Category Archives for "VMware Network Virtualization Blog"

How to Achieve TAP-less Network Traffic Analysis

We’re all becoming extremely aware of the importance of east-west protection. Recent security breaches have highlighted the role of Zero Trust as an essential strategy to protect valuable information. As a result, organizations are explicitly considering the security of east-west traffic flows to prevent adversaries from gaining a foothold in the data center and moving laterally across the network to access high-value data.

The biggest problem with protecting against advanced threats is the need to inspect all network traffic to prevent unwanted access by hackers, malicious insiders, or users with compromised accounts.

The traditional approach involves setting up a series of network Test Access Points (TAPs) to see traffic going over the network. Tapped traffic is then sent to a centralized Network Traffic Analyzer (NTA) appliance for monitoring. All of this – designing the infrastructure, acquiring the devices and appliances, configuring, implementing, and managing them—can present serious issues.

Let’s look at the challenges of the traditional approach, and then show how a distributed implementation can not only respond to the challenges but also provide operational simplicity.

TAP Network Challenges

TAP Challenge 1: Where to put the TAPs

A network architect must determine which network assets are most critical, which locations Continue reading

Introducing DARTH: Distributed Analysis for Research and Threat Hunting

As targeting data centers, which mainly run workloads on Linux, has proven to be a very lucrative target for cyber criminals, Linux malware has become increasingly prevalent. Although still an emerging threat that’s somewhat less complex than its Windows counterpart, analysis of Linux malware remains challenging due to lack of analysis tools in the Linux world.

Luckily, both the Linux kernel and the Linux ecosystem provide a set of capabilities and tools that, when combined, potentially allow for the creation of malware analysis frameworks as powerful as those available on Windows.

This blog details what can be achieved by leveraging tools and an analysis pipeline specifically tailored for Linux, and introduces our Distributed Analysis for Research and Threat Hunting

(DARTH) framework. We provide a high-level overview of the framework, including core components and modules, as well as the design requirements that have led our research efforts in this area. We then discuss Tracer, a dynamic analysis module used in DARTH to collect various behaviors during malware execution in a controlled environment.

High Level Overview: Where DARTH Began

As part of our research, we often find ourselves running new types of analysis on large collections of malicious samples; building a scalable Continue reading

Simplify NSX Security for Brownfield vSphere Deployments with NSX-T 3.2

Perimeter-only security controls are just not sufficient to address sophisticated attacks on mission-critical infrastructure. VMware NSX pioneered the “micro-segmentation” approach, in which granular security controls enable Zero-Trust Security. With micro-segmentation, each individual workload inside the network receives unprecedented protection from attacks originating from both external as well as internal threat actors. One of the primary reasons for NSX’s instant success in the industry was the fact that deploying Zero-Trust security across the infrastructure is quite easy and effectively mitigates malicious lateral movement with L4 and L7 Application controls. With the NSX 3.2 release, we are further simplifying the NSX Security deployment experience.

This blog captures why deploying NSX for micro-segmentation is already a simple experience, and how NSX 3.2 further simplifies that experience. Specifically, the following two key capabilities will be covered:

  1. NSX Distributed Security support for vSphere Distributed Switch-based workloads, and
  2. Embedded vCenter-based NSX Distributed Firewall workflows

Achieving Zero-Trust for Applications with NSX today

From the initial days of VMware NSX, we strongly believed that achieving micro-segmentation should not come at the cost of complexity.

Graphical user interface, applicationDescription automatically generated

If you ask our customers, this is why they love NSX:

Announcing VMware HCX 4.3

VMware HCX, an application mobility platform, is a crucial part of an organization’s digital transformation journey. HCX simplifies application migration, workload rebalancing, and business continuity across data centers and clouds. This becomes increasingly important as organizations consolidate data centers, extend data centers to the cloud, or replace on-premises infrastructure.

