VMware vDefend for VCF 9.1: Zero Trust Lateral Security for the AI Era

New enhancements include Self-Service Lateral Security with VCF Automation, Unified Lateral Threat Prevention for VMs and VKS Workloads, High-Performance Threat Prevention with IDPS Turbo Mode, and Enhanced Distributed Firewall capabilities.

The rapid adoption of production AI workloads is reshaping the enterprise technology landscape, driving the growth of Kubernetes environments alongside existing VM-based infrastructure. As organizations deploy AI agents and AI workloads across private cloud environments spanning VMs and Kubernetes, the attack surface becomes larger and more dynamic. The result is a rapidly evolving threat landscape, driving the need to secure both VM- and Kubernetes-based environments efficiently and consistently.

Recent incidents, including the CISA-reported BRICKSTORM malware activity and the rise of AI-assisted semi-autonomous cyberattacks, underscore that adversaries are now operating at machine speed. At the same time, enterprises face several practical challenges: reducing the attack surface to prevent lateral propagation of threats, securing workloads at the speed of application deployments, enforcing consistent security across VMs and Kubernetes environments, delivering the performance required for AI and high-capacity workloads, and consolidating security within the core platform rather than relying on fragmented point solutions.

VMware vDefend is integrated with the VMware Cloud Foundation (VCF) platform, providing plug-and-play zero-trust lateral security that protects modern distributed workloads, including AI and high-performance computing, without compromising the performance and agility they demand.

vDefend’s hypervisor-native, distributed, software-defined model provides a closed-loop security architecture that uniquely enables visibility, prevention, detection, and mitigation for comprehensive multi-layer defense. Additionally, vDefend’s distributed policy orchestration allows policies to be created once and automatically enforced as workloads are created or moved.

New vDefend innovations for VCF 9.1

Self-Service Lateral Security with VCF Automation: VCF Automation’s Self-Service Lateral Security enables infrastructure and security teams to establish guardrails, such as predefined VPC security profiles and delegated distributed firewall (DFW) settings, allowing tenant admins to access security features on demand. This facilitates quicker application onboarding and ensures a uniform security baseline across all tenants.
Unified Lateral Threat Prevention for VMs and VKS Workloads: As agentic AI and cloud-native applications drive Kubernetes adoption, VMware vSphere Kubernetes Service (VKS) clusters can now be inspected and protected by the same high-performance distributed IDS/IPS that currently secures VMs. Security teams get one console, one policy model, and consistent lateral threat prevention across VMs, containers, and bare-metal workloads, eliminating the blind spots attackers exploit. Customers deploy IDS/IPS (1) to meet compliance requirements (PCI-DSS and HIPAA) and (2) to enable virtual patching that quickly protects against software vulnerabilities while patches are rolled out enterprise-wide.
High-Performance Lateral Threat Prevention: The new IDPS Turbo Mode delivers 3x throughput, increasing from 3 Gbps to 9 Gbps per host and up to 9 Tbps per VCF domain, enabling security teams to protect against software vulnerabilities (virtual patching) and behavioral threat detection for modern AI and high-capacity workloads.
Enhanced Distributed Firewall Capabilities: A 5x increase in Application Identification support for greater L7 visibility and simpler, granular security enforcement. Additionally, identity-based firewalling now supports a federated (multi-site) environment for consistent, simplified policy enforcement.

Built upon these key capabilities, vDefend serves as the comprehensive lateral security foundation for VCF, protecting VMs, containers, and AI workloads. The following sections will detail each of these key features.

Self-Service Lateral Security with VCF Automation

VDefend 9.1 introduces a comprehensive self-service security model that empowers Tenant Admins to manage network security directly within VCF Automation through five system-defined Security Profiles. The VPC Simplified Security feature provides one-click security for Virtual Private Clouds (VPCs) using consistent, repeatable security profiles. Tenant Admins can select a security profile for new and existing VPCs, automatically setting the default security posture and eliminating the need to manually create foundational Distributed Firewall (DFW) rules. The system-defined per-VPC DFW rules cannot be modified manually. Security policies follow a precedence order, with user-defined policies enforced before system-defined VPC security policies. This structure supports a self-service security model with automated DFW policies. In addition, this new release provides granular firewall control for both Distributed and Gateway Firewalls while enabling automated orchestration using Privileged Labels.

Unified Lateral Threat Prevention for VMs and VKS Workloads

vDefend delivers unified lateral threat prevention by extending its hypervisor-native IDS/IPS capabilities from VMs to vSphere Kubernetes Service (VKS) workloads via CNI integration. This architecture allows security teams to enable IDS/IPS at the pod level. This capability enables vDefend IDS/IPS to continuously inspect traffic, detect, and prevent threats for mixed-mode hosts (VMs and Kubernetes).

High-Performance Lateral Threat Prevention

VMware vDefend 9.1 delivers a major performance boost with the introduction of “Turbo Mode” for Distributed IDS/IPS, which triples threat-prevention throughput from 3 Gbps to 9 Gbps per host and up to 9 Tbps within a single VCF instance. In addition, this release provides granular control over inspected traffic with exempt actions. The new exempt actions allow security admins to select which traffic to inspect and exclude trusted traffic, such as nightly backup traffic. This also improves efficiency.

Enhanced Distributed Firewall Capabilities

The Distributed Firewall enhancements include Layer 7 (L7) visibility and simplified policy management based on Application identification. A 5x increase in Application identification, adding ~4,000 new Application IDs, provides enhanced application visibility and enables security teams to create granular firewall rules based on the application itself rather than relying solely on ports and protocols, making security enforcement simpler and more effective. Additionally, federated identity-based firewalling has been introduced to enable uniform policy enforcement across large (multi-site) deployments.

Conclusion

The rapid growth of AI workloads and distributed infrastructure has made traditional perimeter-based security measures insufficient. This evolving threat landscape is further complicated by AI-assisted, semi-autonomous attacks and the emergence of software vulnerabilities identified by AI models, which greatly widen the attack surface. As a result, lateral security is now an essential part of a comprehensive security strategy, not just an optional addition to perimeter defenses. Security teams need controls that match the agility of their workloads, enforce policies uniformly across containers and VMs, and enable lateral security to prevent the lateral movement of threats. VMware vDefend, along with its new capabilities, enables infrastructure and security teams to implement Zero Trust lateral security to protect VCF workloads at the speed and scale the AI era demands.

To learn more about vDefend, see the links below.