Network Security Threat Intelligence

VMware vDefend – Defending Corporate Crown Jewels Against Unrelenting Cyber Attacks

The grim reality of today’s evolving threat landscape is that digital enterprises are getting breached daily. Despite deploying perimeter security, attackers are able to get in. The impact of malware and ransomware is the theft of sensitive data (such as intellectual property, personally identifiable information, and classified information). 

Traditional appliance-based point solutions don’t work for lateral (east-west) security because you need to protect every workload on every host. Stitching together multiple products and operating them through multiple consoles is extremely complex and error-prone, and still does not deliver the necessary visibility and protection to combat cyber threats. Lateral security challenges highlighted in the diagram below need to be comprehensively addressed.

An architectural approach is necessary to protect enterprise crown jewels—applications and data. This blog highlights how VMware vDefend (formerly VMware NSX Security) architecture and product portfolio delivers enterprises’ tactical needs to defend against relentless cyber attacks while ensuring a flexible and future-proof architecture to meet tomorrow’s security challenges. 

Figure 1. Lateral Security – Customer Challenges

 

VMware vDefend to Enable Zero Trust Lateral Security

There are different types of attacks on application workloads, which demand different types of digital defenses. Workloads can be virtual machines (VMs) and/or containers – hosted on VMware Cloud Foundation (VCF) – as well as bare metal servers. An attacker uses a software vulnerability, for example, in application software or network protocol, or a malicious file to gain entry. The attacker then moves laterally, potentially infecting other workloads. This lateral movement can continue for months till a high-value asset is found for theft or ransom.

VMware vDefend delivers a multi-layer defense to protect application workloads by dramatically minimizing the attack surface. This is shown in the diagram below. Its unique advantage is that (1) this is software-defined distributed architecture, (2) it is hypervisor integrated, and (3) it scales horizontally with hosts.

Figure 2. VMware vDefend multi-layer defense to protect application workloads

The VMware vDefend product portfolio includes:

  • Distributed Firewall (DFW): A software-defined Layer 2-7 firewall integrated into the hypervisor that delivers scale-out micro-segmentation
  • Gateway Firewall (GFW): A software-only L2-7 firewall designed and deployed for use cases such as: 
    • zone-based controls for application workloads. 
    • policy controls for traffic entering and/or existing VCF workload domains. 
  • Intelligence: A distributed analytics platform that provides network traffic visibility across virtualized environments – every host and every workload – and automated rule recommendations for micro-segmentation 
  • Distributed Intrusion Detection and Prevention System (IDPS): Inspects network traffic for malicious activities and security vulnerabilities. Simplifies compliance audits
  • Sandbox: Provides advanced malware analysis of artifacts by deconstructing malicious behavior engineered into a file or URL.
  • Network Threat Analytics (NTA): Detects anomalous activity and malicious behavior by identifying protocol anomalies (unusual protocol activity), traffic anomalies (unusual traffic activity), and host anomalies (unusual workload behavior)
  • Network Detection and Response (NDR): Enables the security team to visualize attack chains by condensing massive amounts of network data into a handful of “intrusion campaigns.” It achieves this visualization by aggregating and correlating security events such as detected intrusions, suspicious objects, and anomalous network flows.

These are not disparate products – it’s a full-stack security architecture where these security capabilities work seamlessly together. VMware vDefend delivers comprehensive protection by eliminating blind spots – for every workload on every host. The vDefend portfolio can be deployed stepwise to incrementally enhance the defense-in-depth posture. It’s still a single console, a single API interface, and a single support call, plus it’s plug-and-play with VCF – so it is easy to deploy and operate.

VMware vDefend and AI/GenAI

Today, no conversation is complete without a discussion on AI/GenAI. VMware vDefend Intelligence has been leveraging AI and ML for some time now for visibility and threat analytics as well as for firewall rule recommendation. Additionally, GenAI and the underlying Large Language Model (LLM) technology is the right approach for quickly identifying threat campaigns from a large volume of alerts. This is enabled by our Project Cypress, (see demo). It significantly reduces the alert volume, identifies active threat campaigns, and explains how a threat manifests. The cherry on top is that it offers remediation options and configures a distributed firewall or IDPS for enforcement.

VMware vDefend is a proven solution for lateral security, deployed by the world’s most demanding enterprises and service providers. It is ready to protect your crown jewels, too!