When it comes to protecting data center-based resources in a highly distributed world, traditional security hardware and software won’t suffice.
This is essential for businesses as they migrate to distributed digital environments, according to Tom Gillis, senior vice president and general manager of VMware’s Advanced Security and Networking business group. The idea is that security must be deeply embedded in the fabric of the infrastructure and protect workloads throughout their lifecycle, Gillis said in an interview with Network world at the company’s VMworld virtual conference.
Read more news on VMworld: VMware is preparing for a difficult future; VMware Unveils New Software Services for the Edge
One way VMware can do this is to package an upcoming release of its core NSX networking software with more security features, including better anomaly detection and analysis. NSX underpins VMware’s software-defined virtual cloud network architecture that enables enterprises to create and control network connectivity and security from the data center across the WAN to multi-cloud environments.
NSX supports everything from private or public cloud native applications to bare metal workloads running on multi-vendor hypervisors. It also supports network virtualization stacks in Amazon Web Services, Microsoft Azure, Google Cloud, and IBM Cloud, as well as major Kubernetes container technologies.
The security already present in NSX includes support for network configuration, management, and policy settings in large environments. This feature of NSX Federation allows customers to generate fault tolerance zones to contain problems and prevent them from spreading over the corporate network.
Additionally, VMware NSX Advanced Threat Prevention combines NSX Distributed IDS / IPS with malware detection software and network traffic analysis acquired from Lastline in 2020.
Into this set of security features, VMware adds the ability to put software sensors or what traditional network administrators would call network test access points (TAPs) across the enterprise to return data on traffic patterns. and network performance to a management console, says Gilles.
“Traditional network APR is difficult, tedious for IT, and it’s not a great way to see what’s going on in a virtual environment,” said Gillis. “With NSX and our hypervisor, we can do this network discovery in the hypervisor without a TAP and see it all. “
Tanzu Service Mesh technology developed by VMware is combined with deep NSX security. Tanzu Service Mesh upgrades announced at VMworld allow enterprise security teams and application developers to better see and understand when, where and how APIs communicate, even in multi-cloud environments, said Gillis. . This is part of VMware’s continued efforts to secure APIs throughout application lifecycles.
“Traditional apps built with a three-tier web approach just wrap every bit in security, and that’s it,” said Gillis. “A container-based application can have 3,000 different elements, each with its own API, and each can be stung by people looking to exploit them.
“Tanzu Service Mesh shows customers an exact picture of how an app is being used, all the inner workings, and helps users spot anomalies so they can segment the bad things. traffic officer between all the flow of containers who understands the content and response time and if he doesn’t like what he sees, he doesn’t let it pass.
The service mesh includes support for open source Envoy, which is an application layer technology that helps manage microservice-based applications. “This helps to make a very powerful package for managing modern applications and APIs,” said Gillis.
Introducing the Elastic Application Safety Edge
VMware announced an NSX service to adjust the networking and security infrastructure at the data center or cloud end according to changing application traffic. This Elastic Application Security Edge (EASE) will include the NSX Load Balancer and Distributed Firewall, provide central control, and support any environment, Gillis said.
“This kind of elasticity is necessary for automation. This is how the public cloud works; it can move up and down, ”said Gillis. “The news here is that we will support the scaling of firewall services that we believe is an industry first and will be an extremely powerful enterprise security tool.
Copyright © 2021 IDG Communications, Inc.