Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Virtualization

    VMware Plots a Course for the Future of Security

    By
    Sean Michael Kerner
    -
    April 21, 2015
    Share
    Facebook
    Twitter
    Linkedin
      VMware security

      VMware is positioning itself at the center of enterprise security controls as the modern security landscape continues to evolve and the benefits of virtualization continue to extend far beyond basic server consolidation.

      Tom Corn, senior vice president of security products at VMware, discussed his views of security’s future in a session at the RSA Conference in San Francisco.

      In an interview with eWEEK, Corn offered his take on how the history of warfare and defensive alignment maps to the evolution of IT security.

      Modern cyber-security is often talked about as a cyber-arms race, with a pattern where attackers invest in new techniques and then defenders invest in new techniques and tools to prevent attacks, Corn said. In addition to the arms race, there is also what he refers to as the alignment cycle.

      “With the alignment cycle, organizations go through a period where it is extremely difficult to align defenses properly against the assets that need to be protected,” Corn said. “When that happens, security costs go up and effectiveness goes down.”

      In the history of warfare, when communities began to form and were being attacked, those communities learned to build walls to defend themselves, Corn noted. With the wall defense, a community could align all its defenses around that point of reference. During the escalation phase, attackers figured out how to build and deploy catapults that could hurl projectiles over a community’s walls. The environment evolved, and simply aligning defenses around a wall wasn’t enough, Corn said.

      In modern warfare, the challenge that has evolved is the issue of insurgencies where it’s not always possible to know who the attacker is. Recent examples are the Vietnam War and the conflicts in Afghanistan and Iraq, Corn said.

      “You have a symmetric defender going against a totally asymmetric attacker, where you have to figure out how to align against them,” Corn said.

      Corn emphasized that the whole premise of his talk at RSA is that modern cyber-security looks much like the conflict in Afghanistan, where attackers aren’t always known and aligning defenses is not as easy as simply putting up a wall.

      “Over the last several years, the security spend has become a growing part of IT spending,” Corn said. “Losses have been growing at a fast rate, as well.”

      Many organizations are getting diminishing returns from their IT security spending, and there is a clear misalignment for a number of reasons, Corn said. For one, he noted that in the beginning of the modern computing era, applications were typically delivered in a single stack, with application, database and storage components all located in a single place. As such, defenders were able to put all their defenses in a single place to align against attacks.

      “We have moved into a world of multi-tiered and composed services that are comingled on infrastructure,” Corn said. “The infrastructure has also become abstracted.”

      Attackers are taking advantage of the situation, with the ability to laterally move within an environment. For example, if an application server is exploited, the attacker could gain access to other application servers since they’re all comingled on the same segment, Corn said.

      The challenge extends to modern firewalls, which have become increasingly complex and distributed as traffic of many different types of applications needs to be inspected. Many organizations have a distributed policy problem for firewall controls, Corn explained. “If traffic is hitting multiple firewalls in a data center, then the only way to figure out the actual security policy is to combine all the policies from all the firewalls,” Corn said.

      Virtualization can be a real benefit to help an organization align security controls, Corn said, adding that one approach in which virtualization can be a benefit is the emerging trend of micro-segmentation.

      “Micro-segmentation is about using virtualization as a means to create a virtual data center where all the machines that enable a multi-tiered service can be connected together within a virtual network,” Corn said. “Now you have a construct that allows you to align your controls with what you want to protect.”

      The idea of using virtualization as a control point for security is one that VMware Fellow Martin Casado described in 2014 as the “Goldilocks Zone.”

      The Goldilocks Zone was about having the right place in an environment to place security controls, Corn said.

      “Virtualization may be the Goldilocks Zone—that is, the best place to put security controls,” Corn said. “Virtualization helps to align security controls and infrastructure to protect data and applications.”

      While Corn works for VMware, which is a virtualization vendor, he noted that it’s also possible to make use of virtualization to help secure non-virtualized, non-VMware infrastructure, as well. With network virtualization, an organization doesn’t actually have to replace its existing physical network, and for organizations that have non-virtualized applications, it’s possible to include multiple non-virtualized assets inside a virtualization micro-segment for security policy control, Corn said.

      The promise of virtualization for micro-segmentation is to align an organization’s technology assets to provide greater security and also reduce the risk when a security breach does occur.

      “With micro-segmentation, it makes it very difficult for an attacker to go from the initial point of entry to the high-value assets,” Corn said. “What we can’t have is that if someone breaks in and has one key, that one key should not be the key to the kingdom; we need to compartmentalize the network such that a breach of one system is not a breach of everything you have.”


      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×