VMware Accelerates Customers’ Journey to Zero Trust Security

VMware Accelerates Customers’ Journey to Zero Trust Security

Today’s modern enterprises are facing an  evolving threat landscape and increasingly sophisticated cyberattacks. They require security  that is both built-in and built differently. More than 30,000 customers trust VMware to help  protect their enterprise, modern and edge-native apps with a comprehensive portfolio of security  solutions that are highly effective and easy to use. VMware, Inc. (NYSE: VMW) is announcing  new innovations that help deliver consistent security for endpoints, virtual machines and  containers with an end-to-end Zero Trust architecture. The new advancements unveiled today  span: 

  • Secure workload access for Zero Trust inside clouds and data centers; • Elastic application security edge for stronger and more flexible cloud-to-cloud security; • VMware Cloud Disaster Recovery and VMware Carbon Black Cloud for ransomware  protection and recovery; 
  • CloudHealth Secure State for better visibility and security across multiple public clouds; • API security and Kubernetes Security Posture Management for better protecting modern  apps; and, 
  • VMware SASE and VMware Workspace ONE for a safer distributed workforce. 

With VMware’s comprehensive security portfolio, enterprises are better covered from endpoint  to end user, and across application environments. Third-party testing from SE Labs certifies that  environments built on VMware are better protected from advanced persistent threats(1). VMware  NSX Network Detection and Response is the first and only NDR solution to receive a AAA rating  in a SE Labs breach response detection test and VMware plans to deliver tapless NTA/NDR  capabilities that leverage VMware vSphere to distribute sensors everywhere. VMware Carbon  Black Cloud records 1.2 trillion security events per day on average and helped stop more than  one million ransomware attacks over a recent 90-day period(2). VMware also offers the  industry’s only 20TB internal scale out firewall specifically built to secure east-west traffic and  customers have been shown to reduce firewall rules by 90%(3), making security more  manageable. 

“Many security solutions used today were built for a different era. Highly distributed digital  enterprises can’t simply take old security tools and processes, apply them to today’s new  realities, and expect to be protected,” said Tom Gillis, senior vice president, networking &  advanced security business group general manager, VMware. “VMware is delivering security  

solutions built specifically for the threats customers face today. We use the power of software, a  scale-out distributed architecture, Zero Trust design principles, and a cloud delivery model for  better security that’s easier to use.” 

Workloads Running on VMware are More Secure 

VMware is now pioneering Zero Trust security inside clouds and data centers with secure  workload access. Customers can better secure communication between workloads and apps,  including data communication. VMware delivers on the critical capabilities for secure workload  access including: 

  • Workload identity with authoritative context; 
  • Micro-segmentation with advanced east-west controls; 
  • Workload and API security;
  • Cloud-to-cloud edge controls such as highly secure connectivity, fully distributed NDR  and web security; and, 
  • Workload-attached policies that can be automated and elastically scaled. 

Moving to the data center or cloud edge, security has traditionally been implemented with  expensive hardware appliances that are incapable of adapting to changing app environments.  VMware is announcing the industry-first elastic application security edge (EASE, pronounced as  “easy”) which enables the networking and security infrastructure at the data center or cloud  edge to flex and adjust as app traffic changes. VMware provides an elastic set of data plane  services for networking, security, and observability, and a unique scale-out distributed  architecture that enables an EASE environment to grow and shrink as app needs change. 

For most organizations, rarely can they focus on securing only a single environment. VMware  research shows customers are using multiple public clouds to run their business in addition to  their on-premises data center(4). CloudHealth Secure State introduces the next-generation of its unified search and investigation engine to improve visibility, security and compliance  simultaneously across multiple public cloud environments. Customers now benefit from real time search to find cloud resources, visualize relationships, inspect meta data and change  activity, and overlay risk assessment across multiple cloud accounts, regions, and providers into  a single actionable view.  

Finally, ransomware is proving effective, pervasive and profitable. VMware offers both advanced  protection and rapid recovery from ransomware attacks. VMware Carbon Black Cloud can now  be enabled with a simple switch in VMware vCenter, making protection from ransomware  attacks simpler and faster to deploy. VMware is now announcing rapid recovery capabilities in  the event ransomware gets through defenses. VMware Cloud Disaster Recovery is an easy-to use, cost-effective DR-as-a-Service (DRaaS) solution that enables more rapid recovery at scale  so organizations are better positioned to avoid paying the ransom. Customers can utilize a deep  history of immutable snapshots stored in an isolated cloud file system, instant VM power-on for  iterative security evaluations, and powerful orchestration for highly automated testing, failover,  and failback to recover end-to-end IT apps and data sets after a ransomware attack.  

VMware Is Pioneering Modern App Security 

Modern apps create a new set of challenges for both security operators and developers. These  apps can be made of thousands of components that communicate via APIs. This makes APIs  the new endpoint that legacy cut-and-paste security approaches were not designed to secure.  

