By Craig Savage, VMware Senior Security Strategist
The statistics are quite shocking. On average, it takes a threat actor only three days to break into a company. It takes 78 days to detect that intrusion if it is sophisticated (not obvious) in nature. Sixty percent of breaches typically involve a vulnerability that already has an existing patch. And ninety percent of security incidents result from exploits against defects in products.
Managing cyber risk, maintaining compliance globally, and securing the entire enterprise ecosystem is radically different than it was in the past. That’s why VMware security teams have implemented a solution that considers security from a holistic perspective, taking into account people and processes, in addition to technology.
The core of VMware security is Zero Trust, a corporate mandate that no person, device, product, software, or service is immune from attacks, ever. At VMware, implementing end-to-end Zero Trust capabilities falls on four non-siloed groups—End User Services, Networking, InfoSec, and Cloud Operations (see Figure 1).
Figure 1. New security methodologies mean teams are no longer siloed
Working as teams, not individual players, our security groups realize unparalleled visibility into every aspect of operations—even those areas not specifically in their purview. This approach better reflects both the reality of the modern enterprise and the threats to it (see Figure 2).
Figure 2. Working together, security teams can holistically protect the entire enterprise ecosystem
Trust me, I’m a good guy
So, how do you turn every user and device from a potential threat gateway into something completely trusted?
You start with extensive ‘prescreening’ that encompasses device compliance, identity and access verification (including authorization levels), network packet transport (tunnels), risk analysis via machine learning (ML), automation, and the security ecosystem as a whole. From there, the system makes one of four basic decisions—accept the request, step-up authentication, remediate by forcing the user or device to ‘prove’ itself again, or reject the request outright as potential threat.
All of this is accomplished within milliseconds as human intervention is only required if an issue is escalated.
The VMware angle of approach
The VMware multiprong cyber security approach involves a wide range of technologies covering very specific areas.
Our multitenant gateway service and policy control point—featuring a global footprint of more than 2,000 gateways—delivers superior application access performance and scale.
VMware Secure Access™ combines industry-leading VMware SD-WAN™ and VMware Workspace ONE® to extend the same onsite-like experience to remote colleagues* yet maintains a Zero Trust network access (ZTNA) ethos.
VMware Cloud Web Security™ leverages and integrates best-of-breed secure web gateway, cloud access security broker, data loss prevention, URL filtering, and remote browser isolation into the VMware Secure Access Service Edge Platform (VMware SASE Platform™). This provides secure, direct, and optimal internet web access—as well as to software-as-a-service (SaaS) offerings.
Other benefits include workstation health attestation, use of a virtual desktop infrastructure (VDI) in lieu of virtual private networks (VPNs), curated app deployment, and simplified colleague device patch management.
The VMware NSX Cloud™ firewall integrates VMware NSX® next-generation firewall (NGFW) technology and advanced security functionalities such as deep packet inspection (DPI), intrusion prevention systems (IPS) and intrusion detection systems (IDS) as part of SASE services. These provide identity-based protection to on-premise application access from anywhere, ensuring Zero Trust is always maintained.
Finally, our VMware Carbon Black solutions offer cloud-native endpoint cyberthreat prevention via a variety of channels.VMware CloudBlackEndpoint™ Standard features next-generation antivirus (NGAV) defense with live response capabilities. VMware Carbon Black® Cloud Enterprise EDR™ delivers industry-leading detection, response, threat hunting, and full, detailed telemetry. VMware Carbon Black® Cloud Audit and Remediation™ has the ability to instantly query an entire fleet and remediate the findings. And Carbon Black Cloud Device Control features USB write protection and permitted device control.
Check back for more updates on the ever-evolving nature of VMware security.
*VMware term for employees
VMware on VMware blogs are written by IT subject matter experts sharing stories about our digital transformation using VMware products and services in a global production environment. Contact your sales rep or [email protected] to schedule a briefing on this topic. Visit the VMware on VMware microsite and follow us on Twitter.