Let’s dig into some of the new and exciting features of HCX 4.3.0:

Transition to PostgreSQL

One of the key improvements HCX 4.3.0 introduces is the use of PostgreSQL. The goal is to replace the older databases and leverage some inherent advantages of PostgreSQL. From an end-user perspective, this transition will have no impact. Once the upgrade process is triggered, the system will automatically transition to the newer database in the backend, and all the data is seamlessly transferred to the new database.

Building Resiliency in HCX Network Extension

The second significant enhancement is the high availability of Network Extension appliances. Network Extension service is a critical part of HCX, and any disruption during normal migration activities can have a high impact on business operations. HCX 4.3.0 aims to minimize the impact of such disruptions by introducing a high availability (HA) feature for Network Extension Continue reading

NSX Year in Review: 2021

With 2022 just around the corner, we can’t help but look back at the past year. 2021 was one for the books, as the world continued to navigate the ups and downs of the pandemic and the new way of working. It was also a big year for NSX, with many firsts, releases, awards and events. Before we head into the new year, take a quick trip down memory lane with us for an NSX year in review and reminisce on all the news we shared this year:


Shared on YouTube

January, besides marking the start of the new year, was the month of the -tion’s on YouTube. Our top-viewed videos this month were the classic NSX Introduction, Micro-segmentation, Network Evolution, NSX-T Migration, and NSX-T Federation. Check out the videos and let us know in the comments if any of the information in these creations got your attention.


Introduced HCX 4.0

Roses are red, violets are blue. Have you heard? HCX 4.0 is new! This major release focused on providing enhanced visibility, reducing service downtime during upgrades, and simplifying the reconfiguration of NSX security policies post-migration. Since February, Continue reading

How to Get the Most Out of VMware NSX with Advanced Load Balancing

Switzerland never takes sides. Safeguarding its independence is one of the principal objectives of Swiss foreign policy. And Swiss neutrality, one of the main principles of this policy, dictates that Switzerland remain agnostic.

Hailed as the Switzerland of load balancers, VMware NSX Advanced Load Balancer (Avi) doesn’t take sides either. It is environment-agnostic. Designed to save you from costly re-platforming, retooling, and retraining, Avi offers the same great user experience regardless of the number or types of underlying infrastructure that support your apps. So you get a consistent experience, across any cloud, every time. The Avi platform enables a fast, scalable, and secure application delivery experience.

Network Automation and Advanced Load Balancing: Better Together

Customers invest in VMware NSX to achieve network automation and deploy a software-defined data center (SDDC) or private cloud that is programmable. However, they have historically used either the native NSX load balancer or legacy load balancers such as F5 or Citrix. Neither solution is adequate for the level of automation — and the enterprise-grade load balancing functions — that customers hope to enjoy with NSX.

Customers deploying VMware NSX-T need an integrated, automation-driven, multi-cloud application services solution. Avi integrates with NSX-T, simplifies Day 0 deployments, Continue reading

When Supply-Chain Attacks Meet CI/CD Infrastructures

Supply-chain attacks can be so destructive that they are often considered black-swan events. Often, the most upsetting aspect of the attack is that it manages to compromise what is normally deemed to be safe by definition — whether that’s a software component or an MSP (managed service provider). The result is that our understanding of perimeters, security boundaries, and/or best practices is often flipped upside down.

Consider, for example, the SolarWinds attack back in December 2020: disguised as a normal software update, attackers managed to implant a pre-crafted backdoor on thousands of customers, which led many frantic security teams to discover that their network perimeter had already been breached several months before. Another (and even more destructive) attack took place in July 2021: by exploiting a vulnerability in Kaseya VSA servers, attackers managed to infect hundreds of MSPs, which in turn deployed the REvil ransomware to thousands of customers, breaking the assumption of a safe boundary between different IT infrastructures.

