VMware made further progress this week in its mission to help improve public cloud security: VMware Secure State is designed to allow customers to configure, manage and monitor the status of hybrid multicloud assets both on and off premises, and to take action to ensure they remain secure and in compliance with industry and government regulations.
The goal, according to a VMware blog, is to address the need for better visibility, greater speed and more sophisticated threat detection. Without context, solutions that periodically scan the cloud to validate configurations can overlook serious vulnerabilities, overwhelm security teams with false positives and create cloud usage conflicts with DevOps teams due to API throttling, the blog states.
VMware Secure State was born out of two acquisitions VMWare made last year: CloudCoreo, with a focus on continuous automation, and CloudHealth, which focuses on cloud management and optimization.
VMware Secure State uses what the company calls an interconnected cloud security model to correlate risk across dynamic cloud infrastructure. As a result, it offers a better understanding of cloud deployments, relationships and risk; automated cloud compliance monitoring; improved Cloud Secure Posture Management (CPSM) to detect interconnected service violations; the ability to investigate and correlate vulnerabilities with cloud native threat detection; and the ability to distribute real-time security insights across DevOps teams.
The DevOps-friendly approach is largely made possible by the underlying CloudCoreo technology, said Charles King, principal analyst at Pund-IT.
“CloudCoreo is designed to monitor entire cloud infrastructure stacks--services, hosts and application configurations--and to detect risks and misconfigurations when applications are deployed,” he said. “As a result, DevOps and security teams can proactively address problems before breaches occur or compliance policies are violated.”
Even as VMware rolls out Secure State, the company is already planning future enhancements.
The first is a new cloud query service that will allow customers to use a simple, Google-like search function to ask specific questions and explore how infrastructure assets are configured and related to each other. The service helps customers improve their understanding of their cloud security posture by helping them visualize results on a graph, said Jason Needham, senior director of product management.
The second is a new machine learning-based capability that will help users detect anomalies that point to suspicious activity in their environment. This capability will not only support multiple clouds, but also complement insights from cloud providers’ native threat intelligence services such as AWS GuardDuty. This could help speed the identification of unusual behavior or threats before they become dangerous, King said.
The third planned enhancement is an automation service that will allow customers to create targeted remediation actions without elevating write privileges to VMware Secure State. “This is critical for many security teams that want automation, but don’t necessarily want to let a SaaS offering make changes across their environments,” Needham said.
Secure State is available from VMWare’s CloudHealth. It can currently be used in conjunction with workloads running on AWS and Microsoft Azure, and the company says it plans to offer support for Google Cloud and its own VMware on AWS service in the near future.