If you work in IT, you’ve probably heard lots of talk in recent years about “zero trust,” a security strategy that requires all resources to be authenticated and authorized before they interact with other resources, rather than being trusted by default.
The theory behind zero trust is easy enough to understand. Where matters tend to get tough, however, is actually implementing zero-trust security and compliance, especially in complex, cloud-native environments.
Which tools are available to help you enforce zero-trust security configurations? What does zero trust look like at different layers of your stack – nodes, networks, APIs and so on? What does it mean to enforce zero trust for human users, as compared to machine users?
To answer questions like these, we’ve organized a webinar, titled “Zero Trust Security and Compliance for Modern Apps on Multi-Cloud,” that will offer practical guidance on configuring a zero-trust security posture in the real world.
The one-hour session will focus in particular on enforcing zero-trust in Kubernetes-based environments, with deep dives into the following:
We’re delighted to report that GigaOm, a global provider of technology industry insights and analysis, has placed VMware in the leader ring in the GigaOm Radar Report for Cloud Networking 2022. In the leader ring, VMware is placed in the Platform Play and Maturity quadrant. This is a testament to the robustness of VMware’s cloud networking solution and its leading position in the cloud networking space. Click here to download the complete report.
Noting VMware’s broad portfolio of networking solutions, which covers the entire network stack and includes native network features for observability, micro-segmentation, and beyond, GigaOm says that VMware is in a leading position to help enterprises with complex networking requirements “modernize and optimize their infrastructure.”
The report evaluates 11 vendors that provide tools or platforms to help build and operate cloud networks. They include major enterprises like VMware, as well as several smaller companies.
GigaOm assessed the vendors on a variety of criteria, including:
VMware received a triple-plus score – the highest evaluation possible – for most of the categories given above.
The data center landscape has radically evolved over the last decade thanks to virtualization.
Before Network Virtualization Overlay (NVO), data centers were limited to 4096 broadcast domains which could be problematic for large data centers to support a multi-tenancy architecture.
Virtual Extensible LAN (VXLAN) has emerged as one of the most popular network virtualization overlay technologies and has been created to address the scalability issue outlined above.
When VXLAN is used without MP-BGP, it uses a flood and learns behavior to map end-host location and identity. The VXLAN tunneling protocol encapsulates a frame into an IP packet (with a UDP header) and therefore can leverage Equal Cost Multi-Path (ECMP) on the underlay fabric to distribute the traffic between VXLAN Tunneling Endpoints (VTEP).
Multi-Protocol BGP (MP-BGP) Ethernet VPN (EVPN) allows prefixes and mac addresses to be advertised in a data center fabric as it eliminates the flood and learns the behavior of the VXLAN protocol while VXLAN is still being used as an encapsulation mechanism to differentiate the traffic between the tenants or broadcast domains.
A Multi-Tenancy infrastructure allows multiple tenants to share the same computing and networking resources within a data center. As the physical infrastructure is shared, the physical Continue reading
Your trusty NSX blog is going through a big change.
We’re uniting our VMware security content in the newly designed VMware Security blog.
Don’t worry, you’ll still be able to find the latest on network automation, application mobility, and load balancing. All the networking content you count on, that’s staying right here.
However, if you’re looking for current and future articles on network security and threat research, those will now be found in a new home—a blog that centralizes security content across VMware into a single channel.
You no longer need to switch (blog) channels for security news, insights, and resources. The newly designed VMware Security Blog will become your new one-stop-shop for key perspectives from experts, specialists, and leaders across VMware NSX, Threat Analysis Unit, and Carbon Black.
On the new blog, you can expect to find all the network security content you know and love — including:
In 2022, nearly 77% of technology professionals see the need for improvement in their data center network automation strategies. Despite years of predictions about applications and data migrating to the public cloud, a consensus has been that data centers remain the indispensable core of any digital infrastructure. While the public cloud has a vital role to play and it continues to grow, enterprises and service providers continue to rely on data centers to power their operations. To remain relevant in a cloud-centric world, data centers must modernize – needing scalable, efficient, and agile operations. Highly manual processes do not scale gracefully, therefore calling for organizations and their data centers to adopt network automation or be left behind.
