Category Archives for "VMware Network Virtualization Blog"

VMware Achieves Industry-First AAA Rating for Network Detection & Response from SE Labs

In the first public test of is kind for Network Detection and Response, SE Labs awards the industry’s first NDR AAA rating to VMware NSX Network Detection and Response (NDR). The modern cyber battlefield is everywhere, and every attacker has to traverse multiple networks and in most cases many firewalls to achieve their goals. Internal to networks they look to move freely within the environment discovering valuable information they wish to exfiltrate. As attackers have continually innovated so must the industry and our testing. As a leader in the security industry, VMWare has gone through the industry’s first Network Detection and Response (NDR) test and received a AAA rating. It is well-known that attackers continually evolve and chain together an ever increasingly complex chain of events. These techniques, tactics and procedures occur across networks and often traverse and bypass traditional security tools like firewalls and antivirus. As our understanding of attacker’s behaviors evolve, so must our engineering and testing.

VMware customers can be assured that their data is better protected in this new arena as they continue to modernize their application and network infrastructure as part of their digital transformation initiatives.

According to the results from SE Labs, VMware NSX Continue reading

Open Intelligence Gathering: Light and Dark

A few weeks ago, I asked my manager, Chris Bareford, if he would approve the purchase of a licence to use the open intelligence platform. I was both vague and detailed enough to justify the purchase, something about gathering threat intelligence as far as I can recall. My request was approved, and I am now in possession of the Shodan freelancer API entitlement. This is useful to me in automating certain intelligence and discovery tasks.

This blog, however, is NOT about the Shodan freelancer API.

Part of my job is to help enable cyber readiness for both my internal colleagues and my customers and prospective customers, and as part of this remit I publish a weekly threat landscape report, which is essentially a collection of things I have found to be interesting (and/or concerning) during the previous week from a cyber-security perspective. One element of this report covers what I would consider to be largely opportunistic attacks (or probes), and so I summarize an anonymized set of the past week’s common vulnerabilities & exposures (CVE) that VMware customers have had. When collating this type of information on a regular basis, what you notice is that, in addition Continue reading

Seeking Service Mesh Sessions at VMworld 

It’s that time of the year again, when all of VMware’s customers and the vCommunity at large assemble for the annual gathering of learning and shared knowledge that we call VMworld. 

This year, like last year, VMworld will be held in a virtual format and, just like last year, it’s completely free! Last year’s VMworld was a big success, with many great sessions and a record number of attendees who joined from around the world. 

As for Tanzu Service Mesh, I have good news for all you service mesh enthusiasts — and for those who are just starting to learn about service mesh. This year will see an exponential increase in the number of sessions that cover Tanzu Service Mesh. —

Service Mesh Sessions You Won’t Want to Miss: 

  1. Solutions Keynote: DevSecOps Your Way to Any Cloud (And Delight Customers) [V13190]
    This session, led by Ajay Patel, SVP and GM of the Modern Apps and Management Business Unit, will review VMware solutions that enable a DevSecOps practice for our customers — and that includes Tanzu Service Mesh. Pratik Roychowdhury a Tanzu Service Mesh director of product management, will talk about how Tanzu Service Mesh provides a way to observe and control API calls exchanged between micro-services. Pratik will also describe our PII Data Leakage protection Continue reading

How to Utilize Automation to Revolutionize Modern Networks

At VMworld 2021, we’re imagining what’s possible when it comes to the public cloud experience everywhere.  IT enterprises are expected to keep up with increasing consumer demands, focusing on fast application roll out across multiple clouds. There’s an industry wide emphasis being placed on delivering immediate, secure, and strong end-user network experience to get the job done right. At this year’s conference, we’re looking at real customers and their experiences when it comes to optimizing automation in modern network environments. 

Dankse Bank, a leader in the financial industry, learned what was necessary to achieve the most simplified self-service functionality possible. By starting with Day 0 deployment and all the way to Day 2 delivery, Dankse Bank secured sustainable service delivery and self-service modifications. VMworld 2021 session Network Operations: Intelligence and Automation from Day 0 to Day 2 takes a deeper look at this customer’s intelligence journey to show how you can achieve simplification within the public cloud, too.  

