This blog was co-authored by Jared Ruckle and Jonathan Morin.

 

VMworld is one of the seminal weeks in enterprise IT. You gather with your peers to learn and discuss the challenges of the day. And what are those challenges? Three stand out:

  1. Rising consumer expectations. Your customers expect to interact with your brand on their terms. Self-service, mobility, and speed are table stakes. If you don’t deliver a responsive and engaging user experience, you’re irrelevant.
  2. Increased competition from startups and incumbents. Your competitors aren’t only your peers in the FORTUNE 500. Startups all over the world are looking to take your market share.
  3. Constantly evolving security threats from every direction. Speaking of table stakes: security. In an era where attacks can be launched for pennies – by anyone, from anywhere – you have take a different approach to InfoSec. You need to move faster. Speed and velocity aren’t just for development teams. It’s a crucial for a modern InfoSec mindset too.

 

Sound familiar? It should if you’re an IT leader. No matter where you are on your journey to get better at software, it’s always fun to learn from others. We want to highlight a few sessions with this idea in mind:

Combating Advanced Persistent Threats

Bad actors are attacking your systems in new and unpredictable ways. This session will arm with you strategies to fight back against Advanced Persistent Threats (APTs). What’s an APT you ask? APTs are breaches where an attacker gains access to your corporate network and stays there, undetected, for a long period of time. APTs are malware that lies in wait, gathering data, looking for passwords, credentials, and other secrets.

APTs love static environments. When nothing changes, an APT is able thrive and wreck havoc at a time of its choosing.

Wells Fargo has recognized the nature of APTs, and come up with a clever path to reduce the risk from them. Their engineers rebuild the Pivotal Cloud Foundry environment regularly. That’s right, they do a fresh install of the platform, from a known good state. APTs hate this, because it means the environment changes far more often than with a traditional, reactive security approach. With each rebuild, APTs and any other bad stuff is eradicated.

Best of all, the development teams at Wells Fargo aren’t disrupted from their daily work of pushing code to production. The zero downtime updates feature in PCF means that platform rebuilds can happen during business hours, with minimal interruption to engineers. These capabilities help you quickly repair your systems when a new vulnerability is discovered. You can apply fixes and updates as soon as they become available, without impacting the business.

If you’ve skimmed one of those reports on the state of Internet security, you realize what InfoSec teams are up against. Learn from your peers at Wells Fargo in this session!

 

Securing Pivotal Cloud Foundry by Regularly Rebuilding [CNA1464BU]

Wednesday, Aug 29, 3:30 p.m. – 4:30 p.m.
Matthew Saner, Principal Engineer – Cloud Security, Wells Fargo
Lance Rochelle, Cloud Engineering Executive, Wells Fargo

Want to know more about the innovation side of things at Wells Fargo? Check out these sessions:

How Technology is impacting the Next Wave of Financial Services Innovation [IND3722U]
Sunday, Aug 26, 1:00 p.m. – 4:00 p.m.
Manasee Dash, Global Lead, Financial Services Industry Product Marketing, VMware
Greg Lavender, SVP & CTO, Cloud Architecture, VMWare
Scott Crowell, SVP – Information Technology, Wells Fargo

Rethinking Financial Services: Adapting to a Digital Economy [LDT2787PU]
Monday, Aug 27, 4:00 p.m. – 5:00 p.m. | Mandalay Bay D, Level 2
Mike DiPetrillo, Senior Director, VMware
Manasee Dash, Global Lead, Financial Services Industry Product Marketing, VMware
Chris Kelada, Head of Cloud, Commonwealth Bank of Australia
Brian Link, Sr Director, UX Strategy & Engineering, Capital One
Scott Crowell, SVP – Information Technology, Wells Fargo

Weaving Network Security Into the Development Life Cycle

Continuous integration, test-driven development, and a microservices architecture have benefits for development velocity. They also improve your security posture at the application level; all three help you iterate and respond to new threats quickly. But the reality is the threat landscape is wide and diverse. That’s where your network comes in.

The network provides a vantage point that is both independent from the application, yet aware of its context, in the case of network virtualization. VMware NSX Data Center has taken this concept to heart, and redefined network security with micro-segmentation. More recently, the product has extended this thinking to container orchestrators and cloud native platforms. In fact, our product teams, in collaboration with our customers, have defined a new model for implementing the appropriate policies as developers spin up, spin down, update, and fix their containers and microservices. These capabilities are built-in, not bolted-on.

There are several sessions at VMworld on this topic. But here are two of our favorites for those looking for a good technical overview, a deep dive into Cloud Foundry and Kubernetes, respectively:

Introduction to Container Networking and Security with NSX-T Data Center [NET2068BU]
Tuesday, Aug 28, 2:30 p.m. – 3:30
Sai Chaitanya, Product Line Manager, VMware
Jon Ravenscraft, Cloud Technology Engineer, Kroger

NSX Design for Cloud-native Apps with Pivotal Cloud Foundry [NET1894BU]
Wednesday, Aug 29, 2:30 p.m. – 3:30 p.m.
Niran Even-Chen, Staff SE, NSX & CNA, VMware
Samuel Kommu, Sr. Technical Product Manager, VMware

Kubernetes Container Networking with NSX-T Data Center Deep Dive [NET1677BU]
Tuesday, Aug 28, 4:00 p.m. – 5:00 p.m.
Yasen Simeonov, Technical Product Manager, VMware

Reacting When Things Go Awry with Application Allowlisting

Sometimes, unfortunately, despite our best efforts, an app running in production still gets compromised. For these cases, wouldn’t it be nice if there was an approach that instantly isolates the app, and reacts to the attack whenever an app’s behavior deviates from what’s normal and expected? That’s precisely the idea with VMware AppDefense.

This intro session does a great job of providing an overview. Even better: Cambridge Savings Bank will discuss how they use this approach in the real world.

Introduction to VMware AppDefense [SAI3217BU]
Monday, Aug 27, 5:30 p.m. – 6:30 p.m.
Brian Landry, FVP / IT Director, Cambridge Savings Bank
David Anderson, Director, Security Product Marketing, VMware

 

See You At VMworld!

Modern security can sometimes feel like an exhaustive, never-ending chase where you never really get there. And security will always be paramount for IT practitioners. But you can stay one step ahead of bad actors with a smarter approach. That’s why we’re so excited about these new methods that make security intrinsic to our applications and infrastructure.

When we took a step back and looked at the VMworld agenda, it was interesting to see this theme of the sessions above. They all espouse the notion that you can’t sacrifice innovation for better security. Rather, you should use each one for the other’s benefit. And it’s not just vendors talking about this – you can hear it directly from enterprises like yours. Looking forward to meeting many of you next week in Las Vegas, find me at @JonathanMorin.