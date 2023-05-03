With the new VMware features, lateral security in multicloud environments grows and the support in detecting and stopping an increasing number of IT threats. VMware Contexa, the threat intelligence cloud that powers the VMware suite of security solutions, has found that IT criminals only need to make 2-3 lateral moves to reach the target. Therefore, end-to-end visibility into users, devices, networks, apps and data is required to prevent lateral movement. At the RSA Conference 2023, VMware presented new features of its suite of security solutions with the aim of addressing the growing sophistication and extent of cyberattacks.

Multicloud – The new functions

DPU-based acceleration via SmartNIC to accelerate VMware NSX performance.

VMware Carbon Black Workload and Cloud Configuration for security designed for cloud-native architecture.

An offer of services firewall enhancement that brings NSX Advanced Threat Protection capabilities to VMware SD-WAN edge appliances. It also simplifies operations across corporate locations.

enhancement that brings NSX Advanced Threat Protection capabilities to VMware SD-WAN edge appliances. It also simplifies operations across corporate locations. VMware Secure App IX for more secure connectivity between applications and clouds.

VMware Workspace ONE updates for phishing and content protection, secure access, and patch management.

Against today’s and future threats

In recent months, VMware has announced a number of innovations promoting DPU-based acceleration for VMware NSX. Previously available as a tech preview and now available in VMware NSX 4.1, customers can take advantage of DPU-based acceleration using SmartNICs. This implementation allows you to run NSX networking and security services on DPUs. While providing accelerated NSX networking and security performance for applications that need high throughput, low latency connectivity, and security.

Implement app security

Applications are the lifeblood of many businesses, so their security plays a key role. Advanced load balancers provide a great vantage point for implementing multi-layered application security. For example, web application firewall, bot management, L7 DDoS protection, and API protection have visibility into all application traffic and reduce fragmentation of security solutions.

Simplify in one solution

VMware announced an evolution of the VMware NSX Advanced Load Balancer (ALB) to help customers deploy app security faster, at scale and more consistently across applications and hybrid multiclouds. VMware NSX ALB also offers a single elastic load balancing solution built entirely in software to simplify app distribution and security.

Lateral safety increases

In addition, the VMware NSX Advanced Load Balancer Pulse service now includes a real-time threat intelligence feed, a unified central dashboard that offers a pane of glass view, the flexibility to create custom dashboards with broad API support, and the ability to enhance interaction with all cloud-enabled NSX Advanced Load Balancers.

Secure multicloud workloads

The rapid migration of enterprises to the public cloud creates significant “cloud chaos”, further extending the attack surface. Maintaining the security of multicloud environments is a shared responsibility and a top priority not only for IT and security teams, but also for the C-suite. The introduction of VMware Carbon Black Workload and Cloud Configuration helps address this need by offering security specifically designed for cloud-native architectures, thereby enabling customers to approach security as a continuous process throughout the lifecycle of a load of work.

Reduction of false positives

Combining the best of VMware Carbon Black Workload and VMware Aria Automation for Secure Clouds, VMware now offers customers a contextualization deeper. And this thanks to VMware Contexa, which allows you to analyze threats and obtain better visibility on the posture of workloads. Plus increased compliance and operational ease through reduced false positives and automated workflows, and less complexity.

Evaluate CIS compliance

Compliance is a cornerstone of protecting an organization from IT threats and optimizing overall security, regardless of where the workloads reside. CIS Benchmarks are the only consensus-based, best-practice security configuration guides developed and validated by government, enterprise, industry, and academia. The new feature for VMware Carbon Black Workload provides a tool to easily assess CIS compliance and understand the hardening status of the compute infrastructure in workload environments from the VMware Carbon Black Cloud console. The introduction of a tool benchmarking internal in VMware Carbon Black Workload allows customers to realize greater flexibility.

Lateral safety increases

Security teams can’t protect what they can’t see. However, they often lack visibility and control in highly dynamic multicloud environments and more confined air-gapped systems. To better protect workloads, VMware Carbon Black Workload has introduced a Sensor Gateway for Linux that enables VMware Carbon Black Cloud for air-gapped systems. All communications to and from the VMware Carbon Black Cloud are routed through the Sensor Gateway.

Compliance checks

This additional control helps enterprises keep workloads secure and further isolate them from Internet traffic. Thus eliminating the burden of owning, managing and budgeting for additional proxy servers. It also helps enterprises successfully pass compliance audits and reduce the attack surface for workloads by routing sensor traffic through a secure and trusted entity. It also allows you to modernize even the most controlled environments. In this way, you can replace legacy single-signature antivirus products with modern NGAVs and take advantage of VMware Carbon Black XDR features for enhanced lateral security.

Governance without borders

VMware has announced VMware Secure App IX, a new offering designed to help organizations ensure governance and compliance. All the while more securely connecting applications across multi-cloud environments and empowering application teams and lines of business (LOBs) to accelerate apps and digital innovation initiatives. VMware Secure App IX offers features that enable organizations to standardize and enforce secure application connectivity policies, with real-time visibility and insights, for governance and compliance across cloud and multicloud environments. This helps protect end users of applications, apps/APIs and sensitive data in transit from ever-evolving security threats and vulnerabilities.

An enhanced edge firewall

VMware also introduced its enhanced Firewall Service offering, which brings NSX Advanced Threat Protection capabilities to VMware SD-WAN edge appliances. This further strengthens VMware Secure Access Service Edge (SASE). Like all other VMware SASE services, the offering will be integrated into the VMware SASE Orchestrator to simplify operations and thus avoid separate security management.

Simplified network operations and security

By combining the power of NSX Advanced Threat Protection with VMware SD-WAN Edge platforms, customers will be able to confidently eliminate legacy firewalls in enterprise branch offices without compromising security. You also benefit from streamlined security and network operations, all while leveraging the investments of VMware in threat intelligence. Managed from the cloud together with VMware SD-WAN, Cloud Web Security, Edge Network Intelligence for AIOps and SD-WAN Client for remote access, the improved Firewall Service offering, cloud-native and cloud-delivered, confirms the leadership of VMware in the SASE market.

Growing lateral security in multicloud environments

VMware also announced innovations in Workspace ONE for phishing and content protection, secure access, and patch management. Solutions that will enable organizations to better protect their hybrid workforce. Phishing campaigns targeting businesses are increase in number and severity in the last two years. VMware Workspace ONE Mobile Threat Defense helps limit the risk that threat actors can bypass security controls, including corporate profiles on personal devices, by integrating phishing and content protection with the Workspace ONE platform. With Mobile Threat Defense, businesses will be able to better protect themselves against potential phishing activity through email, SMS, general web content, messaging and social apps.

Remote work

Phishing and content protection is applied to all traffic, both external and internal, thanks to a unique integration with Workspace ONE Tunnel. The potential conflict between phishing and content protection solutions and VPNs is resolved by consolidating phishing and content protection and secure access into Tunnels. If employees have the flexibility to work from anywhere and on any device, IT teams are challenged orchestrate the complex balance of protecting apps and data ubiquitously for any user.

The path to Zero Trust

VMware Workspace ONE Tunnel enables secure access without device management on all major operating systems, including iOS and Linux, as well as Android, macOS and Windows. With Tunnel, organizations begin the journey to Zero Trust on unmanaged devices by restricting access to specific applications rather than exposing entire networks. Thus adding new authentications by leveraging MFA with SAML 2.0 and gaining greater insights thanks to Workspace ONE Intelligence. Workspace ONE Tunnel for unmanaged devices is included in most editions of Workspace ONE.

Lateral safety increases

Patch management is critical to security endpoint. Today, VMware continues to accelerate Workspace ONE’s cloud-native patch management capabilities that enable Windows OS updates to be deployed to PCs anywhere inside or outside corporate networks.

Vulnerabilities from third parties

New features include an updated data-driven user interface that dynamically updates patch management controls regardless of console releases. Also included are new device sampling and query capabilities via Intelligent Hub to facilitate direct data collection and evaluation and inform update. Combined with the platform’s new Freestyle Orchestrator capabilities, Workspace ONE can now evaluate vulnerability exposure data from third parties and make adjustments as needed.

More efficiency and proactivity

With the Workspace ONE platform, organizations can ensure greater security for their devices. Thanks to segmented and customized security policies, to allow employees to work from anywhere and on any device. With automation and insights driven by smart learning, IT and security teams are now more efficient and proactive in managing their environments.