security architecture for the digital workspace
“VMware believes we have to stop adding more and more complexity in an effort to solve cybersecurity challenges, and instead use our infrastructure as part of the solution. In short, we must make security intrinsic,” said Sanjay Poonen, chief operating officer, Customer Operations, VMware. “VMware is shifting the balance of power from attackers to defenders by removing the complexity inherent with cybersecurity. VMware is delivering intrinsic security through a comprehensive portfolio spanning the critical control points of security: network, endpoint, workload, identity, cloud, and analytics. Because we’re built-in, we’re everywhere apps, devices, and users reside. This gives us a unique vantage point to be informed about what’s happening in a customer’s environment. With this knowledge, we can be proactive in hardening customers’ environments to better prevent threats.”
An Intrinsic Approach to Workload and Endpoint Security
With the close of its Carbon Black acquisition in October 2019, VMware launched a new security business unit under the leadership of former Carbon Black CEO Patrick Morley. The business unit focuses on helping customers with comprehensive endpoint and workload protection and advanced cybersecurity analytics to help stop sophisticated cyberattacks and accelerate response times. As the first step on this journey, VMware will offer multiple new Carbon Black Cloud solutions to customers, including:
Carbon Black Endpoint Standard: Next-generation antivirus combined with endpoint detection and response
Carbon Black Endpoint Advanced: Carbon Black Endpoint Standard combined with real-time endpoint query and remediation
Carbon Black Endpoint Enterprise: Real-time endpoint query and remediation combined with advanced threat hunting and incident response
Carbon Black Workload: new advanced cloud workload protection add-on for VMware vSphere
VMware Workspace Security: combines best-in-class behavior threat detection, next-generation antivirus, and digital workspace analytics and remediation solutions
Carbon Black Endpoint Standard with Secureworks Threat Detection and Response: combines best-in-class next-generation antivirus and endpoint detection and response with an advanced security analytics application, expanding security telemetry beyond the endpoint and into the network and cloud
VMware also announced an enhanced partnership with Dell that will make Carbon Black Cloud, along with Dell Trusted Devices and Secureworks, the preferred endpoint security solution for Dell commercial customers. The enhanced partnership will bring Carbon Black’s advanced, next-generation endpoint protection to businesses of all sizes directly on-the-box.
Redefining Internal Data Center and Multi-Cloud Security
VMware NSX was the first solution to make micro-segmentation both financially and operationally feasible, enabling customers to more easily prevent the lateral spread of malware inside the data center. VMware is now introducing NSX Distributed intrusion detection and prevention (IDS/IPS), taking the NSX platform’s Layer 7-capable internal firewalling to a whole new level. NSX Distributed IDS/IPS is unique because it will take advantage of VMware’s intrinsic understanding of the services that make up an application and match IDS/IPS signatures to specific parts of an application. This means an Apache or Tomcat server will only get signatures relevant to it. The result will be much higher performance and accuracy through a lower false positive rate. VMware Service-defined Firewall with NSX Distributed IDS/IPS will allow customers to both micro-segment their networks and block internal traffic from stolen credentials and compromised machines.
NSX Intelligence was recently introduced as an advanced system to analyze workload traffic and automatically generate security policies. NSX Federation is a new capability that will enable customers to deploy and consistently enforce security policies generated by NSX Intelligence across multiple data centers. NSX Federation will help enterprises simplify disaster recovery and avoidance and share application resources across data centers. Converged operations will vastly simplify the overall security architecture and make it easier for customers to manage security policies, demonstrate compliance, and provide holistic context for security troubleshooting. This type of efficiency and flexibility cannot be matched by traditional “bump in the wire” appliances and is a major difference between legacy and proprietary hardware-defined systems and an open, scale-out software solution such as VMware NSX.
VMware Intrinsic Security Addresses the Secure Access Services Edge
As outlined by Gartner, “Secure Access Services Edge (SASE) offerings will provide policy-based ‘software defined’ secure access from an infinitely tailorable network fabric in which enterprise security professionals can precisely specify the level of performance, reliability, security, and cost of every network session based on identity and context.”(1) VMware addresses SASE via a global, multi-service cloud network that extends from on-premises to cloud to edge to end user, and integrated networking and network security capabilities delivered by VMware SD-WAN. VMware SD-WAN is unique because of its 1000s of gateways that run at 100s of points of presence across every major cloud provider. VMware is adding new features and capabilities to the built-in SD-WAN branch firewall to enable simpler policy definition, improved performance, and logging to meet stringent enterprise security requirements. The VMware SD-WAN branch firewall provides customers both built-in security and automated, policy-based access to partners’ advanced security services including URL filtering, secure web gateway, anti-X capabilities, cloud access security brokers (CASB) and web isolation.
Proactive Management of Public Cloud Risk
VMware Secure State delivers an Interconnected Security approach that enables deep visibility into cloud service relationships and correlates risk due to misconfigurations and threats across multi-cloud infrastructure. Continuously verifying the overall security and compliance posture earlier in the CI/CD process is the next logical step in making security more proactive, automated and scalable for multicloud users. To help customers achieve this, VMware announced the new VMware Secure State Findings API which will enable customers to build guardrails into the infrastructure provisioning pipeline. Native VMware Secure State rules or custom policies enable selective verification of configuration settings in near real-time during testing and staging of cloud infrastructure. Detecting security and compliance issues earlier will help companies scale security at cloud speed, minimize risk that’s being introduced into production-ready infrastructure, and accelerate time to market for releasing public cloud applications.
Simplifying Zero Trust Access to Any Application Across the Digital Workspace
VMware today published a Zero Trust security architecture to help customers modernize their approach to digital workspace security. The architecture outlines how to bring together device management and compliance; conditional access; app tunnel and proxy; risk analytics; and automated remediation and orchestration to enable a zero trust security model. Workspace ONE is the only digital workspace platform that can bring these pieces of the zero trust security puzzle together for the IT team. Together with Dell, Workspace ONE adds new capabilities to offer customers a more secure PC experience with Dell Technologies Unified Workspace. This includes compliance and stronger BIOS-level threat protection features such as Workspace ONE agent persistence to reclaim management on lost or stolen devices, remote management of Dell BIOS Admin passwords, integration with Dell SafeBIOS technology for continuous BIOS settings verification and remediation against configuration drift.
VMware continues to enrich its Workspace ONE Trust Network ecosystem and today introduced the Trust Network Ingest API. With this API, partners can integrate with Workspace ONE Intelligence faster, ultimately enabling customers to take advantage of integration sooner. VMware also announced that Zscaler, Wandera and Zimperium are committed to release their integrations with Workspace ONE Intelligence via this Trust Network Ingest API soon.
The new VMware Carbon Black Cloud solutions, new VMware SD-WAN branch firewall capabilities, and VMware Secure State Findings API are expected to be available in VMware’s Q4 FY20 ending January 31, 2020. VMware NSX Distributed IDS/IPS and VMware NSX Federation are expected be in Beta in Q4 FY20(2).