By Cathal Cleary, Director, CPE Services Management, and Casey Lems, Senior Cloud Security Architect, both VMware
CloudHealth by VMware enables our IT teams to have unprecedented insight into cloud spend. In fact, it has reduced VMware’s cloud computing costs by more than 30 percent to date, among other benefits. (Read CloudHealth blog). Paired with VMware Secure State™, these platforms have had a substantial impact on public cloud security, a mission-critical concern for any modern enterprise.
They allow VMware to engage a proactive defense aligned with the National Institute of Standards and Technology (NIST) cybersecurity framework (CSF) against any and all threats via four key areas— configuration visibility, log collection, analysis, and privilege action monitoring.
When anomalies are detected by Secure State, CloudHealth can facilitate recovery by providing searchable inventory information about resources deployed in the cloud. For example, “Show me all EC2 instances that were deployed between date X and date Y.” Based on the results of the search, the engineer can then easily terminate and remove any suspicious resources across all regions with one simple click.
Trying to be insightful
Prior to Secure State, VMware information security (InfoSec) teams faced some daunting challenges. With Secure State, static parameters typically used in a security query are replaced with relationships between resources such as roles, subnets, instances, key pairs, and similar. Rather than attempting to identify every threat scenario (a losing proposition since new threats appear daily), Secure State consistently ‘connects the dots’ to detect any anomalies that may be potential attacks.
It employs advanced automation that also recognizes and/or makes recommendations regarding any given incident, primarily by mapping associated violations, metadata, and changes to objects. In this way, it can trigger alerts that cause the system to self-heal, or escalate the issue for human personnel involvement. Plus, unlike previous solutions, cloud security can now be easily scaled on-the-fly.
False positives are eliminated, and business unit teams are able to collaborate on real issues thanks to the system suppressing security policies that aren’t applicable. Issues are prioritized based on smart risk scores combined with deep insight into misconfigurations, complex violation chains, anomalies, and activities.
The real-time nature of Secure State’s assessment abilities also allows developers to integrate cloud vulnerability checks directly into the pipeline. Detection of issues occurs before production, and automatically creates stories for remediation or builds guardrails for automatic remediation. Apps and other products/services are secure ‘right out of the box’.
Secure State’s automation abilities change what’s possible with cloud security
In summary, Secure State makes it simple to customize security policies across business units—and benchmark against cloud security and compliance standards—regardless of the public cloud employed. Cloud logging visibility, limitless configurations, risk prioritization (when paired with CloudHealth), and maintaining cloud inventory are no longer the challenges they once were.
VMware on VMware blogs are written by IT subject matter experts sharing stories about IT’s transformation journey using VMware products and services in a global production environment. Visit our portal to learn more.