East-west security is the new battleground for keeping enterprises safe from malicious actors. As we all know, perimeters will be breached. That’s a given. The massive scale of data center infrastructure makes it too easy for bad actors to find a vulnerable, unpatched server, penetrate it, and hide out — often for months and years — stealing your information, monitoring your communications, and causing disruptions.
According to Ambika Kapur, vice president of product marketing for VMware’s networking and security business unit, it’s imperative that enterprises come to the realization that bad actors will get into the network — and focus more on blocking their lateral movement once they make that initial breach. She spent years in the firewalling space at Cisco and learned how vulnerable perimeter security can be. Now, at VMware, Kapur is helping to lead the effort to make east-west security a viable option through a software-based approach that is scalable and cost-efficient.
Check out Kapur’s VMworld breakout session on operationalizing east-west security at scale to learn exactly how we are able to stop the lateral spread of threats and ultimately harden enterprise security:
Rather than hairpinning traffic to a dedicated physical appliance, VMware breaks up the firewall into thousands of pieces of software and distributes it to the hypervisor in the server, automatically applying the appropriate security policies and controls to all the services that make up a workload. This software-based approach enables east-west firewalling at scale up to 20 Tbps — delivered at one-third of the cost of traditional firewall systems.
Operationalizing Advanced East-West Security at Scale in the Datacenter (VCNC2921)
In most major cyber breaches, the real damage is done not by the initial breach, but by the lateral movement and persistence of adversaries in the network. Expecting DevOps teams to patch every vulnerability is operationally unattainable. VMware is pioneering a new distributed approach to security that delivers granular enforcement of virtual patching and blocks the lateral movement of threats. The approach extends the concept of virtual patching beyond web applications to every workload in the datacenter. Further, by leveraging recently acquired NDR technology from Lastline for in-band inspection of every flow, the distributed firewall goes beyond basic access controls to deep behavioral inspection that can tell friend from foe on all east-west traffic.
It’s Time to Rethink How You Protect the Enterprise from Malicious Threats
East-west security is the new battleground. Enterprises need to rethink how they protect themselves from malicious actors and focus more on stopping the lateral movement of threats once they’ve made that initial breach. VMware takes a software-based approach to deliver the scalability and operational efficiency required to make east-west firewalling a viable option. Explore the VMworld Network and Cloud Security on-demand sessions today to learn how you can modernize your data center architecture.
Learn more about our approach to internal firewalling with our Internal Firewall for Dummies Guide.