The latest enhancements to the VMware vDefend portfolio include custom IDS/IPS signature options tailored for industry-specific attacks and a malware analysis test drive for advanced malware analysis.
In today’s evolving threat landscape, digital enterprises face sophisticated, laterally mobile cyberattacks within their private cloud environments. Traditional perimeter defenses are simply insufficient to secure east-west application traffic. Vulnerabilities such as Log4j and advanced malware such as Emotet serve as a wake-up call for all IT organizations. An effective security solution requires (1) comprehensive threat defense (including IDS/IPS, malware prevention, and network detection & response), (2) micro-segmentation to ensure zero trust for applications and restrict lateral movement of threats, and (3) operating at large scale and performance to protect all applications. VMware vDefend has provided these advanced security capabilities with the Distributed Firewall and Advanced Threat Prevention portfolio to protect VCF private cloud application traffic.
We are excited to unveil new vDefend Advanced Threat Prevention enhancements with the VCF 5.2.1 release:
- IDS/IPS Custom Signature Support: For our distributed and hypervisor-integrated IDS/IPS offering, customers can now import their own custom IDS/IPS signatures or those sourced from third-party threat feeds, enabling tailored defenses against industry-specific attacks.
- Malware Analysis Test Drive: This capability allows customers to upload artifacts (files/URLs) for in-depth analysis, providing crucial insights into highly evasive malware and zero-day threats.
Distributed IDS/IPS Enhancement – Custom IDS/IPS Signature Support
vDefend’s custom signature capabilities offer three key benefits: tailored defenses for applications, the ability to integrate third-party threat intelligence, and streamlined operational management of custom signatures. These features help enterprises stay ahead of evolving threats by customizing detection for their unique environments, incorporating industry-specific threat feeds, and simplifying signature lifecycle management.
Custom signatures allow businesses to protect critical applications with tailored defenses. With vDefend’s distributed IDS/IPS, organizations can create and deploy custom signatures or import existing sets (Figure 1), providing comprehensive monitoring for specialized applications. Security teams can capture (Figure 2) and analyze real-time traffic, and the insights can be used to generate these signatures.
By integrating industry-specific intelligence from platforms like ICS-CERT for critical infrastructure/Industrial Control Systems (ICS) or from Information Sharing and Analysis Centers (ISACs), such as FS-ISAC for financial services or H-ISAC for healthcare, customers can protect against targeted threats like attacks on SCADA systems, transaction fraud or breaches of personal health information (PHI). Additionally, the ability to consume non-industry-specific threat intelligence or threat-sharing platforms like MISP (Malware Information Sharing Platform), which offer early indicators of emerging threats, can help customers to “virtually patch” vulnerabilities by deploying customized signatures before official updates are released.
Operationally, vDefend simplifies custom signature management with tools for lifecycle control, ensuring accuracy and performance. Logs for custom signatures (Figure 3) integrate into the product UI and can be exported to SIEM, while PCAP collection enables precise packet analysis, further enhancing detection and response.
Malware Analysis Test Drive
For vDefend Distributed Firewall users, the malware analysis test drive provides limited-time access to advanced malware analysis, allowing customers to upload artifacts (files and URLs) for detailed examination without impacting production systems. Security analysts, who are constantly seeking out new malware—sometimes even scouring the dark web for emerging threats—can use this feature to test malware samples in a secure sandbox environment. This allows them to understand the behavior of new and evasive threats, including zero-day exploits. The resulting reports provide deep visibility into how malware interacts with the CPU, memory, and network. With this powerful functionality, organizations can better understand the behavior of emerging threats and strengthen their defenses.
What’s Next?
As we push the boundaries of cybersecurity innovation for lateral (east-west) traffic, vDefend remains at the forefront of defending against advanced threats with its multi-layer defense-in-depth distributed security approach. The fact that vDefend is plug-and-play (fully integrated) with VMware Cloud Foundation (VCF) private cloud, enables customers to deploy vDefend at speed and operate it at scale. Afterall, if lateral security roll-out is slow or it is not applicable to all workloads, the enterprise is really not secure. With vDefend, we are innovating across all aspects of lateral security.
Join us at VMware Explore Barcelona (November 4-7, 2024) to dive deeper into our latest innovations. Don’t miss out—register today!