Fast forward to October 2021. An innocent bug report alerted the entire NPM developer community that a core open-source library had been hacked. Fortunately, the community quickly handled and fixed the issue. But, had it not been detected, the potential Continue reading

How to Secure the Software Supply Chain with Container Network Security

The way enterprises design, build and run applications has changed significantly over the past several years with the evolution of microservices and containers. No longer are applications built using a monolithic architecture—evenly stacked and centrally organized in a way that made it easy to manage and secure. Today’s modern applications are spread out in thousands of microservices across data centers and the cloud—able to be spun up and down wherever users log in.  

While microservices provide reusable elements to accelerate software development, the software supply chain itself could become an attack vector. In an effort to enable business agility without putting the enterprise at risk, organizations need to infuse security directly into DevOps processes and throughout the software supply chain at large. This makes security everyone’s responsibility—whether they are a user, a developer or a platform owner—to protect the applications that are consumed for work and for life. 

The Rise (and Risk) of Kubernetes 

Microservices applications need Kubernetes as an orchestrator to handle scheduling of containers in a cluster of servers, load balancing those containers, managing permissions and access control and many other Day 2 concerns. Kubernetes wasn’t the first orchestrator, but its rapid adoption makes it a defecto standard today for running scalable and resilient containerized applications. According Continue reading

What’s New in vRealize Network Insight Cloud and vRealize Network Insight 6.4 for NSX-T 3.2

We’re pleased to announce another close collaboration between NSX-T 3.2, vRealize Network Insight Cloud, and vRealize Network Insight 6.4 in this latest release. As enterprises strive for the latest in cloud networking, the network management piece combines the end-user experience, applications, and technology to provide the visibility needed to ensure applications are consistently performing and secure. As we know, broad network observability is a critical step in securing the infrastructure.

vRealize Network Insight Cloud is available as a SaaS or on-premises solution for end-to-end network visibility, troubleshooting, and analytics. It works closely with NSX-T 3.2. vRealize Network Insight Cloud also helps optimize multi-cloud network performance with troubleshooting capabilities for applications, virtual machines, physical servers, or Kubernetes.

NSX Federation

Customers use NSX Federation to scale across different locations globally, making it easier to create hierarchies and dramatically simplifying management. vRealize Network Insight Cloud now supports network visibility for NSX Federation. This new feature will enable customers to leverage views across multiple NSX-T data centers at the global, regional, and local site levels. Several new cross-site VM to VM paths will be available, including inter-site VM-VM paths, intra-site VM-VM paths, VM-VM across sites with NAT, VM-VM paths across Continue reading

VMware NSX 3.2 Delivers New, Advanced Security Capabilities 

It’s an impactful release focused on significant NSX Security enhancements

Putting a hard shell around a soft core is not a recipe for success in security, but somehow legacy security architectures for application protection have often looked exactly like that: a hard perimeter firewall layer for an application infrastructure that was fundamentally not built with security as a primary concern. VMware NSX Distributed Firewall pioneered the micro-segmentation concept for granular access controls for cloud applications with the initial launch of the product in 2013. The promise of Zero Trust security for applications, the simplicity of deployment of the solution, and the ease of achieving internal security objectives made NSX an instant success for security-sensitive customers.

Our newest release — NSX-T 3.2 — establishes a new marker for securing application infrastructure by introducing significant new features to identify and respond to malware and ransomware attacks in the network, to enhance user identification and L7 application identification capabilities, and, at the same time, to simplify deployment of the product for our customers.

“Modern day security teams need to secure mission-critical infrastructure from both external and internal attacks. By providing unprecedented threat visibility leveraging IDS, NTA, and Network Detection and Response (NDR) capabilities along with granular controls leveraging L4-L7 Firewall, IPS, and Malware Prevention capabilities, NSX 3.2 delivers an incredible security solution for our customers“  

– Umesh Mahajan, SVP, GM (Networking and Security Business Unit) 

This blog captures critical enhancements NSX-T 3.2 delivers from a security perspective. And stay tuned —we’ll follow up with more detailed blogs on Continue reading

Announcing NSX-T 3.2: Innovations in Multi-Cloud Security, Networking, and Operations 

We’re excited to announce VMware NSX-T 3.2, one of the largest NSX releases so far. NSX-T 3.2 includes key innovations across multi-cloud security, scale-out networking for containers, VMs, and physical workloads. It also delivers simplified operations that help enterprises achieve a one-click, public cloud experience wherever their workloads are deployed. 

