Latest enhancements include significant scale increase, simplified Distributed Firewall operations, enhanced NDR threat defense and streamlined Security Intelligence capacity planning
Digital enterprises need to combat relentless malware and ransomware attacks to protect their crown jewels – applications and data. All private cloud workloads – critical as well as non-critical – must be equally protected to make it difficult for an attacker to infiltrate. In case of an infiltration, it is important to restrict its lateral (east-west) movement and quickly detect and remediate threats. A comprehensive private cloud defense strategy demands a multi-pronged approach: application and threat visibility, multi-level segmentation, and threat defense. VMware vDefend for zero trust lateral security delivers an integrated full-stack security solution, including advanced threat prevention (ATP), and is plug-and-play with the VMware Cloud Foundation (VCF). Enterprises can truly implement multi-layer defense-in-depth security for application workloads, leveraging vDefend capabilities listed in the diagram below.
With vDefend’s single console, single support call, built-in cloud operating model, and AI/ML-driven intelligence, security teams can significantly streamline protecting application workloads (VMs, containers, and bare metal) and speed up threat detection and mitigation. They no longer need to deal with the cost and complexity of managing multiple point products.
Today, we are further strengthening our vDefend portfolio for zero trust lateral security with the following enhancements:
- Firewall Scale Enhancements:
- 1.5X to 10X scale increase in firewall rules and groups to extend security to all (critical and non-critical) VCF workloads
- Advanced East-West Ransomware Defense:
- Multi-context NDR is now delivered on-premises for compliance and regulated environments, especially in government, financial, and healthcare verticals
- Integration of multi-context NDR’s correlated threat events with third-party SIEMs to enable rapid threat detection
- Simplified Firewall Operations for East-West Traffic:
- Streamline firewall operations with new dashboards
- Simplify troubleshooting for Kubernetes workloads with new trace flow enhancements
- Centralized firewall policy management now includes Kubernetes workloads, thus providing a single policy pane for all workloads
- Streamlined Deployment of Security Intelligence:
- Sizing tool enables security team with calibrated capacity planning, especially in larger environments, and significantly reduces deployment time for attaining comprehensive VM-to-VM visibility
These enhancements are delivered through the VCF 5.2 release.
Deploy East-West Security at Cloud Scale
Significant Increase in Distributed and Gateway Firewall Rules & Group Scale
Modern enterprise consists of thousands of applications that need to be secured through access control policies applied across application groups. vDefend Distributed Firewall and Gateway Firewall architecture has been enhanced to support significantly higher – 1.5X to 10X – firewall rules and grouping scale. Enterprises can now extend equal protection to all workloads – critical and non-critical – and thus make it extremely difficult for an attacker to infiltrate.
Advanced East-West Ransomware Defense
Multi-Context Network Detection and Response (NDR) now available on-premises
Many of our customers have highly sensitive workloads that drive strict data privacy and data sovereignty requirements. With the introduction of on-premises vDefend Network Detection and Response (NDR), we are addressing customers’ data privacy concerns. The vDefend NDR continues to detect known and zero-day threats and uses multi-context correlated insights (across Distributed IDS/IPS, Distributed NTA and VM-aware Malware Prevention contexts) to identify threat campaigns with high fidelity. Network security and security operations teams get a comprehensive view of lateral intrusion attempts within the application environment.
Integration of vDefend NDR with external SIEMs for efficient detection and triage of threats
Security operations teams frequently rely on SIEM (Security Information and Event Manager) systems as the starting point to detect and respond to threats across their application environment. A brute force approach to exporting NDR alerts related to east-west traffic can overwhelm the SIEM. Instead, the vDefend NDR logs fully correlated intrusion campaigns and the individual threat detection events to a SIEM, enabling SOC operators to efficiently triage and rapidly respond to threats. Threat event logging also enables organizations to meet compliance requirements. Full packet captures (PCAPS) for associated IDS detection events are also available to assist in threat investigation.
Simplify Firewall Operations for East-West Application Traffic
Enhanced Firewall Operational Analytics with New Dashboards
In our continuing efforts to automate and simplify firewall operations, we are delivering aggregation and correlation of east-west traffic data to take effective operational decisions for micro-segmentation. The new dashboard solves a very acute challenge of lack of east-west visibility into security related analytics inside the private cloud. The operations dashboards provide top firewall hits, top talkers, and top traffic inspected along with classification of sources, destinations and amount of traffic. This new dashboard simplifies the correlation of various security events and enriches the network traffic reports for day-to-day operations. It also assists with the detection of security or operational issues based on patterns.
Simplifying Distributed Firewall troubleshooting for Kubernetes workloads
As customers are pursuing zero-trust models for their Kubernetes workloads (in addition to VM workloads), it is imperative that net-sec teams can detect and troubleshoot network paths. We are adding firewall rule information to trace flow that can help detect and understand the role of the firewall in a specific type of network flow. This gives network-security teams a consistent tool that takes into account micro-segmentation deployed for VM workloads as well as the Kubernetes pods within their datacenter.
Centralized policy management of native Kubernetes Security Policy
As app developers embrace Kubernetes based applications, the use of native Kubernetes Network Policies has become ubiquitous. vDefend provides a single pane of glass to centrally manage both security admin enforced policies and developer created policies. Developer created Kubernetes security policies are no longer a black box to the net-sec admin. This significantly helps streamline audits, troubleshooting for policy inconsistencies and triaging during a threat incident.
Security Intelligence – Streamlined Deployment
Sizing tool ensures calibrated capacity planning for east-west traffic visibility
Visibility into VM-level east-west traffic is crucial for ensuring security—seeing is essential for securing. Security Intelligence provides detailed visibility into VM-to-VM traffic and recommends Distributed Firewall security rules. Due to the high volume of east-west traffic and its associated flows, customers often struggle to determine the correct sizing for Security Intelligence nodes. The new sizing tool for Security Intelligence allows for calibrated capacity planning, enabling customers to deploy Security Intelligence at the appropriate scale.
What’s Next?
With these vDefend innovations for zero trust lateral security, we are continuing to strengthen the security posture of VCF workloads to defend against an evolving threat landscape. Unique combination of firewall controls, VM-level visibility and advanced threat prevention for east-west application traffic delivers a true multi-layer defense-in-depth protection. Our Project Cypress initiative – a GenAI based threat defense co-pilot (demonstrated at VMware Explore in Barcelona, Nov 2023) – is expected to further simplify and speed up threat triaging and mitigation. We look forward to sharing more vDefend enhancements at VMware Explore in Las Vegas (August 26 – 29, 2024).