Cloud Security Cloud Updates Migration Product Updates

Advancing Multicloud Security With CloudHealth Secure State

In his RSA Conference keynote, Pat Gelsinger talked about the fractured nature of the security vendor landscape, and the need to focus on shrinking the attack surface by making security intrinsic, rather than spending the majority of resources chasing threats. This is particularly true with respect to the public cloud. Many executives with whom I speak are struggling with basic visibility, security of their data and resources, and managing the complexity when it comes to cloud. And because of the dynamic and distributed nature of cloud, older tools and approaches don’t meet the new cloud challenges.

Today, we are pleased to announce the availability of CloudHealth Secure State, which helps customers shift to a more proactive, integrated security approach that is DevOps friendly. CloudHealth Secure State will be available from CloudHealth by VMware, which currently enables more than 5,000 customers to optimize their multicloud environments. Together the two products form a powerful pairing that addresses the most pressing customer challenges around cloud visibility, cost, security, automation, and governance so businesses can take full advantage of all the cloud has to offer. CloudHealth Secure State’s capabilities around public cloud security provide demonstrable business benefits to organizations advancing on their cloud journey. CloudHealth Secure State enables customers to visualize at-risk infrastructure, detect vulnerabilities and threats at real-time speed, and automate security and compliance across multiple clouds. The service is available to customers globally.

This announcement further strengthens our security vision and extends VMware’s security strategy from the application and network layer to users and devices to helping customers reduce the attack surface across multicloud environments.

Challenges with first-gen cloud security

At VMware, we’ve had first-hand experiences that made it very clear to us why a service such as CloudHealth Secure State will be imperative for customers. As we were operationalizing security across our own growing multicloud footprint, we realized the following:

  • In the public cloud, the way users build and configure applications is constantly changing. Correlating risk across cloud misconfigurations and threats in a dynamic environment is a real challenge for teams. And to enable better security, several groups need more visibility – from vulnerability management and security operations to engineering and DevOps teams that spin up resources.
  • Without context, solutions that periodically scan the cloud to validate configurations can overlook serious vulnerabilities, overwhelm security teams with false positives, and create cloud usage conflicts with DevOps teams due to API throttling.

Put simply, we found that the first-generation approaches aimed at performing simple, siloed, periodic checks were leaving critical gaps in an organization’s cloud security posture.

Minimizing cloud security risk with an Interconnected Data Model

CloudHealth Secure State takes a fundamentally different approach to public cloud security. It improves visibility, the speed and sophistication of vulnerability and threat detection, and correlation of risk across dynamic cloud infrastructure.

ml-Picture1.png A prime example of CloudHealth Secure State in action today is Zipwhip, a leader in business text messaging. As a fast-growing SaaS company with  262% YoY message-volume growth  through API and software solutions, being able to scale effectively is critical. “ We cannot let a lack of visibility derail our pace of innovation and expansion, particularly when it comes to ensuring proper security across our multicloud environment and managing our ongoing SOC2 compliance,” said Kolby Allen, Platform Operations Architect at Zipwhip. 

Foundational to CloudHealth Secure State is an Interconnected Cloud Security model, an intermediate data layer that leverages cloud APIs, change events streams, and native threat data, to give you a better understanding of posture vulnerabilities, how different assets are interconnected, and the associated risks and threats across multiple clouds. As cloud objects, data, and relationships change, CloudHealth Secure State intelligently updates the model in near real-time to understand both the direct and correlated risks of each change.

Risk scoring_0.png

Security violation chain and risk scores

Speaking on the benefits of this approach, Zipwhip’s Kolby has said: “CloudHealth Secure State enables us to visualize risk with a graph view, so that we can easily convey the impact of changes to key stakeholders – for example, we can show that something is not just affecting a server but also certain databases that are connected to it.”

As their cloud infrastructure becomes more dynamic, companies look for detection approaches that are more sophisticated and can keep pace with transitory changes. data.world is another great example of a company leveraging CloudHealth Secure State to unlock this new level of visibility. “Secure State clearly stands out for me in two ways. First, how it handles changes is different. Most configuration audit solutions offer a point-in-time assessments only. CloudHealth Secure State monitors for new findings as they occur, and immediately attributes them to root causes,” explained Steve Verleye, Director of Engineering Operations at data.world, a modern catalog for data and analysis with hundreds of thousands of datasets.

Elaborating further on his experience with CloudHealth Secure State, Steve said: “Second, while other solutions are limited to one-dimensional inspections of resources, CloudHealth Secure State tracks our entire infrastructure and the relationships between resources. With a graph representation of our infrastructure, CloudHealth Secure State is able to detect transitive exposures other solutions cannot. Having a connected data representation of cloud configuration provides a rich resource for detecting security problems as well as a visual aid for our administrators and developers to understand complex deployment environments.”

Today, CloudHealth Secure State is already monitoring thousands of production cloud accounts across AWS and Azure and helping multiple customers:

  • Better understand cloud deployments, relationships, and risks
  • Automate cloud compliance monitoring
  • Improve Cloud Security Posture Management (CSPM) to detect interconnected service violations
  • Investigate and correlate vulnerabilities with cloud-native threat detection
  • Distribute real-time security insights across DevOps teams

VMware previews forthcoming Secure State capabilities

VMware is also announcing the following Secure State capabilities can be made available to customers in preview*:

  • A new cloud query service to allow powerful investigation of cloud asset relationships
  • A machine learning service to improve detection of cloud anomalies and suspicious activity
  • A new auto-remediation approach that enables flexible controls across security and DevOps teams

*Note: Feature(s) released in preview are intended to gather feedback and there is no commitment or obligation from VMware that items in ‘Preview’ status will become ‘Available’.

In addition to these services, we will continue to extend our multicloud support to other cloud environments including Google, Kubernetes, and VMware Cloud on AWS. We look forward to partnering with our customers on these solutions.

Support for a broader, open security ecosystem: what partners are saying

The cloud offers enormous business benefits, along with a foreseeable increase in cybersecurity risk exposure. Organizations want to see their cloud security posture relative to the risks, and they want to manage that risk without sacrificing innovation and speed. CloudHealth Secure State can help organizations maintain visibility across multi-cloud environments and get the risk insights they need to make timely business decisions.

Wendy Thomas

SVP, Business & Product Strategy, Secureworks

As experts in digital risk management, RSA knows that the risks organizations face change as they move workloads to the public cloud. Essential to mitigating digital risk in multicloud environments is proper configuration, monitoring malicious activity and preventing unauthorized access to applications and data. With Secure State, security teams get a scalable solution that empowers developers to embed security checks early into application deployment and configuration. That can fill a major gap in the industry, as the number of cloud services and the sophistication of cloud-native applications expand

Grant Geyer

SVP, Products, RSA

Within dynamic cloud infrastructure, it’s important for SOC teams to continuously monitor cloud assets, quickly detect vulnerabilities and correlate risk across the overall threat landscape. The availability of CloudHealth Secure State brings a novel security approach and powerful visualization capabilities to market. Together with CloudHealth by VMware, Splunk is committed to driving product integrations that help joint customers better detect and respond to risk across multi-cloud environments.

Aziz Benmalek

VP, Global Partners and Channel Chief, Splunk

You can learn more about CloudHealth Secure State with our solution brief. And if you’re looking for more information on building a successful cloud security practice, see our in-depth whitepaper: Building a Successful Cloud Infrastructure Security and Compliance Practice