Category Archives for "VMware Network Virtualization Blog"

Peek Under the Hood: SE Labs NDR Test 

Earlier this month, SE Labs awarded VMware the first ever AAA rating for Network Detection and Response (NDR)–highlighted by our ability to provide 100 percent protection from four major advanced and persistent (APT) groups across multi-cloud environments. The NDR test, the first of its kind, signified the changing threat landscape where enterprises need to identify and stop attackers inside the network where they are able to move freely to discover valuable information they can exfiltrate. Given expanding threat surfaces due to modern applications, work from anywhere and cloud transformation, the assumption is that attackers are likely already inside your network, making legacy cybersecurity tests focused solely on the perimeter increasingly-unsuitable assessments for protecting today’s modern enterprise. 

According to the results from SE LabsVMware NSX NDR provides 100 percent protection across multi-cloud environments from four major advanced and persistent threats (APT) groups—including FIN7&Carbanak, OilRig, APT3 and APT29—while returning zero false positives. This ability allows security operations teams to rapidly detect malicious activity and stop the lateral movement of threats inside the network. 

Given that this is the first test of its kind, we wanted to give you a look under the hood to see how SE Labs used VMware NDR to detect all malicious network traffic and payloads from a specific threat group—OilRig – APT 34. Check out the Continue reading

The VMworld Aftermath: Continue Cutting Edge Learning with VMware’s Solution Spotlight 2021 Webcast Series

If you attended VMworld 2021 and you’re already itching for more learning, we have just the thing for you. Join our new upcoming VMware Solution Spotlight 2021 webcast series. You will be able to extend your learning and get answers to your burning questions by taking a technical deep dive into the innovations that are driving the Virtual Cloud Network.  

The series experts will be hosting a live Q&A session and will be covering: 

The three-part Cloud Networking Thursday series will take place on November 11th, November 18th, and wrap up on December 2nd.  

Check out a brief synopsis of each session to see the right fit for you: 

Learn How Your Enterprise Gets the Edge with SASE (11/11): 

VMware Tanzu Service Mesh Named a Leader in GigaOm Radar Report on Service Mesh

GigaOm placed VMware Tanzu Service Mesh (TSM) in the leader ring of its 2021 GigaOm Radar Report for Evaluating Service Mesh, cementing VMware’s status as the open-source choice for connecting and securing modern applications across single and multi-cloud environments.

As enterprises continue to split applications into microservices that can be spun up or down as needed, service meshes give DevOps the ability to seamlessly and simply orchestrate connectivity and security services across multi-cloud environments, automatically and at scale. This common abstraction layer for application services enables true app resiliency, observability, and security across single and multi-cloud environments — a critical superpower for organizations focused on delivering powerful and consistent experiences.

VMware continues to lead

Citing Tanzu Service Mesh’s open-source architecture, dominance in the enterprise market, innovative road map, and focus on improving security, the authors of the report feel that Tanzu Service Mesh gives enterprises the best chance of gaining that all-important visibility and control with modern applications.

The key to this, of course, is Tanzu Service Mesh’s ability to seamlessly abstract the application layer from the infrastructure layer through Global Namespace (GNS). By onboarding applications to a Global Namespace, developers, operations, and security gain consistent policy controls and operational Continue reading

VMware Achieves Industry-First AAA Rating for Network Detection & Response from SE Labs

In the first public test of is kind for Network Detection and Response, SE Labs awards the industry’s first NDR AAA rating to VMware NSX Network Detection and Response (NDR). The modern cyber battlefield is everywhere, and every attacker has to traverse multiple networks and in most cases many firewalls to achieve their goals. Internal to networks they look to move freely within the environment discovering valuable information they wish to exfiltrate. As attackers have continually innovated so must the industry and our testing. As a leader in the security industry, VMWare has gone through the industry’s first Network Detection and Response (NDR) test and received a AAA rating. It is well-known that attackers continually evolve and chain together an ever increasingly complex chain of events. These techniques, tactics and procedures occur across networks and often traverse and bypass traditional security tools like firewalls and antivirus. As our understanding of attacker’s behaviors evolve, so must our engineering and testing.

