Highlights: Innovations focus on GenAI assist for threat defense; greater performance, assessment and deployment flexibility for malware and ransomware prevention; VCF 9 integrations and Zero trust lateral security enhancements
We are in an early stage of a thrilling journey with generative AI (GenAI) and large language models (LLMs). There is tremendous excitement in regards to the benefits GenAI/LLMs can offer, especially in enterprise security. Sadly, the same technologies are being utilized by attackers to probe for weaknesses in enterprise defenses to get to the crown jewels (critical enterprise data). This is enabling attackers to launch increasingly faster and more complex attacks. The traditional approach—providing strong protection for crown jewels (business-critical apps) and basic protection for all other workloads—has been proven radically ineffective. This has become a boon for attackers, who can easily infiltrate non-critical workloads and move laterally toward critical assets.
To meet this challenge, enterprises must quickly adopt multi-layered defensive strategies emphasizing zero trust for application access and strict adherence to the principle of least privilege. Often overwhelmed by managing multiple disparate point products, security teams yearn for a comprehensive full-stack, hypervisor-integrated solution that offers visibility, segmentation, and threat defense and is easy to deploy and operate. A lateral security solution must be deployed at speed, operate at scale, diagnose quickly in case of a security incident, and reduce the overall cost of ownership.
At Explore Las Vegas 2024, we are highlighting our next chapter of innovations for the GenAI era:
- Project Cypress: GenAI-based intelligent assist for threat defense for alert triaging, contextualize insights into threat campaigns and remediation recommendations
- Malware and Ransomware Prevention enhancements:
- Distributed IDS/IPS: 2X – 3X performance increase (ideal for AI/ML workloads), and support for multi-site (multi-instance) VCF with centralized management (delivering consistent enterprise-wide security posture)
- Malware Prevention: Support both file-based and file-less (in-memory) malware prevention as well as on-prem deployment for regulated organizations with air-gapped environments.
- Rapid Threat Assessment: Comprehensive east-west threat assessment and reporting without the need to install agents.
- Bare metal workload support: Enhanced threat detection and prevention support for bare metal workloads for unified security across physical and virtual environments.
- VCF 9 Integrations
- VCF Import: Simplify the integration of existing security configurations into VCF 9
- Native VPC Integration: Integrate security workflows with VPC functionality, enabling firewall admins to define and delegate security policies to app owners for self-service operations.
- Zero Trust Lateral Security Enhancements
- Firewall Rule Impact Analysis: Advanced rules analysis provides immediate visibility into how security policies impact workloads. Eliminate ineffective and redundant rules to ensure optimized security effectiveness.
- Geo IP filtering: Uniquely manage and secure traffic by allowing or blocking connections to a specific geographic location directly at the T0 gateway firewall, enabling precise control over global traffic flows.
Project Cypress: GenAI Co-pilot for Threat Defense
Security teams struggle with high false positive rates and the complexity of threat triage workflows. It hasn’t been simple to correlate actions across campaigns or to determine which alerts are related to the same threat. Project Cypress, powered by GenAI and LLM, can change the game, making it faster to understand the true scope and impact of threats and remediate high-impact events with just a few clicks. Security analysts can interact with vDefend through an easy-to-understand natural language interface. They can see which alerts are related to one another at a glance, ask questions to gain additional context, and get recommendations for effective remediation steps. The GenAI copilot eliminates false positives, reduces the number of alerts by ~10X, gives security teams greater situational awareness across their environment, and speeds up remediation.
Malware and Ransomware Prevention Enhancements
Industry-leading malware detection capabilities deployable on-premises for highly regulated industries
Thorough file analysis is essential for detecting and blocking file-based threats. The VMware hypervisor can act as a sensor, intercepting files locally before they’re written to disk and extracting them for analysis through the Guest Introspection functionality. VMware vDefend’s comprehensive detection pipeline performs static file analysis as well as advanced dynamic analytic techniques such as memory analysis, ML-based behavioral analysis, and code gene analysis to identify and block malicious files. Formerly available only in our cloud sandbox environment, these analytic activities can now be conducted on-premises, meeting regulatory requirements that mandate air-gapped VCF deployments since no data is sent outside of the organization’s environment for analysis.
Centralized global management of IDS/IPS policies and signatures across multi-instance VCF deployments
Customers with large, multi-instance (federated) environments require consistent, organization-wide IDS/IPS security policy and signature management. Planned centralized policy management capabilities make it possible to deliver global IDS/IPS security policies across distributed VCF deployments. Support for multiple IDS/IPS signature bundle assignments allows customers to apply specific signature bundles where needed across their VCF deployments, and an air-gapped mode enables delivery of IDS/IPS signature bundles to Local Managers even when internet connectivity and compliance restrictions are in place. Together, these capabilities ensure consistent threat prevention policies across multi-instance VCF deployments and simplify operations with all IDS/IPS events made visible within a single management console (Global Manager).
Security Intelligence: Rapid Threat Assessment
Security operations teams need to understand the current state of their environment so that they can quickly take action to evict any malicious actors that might be lurking around. Installing agents or additional tools takes time and effort, impacting performance and end-user experience. VMware vDefend now enables security teams to use the VMware hypervisor as a threat sensor, so they can perform a comprehensive east-west threat assessment by leveraging a solution that is already in place. Threat profiling can be completed with just a few clicks, and because vDefend is integrated with VCF, security teams can immediately act upon the findings. Security Intelligence for vDefend leverages AI and machine learning (ML) to create security rules and policy recommendations based on the threat assessment, and vDefend Distributed Firewall can implement these rules and policies immediately. Not only can security operations teams better understand their current security posture by conducting this assessment, but also can readily deploy advanced controls to block any future lateral movement of threats.
VCF 9 Integrations
vDefend: Integration with Native VPC
VMware vDefend will integrate with VCF 9 native VPC to allow security administrators to set information security standards that will be consistently enforced across their VPC and delegate controls to individual application teams for self-service. vDefend gives administrators more granular control over threat prevention so that policies can be applied to individual applications. Security Groups can designate VPC-level policies, and logs can be generated at a per-VPC level.
Zero Trust Lateral Security Enhancements
Distributed Firewall: Enhanced Firewall Rule Analysis
Visibility into how security policies impact business operations is critical for security operations teams, but stakeholders also need to understand whether their policies are effective. Planned enhancements to the Security Intelligence rule recommendation engine will enable users to rapidly identify and eliminate rules that do not improve security effectiveness. Dynamic policy analysis will allow organizations to reduce their attack surface by weeding out overly permissive, ineffective, and redundant rules. Conflict and overlap analysis will enable the simplification and consolidation of policies, while predictive impact analysis helps teams understand the impact that security policies would have on business operations before they’re put into place. These capabilities allow customers to design and deploy simple but highly effective security policies and update them at application deployment speed in real-time. Ongoing health monitoring immediately alerts if newly deployed applications require changes to the security policy environment.
This comprehensive set of innovations further strengthens VMware vDefend multi-layer zero trust lateral security to protect your VCF Private Cloud.
Disclaimer – Statements regarding plans, directions, and intent are subject to change or withdrawal without notice at the sole discretion of VMware.
Join us at Explore 2024 Las Vegas to learn about our innovations and strategy in our Application Networking and Security Division.
- Keynote session, Innovations in Ransomware Prevention and Cloud-Speed Application Delivery with vDefend and Avi
- Curated list of sessions on VMware vDefend at Explore
Read our prior blogs, whitepapers and business value study on VMware vDefend.