Author Archives: laurenklass

Declare Your Application State with Tanzu Service Mesh

YES! You can declare your application resiliency state and keep it like that with a combination of Kubernetes and the new application resiliency capabilities in Tanzu Service Mesh.

First things first: what is Tanzu Service Mesh?

Tanzu Service Mesh allows you to create and isolate a logical structure in a Kubernetes cluster, or across different clusters, to achieve an application layer 7 networking and security fabric that you can add values on top of. Just by connecting the dots, we get service discovery, observability, security, and encrypted connectivity for all objects in that global namespace structure. More about TSM global namespaces in excellent blogs here and here.

In this blog, I focus on a new feature that (in my opinion) is a real game-changer for the way we operate and manage application resiliency. As background, I used to work on the customer side for most of my technical career, in operations and infrastructure roles, and the thing I was mostly concerned with was the application and user experience. We had multiple application monitoring solutions that continuously tested user experience via methods such as synthetic transactions (not real user ones) or tap the transaction to get the live experience. Once we Continue reading

Adapt Business Agility with Modern Load Balancing

It’s no secret that enterprises are rapidly automating the modern network across compute, storage, and network environments. What you may not know is that load balancing is being left behind. Traditional legacy architectures were conceived decades ago and were not designed with the needs of the modern enterprise in mind. They are simply not scalable, agile, or flexible enough. As a result, enterprises have had to overprovision their load balancers — whether physical or virtual — resulting in complexity and waste.

We all know that waste and complexity are the enemy of the modern enterprise, and, thankfully, the cloud offers a solution. Cloud-native load balancers provide automation and elasticity, but they do not come with a rich feature set or provide consistency between on-premises and cloud environments. It’s a tricky trade off that prevents enterprises from truly achieving their digital transformation goals.

But don’t fret. There is a viable solution. VMware NSX Advanced Load Balancer (ALB) gives enterprises the best of both worlds — an adaptable, flexible, and scalable load balancer that combines the simplicity of the public cloud with the rich features inherent in an enterprise-grade solution. Check out Ashish Shah’s VMworld breakout session on the need for a Continue reading

Operationalizing Advanced East-West Security at Scale in the Datacenter

East-west security is the new battleground for keeping enterprises safe from malicious actors. As we all know, perimeters will be breached. That’s a given. The massive scale of data center infrastructure makes it too easy for bad actors to find a vulnerable, unpatched server, penetrate it, and hide out — often for months and years — stealing your information, monitoring your communications, and causing disruptions.

According to Ambika Kapur, vice president of product marketing for VMware’s networking and security business unit, it’s imperative that enterprises come to the realization that bad actors will get into the network — and focus more on blocking their lateral movement once they make that initial breach. She spent years in the firewalling space at Cisco and learned how vulnerable perimeter security can be. Now, at VMware, Kapur is helping to lead the effort to make east-west security a viable option through a software-based approach that is scalable and cost-efficient.

Check out Kapur’s VMworld breakout session on operationalizing east-west security at scale to learn exactly how we are able to stop the lateral spread of threats and ultimately harden enterprise security:

Rather than hairpinning traffic to a dedicated physical appliance, VMware breaks up the firewall Continue reading

Explore VMware’s Virtual Cloud Network Vision with Tom Gillis

The past year has been filled with challenges. It’s been difficult to adapt to the new realities of how we work, how users access applications, and how we build out and scale our network infrastructures. But challenges lead to opportunities. In his Virtual Cloud Network keynote at VMworld 2020, Tom Gillis, general manager of the networking and security business unit at VMware, urged participants to rethink how they operate and then come up with new processes and approaches that will help them move faster into the future.

In his presentation, Gillis describes how forward-thinking companies are able to:

  1. Take the corporate network and stretch it into remote users’ living rooms,
  2. Deliver public cloud experiences to on-premises data centers, and
  3. Bridge the virtual and physical worlds in a true hybrid cloud environment with consistent policy and management enforcement.

With these capabilities (and there are VMware customers doing this today!), organizations can deploy a completed workload to any user across any infrastructure, including all the necessary networking and security bells and whistles, with a single click.

VMware enables this new approach via its Virtual Cloud Networking (VCN) portfolio. Whether through our SD-WAN technology delivering a LAN-like experience to distributed users, or Continue reading

VMware is Not New to Enterprise Security

By: Keith Luck

None of us can stop thinking about how 2020 has changed the way we go about our daily tasks. Going to school, going to the store, going out to eat — going anywhere at all. But now, for the first time, we are not even going to work! Everyone has been pushed to work from home. This change has a wide-ranging set of variables that need to be addressed, from the business limits on resources for connectivity to the employee’s limits on remote resources of space, privacy, and uninterrupted concentration. 