VMware customers can be assured that their data is better protected in this new arena as they continue to modernize their application and network infrastructure as part of their digital transformation initiatives.

According to the results from SE Labs, VMware NSX Continue reading

Open Intelligence Gathering: Light and Dark

A few weeks ago, I asked my manager, Chris Bareford, if he would approve the purchase of a licence to use the open intelligence platform. I was both vague and detailed enough to justify the purchase, something about gathering threat intelligence as far as I can recall. My request was approved, and I am now in possession of the Shodan freelancer API entitlement. This is useful to me in automating certain intelligence and discovery tasks.

This blog, however, is NOT about the Shodan freelancer API.

Part of my job is to help enable cyber readiness for both my internal colleagues and my customers and prospective customers, and as part of this remit I publish a weekly threat landscape report, which is essentially a collection of things I have found to be interesting (and/or concerning) during the previous week from a cyber-security perspective. One element of this report covers what I would consider to be largely opportunistic attacks (or probes), and so I summarize an anonymized set of the past week’s common vulnerabilities & exposures (CVE) that VMware customers have had. When collating this type of information on a regular basis, what you notice is that, in addition Continue reading

Seeking Service Mesh Sessions at VMworld 

It’s that time of the year again, when all of VMware’s customers and the vCommunity at large assemble for the annual gathering of learning and shared knowledge that we call VMworld. 

This year, like last year, VMworld will be held in a virtual format and, just like last year, it’s completely free! Last year’s VMworld was a big success, with many great sessions and a record number of attendees who joined from around the world. 

As for Tanzu Service Mesh, I have good news for all you service mesh enthusiasts — and for those who are just starting to learn about service mesh. This year will see an exponential increase in the number of sessions that cover Tanzu Service Mesh. —

Service Mesh Sessions You Won’t Want to Miss: 

  1. Solutions Keynote: DevSecOps Your Way to Any Cloud (And Delight Customers) [V13190]
    This session, led by Ajay Patel, SVP and GM of the Modern Apps and Management Business Unit, will review VMware solutions that enable a DevSecOps practice for our customers — and that includes Tanzu Service Mesh. Pratik Roychowdhury a Tanzu Service Mesh director of product management, will talk about how Tanzu Service Mesh provides a way to observe and control API calls exchanged between micro-services. Pratik will also describe our PII Data Leakage protection Continue reading

How to Utilize Automation to Revolutionize Modern Networks

At VMworld 2021, we’re imagining what’s possible when it comes to the public cloud experience everywhere.  IT enterprises are expected to keep up with increasing consumer demands, focusing on fast application roll out across multiple clouds. There’s an industry wide emphasis being placed on delivering immediate, secure, and strong end-user network experience to get the job done right. At this year’s conference, we’re looking at real customers and their experiences when it comes to optimizing automation in modern network environments. 

Dankse Bank, a leader in the financial industry, learned what was necessary to achieve the most simplified self-service functionality possible. By starting with Day 0 deployment and all the way to Day 2 delivery, Dankse Bank secured sustainable service delivery and self-service modifications. VMworld 2021 session Network Operations: Intelligence and Automation from Day 0 to Day 2 takes a deeper look at this customer’s intelligence journey to show how you can achieve simplification within the public cloud, too.  

Simplifying Day 0 and Day 2 ops are action steps IT can take to streamline business ops but understanding the modern enterprise – and the complexities involved – is evergreen. Learning the ins-and-outs of the modern network with end-to-end virtualization allows businesses like yours to succeed in even the most diverse environments. Tom Gillis, Business Group leader, NASBG, of VMware, takes us on a deep dive of why building out a better security posture within diverse infrastructure is crucial. You Continue reading

Symbexcel: Bringing the Power of Symbolic Execution to the Fight Against Malicious Excel 4 Macros

Office macros are a popular attack vector to compromise a user’s environment and deploy additional components. That’s because macros can hide within documents, often under several layers of obfuscation. In recent years, there has been an increase in attacks that leverage Excel 4.0 macros as threat actors have realized the power that this legacy functionality provides to an attacker.