VMware is proud to have an opportunity to sponsor Enterprise Management Associates (EMA) in producing The Future of Data Center Network Automation research report. This report analyzes cutting-edge technology of data center automation – drawing on quantitative and qualitative research done by EMA analysts – focusing on how tech orgs are planning, implementing, and using data center network automation solutions, the specific technologies they’re using, and the benefits and challenges associated with data center network automation. Using real-time VMware customers Continue reading
In our most recent Twitter chat, we were joined by Vivek Bhandari, Varun Santosh, and Srini Nimmagadda to answer common questions about NSX-T 3.2, its benefits, how it works, and more. Dive in below for the full recap of our NSX-T 3.2 #VMwareNSXChat.
Question 1: If you had to describe NSX-T 3.2 to a friend using just one sentence (or using just 280 characters) what would you say? #VMwareNSXChat
Varun: Stronger security, simplified networking, easy operations – what’s not to like #VMwareNSXchat!
Vivek: It’s like going from a flip phone to a touch screen smartphone. Gamechanger! #VMwareNSXChat
Question 2: What are the key Networking and Policy enhancements? #VMwareNSXChat
Varun: NSX-T 3.2 simplifies network provisioning thru prescriptive NSX deployment from vCenter, deeper integration with Antrea, Federation support for VM tag replication, enhanced migration coordinator, and enhanced monitoring and troubleshooting. #VMwareNSXChat
Question 3: What are the key security enhancements? #VMwareNSXChat
Vivek: NSX-T 3.2 is a quantum leap forward bringing advanced security in a distributed architecture. It now includes network traffic analysis (NTA) and network detection and response (NDR), malware prevention with sandboxing, L7 gateway firewall, and more. #VMwareNSXChat
Vivek: Of Continue reading
VMware-based workload environments are the norm in private clouds for enterprise-class customers. 100% of Fortune 500 companies deploy vSphere/ESXi. Further, ~99% of Fortune 1000 and ~98% of Forbes Global 2000 companies deploy vSphere/ESXi. VMware’s deep presence in enterprise private clouds has made NSX Firewall the preferred micro-segmentation solution for these enterprises.
Below, we expand on how the NSX Firewall has developed its prominent position in enterprise private clouds.
Virtualized x86 workloads on hypervisors represent ~80% of all enterprise workloads. VMware’s hypervisor-based micro-segmentation solution – NSX Firewall – is the preferred agentless solution for such workloads because of the solution’s tight integration with the rest of the VMware eco-system.
~15% of workloads at enterprises are x86-based (Windows, Linux) but not virtualized. The NSX Firewall handles these workloads with NSX agents.
~5% of workloads at enterprises are non-x86-based. VMware provides an (agentless) layer 2-7 gateway firewall that supports micro-segmentation for these workloads. Note that the gateway firewall eliminates the need for integration with physical switches, routers, and load-balancers.
Between these mechanisms, 100% of all workloads in the private cloud are protected. In practice, given VMware’s penetration of enterprises, VMware’s agentless solutions apply to the vast Continue reading
Contributors: Giovanni Vigna, Oleg Boyarchuk, Stefano Ortolani
The continued assault on Ukraine will go down in history as the first one that was truly carried out both kinetically on the battlefield and virtually using cyberattacks against the computer infrastructure of the invaded nation.
As the invasion started and escalated, new malware threats were introduced by malicious actors to harm Ukrainian organizations. Early in the assault, security researchers have observed the emergence of new threats that appears to be developed ad hoc to be key tools in cyber-war efforts.
In addition to well-known attacks and threats, such as network DDoS and ransomware, these threats included “wipers,” whose sole purpose is the disabling of the targeted hosts, often combined with other tools that allow the attackers to infect the largest number of hosts possible.
While these attacks targeted specific organizations, there is a substantial risk that in the highly connected, distributed environments used to exchange and share information in multi-national organizations these attacks might spill beyond their intended targets.
It is therefore of paramount importance to understand these threats in order to help protect both Ukrainian organizations and the rest of the world. To this end, CISA has published a series Continue reading
As Stephen R. Covey stated in his popular book, The 7 Habits of Highly Effective People, “True effectiveness requires balance.” VMware agrees. And when it comes to accelerating modern application delivery, true application effectiveness requires a modern load balancer. So, with a respectful nod to Stephen R. Covey, here are the seven requirements of highly effective load balancers.
The release of VMware NSX-T 3.2 and VMware Container Networking with Antrea 1.3.1-1.2.3 delivers on VMware’s vision to have heterogeneous Antrea clusters running anywhere integrate with NSX-T for centralized container policy management and visibility.
NSX-T becomes the single pane of glass for policy management when connected to Antrea clusters. The Antrea clusters could be running on VMware Tanzu platform, RedHat OpenShift or any upstream Kubernetes cluster. Inventory management, tagging, dynamic grouping and troubleshooting can be extended to Antrea clusters along with native Kubernetes network policies and Antrea network policies to be centrally managed by NSX-T.
