Story image

VMware launches service-defined firewall

07 Mar 2019

VMware has launched the new VMware Service-defined Firewall, an approach to internal firewalling that reduces the attack surface for on-premises and cloud environments with security that is an intrinsic part of the infrastructure.

Through the capabilities of VMware NSX and VMware AppDefense, the VMware Service-defined Firewall combines application visibility and understanding of known good application behavior with automated and adaptive firewalling capabilities to help better protect apps, data and users.

“Intrinsic security is different than integrated security,” says VMware networking and security business unit senior vice president and general manager Tom Gillis.

“Integrated security repackages existing solutions, such as taking a traditional firewall and making it a blade in a data center switch. It doesn’t fundamentally change the firewall. Intrinsic security takes advantage of the unique attributes that are built into the virtualization platform, allowing us to create new security services,” he says.

“The new VMware Service-defined Firewall is focused on internal network firewalling and changes the game by validating known good application behavior, rather than chasing threats.”

The idea of focusing on the known good behavior of an application has been tried before, but the challenge has always been in getting a complete understanding of the application.

Some solutions have installed agents in the guest to accomplish this, but agent-based solutions add complexity and have limited appeal because if an attacker gets root access, which provides complete control of a host, they can simply bypass the agent.

In addition, as applications have become more distributed, security needs to be distributed too.

It’s impractical to hairpin east-west traffic to a hardware device or a virtual instantiation of it for inspection.

The VMware Service-defined Firewall solution takes a different approach to firewalling that focuses on assets that enterprises know well—applications they themselves have deployed—rather than scrutinizing the unknown.

This solution works on bare metal, VM and container-based application environments, and will support hybrid cloud environments such as VMware Cloud on AWS and AWS Outposts in the future. Enterprises can use this solution as their sole firewall solution for their internal needs.

The VMware Service-defined Firewall has the following features:

  • Application verification cloud: VMware’s position in the host allows the Service-defined Firewall to gain a deep understanding of an application and its 100’s or even 1,000’s of microservices through all their variations over time. Using machine intelligence from millions of VMs globally, the solution’s Application Verification Cloud builds an accurate map of the intended “known good” state of the application. Once a verified understanding of known good application behavior is established, the solution can generate adaptive security policies for the Service-defined Firewall solution that is layer 7 capable and can perform a full stateful inspection.

  • Protected from the guest: The Service-defined Firewall solution leverages VMware’s intrinsic ability to inspect the guest OS and application without being resident in the guest. This means that even if an attacker gains root access, they cannot bypass the Service-defined Firewall solution. The Service-defined Firewall solution can also detect and block malicious traffic on the network.  Beyond that, this system can introspect the guest itself and identify and stop any malicious behavior within the OS or application at run time. This unique capability is equivalent to a new approach to network firewalling and host IPS.

  • Distributed in software: the traditional approach to hardware firewalling requires “hairpinning” traffic out of the virtual environment and into a hardware appliance for scanning. This is inefficient and difficult to scale, particularly for modern applications that have many components or services that run across many servers and can often span different clouds. Based entirely in software, the VMware Service-defined Firewall is highly distributed which means it runs wherever the application runs, across clouds. This means policies can be consistently enforced without complex hairpinning of traffic across cloud environments.

VMware service-defined firewall stands up to real-world attack scenarios

To validate the effectiveness of the VMware Service-defined Firewall, VMware teamed with Verodin, a company that helps organizations to measure, manage, and improve their cybersecurity effectiveness.

VMware leveraged Verodin’s Security Instrumentation Platform (SIP) to validate that the VMware Service-Defined Firewall can effectively identify and stop threats whether they are known or unknown.

While running the solution in both Detect and Prevent mode, the VMware Service-Defined Firewall detected or prevented 100 percent of the malicious attacks used in the Verodin test sequence.

Verodin CEO Christopher Key says, “Defenders are tasked with securing business-critical applications they don’t operationally own or control. Rapid application development and the rising complexity of distributed and hybrid environments further increase the difficulty of securing these applications exponentially.”

Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
Singapore firm to launch borderless open data sharing platform
Singapore-based Ocean Protocol, a decentralised data exchange that promotes data sharing, has revealed details of what could be the kickstart to a global and borderless data economy.
Huawei picks up accolades for software-defined camera ecosystem
"The company's software defined capabilities enable it to future-proof its camera ecosystem and greatly lower the total cost of ownership (TCO), as its single camera system is applicable to a variety of application use cases."
Barracuda expands MSP security offerings with RMM acquisition
Managed Workplace delivers an RMM platform with security tools and services, such as site security assessments, Office 365 account management, and integrated third-party antivirus.
Flashpoint: APAC companies must factor geopolitics in cyber strategies
The diverse geopolitical and economic interests of the states in the region play a significant role in driving and shaping cyber threat activity against entities operating in APAC.
Expert offers password tips to aid a stress-free sleep
For many cybersecurity professionals, the worries of the day often crawl into night-time routines - LogMeIn says better password practices can help.
SolarWinds extends database anomaly detection
As organisations continue their transition from purely on-premises operations into both private and public cloud infrastructures, adapting their IT monitoring and management capabilities can pose a significant challenge.
Adura launches new SOC and MSP in Singapore
The new SOC focuses on the needs of businesses to gain insight into their organization’s security posture and increase their ability to react promptly.