Today at VMworld 2020, VMware, Inc. announced its VMware Future-Ready Workforce solutions. These new solutions are designed to provide exceptional workforce experiences, end-to-end Zero Trust security controls, and simplified management. The new solutions include a combination of what VMware is calling the industry-leading Secure Access Service Edge (SASE), Digital Workspace and Endpoint Security capabilities. IT teams leveraging the solution will be able to give its workforce a simple, high-performing, and secure experience to any app, on any cloud, regardless of the device used.
Today at VMworld 2020, VMware, Inc. announced its VMware Future-Ready Workforce solutions. These new solutions are designed to provide exceptional workforce experiences, end-to-end Zero Trust security controls, and simplified management. The new solutions include a combination of what VMware is calling the industry-leading Secure Access Service Edge (SASE), Digital Workspace and Endpoint Security capabilities. IT teams leveraging the solution will be able to give its workforce a simple, high-performing, and secure experience to any app, on any cloud, regardless of the device used.
While the distributed workforce was already expanding in the last few years, with both multi-site locations and remote/home working, the Covid-19 pandemic has super charged this expansion. Not only are more people than ever working remotely throughout the world, there are several companies that are looking to extend this for months if not years. With all the rapid changes to how work it down, the legacy networking and security that has been used up to now needs to be shaken up.
To get over the hurdles of the past, organizations are going to need to leverage more automation as well as the scale of the cloud and better security to protect not only the data, but the apps used and the users that are spread out everywhere. For this, VMWare’s SASE platform is said to converge cloud networking, cloud security and Zero Trust network access with best in class web security to deliver flexibility, agility, and scalability for enterprises of all sizes. As several companies now have a work from anywhere, the SASE is a simple to use way to deliver application quality assurance and intrinsic security.
Other aspects of VMware SASE Platform include:
- Industry-leading SD-WAN –The VMware SD-WAN global network has now been expanded to more than 2,700 cloud service nodes across 130 points of presence (POPs)—larger than any other solution on the market. The new VMware Edge Network Intelligence gives IT teams added visibility and telemetry into the end-user experience as applications are accessed from anywhere, and application traffic traverses many different networks.
- Industry-Leading Zero Trust Network Access (ZTNA) – VMware Secure Access is a ZTNA service that combines VMware Workspace ONE and VMware SD-WAN into a single, cloud-hosted offering that enables more secure, optimized, and high-performance access for remote and mobile users.
- Best-in-Class Web Security – the new VMware Cloud Web Security service will integrate Menlo Security’s secure web gateway, cloud access service broker, and remote browser isolation capabilities natively into the VMware SASE solution. VMware Cloud Web Security will be sold and supported by VMware, with a single management interface and integrated back end operations, offering customers of all sizes an easy to deploy and ready to use solution. In addition, VMware and Zscaler are announcing a preferred partnership enabling enterprises to combine VMware SD-WAN and VMware Secure Access with Zscaler’s Secure Web Gateway into a fully architected and tested best-of-breed SASE solution.
- Integrated Next-Gen Firewall as a Service – The VMware NSX Firewall is a stateful Layer 7 firewall that will be integrated into the VMware SASE platform for cloud-delivered firewall as a service in both single-tenanted and multi-tenanted deployment options. This complements the firewall capabilities of the existing VMware SD-WAN solution today. The rapid adoption of the NSX Firewall in the industry has led analysts to name VMware as one of the top five firewall vendors in the world.
As stated, more people are working from home with a large chunk saying that the ability to work from home is now a prerequisite for the consideration of a job. Working from home can have several benefits, include an extra layer of safety for employees avoid possible infection. However, it isn’t as easy for companies to hand out a laptop or a thin client and say, go work from home. There are several challenges such as remote employee on-boarding, visibility and compliance, security, employee safety, and more. To address this VMware is expanding its Workspace ONE and Workspace Security offerings. The new offerings include the following:
- VMware Workspace Security Remote – Combines industry-leading unified endpoint management (UEM), endpoint security, and remote IT support into an integrated solution to better manage and protect Mac and Windows 10 devices. While InfoSec teams focus on preventing, detecting and responding to threats, IT teams ensure broader compliance and help to operationalize security updates. Workspace Security Remote brings the two teams, technologies and consoles closer together to enhance overall device health, provide Zero Trust access and efficiently automate threat response.