Antrea to NSX-T interworking Architecture
Antrea NSX Adapter is a new component introduced to the standard Antrea cluster to make the integration possible. This component communicates with K8s API and Antrea Controller and connects to the NSX-T APIs. When a NSX-T admin defines a new policy via NSX APIs or UI, the policies are replicated to all the clusters as applicable. These policies will be received by the adapter which in turn will create appropriate CRDs using K8s APIs. The Antrea Controller which is watching these policies run the relevant computation and sends the results Continue reading
78% of the most popular websites are powered by Linux, which means malware targeting Linux-based operating systems are attacking multi-cloud environments at an alarming rate. Threats such as ransomware, cryptomining components, and remote access tools (RATs) take advantage of weak authentication, vulnerabilities, and misconfigurations in container-based infrastructures. To support IT leaders and cybersecurity professionals in their transformation to top-tier ransomware and malware defense, VMware is proud to sponsor a 1-hour long live webcast on Exposing Threats Lurking in Your Linux-Based Multi-Cloud, on February 28th, at 2 pm ET, presented by SC Media.
In this exclusive partnership with CyberRisk Alliance, our subject matter researchers Giovanni Vigna, Sr. Director of Threat Intelligence, VMware, and Brian Baskin, Technical Lead, Threat Analysis Unit, VMware, explore:
The webinar is an extension of the recently released Exposing Linux-based Threats Lurking in Your Multi-Cloud threat report, which included in-depth research conducted by the VMware Threat Analysis Unit (TAU) on Continue reading
Ransomware-as-a-service has become an increasingly more visible threat to organizations, and we continue to see sophisticated ransomware attacks across multi-cloud environments. A new VMware Threat Analysis Unit report exposes just how agile attackers have become by weaponizing ransomware, cryptojacking, and Remote Access Tools (RATs) in Linux-based environments. The report clearly outlines the steps attackers take once they’ve obtained a foothold in their target cloud environment, either executing ransomware or deploying cryptojacking components. In addition to these two types of attacks, our threat researchers also present how threat actors implant themselves using RATs.
In the report, a team of highly skilled and dedicated threat researchers and security professionals provide an in-depth analysis to these key findings:
Emotet attacks leveraging malicious macros embedded in Excel files continue, with new variants and novel tactics, techniques, and procedures (TTPs). Following our recent report, we observed new waves of Emotet campaigns abusing legitimate Windows features, such as batch scripts and the mshta utility, combined with PowerShell, to deliver Emotet payloads.
In this follow-up blog post, we first provide an overview of the delivery processes of Emotet payloads in typical attacks. Then, we examine the recent variants and reveal how techniques evolved in these attacks.
The Emotet infection chain typically starts with a spam email containing a malicious document in the attachment (see Figure 1). The attachment can be either a Word document or an Excel file with embedded VBA or Excel 4.0 (XL4) macros. To entice the user to enable macro execution in Microsoft Word or Excel, the file displays social engineering content when opened. Once macro execution has been enabled, the embedded macro is executed, leading to the delivery process of an Emotet payload.
As highlighted in Figure 1, there are typically two ways to deliver an Emotet payload:
VMware NSX-T 3.2 is one of our largest releases — and it’s packed full of innovative features that address multi-cloud security, scale-out networking, and simplified operations. Check out the release blog for an overview of the new features introduced with this release.
Among those new features, let’s look at one of the highlights. With this release, Migration Coordinator now supports a groundbreaking feature addressing user-defined topology and enabling flexibility around supported topologies. In this blog post, we’ll look at the workflow for this new feature — starting with a high-level overview and then digging into the details of User Defined Topology. For more information on Migration Coordinator, check out the resource links at the end of this blog.
Migration Coordinator is a tool that was introduced about 3 years ago with NSX-T 2.4. It enabled customers to migrate from NSX for vSphere to NSX-T Data Center. It’s a free and fully supported tool built into NSX-T Data Center. Migration Coordinator is flexible, with multiple options enabling multiple ways to migrate based on customer requirements.
Prior to NSX-T 3.2, Migration Coordinator offered two primary options:
We’re introducing new capabilities to help our customers prepare for upgrading to the latest releases — now available with NSX-T Data Center 18.104.22.168.
