Announcing Micro-Segmentation Quick Start Wizard, NDR Sensor for datacenter-wide threat visibility, Fileless Malware Defense, and a tech preview of Lateral Security for Agentic AI
In a world where cyber threats evolve by the nanosecond and AI/GenAI is reshaping every industry, security can feel like a game of endless catch-up. But what if you could not only keep pace but truly get ahead? At VMware Explore 2025, we’re unveiling innovations in VMware vDefend – an advanced service for VMware Cloud Foundation (VCF) – that don’t just react to threats but fundamentally change how you build, operate, and secure your enterprise private cloud, including your most critical AI workloads.
Key highlights from VMware Explore 2025 showcase our latest vDefend Innovations for protecting workloads on the VCF private cloud.
- Accelerate Zero Trust: New built-in automation-driven workflows for multi-stage segmentation and firewall rule analysis features streamline lateral security, making your journey to Zero Trust private cloud faster and more efficient than ever.
- Extended Threat Detection: Introducing a standalone NDR sensor to provide comprehensive datacenter-wide threat visibility across all types of network traffic – workloads (virtual, container, and bare-metal) and network devices.
- Fileless Malware Defense: vDefend introduces advanced capabilities for fileless malware detection, directly targeting stealthy in-memory attacks, including PowerShell, VBScript, and JScript-based attacks.
- vDefend and AI:
- GenAI Assistant for Firewall Operations – Introducing the tech preview of the Gen AI assistant for vDefend Firewall operations to simplify operations and speed up issue resolution by providing insights into dynamic security events like real-time policy violations or blocked applications
- Lateral Security for AI Workloads: Introducing tech preview of zero-trust lateral security for Agentic AI workloads running on VMware Cloud Foundation (VCF) Private AI Foundation (PAIF)
Accelerate the Zero Trust Journey with VMware vDefend
In this section, we are describing vDefend enhancements that streamline and speed up the zero-trust journey for VCF private cloud workloads.
Fast-track Segmentation of Private Cloud Workloads
Customers face two key challenges during zero trust roll-out in brownfield environments: (1) assess current segmentation posture and identify gaps, and (2) quickly address security gaps to improve segmentation posture.
We addressed the first challenge earlier this year with Security Segmentation Score and Assessment Report, which provided a real-time assessment of private cloud segmentation posture and lists recommendations to significantly improve the posture. With today’s announcement, we are addressing the 2nd challenge through a prescriptive, multi-stage segmentation workflow designed to progressively secure private cloud (east-west) traffic. This includes: shared services (infrastructure) protection in Stage-1, and granular, application-level protection in Stage-2. This structured and automation-driven approach removes the guesswork and speeds up micro-segmentation across all VMware Cloud Foundation (VCF) private cloud workloads (critical and non-critical).
The workflows guide you through securing workloads in progressive layers.
Stage-1 Protection: It begins with fortifying foundational services and shared infrastructure, such as DNS, DHCP, Active Directory, etc., which form the backbone of your private cloud.
Stage-2 Protection: Then, it guides you through reducing your attack surface layer by layer, establishing robust zone-level protection and intelligent segmentation between zones.
Stage-3 Protection: Finally, it helps you automate sophisticated application-level protection, securing traffic within and between your applications.
The cornerstone of this approach is a tag-based declarative policy model and an AI/ML-driven rule recommendation engine. Alongside this, continuous monitoring detects changes and recommends updated rules to maintain a strong security posture over time. To simplify implementation, the platform also supports importing your data center hierarchy, tagging, and automatically creating and assigning groups for policy enforcement.
Net-net, customers can significantly improve their segmentation posture in a few weeks.*
Simplify and Optimize with Firewall Rule Analysis
With a large number of apps being segmented, this can result in a significant number of security policies that are difficult to manage. Unlike traditional IP-address-centric firewall rules, vDefend already simplifies and scales security policies with:
- Tag-based declarative policy model
- Recently enhanced policy scale (firewall rules: 120K → 200K, Tag groups: 10K → 115K)
Still, over time, security policies can become suboptimal and bloated. That’s where Firewall Rule Analysis comes in. This powerful feature analyzes Distributed Firewall (DFW) rules, ensuring security policies are lean and efficient.
vDefend’s Firewall Rule Analysis identifies and flags seven critical rule optimization opportunities: duplicate rules, redundant rules, rule consolidation opportunities, rule contradictions, shadow rules, overly permissive rules, and ineffective rules. This calibrated analysis helps eliminate rule bloating and fix potential security misconfigurations. Forget laborious manual scripts or the need for separate, third-party tools for DFW rule analysis within your VCF private cloud; vDefend offers faster and far more comprehensive detections for both firewall misconfigurations and firewall rule optimization opportunities at no additional cost. Unlike general-purpose third-party tools that may require complex integrations and lack the deep context of your VCF environment (e.g., identify rules based on VM tags), vDefend’s firewall rule optimization is purpose-built to analyze published DFW rules directly, ensuring unparalleled accuracy and efficiency. Plus, with the ability to schedule automated reporting or perform on-demand analysis via UI, API, and downloadable CSV reports, firewall admins have full visibility and control over their rule sets.
