VMware has unveiled new innovations across its expanding networking and security portfolio that will help customers embrace the cloud operating model.
These new innovations include:
- Project Northstar for multi-cloud networking, security and end-to-end visibility
- Expansion of network detection and visibility to the Carbon Black Cloud endpoint protection platform, with early access available now
- Project Trinidad that extends and advances VMware’s API security and analytics
- Project Watch, a new approach to multi-cloud networking and security that provides advanced app to app policy controls
“Enterprises are facing an unprecedented level of threat and complexity as they operate in today’s multi-cloud world,” said Tom Gillis, senior VP and GM of VMware’s Networking and Advanced Security business group.
“VMware is radically transforming how our customers consume networking and security – allowing them to realize the agility and efficiencies of the cloud operating model through a cloud-smart approach. With a privileged position in the infrastructure and a scale out distributed software architecture, we’re able to leverage the intrinsic attributes of our platforms and deliver these unique solutions in a consumption-oriented manner.”
Simplifying networking and security for multi-cloud
In Project Northstar, VMware announces a major advancement of its NSX platform. Announced in technology preview today, Project Northstar will transform how enterprises consume networking and security in a multi-cloud world. Project Northstar will deliver multi-cloud networking, security, workload mobility and end-to-end threat detection and response with a centralized cloud-console for consistent and simplified software-as-a-service (SaaS) consumption. This family of services includes network & security policy management, network detection and response (NDR), network visibility and analytics (NSX Intelligence), advanced load balancing (ALB), and workload mobility (HCX) for private cloud environments and VMware Cloud deployments.
“As an innovator in software-defined networking, VMware offers a full-stack of networking and security services in an integrated solution that benefits thousands of enterprise customers today,” said Umesh Mahajan, senior VP and GM for VMware’s Networking and Security business unit. “Customers are seeking a uniform policy model across multi-cloud deployments, along with consistent network connectivity, security, and load balancing services. With Project Northstar we continue to shape how enterprises consume networking and security in a multi-cloud world.”
Today, with the latest update to VMware NSX 4.0 and VMware vSphere 8, NSX networking and security functions can now be implemented on Data Processing Units (DPUs, also known as SmartNICs) connected to the host hypervisor. Offloading NSX services to the DPU can accelerate networking and security functions without impacting the host CPUs, addressing the needs of modern applications and other network-intensive and latency-sensitive applications.
Strengthening Lateral Security
The growth in laterally moving threats requires security teams to pay closer attention to east-west network traffic. Examining traffic through network taps is no longer sufficient. Modern distributed cloud architectures can further exacerbate blind spots. VMware’s architecture allows customers see processes running in an endpoint, packets crossing the network, access points, and the inner workings of both traditional and modern apps to identify and stop threats others can’t. As part of today’s announcements, VMware is strengthening its lateral security capabilities by embedding network detection and visibility into Carbon Black Cloud’s endpoint protection platform, which is now available to select customers in early access. This extended detection and response (XDR) telemetry adds network detection and visibility to endpoints with no changes to infrastructure or endpoints, providing customers with extended visibility into their environment across endpoints and networks leaving attackers nowhere to hide.
Limited visibility into the east-west traffic between microservices also puts modern applications at greater risk. Project Trinidad, which is in tech preview, extends VMware’s API security and analytics by deploying sensors on Kubernetes clusters and uses machine learning with business logic inference to detect anomalous behavior in east-west traffic between microservices.
Findings from VMware’s recent Global Incident Response Threat Report reveal that ransomware actors continue to evolve their cyber extortion strategies. Ransomware will continue to be a business reality, and VMware uniquely makes recovery from an attack faster, more predictable, and less prone to error with VMware Ransomware Recovery for VMware Cloud DR, a new offering unveiled at VMware Explore. This new, purpose-built ransomware recovery-as-a-service solution enables safe recovery that prevents re-infection of IT and line-of-business production workloads through its innovative use of an on-demand isolated recovery environment on VMware Cloud on AWS. Guided recovery workflows allow customers to quickly identify recovery point candidates, validate restore points using embedded behavioral analysis, and recover data with minimal loss.
Expanding security for the data centre and cloud edge
Last year, VMware announced the industry-first elastic application security edge (EASE) which enables the networking and security infrastructure at the data center or cloud edge to flex and adjust as app needs change. To help customers preserve their investments in expensive hardware appliances that are incapable of adapting to changing app environments, VMware is introducing:
- VMware NSX Gateway Firewall: VMware’s next-generation firewall now offers a new stateful active-active edge scale-out capability that significantly increases network throughput for stateful services. VMware now offers advanced threat prevention capabilities with IDPS, malware analysis, sandboxing, URL filtering, TLS proxy, stateful firewall, and stateful Network Address Translation (NAT) that extend centralized security controls to physical and virtual workloads at the data center and cloud edge.
- VMware NSX Advanced Load Balancer: With a goal to deliver multi-layer application security at the edge, closer to applications and users for better efficiency and performance, VMware NSX Advanced Load Balancer (ALB) is adding new bot management capabilities, while enhancing the security capabilities of its web application firewall, malware detection, security analytics, and DDoS protection. These enhancements at the edge help customers maintain a consistent security posture with operational simplicity, extending protection from traditional to cloud-native container-based applications deployed across multi-cloud environments. VMware NSX ALB’s ability to enforce API security policies in line with application delivery traffic helps customers in protecting their north-south APIs.
- Project Watch: At VMware Explore 2022, VMware is unveiling Project Watch, a new approach to multi-cloud networking and security that will provide advanced app-to-app policy controls to help with continuous risk and compliance assessment. In technology preview, Project Watch will help network security and compliance teams to continuously observe, assess, and dynamically mitigate risk and compliance problems in composite multi-cloud applications.
Securing the edge for the distributed workforce
In the past two years, enterprise customers have fundamentally changed how they build and deploy networks and access to support distributed workers. The market for secure access service edge (SASE) solutions is expected to nearly triple by 2026 with security being a key driver of growth as enterprises strategically invest for the new age of distributed applications and hybrid work, according to the Dell’Oro Group. VMware is now offering additional deployment flexibility to customers who want a multi-phase journey from their current network and endpoint management solutions to a next-generation SASE offering by adding new web proxy-based connectivity to VMware Cloud Web Security.
VMware Cross-Cloud services help customers navigate the multi-cloud era
At VMware Explore 2022, VMware is unveiling new and enhanced offerings for VMware Cross-Cloud services to help customers navigate the multi-cloud era with freedom, flexibility and security. VMware Cross-Cloud services is a portfolio of cloud services that deliver a unified and simplified way to build, operate, access, and better secure any application on any cloud from any device. VMware Cross-Cloud service pillars include 1) App Platform 2) Cloud Management 3) Cloud & Edge Infrastructure 4) Security & Networking, and 5) Anywhere Workspace.
Tags: networking, VMware
Originally posted on September 2, 2022 @ 3:11 am