Strong Multi-Cloud Security 

NSX-T 3.2 provides strong, multi-cloud, easy-to-operationalize network defenses that secure application traffic within and across clouds. NSX-T 3.2 goes a step further in making it easy to enable Zero Trust application access across multi-cloud environments — enabling customers to secure traffic across applications and individual workloads with security controls that are consistent, automated, attached to the workload, and elastic in scale. 

Tapless Network Traffic Analysis (NTA)

Network traffic analysis (NTA) and sandboxing solutions are integrated directly into the NSX Distributed Firewall (DFW). NSX eliminates traffic hairpins by distributing NTA as a service within the hypervisor. Combined with distributed IDS/IPS capabilities, security teams can now virtualize the entire security stack and eliminate blind spots while allowing security policies and controls to follow workflows throughout their lifecycle, regardless of the underlying infrastructure. 

Gateway Firewall

The enhanced gateway firewall serves as a software-based gateway with L2-L7 controls — including URL filtering and advanced threat prevention with malware analysis and sandboxing. This extends centralized security controls to physical workloads, the data center perimeter, and the public cloud edge — ensuring consistent security controls across both east-west and north-south application traffic Continue reading

Getting Started with VMware Transit Connect Intra-Region Peering for VMware Cloud on AWS

VMware Transit Connect has proven itself as a valuable tool to enable high bandwidth and speed connectivity for VMware Cloud on AWS customers and their Software Defined Data Centers (SDDCs). There are hundreds of customers using this feature across the fleet in a myriad of combinations. Since the initial offering in 2020 we have worked with our partner, AWS, to expand the service’s capabilities to include SDDC Grouping across multiple regions in addition to support for Transit/Security VPC models.  These capabilities combine to provide a comprehensive networking solution to address some of the most challenging networking requirements. However, there has been one gap in the connectivity – the ability to peer the VMware Managed Transit Gateway (VTGW) with a native AWS Transit Gateway (TGW).

At AWS re:Invent 2021, the ability to peer VTGWs to AWS TGWs in the same region, also referred to as intra-region peering was announced. VMware and AWS have been working on this solution diligently and we are excited to announce VMware Cloud on AWS support for this new capability in this announcement blog. Equally exciting is that this feature will be available to VMware Cloud on AWS customers with SDDCs that are on any version. To Continue reading

The Hard Facts: Hardware vs. Software Load Balancers

Flexible infrastructure choices and application architectures are changing the way that modern enterprises run their distributed environments (see Figure 1). Enterprises have become application-centric, investing significant effort and resources in continuous delivery goals and DevOps practices in order to automate routine IT and operations tasks.

Hardware-based application delivery controllers (ADCs) have been the staple of application delivery in data centers for the last two decades. However, these legacy load balancing solutions aren’t keeping up with the changes in modern, dynamic capacity and automation needs. Legacy hardware-based ADCs have become inflexible in the face of changing requirements, delaying application rollouts and causing overspending and overprovisioning in many cases. Most enterprises experience the “do more with less but faster” challenges shown in Figure 2  when it comes to rolling out new applications or updates, which can often take weeks.

With aggressive continuous delivery goals and ever-greater customer expectations, businesses are pushing back against delays due to hardware provisioning and manual configurations of ADCs that slow time to market for application deployments and updates.

Figure 1: Computing today: Evolving app architectures and infrastructure heterogeneity.


Figure 2: Legacy hardware-based load balancing solutions are not keeping up with the modern pace of business.