In summary, vDefend’s built-in tools to fast-track segmentation and to optimize firewall rules are designed to empower firewall teams to confidently accelerate the Zero Trust journey, making robust lateral security a reality in a short period of time rather than a multi-year aspirational goal.
Enhancements in vDefend’s Advanced Threat Prevention (ATP)
This section highlights vDefend ATP enhancements for threat detection and prevention.
Introducing NDR Sensor for Extended Threat Visibility and Detection
vDefend’s Network Detection and Response (NDR) has enabled the detection of sophisticated threat campaigns for VCF workloads. Because of vDefend’s integration with VCF, the NDR operates on multiple sources of alerts (from IDS/IPS, Malware prevention, and Network Traffic Analysis), delivering very high-fidelity threat detection. The vDefend NDR also curates events and only sends high-severity threats and correlated campaigns to the corporate SIEM, hence reducing SIEM cost and alert fatigue.
Many customers would like to extend this advanced NDR’s scope to datacenter-wide traffic. Hence, we are introducing the NDR Sensor for VMware vDefend. It can be deployed into existing monitoring (Tap/SPAN) fabrics to collect traffic from other network & client devices, for analyzing datacenter-wide threat campaigns.
Detect Stealthy In-memory Attacks with Fileless Malware Detection
One of the most insidious and challenging threats today is fileless malware, which operates entirely in memory, leaving no traditional footprint on the disk. It often exploits legitimate tools like PowerShell, VBScript, and JScript to evade traditional security controls. Real-world attacks have seen PowerShell abused for credential dumping, VBScript leveraged for malicious downloaders, and JScript used in sophisticated phishing campaigns—all without dropping a single file to disk.
By integrating directly with the Antimalware Scan Interface (AMSI) for Windows workloads, vDefend ATP now inspects and intercepts these malicious scripts before execution, stopping Living-off-the-Land (LotL) tactics in their tracks. This in-memory detection capability not only detects attacks that bypass conventional file-based defenses but also delivers rich telemetry, execution context, and forensic artifacts to security operations teams, enabling faster investigation and response. With this enhancement, vDefend helps customers close a major blind spot exploited by today’s cyber adversaries and protect critical workloads.
AI/GenAI and VMware vDefend
AI is critical in security, and hence it has always been an integral component of vDefend.
- AI/ML has been extensively leveraged in vDefend. This includes application visibility, segmentation scoring, and rule recommendations.
- GenAI-based Intelligent Assist (IA) for Threat Defense was recently introduced to help security analysts simplify and speed up threat investigation. It can explain threats and threat campaigns as well as suggest mitigation options.
vDefend’s AI/ML and IA get the complete data, rich context, and the broadest scope for private cloud due to (1) vDefend’s integration with VCF and (2) vDefend’s multi-function code base (involving visibility, comprehensive segmentation with distributed firewall, IDS/IPS, NDR/NTA, and Malware Prevention). This enables IA chatbot to deliver highly calibrated insights.
We are furthering vDefend’s AI journey with the following tech previews:
- GenAI assistant for firewall to simplify vDefend Firewall operations and speed up issue resolution. Customers will be able to derive valuable insights from the security infrastructure’s dynamic operational state.
- Zero-trust lateral security for AI and Agentic AI workloads. AI workloads are creating a new attack surface, and hence protecting them day-1 is becoming a necessity. vDefend Firewall’s 20 Tbps performance and built-in integration with VKS & Kubernetes are critical capabilities for security AI and agentic AI workloads.
Attackers are heavily utilizing AI/GenAI technologies to infiltrate IT environments. VMware vDefend’s focus is to leverage AI/GenAI to deliver better security and empower security professionals to effectively combat the evolving cyber landscape.
For a deeper dive on the above tech previews, please check out our dedicated blog Security and Load Balancing Innovations in the Age of GenAI and Agentic AI.
vDefend at VMware Explore 2025
We invite you to experience vDefend’s latest advancements firsthand by joining our breakout sessions at VMware Explore and discover how vDefend is redefining what’s possible in enterprise private cloud security. Your journey to a more secure, resilient, and AI-ready future starts now.
Editorial Note: The information included in this blog is for informational purposes only and may not be incorporated into any contract. There is no commitment or obligation to deliver any items presented herein.
