VMware Security Product Suite which combines new and existing technologies to secure internal workloads and network traffic at multiple levels of the stack through software has been already announced. Now, VMware launches the new part of the product suite VMware Advanced Security for Cloud Foundation at RSA 2020 conference. VMware Advanced Security for Cloud Foundation will inject Carbon Black’s workload protection Real-time Workload Audit/Remediation technology, while it combines Next-Generation Antivirus (NGAV) and Endpoint Detection & Response (EDR) solutions.
The company focuses on what it calls intrinsic security. Tom Gillis, VMware’s general manager for networking and security explained intrinsic security, saying,
“Intrinsic security doesn’t just mean it’s built-in. It means it’s built differently. And so, when we talk about intrinsic security, we focus on security that we can implement because we have an intrinsic advantage or capability with our [virtualization] platform, and that’s what’s different and unique.”
Gilles said that the acquisition of Carbon Black has allowed VMware to integrate vulnerability scanning with vSphere and make it agentless. He also talked about the new feature of VMware Carbon Black. As Gillis said, VMware Carbon Black now has malware prevention capabilities for Linux machines. It helps users migrate away from other endpoint prevention solutions specific to Linux and consolidate their security programs. In addition to this, it has integrated with the MITRE ATT&CK framework and the Microsoft Windows Antimalware Scan Interface (AMSI).
Security filtering and flows analyzing
The new part of the product suite VMware Advanced Security for Cloud Foundation comes with security filtering at the micro-segmentation level via NSX Intelligence. In addition to security filtering, it analyzes all data center flows and automatically generates security policies.
“The web server is the ‘front door’ of the data center, and NSX Advanced Load Balancer/Web Application Firewall safeguards this frequent point of attack. The scale-out architecture of the NSX Web Application Firewall helps ensure that web servers have enough computed capacity for maximum security filtering, even under peak loads,”
A new capability of the VMware NSX Service-defined Firewall, named NSX Distributed IDS/IPS, can make up an application by intrusion detection on the services. It has also advanced filtering, along with automatically generated and enforced policies on an application-specific basis.
He ended his speech:
“We have a philosophy of creating a set of guardrails or basic principles that make sure that no matter what a developer does in a self-service environment, basic security controls are going to be enforced. It allows us to create an environment where the security team and the DevOps team can work together [while still giving] developers the flexibility and freedom of a self-serve environment,”