Virtualized Continue reading

Learn the 4 Security Requirements for Modern Apps

Flying cars will be available by 2024 — or so they say. Imagine cars being able to run their errands faster, be safer off the ground, and allow for higher-level observability. In the cybersecurity world, we have our own version of a flying car: modern applications. Modern apps are extremely multi-faceted: housing microservices/APIs, they are SLO/SLI driven, and native to the multi-cloud. The innovative and futuristic feel of modern apps is exciting, but the transition to them doesn’t come without complications. Despite modern app complexities, there are standard security best practices you can use to meet your challenges and continue to move your enterprise forward. 

The four major security requirements are:  

  1. Multi-Cloud Secure Connectivity
  2. Traffic Management and Perimeter Security
  3. Security Observability
  4. Distributed Security and Compliance  

Come along for the ride as we break these down. 

Multi-Cloud Secure Connectivity 

A multi-cloud environment is becoming the standard within enterprises today. But just because something is standard doesn’t mean there’s a universal understanding of it. Multi-cloud networks involve the use of multiple cloud computing, storage, and traffic services in a single-space architecture. The multi-cloud aims to provide fast distribution of cloud assets, apps, software, end-to-end encryption, and much more. Adopting this strategy effectively means no room for error. As the multi-cloud is built to speed up an enterprise’s digital transformation, it requires a fast, secure, and reliable foundation to provide a strong end-user experience. If connectivity lags, your organization will Continue reading

VMware Wins Best Network Detection and Response Award From SE Labs 

After months of in-depth testing by SE Labs across a vast spectrum of security products, VMware is honored to receive the 2021 Best Network Detection and Response award.  This award comes on the heels of the announcement earlier this year that SE Labs awarded the industry’s first NDR AAA rating to VMware NSX Network Detection and Response (NDR)  

According to the U.K. based independent testing lab, each of the award winners has demonstrated its excellence in its category. SE Labs bases their conclusions on a combination of continual public testing, private assessments and feedback from corporate clients who use SE Labs to help choose security products and services. 

The efficacy of VMware NSX NDR is clear, proving  100 percent protection across multi-cloud environments from four major advanced and persistent threats (APT) groups—including FIN7&Carbanak, OilRig, APT3 and APT29—while returning zero false positives. This ability allows security operations teams to rapidly detect malicious activity and stop the lateral movement of threats inside the network.  

A Sea Change in Independent Security Testing 

This award and AAA rating from SE Labs is the first in the industry. It is well-known that today’s attackers continually evolve and chain together an ever increasingly complex chain of events. These techniques, tactics and procedures occur across networks and often traverse and bypass traditional security tools like firewalls and antivirus. As our understanding of attacker’s behaviors evolve, so must our engineering and Continue reading

How William Hill Achieved Success in their Journey to Multi-Cloud

A commonly used term in the sports betting world is handicapper. A handicapper is a person who analyzes sports events to predict the winning team or player. This person (or team) focuses on all the moving pieces in a chaotic or high-stakes environment to make business-critical decisions. Similarly, in managing a multi-cloud environment, organizations have a lot at stake, and they must make crucial operational choices for the sake of security and the end-user experience. Having the ability to spot challenges in advance when moving through a multi-cloud journey will make the difference between success and failure. We’re going to look at three of the key multi-cloud challenges organizations face, as well as a real-life customer success story, William Hill, and how they overcame some of their biggest obstacles in their quest for multi-cloud success. 

3 Roadblocks to Multi-Cloud 

Regardless of where your organization started, there are three primary challenges you will likely face in moving to multi-cloud. To begin, every cloud is different in the way that it operates. This creates issues when it comes to connecting services across different cloud environments. Second, each cloud has its own methods and APIs when it comes to securing workloads. Thus, the process can lose consistency when different clouds are trying to communicate with one another. Lastly, providing a winning end-user experience requires strong observability within a multi-cloud environment. If that doesn’t exist, the bread and butter of your enterprise is at stake. 

So, how do you move past these roadblocks?  