VMware Tanzu Service Mesh Advanced edition is now bringing a new level of distributed  visibility, discovery, and security to APIs. Tanzu Service Mesh Advanced helps customers  improve app resiliency and reliability and reduce blind spots with contextual API behavior  

security. New Tanzu Service Mesh advancements enable developers and security teams to  each gain a better understanding of when, where, and how APIs are communicating, even  across multi-cloud environments, enabling better DevSecOps. Additionally, CloudHealth Secure  State now delivers Kubernetes Security Posture Management (KSPM) that delivers the ability to  provide deep visibility into misconfiguration vulnerabilities across both Kubernetes clusters and  connected public cloud resources. The Secure State KSPM solution today supports 176 rules  including CIS Benchmarks for managed services such as Amazon EKS, Azure Kubernetes  Service, and Google Kubernetes Engine.  

VMware Leads Anywhere Workspace Security 

With the shift to distributed workforces, employees must be provided with the appropriate levels  of controlled access to apps and data from wherever they choose to work. VMware Anywhere  Workspace is an integrated workforce solution built on industry-leading and award-winning  technologies that empower employees, reduce IT silos and operational overhead, and provide  broader and more effective security.

VMware SASE is adding a new inline cloud access service broker (CASB) service to help IT  gain more visibility and control over app access. IT teams can more effectively apply role-based  access policies to cloud-delivered apps and identify use or abuse of unsanctioned apps.  Forthcoming Data Loss Prevention (DLP) capabilities will help organizations better comply with  HIPAA, GDPR, PCI and other data privacy laws by preventing sensitive data from leaving pre defined environments. The new Workspace ONE next-generation compliance engine examines  thousands of posture checks on device, OS, and apps. This will enable desired state and  perform remediation with minimal impact on end-user experience. VMware Carbon Black  integrates with Workspace ONE and is now optimized for Horizon VDI environments, helping  secure the distributed edge while providing remote workers with an optimal experience. 

Finally, VMware and Intel are working to deliver a solution that will uniquely help secure edge  environments starting from the silicon and extending to devices and apps. The solution will  create a direct link between the Intel vPro® platform and VMware Workspace ONE to enable  automated out-of-band maintenance that keeps PCs up-to-date on the latest security patches  and infosec policies no matter where they are located or the state of the operating system.  Intelligent analytics with access to rich hardware-level telemetry will enable customers to  proactively minimize security risk and maximize employee experience.  

Empowering VMware Cloud Providers to Deliver Innovative Managed Security Services Managed security services remove the burden of deployment and daily management of security  technologies from customers. By working with a managed security service provider, customers  also have faster access to the latest innovations capable of better protecting their organizations  from new and emerging threats. VMware has delivered a new set of capabilities that enable  VMware Cloud Provider partners to build a comprehensive managed security service portfolio.  These new capabilities include VMware Carbon Black Cloud, VMware Cloud Disaster Recovery,  VMware SASE and VMware NSX Distributed IDS/IPS. All can be built as a custom service  offering delivered to customers globally. 

How Customers are Benefitting from VMware Security 

DVB Bank SE is a financial services provider specializing in international transport  finance.  

“DVB Bank SE looks to VMware as a trusted partner to help manage complex cybersecurity and  compliance requirements while dealing with a changing workforce,” said Robert Seidemann,  vice president engineering & operating services, DVB Bank SE. “VMware helps us be more  proactive in reducing our attack surface and simplifying security. Moving away from physical  appliances and deploying the NSX Firewall allows us to segment distributed apps at the  workload level seamlessly and at scale. VMware Carbon Black Cloud Workload enables us to  apply security to individual applications at the hypervisor level.”  

neurothink, a subsidiary of ADX Labs, is a machine learning as a service platform. “At neurothink, security is of paramount importance,” said Brian Rogers, chief executive officer,  neurothink. “As we built our platform, it was critical that we carefully chose the right line of  defense. In our search for this end-to-end defense, it became clear to us that the VMware  Carbon Black platform was the best security solution. VMware Carbon Black Cloud removes complexity associated with workload and container security, which has in turn allowed us to help  our customers remove the complexity from machine learning.” 

Axway is a pioneer in enterprise data integration that helps customers unlock new  business opportunities.  

“CloudHealth Secure State is a real driver for collaboration between Axway’s disparate security,  operations, DevOps and R&D teams,” said David Starler, director of cloud security, Axway.  “CloudHealth Secure State delivers actionable intelligence about cloud risks to help each team 

meet its varying cloud security objectives. The service is unique in its ability to deliver additional  context that’s often missing in cloud security.” 


1. SE Labs, Breach Response Test, VMware NSX Network Detection and Response, August  2021 

2. VMware Internal Analysis, August 2021 

3. VMware Internal Analysis, August 2021 

4. VMware Internal Analysis, August 2021

This site uses Akismet to reduce spam. Learn how your comment data is processed.