by VMware Senior Security Architect Craig Savage
As technology becomes even more integral to the enterprise, so has the market to keep it safe. Global cybersecurity spending, venture capital (VC) investment, and even the number of people employed in the industry have exploded in recent years. That’s a good thing—and also possibly a bad thing.
The rush to prevent the next ransomware or phishing attack has led to a proliferation of third-party and in-house proprietary solutions that—while offering significant benefits—also inadvertently turn enterprise security into an unwieldy hydra. People, endpoints, apps, data, clouds, networks and workloads all need protection, all the time. Yet too little context, too many silos, and too many surfaces to defend create a slew of brand-new challenges that can potentially be exploited by threat actors.
Security so advanced it’s simple
Understanding that security measures could easily become a victim of their own success, VMware security teams set out to make enterprise security simpler, faster and smarter. Simplicity stems from employing security as a distributed service. Designed as a customizable strategy, our security approach involves leveraging the enterprise infrastructure and control points—in real time—so that any component (cloud, app, device) can instantly switch to a proactive security posture as threats emerge.
Connecting control points in a seamless and comprehensive manner allows significantly faster security. Now, everything from initial detection to ultimate threat elimination is accomplished quicker than ever before possible. And situational intelligence makes the entire system smarter, reducing false positives and dead-end analyses while bringing more true positives to light, often before an end user is even aware there is an issue.
Security is a team sport (minus the jerseys)
No matter how good the security teams and associated tools are, if they are siloed in the enterprise ecosystem there is a greater danger of a breach. This is especially true when it comes to third-party implementations unique to a specific department or group. The result is that sometimes the left hand doesn’t know what the right hand is doing—and a knowledgeable bad actor can readily take advantage.
That’s why enterprise security is a team sport, with every member equally valuable and equally involved. Typically, this involves InfoSec, cloud infrastructure, DevSecOps, networking, and end-user services teams—groups that are historically siloed due to their individual mandates. All teams have seamless access to the same information, tools, alerts and other security components protecting access, clouds, workloads, endpoints, and the network as a whole. See Figure 1.
Figure 1. Enterprise security is a team sport, with every member having equal access.
At VMware, this creates a foundation in which all of the environments supporting our offerings* are both protected and open for inspection by any security team, at any time. See Figure 2.
Figure 2. VMware ecosystem is protected yet open for security inspection at any time.
For clouds, workloads and endpoints, Carbon Black enables our teams to identify risk, prevent threats, and ultimately detect and respond to an attack regardless of source or where the breach is attempted. See Figure 3.
Figure 3. Carbon Black empowers teams to identify risk, prevent threats, and more
For access and networking, a service-defined firewall (DFW) integral to a secure access service edge (SASE) platform ensures strong east-west traffic flow protection, something traditional enterprise security often overlooks. This protection includes combining endpoint and network context for extended detection and response (XDR), multi-hop network traffic analysis (NTA), per-hop distributed intrusion detection systems (IDS) and intrusion prevention systems (IPS), per-application micro-segmentation, and segmentation.
The SASE framework itself is a single integrated service that encompasses security and networking—all while offering superior protection and performance at the cloud edge. Its as-a-service model reduces complexity, which in turn makes deployment, management and policy enforcement simplified across all enterprise environments. Access control can be moved closer to where it’s needed, near the user and cloud edge. This gives the enterprise as a whole is a lot more agile and able to adapt to any business climate.
VMware security offerings include VMware Carbon Black, VMware Carbon Black® EDR™, VMware Carbon Black® App Control™, VMware Horizon®, VMware Workspace ONE®, Velocloud (VMware NSX® SD-WANT by Velocloud™, etc.), VMware NSX®, VMware Tanzu™ Advanced, VMware Cloud™, CloudHealth® by VMware, and VMware vSphere®.
VMware on VMware blogs are written by IT subject matter experts sharing stories about our digital transformation using VMware products and services in a global production environment. Contact your sales rep or firstname.lastname@example.org to schedule a briefing on this topic. Visit the VMware on VMware microsite and follow us on Twitter.