Simplifying Day 0 and Day 2 ops are action steps IT can take to streamline business ops but understanding the modern enterprise – and the complexities involved – is evergreen. Learning the ins-and-outs of the modern network with end-to-end virtualization allows businesses like yours to succeed in even the most diverse environments. Tom Gillis, Business Group leader, NASBG, of VMware, takes us on a deep dive of why building out a better security posture within diverse infrastructure is crucial. You Continue reading

Symbexcel: Bringing the Power of Symbolic Execution to the Fight Against Malicious Excel 4 Macros

Office macros are a popular attack vector to compromise a user’s environment and deploy additional components. That’s because macros can hide within documents, often under several layers of obfuscation. In recent years, there has been an increase in attacks that leverage Excel 4.0 macros as threat actors have realized the power that this legacy functionality provides to an attacker.

Analyzing Excel 4.0 macros can be a daunting task, because the analysis often requires manual, step-by-step execution of the code to extract behaviors and IoCs such as the URLs from which additional malware components will be downloaded.

In this blog, we present Symbexcel, a novel solution based on symbolic execution for the automated de-obfuscation and analysis of Excel 4.0 macros. Our approach was recently presented at BlackHat 2021 [1].

What Are Excel 4.0 Macros?

Excel 4.0 macros, or XLM macros, are a 30-year-old feature of Microsoft Excel that allows one to encode a series of operations into the contents of spreadsheet cells. Distinct from the traditional functions provided by an Excel spreadsheet (such as SUM), Excel 4.0 macro functions have access to the Windows API and can be used to interact with the underlying operating Continue reading

Simplification through Unification: One Network Across the Entire Multi-Cloud

Two major pillars of VMworld 2021 focus on enhancing productivity and consistency. More than ever, businesses are demanding consistent, secure, and reliable communication between apps and users. What Networking professionals at VMworld want to reinforce is that multi-cloud ops shouldn’t have to slow down due to poor app distribution among workspaces. The network should be durable and secure everywhere. While  threats are inevitable, businesses can be prepared by learning how to converge networking, security, and threat detection within the cloud. And that’s exactly what we’re going to teach you at this year’s virtual event. 

Valued customers of all different industries have chosen to allow VMware’s multi-cloud ops solutions to guide them through their digital transformation. Susan Wu, Senior Product Marketing Manager, and Aamer Aakhter, Product Manager, are two seasoned VMware leaders who will take you through how customers achieved multi-cloud excellence, and how you can say “Goodbye Compromises Everywhere. Hello Productivity Anywhere,” with this VMworld session. 

While simplicity may look different depending upon an organization’s goals, there is one thing that remains constant: performance shouldn’t have to be sacrificed for safety. Your enterprise should be able to streamline the entire multi-cloud to remain agile, productive, and increasingly adaptive against any threat or operational hiccup.  

IT portfolios are becoming increasingly Continue reading

Learn How to Implement Stronger Multi-Cloud Security at VMworld 2021

One of the major focuses at VMworld 2021 is to educate network security teams on how they can achieve the strongest security posture by enabling Zero Trust. The Zero Trust model is essential to securing your entire digital footprint and to remain secure as it grows. Leaders like the White House, CISOs, and industry analysts of all kinds, agree that the Zero Trust approach to network architecture is the best way to protect not only the existing perimeter but also the critical apps and workloads inside.  

During the Never Trust: Building Zero Trust Networks VMworld 2021 session, industry leaders will take a practical look at what it takes to adopt Zero Trust at scale, offer a blueprint to the Zero Trust Architecture model, and suggest next steps to implement Zero Trust for your organization. 

An extension of learning to build Zero Trust networks is sharing tangible solutions to get your business the strength and security it needs. VMware leaders Christopher Kruegel, VP of Security Services, and Vivek Bhandri, Senior Director of Product Marketing, share VMware’s NSX Distributed Firewall service that will strengthen your East-West security to protect any workload in any cloud. Add A Modern Firewall For Any Cloud and Any Workload [SEC2688] to your VMworld itinerary now.   

To gain visibility and control within the network via Zero Trust, means giving enterprises room to breathe.  Eliminating any hesitation when it comes to threat prevention hardens your organization’s security infrastructure Continue reading

All Things Networking at VMworld 2021

Must-See Sessions for Networking 

This year’s networking sessions – based on the audience feedback from VMworld 2020 – not only feature more customers stories and interviews, but have a balance of innovation, industry trends, roadmap, and technical get-your-hands-dirty sessions. The VMworld 2021 Session Types and Levels summary gives you an idea of what’s available for you and your colleagues.  