To ensure that existing NSX deployments can be successfully upgraded to NSX-T Data Center 3.2.x, we have provided an NSX Upgrade Evaluation Tool that operates non-intrusively as a separate downloadable tool to check the health and readiness of your NSX Managers prior to upgrade. Using NSX Upgrade Evaluation Tool can help avoid potential upgrade failures and save time by avoiding a rollback from a failed upgrade.
In what follows, we’ll go over the details of the NSX Upgrade Evaluation Tool:
The main component of the NSX Upgrade Evaluation Tool is the database where a copy of NSX objects will be stored. The tool starts by making a secure copy of the database from an existing NSX Manager Continue reading
The state of cyber security is a typical example of a cat-and-mouse game between hackers and defenders. Sometimes, a threat that appears to be under control, if not completely mitigated, comes back with a vengeance. This is exactly what happened to Emotet.
It has been just about a year since the Emotet botnet was taken down, thanks to the international efforts of multiple law enforcement agencies. But the silence from Emotet attackers did not last long. Late last year, we saw a report on the resurface of Emotet distributed by Trickbot. Recently VMware’s Threat Analysis Unit saw another Emotet campaign—where the attacks leveraged the increasingly abused Excel 4.0 (XL4) macros to spread Emotet payloads.
In this blog post, we investigate the first stage of the recent Emotet attacks by analyzing one of the samples from the recent campaign and reveal novel tactics, techniques, and procedures (TTPs) that were not used by Emotet in the past.
Figure 1 shows the detection timeline of a recent Emotet campaign that affected some of our customers—mostly in the EMEA region. The campaign started on January 11 and peaked the next day before fading Continue reading
VMware Network Automation combines the modern microservices architecture of vRealize with VMware NSX network virtualization to enable rapid application rollout. The solution automates VMware NSX via VMware vRealize Automation to deliver complete workload lifecycle automation through networking, compute, and security services that make it simple to template, provision, and update complete environments. That, in turn, enables businesses to accelerate application delivery and drive overall agility.
The latest iterations of vRealize Automation native integration with NSX-T features include multiple new capabilities, such as support for NSX-T Federation, distributed firewall configurations from NSX-T, a shared gateway across on-demand networks, and many others.
In this post, we will provide an overview of the feature-set available with this native integration. The post doesn’t aim to be exhaustive, so don’t hesitate to look at the vRealize Automation documentation for more details.
The native integration allows for consumption of NSX-T constructs from vRealize Automation after a simple configuration.
The goal is for the cloud admin to be able to offer users a self-service catalog, through Service Broker that enables the deployment of complex topologies with consistent governance policies across the cloud — all while abstracting the underlying infrastructure and its complexity from Continue reading
With the world at our fingertips via a simple Google search, it can sometimes be tough to figure out what’s fact and what’s fiction. Whether you’re an expert, novice, or beginner in the tech world, time should be spent putting capabilities and terms into action – rather than trying to piece them together and understand them like a Sudoku puzzle. That’s why we’re going to debunk six major East-West security myths for you – so you can get back to the good stuff.
Busted. East-West security does all of the fancy stuff mentioned, with one very important difference: it moves laterally through the network perimeter. This is a key understanding, since East-West security operates on the premise that threat factors will eventually find a way through next-generation firewalls – which means all internal network traffic is vulnerable.
Busted. While it’s important to have North-South security in place (filtering the traffic that is exiting and entering the network), it cannot protect the network on its own Continue reading
Every 11 seconds, a new organization falls victim to ransomware. That means by the time you’re done reading these two sentences, your organization could very well become another statistic. In the war against ransomware, there are two cohorts: those who are armed for war and those who will suffer digital casualties. With threats becoming increasingly more agile, it’s up to you to protect your organization’s past, present, and future.
The Numbers Don’t Lie
Cybercrime has become a bigger entity than any of us could’ve ever imagined. With over 4,000 attacks every day and $20 billion in damages in 2021 alone, ransomware has become the big business we’ve all feared. Imposing numbers like these make it seem nearly impossible to protect against ransomware – but there is a solution that will strengthen your armor.
Protection Served with Simplicity
We know that shopping for new digital armor can be daunting. But the threat is real, and VMware is not in the business of smoke and mirror solutions. We are, however, in the business of helping enterprises scale out – simply, securely, swiftly. To that end, the VMware Distributed Firewall is a foundational step for many customers strengthening their multi-cloud environments. Enforcing east-west advanced threat protection at each workload, our distributed firewall solution can scale to 20TB+ while coming in at one-third of the cost of other solutions in the industry. Providing support to over 30,000 customers, VMware Security Solutions have consistently been able to stop attackers in Continue reading