VMware Advanced Security for Cloud Foundation

2020: Submission of the solution VMware Advanced Security for Cloud Foundation

On March 19, 2020 the VMware company announced a release of the solution VMware Advanced Security for Cloud Foundation directed to implementation of the built-in security of the digital enterprise. The built-in security allows to perform the automated, pro-active and pervasive protection of business and critical applications and data within all distributed network of the company of the customer.

"In the field of security never before was more hard and fascinating time. The complexity of the attacks, the number of threats, gaps and exploits steadily grows. And considering clouds, new applications, universal mobility, IoT and data on the network periphery, it becomes more difficult to provide protection. The built-in, unified and contextual focused approach to cyber security is necessary. We consider that the best strategy — ensuring the built-in security, the help to the organizations in management of the infrastructure and its unique opportunities within any applications, clouds and devices to create more protected world digital infrastructure — from networks to endpoints, workloads, the identification information and clouds", 'Sanjay Poonen, the operating officer of VMware noted'

As noted in VMware, date leaks become more and more destructive, often they lead to multi-billion decrease in market capitalization and dismissals of the CEO of the public companies. The damage is seldom connected with a compromise of one server. Usually malefactors for months move ahead "horizontally" from a penetration point on systems in data center, detecting, collecting and secretly displaying confidential data. It is known to most of specialists in security, but nevertheless, it is difficult for them to provide the adequate level of protection of data processing centers. According to results of the research conducted by Forrester Consulting company by request of VMware as of March, 2020 75% of respondents depend on protective firewalls on perimeter of network. However "horizontal" means of protecting should differ from traditional "vertical" means of protecting of perimeter as 73% of respondents consider that their "horizontal" traffic is insufficiently protected.

For ensuring internal security data centers of VMware created the product VMware Advanced Security for Cloud Foundation including technology VMware Carbon Black, VMware NSX Advanced Load Balancer and Web Application Firewall and also sensors of penetration of VMware NSX Distributed IDS/IPS. Each of components is initially designed for use in data centers, and all together they create the complete solution on ensuring protection of data processing centers. Besides, all components closely are integrated with VMware vSphere - the industrial standard for management of workloads in data processing centers. All this allows to provide the high level of protection of workload at any its movements, during all its lifecycle, claim in VMware.

According to the developer, the security system of data centers relies on the strong base — correctly organized protection of workloads. The solution VMware Carbon Black provides this protection using audit and recovery in real time, an antivirus and sensors and reaction in endpoints. VMware Carbon Black will be closely integrated with VMware vSphere for the purpose of creation of the "agentless" solution which does not require installation of antiviruses and other agents in the virtual machine. Instead, management and collecting of telemetry of endpoints is made using the built-in sensors protected by a hypervisor. It also means that, unlike solutions on the basis of agents, malefactors will not be able to set whether there was their attempt to receive root-access successful and whether it was succeeded "deceive" VMware Carbon Black technology which is placed in the separate entrusted domain.

According to the statement of the developer, the Web server still is "an entrance door" of data center, and this widespread purpose of the attacks is protected by NSX Advanced Load Balancer and Web Application Firewall. The clients using traditional hardware of protection with the fixed performance often turn off filtering at increase of loading that does crucial servers vulnerable. The scalable architecture of NSX Web Application Firewall provides to Web servers necessary computing resources for the safest filtering even at peak loads. NSX Web Application Firewall uses the deep analysis of applications, automatically studies and applies specific rules for each application to provide high protection with the low level of false positive operations.

In addition to the network layer, the microsegmentation and firewalls configured for filtering of east-west of traffic help to prevent "horizontal" promotion of malefactors. The solution VMware NSX Distributed IDS/IPS is the tool within VMware NSX Service-defined Firewall which provides detection of penetrations in different services that facilitates deep control of operation of applications. The distributed architecture of NSX Distributed IDS/IPS provides use of advanced filtering at each level of the application that considerably reduces the "blind zones" arising when using traditional products for defense of perimeter. Security policies will be specifically generated and be applied to specific applications that will reduce the number of false positive operations.