Analyzing Excel 4.0 macros can be a daunting task, because the analysis often requires manual, step-by-step execution of the code to extract behaviors and IoCs such as the URLs from which additional malware components will be downloaded.

In this blog, we present Symbexcel, a novel solution based on symbolic execution for the automated de-obfuscation and analysis of Excel 4.0 macros. Our approach was recently presented at BlackHat 2021 [1].

What Are Excel 4.0 Macros?

Excel 4.0 macros, or XLM macros, are a 30-year-old feature of Microsoft Excel that allows one to encode a series of operations into the contents of spreadsheet cells. Distinct from the traditional functions provided by an Excel spreadsheet (such as SUM), Excel 4.0 macro functions have access to the Windows API and can be used to interact with the underlying operating Continue reading

Simplification through Unification: One Network Across the Entire Multi-Cloud

Two major pillars of VMworld 2021 focus on enhancing productivity and consistency. More than ever, businesses are demanding consistent, secure, and reliable communication between apps and users. What Networking professionals at VMworld want to reinforce is that multi-cloud ops shouldn’t have to slow down due to poor app distribution among workspaces. The network should be durable and secure everywhere. While  threats are inevitable, businesses can be prepared by learning how to converge networking, security, and threat detection within the cloud. And that’s exactly what we’re going to teach you at this year’s virtual event. 

Valued customers of all different industries have chosen to allow VMware’s multi-cloud ops solutions to guide them through their digital transformation. Susan Wu, Senior Product Marketing Manager, and Aamer Aakhter, Product Manager, are two seasoned VMware leaders who will take you through how customers achieved multi-cloud excellence, and how you can say “Goodbye Compromises Everywhere. Hello Productivity Anywhere,” with this VMworld session. 

While simplicity may look different depending upon an organization’s goals, there is one thing that remains constant: performance shouldn’t have to be sacrificed for safety. Your enterprise should be able to streamline the entire multi-cloud to remain agile, productive, and increasingly adaptive against any threat or operational hiccup.  

IT portfolios are becoming increasingly Continue reading

Learn How to Implement Stronger Multi-Cloud Security at VMworld 2021

One of the major focuses at VMworld 2021 is to educate network security teams on how they can achieve the strongest security posture by enabling Zero Trust. The Zero Trust model is essential to securing your entire digital footprint and to remain secure as it grows. Leaders like the White House, CISOs, and industry analysts of all kinds, agree that the Zero Trust approach to network architecture is the best way to protect not only the existing perimeter but also the critical apps and workloads inside.  

During the Never Trust: Building Zero Trust Networks VMworld 2021 session, industry leaders will take a practical look at what it takes to adopt Zero Trust at scale, offer a blueprint to the Zero Trust Architecture model, and suggest next steps to implement Zero Trust for your organization. 

An extension of learning to build Zero Trust networks is sharing tangible solutions to get your business the strength and security it needs. VMware leaders Christopher Kruegel, VP of Security Services, and Vivek Bhandri, Senior Director of Product Marketing, share VMware’s NSX Distributed Firewall service that will strengthen your East-West security to protect any workload in any cloud. Add A Modern Firewall For Any Cloud and Any Workload [SEC2688] to your VMworld itinerary now.   

To gain visibility and control within the network via Zero Trust, means giving enterprises room to breathe.  Eliminating any hesitation when it comes to threat prevention hardens your organization’s security infrastructure Continue reading

All Things Networking at VMworld 2021

Must-See Sessions for Networking 

This year’s networking sessions – based on the audience feedback from VMworld 2020 – not only feature more customers stories and interviews, but have a balance of innovation, industry trends, roadmap, and technical get-your-hands-dirty sessions. The VMworld 2021 Session Types and Levels summary gives you an idea of what’s available for you and your colleagues.  

