VMware has unveiled a layered approach to secure datacentre applications using software-defined networking to encapsulate workloads.
In his keynote presentation at VMworld, Pat Gelsinger, CEO at VMware, said: “Security is broken.” He explained that although security spending is growing, the cost of fixing problems and the number of breaches are growing more quickly than security spending.
“Today we build applications not knowing the infrastructure,” he said.
To provide effective security, organisations need ways to shrink the attack surface exposed by modern applications and find ways to align security controls to the applications as they move around environments, said Gelsinger.
At its heart, VMware’s security model uses AppDefense, which builds on VMware’s strategy of applying least privilege to end-user computing devices with VMware AirWatch, user access with VMware WorkSpace ONE, and the network with VMware NSX and micro-segmentation.
AppDefense enables organisations to understand how applications are running in their virtualised datacentres and private, public or hybrid clouds.
The idea is to learn, lock and adapt, to shrink the attack surface of datacentres, said Gelsinger.
“You can segment a network around any application through micro-segmentation,” he said.
This provides a layer of security around the virtualised application. If the application is hacked, micro-segmentation limits the extent to which a hacker can break into the winder corporate network, said Gelsinger.
Read more about VMware security
- VMware AppDefense turns traditional security on its head and offers valuable integrations and benefits, but also carries with it the potential for additional cost and complexity.
- Its AWS deal isn’t the only sign VMware sees itself as a cloud service provider, as new monitoring and management tools bring SaaS capabilities to cloud-native apps.
The company also uses machine learning to understand how an application should run, he added. “We use a manifest to learn good behaviour on virtual machines, then detect deviations.”
The machine learning model is adaptive to minimise false positives, said Gelsinger, and the technology is being rolled into vSphere Platinum.
“This is the future,” he said. “Use the VM to learn an application’s behaviour and guarantee uptime. No one should ever run a VM without turning on the security first.
“Adaptive micro-segmentation in NSX and AppDefense allows you to adapt to the behaviour of the running application.”