At the VMworld conference this week, VMware is rolling out a series of security advancements that cover multi-cloud, applications and the workspace. For stronger, flexible cloud-to-cloud security, VMware is introducing the industry-first elastic application security edge (EASE, pronounced as “easy”).
EASE is a set of data plane services for networking, security and observability — delivered with a unique scale-out distributed architecture that allows an EASE environment to grow and shrink as app needs change. In other words, as you expand your application up and down with more traffic, VMware can expand the infrastructure so services like the firewall or load balancer also get bigger or smaller to meet the needs of the application.
“This is a big departure from the way things have historically been done,” Ambika Kapur, VP of Product Marketing for VMware’s Networking and Advanced Security Business Unit, said to ZDNet. “When you look at public cloud environments, we now have the ability to auto-scale applications to meet the workload. But when you look at services that protect and connect these applications — networking, security, observability — they’re rigid.”
Kapur said that EASE illustrates VMware’s approach to security: Rather than compete with the many vendors and solutions that already exist, the company is searching for gaps in innovation and trying to fill them with simple-to-use solutions.
“The big thing we’ve been asking ourselves is, if the world we live and work in has changed so dramatically, how do we expect traditional security solutions to be appropriate for this world?” she said.
Along with securing cloud-to-cloud workloads, VMware is also introducing new ways to harden the workload itself. It’s integrating a version of VMware Carbon Black into vSphere and VMware cloud, making it easy and intuitive to use. It offers next-gen anti-virus, workload inventory and lifecycle management, EDR for workloads and threat intelligence.
Within the network, VMware has a three-step process to ensure workloads in the VMware cloud are secure. That includes segmentation of traffic, signature-based analytics, as well as new non-signature based, tapless traffic analysis. VMware’s micro-segmentation capabilities include advanced east-west controls.
As east-west traffic increases, VMware’s 20 TB internal scale-out firewall keeps it secure. It’s also helped customers reduce firewall rules by up to 90% making security more manageable.
In terms of securing applications, VMware’s new Tanzu Service Mesh gives developers the ability to understand API behavior, even across multi-cloud environments, for better DevSecOps. This capability comes as a result of VMware’s Mesh7 acquisition. Additionally, CloudHealth Secure State now delivers Kubernetes Security Posture Management to provide deep visibility into misconfiguration vulnerabilities across both Kubernetes clusters and connected public cloud resources.
To secure devices, VMware is updating Workspace ONE with a compliance engine that examines thousands of posture checks on device, OS and apps. This will allow for remediation to a desired state with minimal impact on the end-user experience. Additionally, VMware Carbon Black integrates with Workspace ONE and is now optimized for Horizon VDI environments.
VMware is also working with Intel to create a direct link between the Intel vPro platform and VMware Workspace ONE. This will enable automated out-of-band maintenance that keeps PCs up to date on the latest security patches and infosec policies, no matter where they are located or the state of the operating system.