posted

4 Comments

Announcing VMware Cloud Foundation Platinum

VMware released the latest edition in the VMware Cloud Foundation family, delivering the industry’s most comprehensive security offering for Hybrid Cloud deployments with Cloud Foundation Platinum.  Building directly off the momentum of vSphere Platinum, driven by strong demand for AppDefense which provides enhanced security protection for workloads and the vSphere hypervisor infrastructure.  This advanced, built-in security visibility and protection is now fully integrated into the market-leading security which is inherent at each layer of the full-stack Cloud Foundation solution.  The advanced security of Cloud Foundation Platinum bolsters the existing built-in security delivered through NSX, VSAN and vSphere all managed through the vCloud Management Suite.  This blog will provide an overview of these essential security capabilities built into this new Platinum offering and provide technical resources for those that want to obtain a deeper understanding of these capabilities.

 

Figure 1: VMware Cloud Foundation Platinum Security Features

Extending the Intelligent Security of Cloud Foundation with AppDefense

Much like vSphere Platinum and vCloud Suite Platinum, the Platinum edition of VMware Cloud Foundation integrates AppDefense directly into vSphere to for complete workload and hypervisor protection. What is unique about Cloud Foundation Platinum is that AppDefense now integrates with existing, market leading security protection across all layers of this hyperconverged full-stack platform. Customers benefit from the enhanced cloud-based security, driven by machine learning to prevent false positives and protect workloads at every layer of Cloud Foundation environments.  The addition of AppDefense provides a natural extension to the robust security capabilities of vSphere, NSX and vSAN to fully protect workload domains and applications running within the Cloud Foundation platform.

AppDefense – Purpose-Built Security to Complement Cloud Foundation Full Stack Security

Cloud Foundation Platinum delivers the advanced security capabilities of VMware AppDefense fully integrated into vSphere, the world’s leading hypervisor for complete protection for hybrid Cloud deployments. AppDefense embeds threat detection and response into the virtualization layer, using machine learning to ensure virtual machines (VMs) and applications are running in a known-good state. VMware AppDefense delivers key capabilities to protect applications running on vSphere. AppDefense understands an application’s intended state and behavior, then monitors for changes to that intended state. Any change from this “known good” state would indicate a potential threat, which ensures that the virtual machine continues to operate in this known state rather than continuously trying to detect threats that may not fit a known signature.

AppDefense locks down the guest operating system for all applications, the VMware application stack and third-party applications.  To accomplish this, AppDefense gathers inventory data on virtual machines and applications from VMware vCenter, development tools, and automation frameworks and applies machine learning to discover the intended state and establish the known good behaviors for the application and virtual machines.  Any deviations from this state are detected and prevented, ensuring the integrity of the applications, infrastructure, and guest operating system.  AppDefense provides detailed visibility for better change management and compliance reporting, and also provides a rich set of automated or orchestrated incident response mechanisms to address attacks. Moreover, it leverages machine learning for a simple and automated way to conduct audits and reviews for applications.

VMware Cloud Foundation Platinum – Security across Storage, Network and Compute

AppDefense complements the existing security capabilities of Cloud Foundation to deliver the most secure hyperconverged hybrid Cloud platform, delivering inherent security at every layer of the stack:

·       Compute, AppDefense complements the built-in vSphere security mechanisms including VM-level encryption to protect unauthorized data access both at-rest and in-motion.

·       Network, NSX pioneered micro-segmentation and granular security to individual workloads, which is now integrated with AppDefense fully integrated allowing security policies to travel with the workloads, independent of where workloads are in the network topology.

·       Storage, vSAN delivers data-at-rest encryption at the cluster level which is built for compliance requirements and offers simple key management with support for all KMIP compliant key managers, such as CloudLink, Hytrust, SafeNet, Thales and Vormetric.

·       Management, Since the vast majority of security issues are caused by human error, vCloud Suite automates many tasks to ensure security requirements are enforced for compliance, auditing and real-time monitoring.

The combination of these inherent, built in security features provide a robust, comprehensive approach to protecting infrastructure, applications and user environments from threats internal and external to any organization.  The addition VMware AppDefense makes Cloud Foundation the most secure operating environment for Hybrid Cloud.

Cloud Foundation Platinum provides unmatched visibility into app behavior, protecting applications by shrinking the attack surface with the power of machine learning & behavioral analytics to identify deviations from the app’s intended state versus chasing false positives.  This capability is a powerful tool for security, cloud and virtual administrators to monitor, identify and resolve security issues in real-time.

Figure 2: Full-stack security management within VMware Cloud Foundation Platinum

 

VMware Cloud Foundation Platinum operates at the heart of the secure, software-defined data center (SDDC) where organizations house their most sensitive data and business-critical applications. It extends security from the IT architectural foundation across the entire environment to comprehensively secure applications, data, infrastructure, and access. In contrast to bolted-on, point security tools and reactive antivirus solutions that over-consume system resources and require monitoring specialists, Cloud Foundation Platinum embeds security everywhere, enhancing collaboration between enterprise vSphere administrators and security, compliance, and application teams.

Learn more about Cloud Foundation Platinum on https://www.vmware.com/products/cloud-foundation.html and follow Cloud Foundation on Twitter at @vmwcf .