Security

Creating an Asset Inventory for vSphere Infrastructure

Bob Plankers posted October 29th, 2019

We often talk about how the two biggest ways to stay secure in IT are regular patching and good account & password hygiene. However, there is a big prerequisite to both of these, one that is almost always overlooked: an asset inventory. Without a comprehensive inventory of what devices, virtual machines, and OSes are your Read more...

vSphere Tweet Chat Recap: National Cybersecurity Awareness Month

Adam Eckerle posted October 28th, 2019

Did you know that October is National Cybersecurity Awareness Month? To ensure VMware users are equipped with the knowledge to stay secure all 365, the vSphere team hosted a tweet chat featuring our experts. From the team we have, Mike Foley and Bob Plankers, who are both Technical Marketing Architects for vSphere Security who joined Read more...

vmx.reboot.PowerCycle Makes CPU Vulnerability Remediation Easy

Bob Plankers posted October 8th, 2019

Update (10/22/2019): This feature has shipped in vSphere 6.0 P08 and 6.7U3, but has not yet shipped as part of a 6.5 patch or update release. Our apologies, and I will update this when it ships. Thank you! -Bob The biggest issue with remediating CPU vulnerabilities in a virtual environment is that, in most cases, Read more...

National Cybersecurity Awareness Month 2019

Bob Plankers posted October 3rd, 2019

It’s October so in the US it’s officially National Cybersecurity Awareness Month. As the US CERT website states, “National Cybersecurity Awareness Month (NCSAM) is a collaborative effort between government and industry to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to be safer and more Read more...

Microsoft Windows Server 2019 STIG & VMware vSphere

Bob Plankers posted September 3rd, 2019

Many of our security-conscious readers are familiar with DISA STIGs, the Security Technical Information Guides that the US Defense Information Systems Agency (DISA) publishes. These guides are wonderful in that they bridge the gap between compliance frameworks and infrastructure implementations. Compliance frameworks rarely specify what to do on & to an operating system to be Read more...

VMware AppDefense Breaks Down Silos in Latest Release

Tom Corn, SVP/GM Security Products, VMware posted August 27th, 2019

It’s an exciting time for the VMware AppDefense team. We are making tremendous progress in our mission to help secure our customers’ data centers, and today we have great news to share. First, I’m proud to announce that we have released new functionality in VMware AppDefense that significantly breaks down the silos that exist between Read more...

Security is a Team Sport

Bob Plankers posted August 22nd, 2019

There’s a growing idea in the greater VMware community that the role of the Virtualization Infrastructure Administrator (VI Admin) is changing. If you’ve been to a VMware User Group conference recently you will have seen & heard talks on this, how VI Admins are being asked to do new things and being offered opportunities outside of Read more...

vSphere Security at Security Field Day 2

Bob Plankers posted June 25th, 2019

VMware was proud to continue our decade-long relationship with Tech Field Day by hosting the delegates of Security Field Day 2 (#XFD2) on June 20, 2019, sharing with them both the overall strategy for security in VMware products as well as very specific technical discussions around vSphere, vSphere Platinum, VMware AppDefense, and VMware WorkspaceOne. There Read more...

vSphere Compliance: Common Criteria, NIST 800-53, and DISA STIG

Bob Plankers posted June 21st, 2019

Security is a hot topic everywhere in IT, but right behind it is its cousin, compliance. VMware vSphere is a great platform for organizations that have regulatory compliance needs. Hundreds of time-saving, easy-to-use, and flexible features in vSphere align closely with compliance frameworks, and VMware provides guidance on how to configure these features to meet Read more...

Security Issue with VMware Tools: VMSA-2019-0009

Kev Johnson posted June 10th, 2019

Vulnerability Summary Customers should be aware of an important issue with VMware Tools where a non-privileged user on a Windows VM could read information or cause problems in a VM running VMware Tools lower than 10.3.10. The official designation from VMware is VMSA-2019-0009 on the VMware Security Advisories page and mailing list. This vulnerability is Read more...

VMware vSphere Blog