If you’re not sure about the different learning tracks or what they will include, check out the VMworld learning index here. The robust Content Catalog will allow you to filter sessions based on topic, tracks, products, type and level; the scheduler lets you to build an itinerary.  

Lastly, we have made a list of can’t miss sessions based on your role.  

For Networking Leaders:  

 For Networking Practitioners:  

Augmented MISP Integration with NSX Advanced Threat Analyzer

Contributors: Jason Zhang (NSBU TAU), Stefano Ortolani (NSBU TAU)


Formerly known as the Malware Information Sharing Platform, MISP is a leading open-source threat intelligence platform (TIP) that organizations of all sizes can leverage to store, share, and enrich threat indicators of compromise (IoCs).

The MISP ecosystem primarily comprises two parts: MISP core (or engine) and MISP modules. MISP core is responsible for the main functionality of the platform, while MISP modules were introduced to extend the capability of MISP without changing MISP core components.

Thanks to the simple API interface provided by MISP, many third-party MISP modules have been developed to greatly extend MISP’s capabilities. There are mainly three types of MISP modules: expansion modules, import modules, and export modules. More details on MISP modules can be found on MISP’s GitHub MISP module repository, which includes three modules developed by Lastline (now part of VMware) that integrate MISP with VMware NSX Advanced Threat Analyzer (ATA), as we reported earlier.

Recently VMware’s Threat Analysis Unit (TAU) developed a new expansion module, which replaces the three Lastline modules. The improvements from the new module are twofold: a simplified enrichment process and an augmented enrichment capability.

In this blog post, Continue reading

Guide to NSX Security at VMworld 2021

The world is changing and as a result, the ability to operationalize network security at scale is more important than ever. Organizations need the ability to monitor and protect both East-West and North-South traffic at scale without adding operational complexity or impacting the user experience. How do organizations do all this in the face of reduced budgets, increasing network complexity, radical changes throughout IT architectures and an increase in volume and sophistication of cybersecurity threats?

We’ll show you at VMworld 2021 with sessions dedicated to helping you operationalize network security at scale in today’s modern world.

To register or learn more about VMworld, visit the portal. Without further ado, check out our quick guide to NSX Security sessions at this year’s event.




Threat Prevention

Enter the NSX Giveaway – Tune In on LinkedIn

?  Do you remember the 21st night of September? ?

At VMware NSX, we sure do – and you can bet we’ll be dancing to Earth, Wind & Fire all September long. Whether or not this is your September song of choice, there’s no better way to listen to your favorite tunes than on a top-notch speaker. VMware NSX wants to help by giving away new portable Sonos Roam Speakers that you can bring wherever your grooving takes you.

Yep, you heard us – we’re hosting a giveaway! Entering for a chance to win is easy, too: just follow our new Networking & Security LinkedIn.

For an extra entry, tag a friend or colleague who would enjoy NSX content in the comments of the announcement post.

We’ll select winners from our new followers after the giveaway closes on Oct. 14, 2021. In the meantime, we’ll be listening to “September” on repeat. ?

This giveaway is limited to those living in the US. If you live somewhere else you can still participate, but we may not be able to deliver your prize. See full Terms and Conditions below. If you have questions, reach out to us on LinkedIn or Twitter. 


Continue reading

How to Simplify Your Journey to Zero Trust with NSX Workshops

At its core, Zero Trust is an operational framework that helps enterprises secure modern network environments. Zero Trust insists organizations strip away ambiguity from their security and focus on the basics: committing to a risk-based approach across end-users, networks, data, devices, and much more. If you’re ready to take the next step toward built-in, Zero Trust networking (ZTN), we can help.  Learn how to successfully implement Zero Trust networking and segmentation strategies at one of our upcoming NSX Network Security Workshop Sessions on TuesdaySeptember 28, 2021 or on Wednesday, September 29, 2021. 

During these live virtual events, Patricio Villar, Principal Network Architect and VMware Certified Expert/Network Virtualization, will cover Zero Trust foundational concepts, including: 

  • How to identify communication paths to segment and build policy to protect your data center 
  • How implementing  NSX security supports ZTN framework
  • How to easily implement stronger distributed security with VMware NSX 

NSX Network Security Workshop topics include:

If you’re ready to simplify Zero Trust so you can have simply zero worries, grab your spot and register today.    

See you there! 

The post How to Simplify Your Journey to Zero Trust with NSX Workshops appeared first on Network and Security Virtualization.

