Because modern threats are distributed and multi-varied, protecting against them cannot be accomplished through a series of point security solutions.
Recently, there are discussions happening in the industry around the “platformization of security”. These are not new thoughts but are all essentially derived from how to offer a simpler solution to a complex problem. In my previous blog “Tackling the 5Cs of enterprise security with the advent of AI” , I had highlighted the preference for “consolidation” through a platform approach.
Since the security attack surface is ever broadening, customers prefer a holistic and integrated approach to solving it, versus a variety of point solutions each with independent bells and whistles. Integration in this context means seamless interworking between the different components, deep visibility across the components and providing customers with a secure plug-n-play experience that drives operational simplicity and ease of use. Fundamentally, his is the promise of the security platform.
Let’s consider this in the context of the private cloud, taking the industry-leading private cloud solution from VMware as an example. Enterprises choose private clouds because it gives them greater control, compliance, and, in many cases a significantly lower operating cost structure.
Customers adopting the VMware Cloud Foundation (VCF) are security conscious enterprises requiring an enterprise-grade security solution. The question is whether they take an a la carte approach or opt for a tightly integrated solution. In the case of the former, the onus of integration and interworking lies with them. In the context of security, the chain is only as strong as the weakest link.
For lateral security, the fully integrated security stack takes ownership of the underlying complexity inherent in data center and private cloud environments. It makes it easier for the security administrator or SOC operator to take a holistic view to protect the organization’s critical traffic in the east-west direction (typically this is 80% of the organization’s sensitive traffic versus 20% being in the north-south direction).
Each component can work seamlessly with the “layers” above or below allowing network and application-level security protection to be dynamically applied.
The distributed firewall brings micro-segmentation capabilities with zoning across a L2-L7 environment. Malware and ransomware are handled better by quickly mitigating zero-day exploits, pattern matching and co-relating to detect anomalies quickly. All these allow the security intelligence to recommend robust rules that can be dynamically applied. Analytics and insights across the entire stack make the life of the administrator or operator simpler. With the onset of artificial intelligence (AI) and generative AI (Gen-AI) these can be further applied at scale augmenting the human capabilities and further hardening the security posture of the private cloud.
Owning the distributed set of components makes it easier to gain deep visibility across the spectrum and minimize or eliminate “blind-spots”. Managing them stack also becomes simpler reducing operational overhead and manual errors. Response to threats becomes faster and more accurate due to the minimization of the “lego block” elements and the pre-built integrated stack
Customers today are willing to pay for simplicity, as it saves them time and the mean time to resolution is significantly faster when something goes wrong.
In the case of the VMware security solution the Firewall and Firewall + Advanced Threat Prevention (ATP) packages bring incredible simplicity and value. The plug-n-play experience with VCF with a focus on value engineering and innovation make it easier to procure, deploy and operate – reducing friction across the entire lifecycle.
Sophisticated threats and attack vectors demand smart response. The VMware Firewall + ATP offering provides a comprehensive solution to mitigate threats, breaches and ransomware. For customers exploring a simpler solution to complex lateral threats, with a platform-like approach geared towards the private cloud, this is perhaps as good as it gets.