If you’re not sure about the different learning tracks or what they will include, check out the VMworld learning index here. The robust Content Catalog will allow you to filter sessions based on topic, tracks, products, type and level; the scheduler lets you to build an itinerary.  

Lastly, we have made a list of can’t miss sessions based on your role.  

For Networking Leaders:  

 For Networking Practitioners:  

Augmented MISP Integration with NSX Advanced Threat Analyzer

Contributors: Jason Zhang (NSBU TAU), Stefano Ortolani (NSBU TAU)


Formerly known as the Malware Information Sharing Platform, MISP is a leading open-source threat intelligence platform (TIP) that organizations of all sizes can leverage to store, share, and enrich threat indicators of compromise (IoCs).

The MISP ecosystem primarily comprises two parts: MISP core (or engine) and MISP modules. MISP core is responsible for the main functionality of the platform, while MISP modules were introduced to extend the capability of MISP without changing MISP core components.

Thanks to the simple API interface provided by MISP, many third-party MISP modules have been developed to greatly extend MISP’s capabilities. There are mainly three types of MISP modules: expansion modules, import modules, and export modules. More details on MISP modules can be found on MISP’s GitHub MISP module repository, which includes three modules developed by Lastline (now part of VMware) that integrate MISP with VMware NSX Advanced Threat Analyzer (ATA), as we reported earlier.

Recently VMware’s Threat Analysis Unit (TAU) developed a new expansion module, which replaces the three Lastline modules. The improvements from the new module are twofold: a simplified enrichment process and an augmented enrichment capability.

In this blog post, Continue reading

Guide to NSX Security at VMworld 2021

The world is changing and as a result, the ability to operationalize network security at scale is more important than ever. Organizations need the ability to monitor and protect both East-West and North-South traffic at scale without adding operational complexity or impacting the user experience. How do organizations do all this in the face of reduced budgets, increasing network complexity, radical changes throughout IT architectures and an increase in volume and sophistication of cybersecurity threats?

We’ll show you at VMworld 2021 with sessions dedicated to helping you operationalize network security at scale in today’s modern world.

To register or learn more about VMworld, visit the portal. Without further ado, check out our quick guide to NSX Security sessions at this year’s event.




Threat Prevention

Enter the NSX Giveaway – Tune In on LinkedIn

?  Do you remember the 21st night of September? ?

At VMware NSX, we sure do – and you can bet we’ll be dancing to Earth, Wind & Fire all September long. Whether or not this is your September song of choice, there’s no better way to listen to your favorite tunes than on a top-notch speaker. VMware NSX wants to help by giving away new portable Sonos Roam Speakers that you can bring wherever your grooving takes you.

Yep, you heard us – we’re hosting a giveaway! Entering for a chance to win is easy, too: just follow our new Networking & Security LinkedIn.

For an extra entry, tag a friend or colleague who would enjoy NSX content in the comments of the announcement post.

We’ll select winners from our new followers after the giveaway closes on Oct. 14, 2021. In the meantime, we’ll be listening to “September” on repeat. ?

This giveaway is limited to those living in the US. If you live somewhere else you can still participate, but we may not be able to deliver your prize. See full Terms and Conditions below. If you have questions, reach out to us on LinkedIn or Twitter. 


Continue reading

How to Simplify Your Journey to Zero Trust with NSX Workshops

At its core, Zero Trust is an operational framework that helps enterprises secure modern network environments. Zero Trust insists organizations strip away ambiguity from their security and focus on the basics: committing to a risk-based approach across end-users, networks, data, devices, and much more. If you’re ready to take the next step toward built-in, Zero Trust networking (ZTN), we can help.  Learn how to successfully implement Zero Trust networking and segmentation strategies at one of our upcoming NSX Network Security Workshop Sessions on TuesdaySeptember 28, 2021 or on Wednesday, September 29, 2021. 