There are three must-haves to keep in mind — and to keep you calm, cool, and collected when facing Continue reading

Learn How Real-World Organizations Benefited from an Overhaul of their Security Lifestyle 

Achieving better security is something we all know is necessary but can struggle to get there. It’s like improving your diet: you know you need to eat better and exercise to cultivate a healthier, more well-rounded lifestyle. But you don’t do it because it’s hard, often expensive, and can be a pain. So, you avoid it (trust me, we’ve all been there). But, you learn that putting one foot in front of the other forces you to take small steps toward big results. The same notion applies to needing better security. We know we need it, but it’s not always easy to know where to begin.    

There is no quick fix for sustainable change. Sure, we can make better choices each day, but it takes consistency and a solid structural foundation – a lifestyle change – to maintain these advancements. Losing weight is one thing; when it comes to better multi-cloud security, this is a process that leaves little room for fluctuation. Start with the fundamentals and tighten your belt over time.   

Let’s take a look at real-world organizations that have benefitted from doing the hard stuff. They’ve done the work and have seen the results. Continue reading

Research Recap: How To Automate Malware Campaign Detection With Telemetry Peak Analyzer

Contributors: Jason Zhang, Stefano Ortolani, Giovanni Vigna

Cyber security threats have been growing significantly in both volume and sophistication over the past decade with no sign of a slowdown. Naturally, this has also been accompanied by an increased collection of threat telemetry data, ranging from detonation timelines to IDS/IPS detections. Telemetry data, typically represented by enriched time series, often contains underlying peak signals which in turn correspond to a few informative events: occurrences of malware campaigns, heavily used malware delivery vectors, commonly affected verticals, and even anomalies possibly revealing the presence of false positives. While all this information clearly holds tremendous value, mining these data sets can be expensive and complex. As a result, organizations often find it challenging to gain further insights of the underlying threat landscape even though they have access to the data.

Recently at VirusBulletin Threat Intelligence Practitioners’ Summit (TIPs) 2021, we presented our latest research aiming to tackle the challenges discussed above: Telemetry Peak Analyzer is a statistical approach to detect malware campaigns as they happen by relying on telemetry data in an efficient and scalable manner.

Read on to get the key insights of the presentation. We’ll provide an overview of the characteristics Continue reading

How to Accelerate Your Digital Transformation with VMware’s Cloud Networking Capabilities

Realize What’s Possible with Advanced Cloud Networking Capabilities 

VMworld 2021 – what a whirlwind. Thank you for attending and making the virtual event a success. With so many sessions and so little time, we thought it was important to point out one of the most notable networking sessions of this year: Automation is Modernizing Networks, delivered by Tom Gills, SVP & General Manager, Networking and Advanced Security. 

In case you missed it, we’re going to catch you up on essential insights, networking news, and more. 

Networking by the Numbers 

 The vision behind VMware’s cloud networking is to centralize policy and networking infrastructure. Today, there are more than 23,000 customers using VMware’s virtual networking products. 96 out of the Fortune 100 have chosen VMware to virtualize their network infrastructure. VMware has replaced more than 12,000 power-hungry, hardware load balancer appliances. There are more than 450,000 branch sites globally, accelerating the digital transformation for enterprises of all kinds. 

Leveling Up  

Taking a step back, we can see how clearly all of these developments are enhancing digital operations for our various constituents. With two strokes of a key, our customers can send applications directly into production. This includes scanning for security/compliance violations, enforcing these security and compliance Continue reading

10 Resources to Get Started on Container Network Security

Ready to get started? The following resources and tutorials will enhance your understanding of container network security and help you get started.

Analyst Research

Get an independent analyst’s view on the state of container security:


Many container network security experts are blogging about lessons learned and sharing their knowledge on how to secure mod- ern applications. Follow their conversations:

Courses and Certifications

Developers and platform operators alike need to learn how to secure applications and platforms. Why not take a class to enrich your understanding? There are many free and low-cost options, including the following: