LAS VEGAS—Since it was founded in 1998, VMware has essentially enabled security of virtual machines and applications from the outside-in, mostly by relying on third-party security vendors.
That has changed. Since it bought Nicira in 2012 and productized the fruits of that acquisition—NSX network virtualization software—VMware has had a security story to tell.
NSX’s micro-segmentation capabilities proved to be an excellent use case for securing networks by walling off and isolating sensitive applications from general traffic. Security quickly became the number one use for NSX, which is now a $1 billion business for VMware.
At the VMworld conference Aug. 27-31, VMware built on its security story, announcing three new cloud security services. These include the NSX Cloud, a software-as-a-service version of NSX; AppDefense, a product that had its roots in VMware's Project Goldilocks; and Network Insight, a network and security analysis service that grew out of the 2016 acquisition of Arkin Net.
Those services are part of the first VMware Cloud Services announced here, which include Wavefront, a monitoring and analytics platform; Discovery, a dashboard for viewing data center or cloud assets and inventory; and Cost Insight, a service that compares the costs of running workloads in different clouds, such as Amazon Web Services or Azure.
Trust No One
Together, NSX Cloud, AppDefense and Network Insight give VMware a multi-pronged inside-out security model, which can work and scale across on premise and cloud environments.
"Security—the most important task of all," said VMware CEO Pat Gelsinger in his opening keynote. "In an increasingly mobile, cloud and connected world, we need a new approach."
While NSX is the key enabling technology here, it is AppDefense that is that “new approach” that could change the game for network and security administrators. The product is built around the security concept of "least privilege"—the idea that nothing in a network is fully trusted. Applications get access only to the resources they need and nothing more, which prevents rogue processes from interfering with applications. As Gelsinger put it, AppDefense is about enabling good, rather than chasing bad.
The technique has broad applications for security administrators. For instance, AppDefense creates a "manifest" of intended application behaviors. Therefore, under least privilege, the number of elements that need to be accounted for drops significantly. Instead of guarding against 27 million different pieces of malware, said Tom Corn, VMware's Senior Vice President for Security Products, administrators only have to watch for 91 known intended behaviors.
AppDefense has a learning mode that uses machine learning to help define those intended behaviors, Corn said in an interview with eWeek. This “application sequencing,” as he puts it, is the opposite of what most security vendors use AI for, which is to spot malware. “Our focus is on intended states.”
VMware announced it has established partnerships with several vendors, including Carbon Black and IBM, to share data going into and coming out of AppDefense—which will have access to security data from VMware’s universe of virtual machines in use. Carbon Black supplies a data feed from its Reputation Service, while AppDefense supplies IBM with data to augment its QRadar security intelligence service.
Avoiding the Big Hack
The Network Insight service is a monitoring tool that gives granular insights into network traffic by application, enabling visibility, troubleshooting and network operations. These capabilities are important for Fox Media Group, which has 91,000 devices, 6 million media assets, and 7 petabytes of data, said Fox Media IT Director Ilan Koyshman in a session on Network Insight.
"Recent hacks of HBO are what we are trying to avoid," he said. "Our developers were flying blind, with too many tools and a lack of requirements. ... [Network Insight] will transform the team."
While VMware can take care of the technology, it cannot control everything when it comes to security. Gelsinger outlined the five pillars of security at the company: Least privilege, micro-segmentation, encryption, multi-factor authentication and patching.
He forgot to add backup, but that may be assumed, since vSAN storage is a fundamental part of VMware's software-defined data center lineup.
He also left out the human factor—developers who write insecure code or users who click on phishing emails or expose their passwords.
Nevertheless, VMware seemed to be re-energized at this VMworld, and a lot of it has to do with initiatives such as the SaaS services that enable users to expand their use of VMware even in a cloud-hungry world.
“The coolness is coming back and the company is performing well financially,” said IDC Senior Vice President Matt Eastwood at IDC’s annual breakfast briefing here. “VMware is not going anywhere and will be an important contributor to what is happening in the cloud."
Scot Petersen is a technology analyst at Ziff Brothers Investments, a private investment firm. He has an extensive background in the technology field. Prior to joining Ziff Brothers, Scot was the editorial director, Business Applications & Architecture, at TechTarget. Before that, he was the director, Editorial Operations, at Ziff Davis Enterprise. While at Ziff Davis Media, he was a writer and editor at eWEEK. No investment advice is offered in his blog. All duties are disclaimed. Scot works for a private investment firm, which may at any time invest in companies whose products are discussed in this blog, and no disclosure of securities transactions will be made.