- VMware Workspace Security VDI – Integrates VMware Horizon and VMware Carbon Black Cloud into a single unified solution that helps security and IT teams deliver highly secure virtual desktops and applications. Workspace Security VDI goes beyond legacy solutions as it uniquely integrates Carbon Black technology directly into the VMware vSphere Hypervisor and VMtools to deliver an agentless approach with improved anti-tamper capabilities, audit and remediation, and uses behavioral detection to protect against ransomware and file-less malware.
While the above covers security and access for the users, what they are using all the devices on (private and public clouds) also need better security. Not to just point out that cloud security is important for distributed/remote working, many companies are also transitioning more to the cloud and developing apps in the cloud that need security. To address this, VMware introduced VMware Carbon Black Cloud Workload. The company states that this new solution delivers advanced protection purpose-built for securing modern workloads to reduce the attack surface and strengthen security posture. The solution looks at prioritized vulnerability reporting and combines it with foundational workload hardening with industry-leading prevention, detection and response capabilities to protect workloads running in virtualized, private and hybrid cloud environments.
VMware Carbon Black Cloud Workload will be available as a six-month unlimited free trail for all available for all current vSphere 6.5 and VMware Cloud Foundation 4.0 customers. The solution combines the security expertise of both companies (Carbon Black was its own company before the acquisition). The new solution will be tightly integrated with vSphere and provide agentless security that alleviates installation and management overhead and consolidates the collection of telemetry for multiple workload security use cases. Now IT can automatically secure new workloads (or existing) at every point in the security lifecycle. VMware Carbon Black Cloud Workload can tackle the complexity of security in a hybrid data center where physical, on-premises machines to multiple public cloud infrastructure as a service (IaaS) environment to container-based application architectures all need to be secured.
VMware Carbon Black Cloud Workload also offers:
- Visibility to Identify Risk and Harden Workloads: Carbon Black Cloud Workload helps security and infrastructure teams focus on the most high-risk vulnerabilities and common exploits across their environments, because it’s not about finding the most vulnerabilities—it’s about finding the right ones. Prioritize vulnerabilities based on a combination of the Common Vulnerability Scoring System (CVSS), real-life exploitability and real-life frequency of attack, increase patching efficiency with best-in-class prioritization, and take immediate action in vSphere Client.
- Prevention, Detection and Response to Advanced Attacks: Security teams often lack visibility and control in highly dynamic virtualized data center environments. Carbon Black Cloud Workload protects workloads running in these environments by combining vulnerability assessment and workload hardening with industry-leading next-generation antivirus (NGAV), workload behavioral monitoring, and endpoint detection and response (EDR) for workloads.
- Simplified Operations for IT and Security Teams: The VMware intrinsic approach builds security into the virtual fabric, ensuring protection everywhere workloads are deployed, and eliminating the trade-off between security and operational simplicity. But organizations also need the infrastructure team to be able to operationalize more of security policy and hardening. That requires giving them the right visibility into risk, and the tools to harden workloads right inside their own consoles. Carbon Black Workload accomplishes this by building security risk visibility right into vCenter, with the same visibility security operations see in Carbon Black Cloud — giving them a single source of truth. This will not only accelerate response to critical vulnerabilities and attacks, it will foster far greater collaboration between IT and Security teams.
In the future, VMware Carbon Black Cloud Workload is looking to include Carbon Black Cloud module for hardening and securing Kubernetes workloads.
The final security-related announcement from today, touched on above, is VMware and Zscaler introducing new integrations end-to-end visibility and protection for distributed workforces. The integrations will be one-click and are said to enable joint customers to stop zero-day threats from impacting endpoints and enable true zero trust conditional access to internal applications.
Availability
VMware Future-Ready Workspace Security Remote and VMware Workspace Security VDI are available now. VMware Edge Network Intelligence is expected to be available in VMware’s Fiscal Q3 FY21, which ends on October 30, 2020. BYOD capabilities for VMware Secure Access are expected to be available in Q4 FY21, which ends on January 30, 2021. VMware Cloud Web Security is expected to be available in VMware’s Fiscal Q1 FY22, and NSX Firewall as a Service for the VMware SASE Platform is expected to be available in FY22. VMware Carbon Black Cloud Workload is expected to be available in November 2020. The Carbon Black Cloud module for hardening and securing Kubernetes workloads is expected to be available in December 2020.
Engage with StorageReview
Newsletter | YouTube | Podcast iTunes/Spotify | Instagram | Twitter | Facebook | RSS Feed