VMware Cloud Web Security™ is a cloud-hosted service of VMware SASE that protects users and infrastructure from a changing threat landscape. The solution provides visibility, control, and compliance when users — working from anywhere — access web applications. Using a global network of SASE Points of Presence (PoP), VMware Cloud Web Security offers consistent security enforcement that’s close to the user and optimally placed between users and their applications.
What has prompted the need for VMware Cloud Web Security?
Many changes are happening simultaneously. The adoption of SaaS and Internet applications have increased exponentially as organization accelerate migration to cloud. While some SaaS applications are well understood by enterprise IT in terms of their capabilities, risk and reputation, the majority of web applications used by different departments (lines of business) and employees are consumed without IT consent or administration. These apps are important for business productivity, but the lack of oversight introduces risks such as advanced threats, zero-day malware, and exposure of data by accident or intent. According to Verizon’s 2020 Data Breach Investigations Report1, about 43% of breaches involve web applications.
The enterprise network perimeter has all but vanished and users expect a secure and seamless experience when they access enterprise applications at any time, from any place, and on any device. Also, employees want to navigate between enterprise and social applications, especially on BYOD devices, without fear of security threats or concerns about compliance violations. Additionally, IT teams want to ensure they can protect users and infrastructure in a way that it does not impede employee productivity.
Why not stick to what is working?
What was working does not work well anymore. Legacy security solutions lack the agility to cope with the dynamic, contextual nature of applications and personalized websites born daily. These solutions deployed on-premises in data centers create sub-optimal user experiences and increased WAN costs. A large percentage of Internet and SaaS applications are encrypted and require deeper inspection. Appliance-based solutions lack the scalability required to inspect encrypted application traffic that are on an exponential growth curve. Lack of visibility and control of these apps places a significant burden on IT teams, who are tasked with assessing risk, security, privacy, compliance, and other factors to determine their safe use.
How have organizations responded?
One option is to kick the can down the road. Some organizations have responded to the changing threat landscape by extending a patchwork of legacy security solutions that are difficult to integrate. Extending this patchwork beyond security and into networking, these enterprises face a mismatch between security policy and network policy implementation, leaving blind spots in security enforcement. This is a common problem when multiple tools render a variety of services leaving the burden on IT teams to ensure consistency. VMware Cloud Web Security uses a single pane to manage networking and security policies with administrative separation between networking and security teams. Security admins can now configure security policies and networking teams can apply those policies to business applications, eliminating policy mismatch and security blind spots.
The majority of organizations are now taking a hard look at legacy paradigms and have realized that the only way to address the current challenges is by adopting a cloud strategy to security, leveraging a solution that protects users accessing cloud applications from anywhere without compromising user experience. VMware Cloud Web Security administers security on the optimal path using a global network of SASE PoPs to offer rich user experience and improved productivity for users working from anywhere.
VMware Cloud Web Security addresses numerous cloud web security use cases, including:
- Control web access: VMware Cloud Web Security acts as a central security control point by ensuring only authorized users have access to SaaS and Internet applications and enforcing policies for safe browsing from anywhere. Security admins can configure web access policies based on risk, behavior, app destinations, user groups, etc. The solution analyzes risks to determine which URLs, applications, or users are vulnerable to bring in malware. Additionally, it detects any polymorphic malware, looks for indicators of compromise and determines required actions to limit exposure. The solution also protects infrastructure from infected devices.
- Protect document and email download: Phishing is a common tactic that tricks users into clicking on a malicious link or download a malicious document sent by a seemingly trusted source. VMware Cloud Web Security ensures that employees can safely download email attachments without becoming a target for phishing or ransomware attacks. According to Verizon’s 2020 Data Breach Investigations Report, 46% of organizations received malware via email1. Email attachments and documents are inspected to determine whether downloaded content is benign or infected. The solution ensures users and infrastructure are protected from known and Zero-Day malware attacks with a combination of file hash checks, anti-virus protection, and sandboxing for unknown signatures.
- SaaS applications visibility and control: VMware Cloud Web Security helps IT get visibility into user activities when they access SaaS applications. The solution uses inline Cloud Access Security Broker (CASB) capabilities to help set policies for different actions that users can undertake, based on application type. For example, IT can determine that employees can have login access, download access, or upload access for file type applications including Box, Dropbox etc., while restricting summer interns from file downloads. The solution also provides control and security when employees navigate between enterprise and social applications. For example, users are allowed to download a file from Dropbox, however, they cannot attach any file to their LinkedIn email.
Figure 1: Granular controls for enterprise and social applications.
- Ensuring compliance: For industries such as healthcare or retail, ensuring compliance requires logging, alerting, and automated response to identify, prevent, trace, and isolate threats that impact the network, data and resources. Having a single management pane helps operations significantly reduce complexity and offers a common view for communication between multiple operations teams across networking, security, and compliance.
- To learn more about VMware Cloud Web Security visit https://sase.vmware.com/products/cloud-web-security.
- Verizon Data Breach Investigations Report: https://enterprise.verizon.com/resources/reports/2020-data-breach-investigations-report.pdf