VMware has announced significant enhancements to its unique lateral security capabilities to help customers achieve strong security for both modern and traditional applications, across multi-cloud environments.
Ahead of RSA Conference 2022, VMware introduced Contexa, VMware’s full-fidelity threat intelligence capability that observes the breadth of VMware’s network, endpoint, and user technologies. With Contexa, VMware is reframing traditional security analytics with enriched threat intelligence to enhance its security and management portfolio.
“Threat actors are increasingly deploying sophisticated infiltration tactics, including the use of stolen credentials in order to exploit vulnerabilities and hide in the noise of normalcy,” said Tom Gillis, senior vice president and general manager, Networking and Advanced Security Business Group, VMware. “In a world where the stakes in security continue to rise, lateral security has become the new battleground. Combining VMware Contexa with our architectural advantage, VMware exclusively sees every process running in an endpoint, every packet crossing the network, every access point, and the inner workings of both traditional and modern apps to identify and stop threats others can’t.”
VMware Contexa is a full-fidelity threat intelligence cloud that sees what other solutions don’t and stops what other solutions can’t. With a privileged position in the infrastructure, Contexa observes and understands the inner workings of both modern and traditional apps every step of the way— from user, to device, to network, to run time, to data.
VMware Contexa records and processes over 1.5 trillion endpoint events and over 10 billion network flows daily, along with strategically curated threat intelligence data captured through technology partnerships. This rich context is further analyzed using machine learning and insights of over 500 researchers across VMware’s Threat Analysis Unit and incident response partners. Today, Contexa uncovers over 2.2 billion suspicious behaviors daily, achieving zero touch detection and automated, graduated response for over 80 percent of these events.
Integrated into every VMware security product, Contexa will be available to all new and existing customers at no additional cost. The company that pioneered virtualization, now protects VMs like no other—and is driving innovation in modern application security.
VMware Tanzu is a trusted partner for companies in their app modernization journey, helping them build, operate, and better secure modern applications at scale on any cloud. Today, VMware announced further enhancements to its Modern Apps Connectivity Services (MACS) solution that allows customers to build security into the full application lifecycle. With VMware Tanzu Service Mesh’s capabilities, customers now gain deep visibility and insights into the inner workings of application micro-services as they interact with each other via internal (East-West) APIs—and help to better protect them. VMware Contexa allows Tanzu Service Mesh to understand the context of the internal traffic flows, and therefore more accurately identify legitimate internal traffic from the internal movement of attacks such as ransomware.
A leader in virtualization, VMware has introduced innovative and powerful distributed security capabilities for its multi-cloud platform over the years, allowing the company to make customer workloads more secure on VMware clouds. As innovations in server virtualization have driven higher virtual machine densities on a single physical server, less lateral traffic is visible to a network tap. This makes it difficult for a SIEM technology or security analytics solution to identify lateral security threats by analyzing sampled data such as network flow records or selected network traffic taken from taps.
VMware has also introduced new capabilities to help customers identify and respond to malware and ransomware attacks in the network by integrating its advanced intrusion detection & prevention (IDS/IPS) and Network Traffic Analysis (NTA) directly into the virtualization layer with VMware NSX. These new enhancements, powered by VMware Contexa, now inspect and analyze every packet and every process to provide extremely high-fidelity alerts that other systems relying on sampled data cannot match.
New innovations to VMware Workspace ONE will make it easier for IT teams to manage and better secure all employee devices, while contributing to Contexa’s rich data set. VMware is today introducing Workspace ONE Mobile Threat Defense, which incorporates technologies from Lookout, a leader in the mobile security space. The new offering will help protect employees’ mobile devices from a wide range of application, device, and network-originated threats. Workspace ONE Mobile Threat Defense can be activated within Workspace ONE Intelligent Hub. For IT, this means there are no separate apps or agents to download or deploy, and vital information – including alerts and suggested resolutions – is conveyed via a resource that employees use for daily work.
VMware is also introducing new Workspace ONE capabilities that will make managing updates/patches even easier and elevate the security posture of Windows devices. For instance, the new capabilities will enable IT to automate critical updates to pre-approved groups, hand test patches more likely to create issues, and pause or rollback patches if an issue is detected.
VMware is announcing it has joined the XDR Alliance, a partnership of leading cybersecurity industry innovators committed to an inclusive and collaborative XDR framework and architecture. VMware is well positioned with very mature endpoint and network offerings that offer a high level of insight and context for identifying and responding to threats. The mission of the XDR Alliance is to work in collaboration to make an open approach to XDR a reality for SecOps teams and help them effectively protect their organizations from cyberattacks.