HelloKitty: The Victim’s Perspective

In the past few months, we have witnessed several indiscriminate attacks targeting big companies. Whereas years ago different threat actors focused on specific sectors, nowadays the same techniques, tactics, and procedures (e.g., how the perimeter is penetrated, which tools are used for lateral movement) are consistently applied regardless of company size, location, or industry. Target selection is much more dependent on an organization’s IT infrastructure: for example, recent trends show several actors (among them REvil, HelloKitty, or what was known as Darkside) increasingly targeting companies running workloads on VMware ESXi by adding to their ransomware capabilities to gracefully stop virtual machines before encrypting them (see Figure 1).

Figure 1: HelloKitty stopping virtual machines gracefully

Another important trend we have seen growing in the last few months is the use of ransomware to seize sensitive customer data — first by exfiltrating it, then encrypting it, and later pressuring the victim into paying a ransom under the threat of disclosing such data publicly (a technique called “double extortion”). Notable victims include CD Projekt RED, which faced the leak of the source code of some of its most famous video games.

While many threat reports have already dissected the technical Continue reading

Explore VMware’s Modern App Connectivity Services with Amazon EKS-Anywhere

As enterprises accelerate their application modernization journey, there is a stronger need for running applications across multi-cloud environments. Today, AWS announced General Availability of Amazon EKS-Anywhere, expanding the AWS portfolio to support these use cases.

We are thrilled to integrate with and extend EKS by providing secure connectivity services that work cross-cluster and cross-cloud with VMware’s Modern App Connectivity Services. By delivering these capabilities, applications can enjoy the level of resiliency, scalability, and security needed for enterprise-critical applications.

VMware Modern App Connectivity Services accelerate the path to app modernization by extending connectivity and security between EKS and EKS-D, and to other platforms. Built on cloud-native principles, it enables a set of important use cases that automate the process of connecting, observing, scaling, and better-securing applications.

VMware enables EKS customers to leverage connectivity, resiliency, and security capabilities:

  1. Application connectivity
    Across both multi-cluster and hybrid clouds, in addition to VM environments.  This enables discoverability and connectivity between distributed microservices across hybrid EKS, EKS-D, and VMware vSphere environments.
  2. Application resiliency 
    This enables cluster load balancing level on-prem to communicate with the rest of the customer’s environments both on-prem and on the cloud with this global load balancing solution.
  3. Application security
    This enables Continue reading

It’s Time to Rethink Security Across the Software Supply Chain

Open Source has proven instrumental in accelerating software development — providing developers with feature velocity, ease of customization, and quality reusable code. However, the open-source security landscape has clearly changed: it’s clear that the unwritten rule among the open-source community has expired, and open season on hacking open-source software projects has begun. Today’s threat actors have no qualms about injecting malicious code upstream as a way to target downstream applications. Developers need to recognize this new reality and rethink security across the software supply chain.

How did we get here? The push to accelerate digital transformation may be inadvertently introducing vulnerabilities into the software supply chain. Developers, under constant pressure to deliver new software to market faster, often rely on containerized open-source software and public repositories to meet dynamic, agile needs. According to Gartner, nearly three-quarters of global organizations will be running three or more containerized applications in their production environments by 2023. The Cloud Native Computing Foundation (CNCF) also confirmed a similar pattern in its survey, which found the use of containers in production has increased to 92 percent since 2019. With Kubernetes the dominant container orchestration solution, 32% of respondents in the CNCF survey indicated that security Continue reading

What’s New in VMware HCX 4.2

Real-time Estimation of vMotion and Replication Assisted vMotion Migration 

HCX analyzes migration metrics and provides an estimate of the time required to complete the relocation phase of every configured vMotion, as well as the time required to complete the transfer phase of every RAV migration. Foreach virtual machine migration, the estimate is shown in the progress bar displayed on both the Migration Tracking and Migration Management pages while the transfer is underway. 

 The following snapshot shows an estimate of time remaining for the vMotion-based migration to complete. 

Here we see a similar estimate for a RAV (Replication Assisted vMotion) based migration.  

Predictive Estimation of Replication Assisted vMotion (RAV) Migrations 

For RAV migrations in draft state, HCX uses machine learning to generate an estimate of the time required to complete the migration. The estimate is shown in the progress bar displayed on the Migration Management page. Predictive estimationis available for Early Adoption (EA) with both RAV and Bulk migration. 

5The following snapshot shows how the user can get a predictive estimate of the time needed for Replication Assisted vMotion (RAV) to migrate workloads of virtual machines in a Mobility group. 