The overnight reliance on remote, personal, shared services for connectivity from the worker to the corporation has forever put an end to the idea of a security perimeter. Zero Trust Architecture (ZTA) has moved from being an academic discussion to persistent customer requests for solutions. This shift is furthered by the timely release of the US National Institute of Standards and Technology’s NIST Special Publication 800-207 ZTA Guide. At the same time, we now see numerous security industry vendors claiming their products will provide Zero Trust. 

Naturally, many VMware customers want Continue reading

Encrypted VelvetSweatshop Password Still a Threat to Excel Files

Office documents, such as Word and Excel files, can be password-protected using a symmetric key encryption mechanism involving one password which is the key to both encrypt and decrypt a file. Malware writers use this key as an additional evasion technique to hide malicious code from anti-virus (AV) scanning engines. The problem is that encrypting a file introduces the disadvantage of requiring a potential victim to enter a password (which is normally included in the phishing or spam email containing the encrypted attachment). This makes the email and the attachment very suspicious, thus greatly reducing the chance that the intended victim will open the encrypted malicious attachment.

The good news (for the attackers) is that Microsoft Excel can automatically decrypt a given encrypted spreadsheet without asking for a password if the password for encryption happens to be VelvetSweatshop. This is a default key stored in Microsoft Excel program code for decryption. It’s a neat trick that attackers can leverage to encrypt malicious Excel files in order to evade static-analysis-based detection systems, while eliminating the need for a potential victim to enter a password.

The embedded VelvetSweatshop key in Excel is not a secret. It has been widely reported for many Continue reading

Threat Intelligence Report: Targeted Snake Ransomware

In the last few weeks, VMware NSX threat telemetry revealed the submission of a Windows executable Ransomware sample, written in Go, which is related to the Snake Ransomware family.

This ransomware specifically targeted the Honda network, and was found to be quite sophisticated. The ransomware appears primarily to be targeting servers, as it has logic to check for the type of host it is infecting, and it attempts to stop many server-specific services/processes. Hard-coded strings are encrypted, source code is obfuscated, and the ransomware attempts to stop anti-virus, endpoint security, and server log monitoring and correlation components. This ransomware family has ties to Iran and has historically been observed targeting critical infrastructure such as SCADA and ICS systems. More recently, the malware has been observed targeting healthcare organizations. Most interestingly, and unlike other variants, the malware analyzed in this threat report does not drop any ransom note to desktop machines.

To learn more, read our Targeted Snake Ransomware Report.

The post Threat Intelligence Report: Targeted Snake Ransomware appeared first on Network and Security Virtualization.

COVID-19 Cyberthreat and Malware Updates

It has been over three months since our last report on COVID-19themed attacks [1]. During this period, the tragedy of the COVID-19 pandemic has continued to dominate our daily livesfe. On the digital virus sidesSince our lastthat report [1] we have been closely tracking the cyberthreat landscape that leveraging leverages the COVID-19 themes. In the last report, we discovered that the majority of the attacks were involved infostealersThe oIn observations made from over the past two months witnessed similar infostealers1 as reported in [ again played a key role1]HoweverIn the meanwhile, we also detected other threats not that we hadn’t seen earlier, such as the Emotet campaign and remote access Trojan (RAT) attacks.  

In this blog post, we first present the our most recent telemetry data, as reported by some VMware customers,, in order to exhibit highlight the diversity and magnitude of the attacks. Next, we investigate the Emotet campaign, as it is the most dominant wave seen in this period. More specifically, we analyze one of the samples from the campaign to reveal the tactics, techniques, and procedures (TTPs) used in the attack, and discuss how the Emotet payload variant is different from the one we reported recently [2].2 

The post COVID-19 Cyberthreat and Malware Updates appeared first on Network and Security Virtualization.

Virtual Patching with VMware NSX Distributed IDS/IPS

Patching: The Perennial Problem  

Cybersecurity consumes an ever-increasing amount of our time and budgets, yet gaps remain and are inevitably exploited by bad actors. One of the biggest gaps is unpatched vulnerabilities: a recent survey found that 60% of cyberattacks in 2019 were associated with vulnerabilities for which patches were availablei.   

Most companies have a patch schedule that is barely able to keep up with applying the most important patches to the most critical vulnerabilities. Yet new ones crop up all the time: approximately 15,000 new vulnerability are discovered every year, which translates to one every 30 minutes ii. They impact all types of workloads, from multiple vendors, as well as open source projects.  

It’s a constant race to try to find and fix the most dangerous vulnerabilities before the bad actors can exploit them. But ignoring them is not an option.  

The Simplest Approach is Not So Simple  

Why not just patch everything or fix flaws in the code? Because it’s operationally challenging – and almost impossible 

First, patching is an expensive and largely manual process. Second, applications may rely Continue reading