VMware on Sept. 29 announced a slew of new products and upgrades designed to further its intrinsic security focus, with a special emphasis on remote workspace security.
The company first introduced the concept of intrinsic security last year, about the time when it acquired cybersecurity company Carbon Black. In a nutshell, intrinsic security focuses on built-in security at every point—workload, network, workspace, cloud and endpoint—instead of bolting on security solutions.
To further its vision of intrinsic security, VMware introduced an agentless cloud security product designed to better secure modern workloads. VMware Carbon Black Cloud Workload, which is tightly integrated with VMware vSphere, aims to protect workloads running in virtualized, private and hybrid cloud environments. Features include prioritized vulnerability reporting and foundational workload hardening with prevention, detection and response capabilities.
According to the company, the solution will better allow security teams to focus on the most high-risk vulnerabilities and common exploits across their environments. It also will protect workloads running in highly dynamic virtualized data center environments with a combination of vulnerability assessment, workload hardening, next-generation antivirus, workload behavioral monitoring, and endpoint detection and response. Finally, it aims to simplify operations by building security risk visibility directly into VMware vCenter.
VMware plans to announce more features for Carbon Black Cloud Workload later this year, including a new module for hardening and better securing Kubernetes workloads.
The fact that no agent is required is a big deal, said Dave Gruber, a senior analyst at Enterprise Strategy Group. Agents typically run in user space, impacting system performance based on the number of workloads running on any given machine. And when the agent runs inside the hypervisor, it has access to telemetry and actions that it wouldn’t otherwise have running in user space. "That means that response actions can do things like automatically kill and restart an instance to recover from a threat. This translates into faster response and less effort by administrators," he added.
While intrinsic security runs throughout all of VMware's offerings announced, the company is putting the biggest focus by far on addressing security issues related to distributed and remote workforces. To emphasize that focus, VMware put its Secure Access Service Edge (SASE) platform announcement front and center. The platform combines features from VMware's SD-WAN, Cloud Access Service Broker (CASB), Secure Web Gateway, NSX Stateful Layer 7 Firewall, zero-trust network access and edge network intelligence. While the platform isn't new, the announcement focused on the benefits of combining its SASE platform with digital workspace and endpoint capabilities to improve secure access from applications on any cloud, from any device.
VMware also announced two workspace security solutions: VMware Workspace Security Remote and VMware Workspace Security VDI. VMware Workspace Security Remote combines Carbon Black's next-generational antivirus, audit and remediation, and detection and response capabilities with VMware Workspace ONE's analytics, automation, device health, orchestration and zero-trust access to provide endpoint management, security and remote IT for physical Mac and Windows 10 devices.
VMware Workspace Security VDI combines the capabilities of VMware's Workspace ONE Horizon Carbon Black Cloud, using behavioral detection to protect against ransomware and file-less malware. According to the company, the combined solution, which runs on VMware vSphere, results in an agentless approach with better anti-tamper capabilities, audit and remediation. The solution also integrates with VMware Tools.
"The broader agenda is zero trust," Gruber explained. "When combining Carbon Black and Workspace ONE, endpoints are secure from most modern attack types, including malware, non-malware and ransomware. And Carbon Black's EDR [endpoint detection and response] capabilities further support investigations and response actions that didn’t exist in Workforce ONE before."
Finally, VMware has combined the analytics engine it acquired from Lastline with its NSX Firewall. The Lastline analytics engine includes sandboxing, network traffic analysis, and network detection and response capabilities. Together, these capabilities are now called VMware NSX Advanced Threat Prevention, a solution that uses AI-powered network traffic analysis to analyze network traffic to pinpoint anomalous activity caused by an active threat in the network. Because this is now a native capability, it can apply virtual patches for individual workloads, something typically implemented at the perimeter, Gruber said.
Taken together, these announcements demonstrate how focused VMware is in embedding security throughout its product line. Not only does this help customers trust that they won't need security add-ons when they buy from VMware, but it may help VMware keep its installed base.
"This is good news for customers, in that it pushed VMware to out-innovate in these important security areas to stay relevant," Gruber said.