OS Assisted Migration (OSAM) with HCX for VMware Cloud 

HCX OS Assisted Migrations enable transitions from non-vSphere-based environments to vSphere-based environments. OSAM can now be runin VMware Cloud Continue reading

Explore Future:NET for a Chance to Win a Bose Headset

Hey there, NSXers!  

The skies are blue, the sun is shining, and summer is in full swing. Whether you’re getting your summer on by grooving to some tunes, or embracing the grind at home or back in the office, there’s one thing you can count on needing: a sweet set of headphones.  

The Future:NET team is here to help! At Future:NET, industry luminaries deliver exclusive insights into all things networking – including a discussion of the lasting impacts of 2020 and predictions on the future of the industry, from app-centric connectivity to ubiquitous access across clouds. Now you can get all that Future:NET goodness — and a pair of Bose noise-canceling headphones too! All you need to do is: 

1. Follow Future:NET on Twitter.


2. Watch the Looking Back, Looking Forward session. 


3. And post a screenshot of the video in the comment section of our Twitter announcement post.  

Then, we’ll select winners from thee comments and announce them on August 2. Yep, it’s that easy! 

Take your work from anywhere to the next level – with these headphones, you can groove from anywhere while you’re at it. 

NO PURCHASE NECESSARY TO ENTER OR WIN. Void in Quebec and where prohibited. All federal, state, provincial and local laws Continue reading

From Zero Visibility to Zero Trust in the Data Center

Imagine someone breaking into your home. If you catch them in the act, they’re most likely leaving right away, and you’re upping your security system. Now imagine someone breaking into your home, and staying for nine months – now what? They’ve prolonged their stay completely unnoticed and destroyed the security system you once trusted and relied upon. Your next move? Trying to reinstate the faith you once had in security and completely reconfigure your security blueprint.  

Let’s break down why data center security has taken center stage as of late with the increasing challenges of securing east-west traffic and the journey from zero visibility to Zero Trust thanks to Forrester and VMware’s collaborative webinar session. (Or, feel free to get straight to all the juicy details, and watch the webinar now.) 

The Catapult for Enhanced Data Center Security 

We’re on the heels of the global COVID-19 pandemic, and wow, have things changed. As a global community, we were trying to juggle the unknown and potential threats that COVID-19 had posed. From an industry perspective, we had to engage in an overhaul that changed the way we worked – forever. For organizations everywhere, remote work is now a part of the new normal routine. So, with these massive changes, Continue reading

What’s the Most Secure Network of Them All?

You’re standing in front of three doors. Door number one is big, tall, and sturdy. Nothing fancy, but seemingly safe. Door number two has more bells and whistles, fancy engravings, and twice the number of locks. Elevated security for sure, but you suspect more form over function, so you’re not entirely sold. Door number three features a winning combination of practicality and advanced locks. This one has to be the best choice, right?

You can’t see behind any door, so your choice is limited to inference. That’s frustrating. Today, choosing the right security solution for your business is no different. Bells and whistles can distract us from our core objective of ultimate, unwavering security. And old reliable doesn’t seem capable of repelling an onslaught of modern threats and distributed exposures.

Organizations need to make the right network security choice to successfully secure their networks in a highly dynamic, distributed world where it’s not a matter of if intruders will get in, but when. Turns out, the right approach is as much about philosophy as it is about technology: trust no one. But, before we get into the relationship between trust and better security, let’s begin with a review of how Continue reading

How to Build a Better Security Posture Post-Pandemic

What a whirlwind of a year it has been! Covid has accelerated digital transformation — but also made painfully obvious the data center’s continuing security vulnerabilities. We’ll explore VMware’s data center security insights and solutions at RSA Conference 2021.

Ah, 2020, a year we won’t soon forget. Initially, I know a lot of us had planned to work from home more frequently, given our ability to be physically anywhere with internet access, but who would have thought we would be forced to? I’m thankful we are in an industry that supports and encourages us to be mindful of our health and safety. And so, while conferences like Black Hat and DEFCON (“hacker summer camp”) are moving towards a hybrid model allowing a limited number of attendees to be physically present, I am choosing to stay home and participate remotely.

Why We’re Here

I am confident the underlying theme of the ’cons this year will be how the global pandemic, by requiring us to socially isolate, has forced innovation in the way we work. This has had a profound impact on the industry — accelerating us into a digital transformation that relies on cloud and other technologies. A transformation a lot Continue reading

1 2 3 23