During these live virtual events, Patricio Villar, Principal Network Architect and VMware Certified Expert/Network Virtualization, will cover Zero Trust foundational concepts, including: 

  • How to identify communication paths to segment and build policy to protect your data center 
  • How implementing  NSX security supports ZTN framework
  • How to easily implement stronger distributed security with VMware NSX 

NSX Network Security Workshop topics include:

If you’re ready to simplify Zero Trust so you can have simply zero worries, grab your spot and register today.    

See you there! 

The post How to Simplify Your Journey to Zero Trust with NSX Workshops appeared first on Network and Security Virtualization.

HelloKitty: The Victim’s Perspective

In the past few months, we have witnessed several indiscriminate attacks targeting big companies. Whereas years ago different threat actors focused on specific sectors, nowadays the same techniques, tactics, and procedures (e.g., how the perimeter is penetrated, which tools are used for lateral movement) are consistently applied regardless of company size, location, or industry. Target selection is much more dependent on an organization’s IT infrastructure: for example, recent trends show several actors (among them REvil, HelloKitty, or what was known as Darkside) increasingly targeting companies running workloads on VMware ESXi by adding to their ransomware capabilities to gracefully stop virtual machines before encrypting them (see Figure 1).

Figure 1: HelloKitty stopping virtual machines gracefully

Another important trend we have seen growing in the last few months is the use of ransomware to seize sensitive customer data — first by exfiltrating it, then encrypting it, and later pressuring the victim into paying a ransom under the threat of disclosing such data publicly (a technique called “double extortion”). Notable victims include CD Projekt RED, which faced the leak of the source code of some of its most famous video games.

While many threat reports have already dissected the technical Continue reading

Explore VMware’s Modern App Connectivity Services with Amazon EKS-Anywhere

As enterprises accelerate their application modernization journey, there is a stronger need for running applications across multi-cloud environments. Today, AWS announced General Availability of Amazon EKS-Anywhere, expanding the AWS portfolio to support these use cases.

We are thrilled to integrate with and extend EKS by providing secure connectivity services that work cross-cluster and cross-cloud with VMware’s Modern App Connectivity Services. By delivering these capabilities, applications can enjoy the level of resiliency, scalability, and security needed for enterprise-critical applications.

VMware Modern App Connectivity Services accelerate the path to app modernization by extending connectivity and security between EKS and EKS-D, and to other platforms. Built on cloud-native principles, it enables a set of important use cases that automate the process of connecting, observing, scaling, and better-securing applications.

VMware enables EKS customers to leverage connectivity, resiliency, and security capabilities:

  1. Application connectivity
    Across both multi-cluster and hybrid clouds, in addition to VM environments.  This enables discoverability and connectivity between distributed microservices across hybrid EKS, EKS-D, and VMware vSphere environments.
  2. Application resiliency 
    This enables cluster load balancing level on-prem to communicate with the rest of the customer’s environments both on-prem and on the cloud with this global load balancing solution.
  3. Application security
    This enables Continue reading

It’s Time to Rethink Security Across the Software Supply Chain

Open Source has proven instrumental in accelerating software development — providing developers with feature velocity, ease of customization, and quality reusable code. However, the open-source security landscape has clearly changed: it’s clear that the unwritten rule among the open-source community has expired, and open season on hacking open-source software projects has begun. Today’s threat actors have no qualms about injecting malicious code upstream as a way to target downstream applications. Developers need to recognize this new reality and rethink security across the software supply chain.

How did we get here? The push to accelerate digital transformation may be inadvertently introducing vulnerabilities into the software supply chain. Developers, under constant pressure to deliver new software to market faster, often rely on containerized open-source software and public repositories to meet dynamic, agile needs. According to Gartner, nearly three-quarters of global organizations will be running three or more containerized applications in their production environments by 2023. The Cloud Native Computing Foundation (CNCF) also confirmed a similar pattern in its survey, which found the use of containers in production has increased to 92 percent since 2019. With Kubernetes the dominant container orchestration solution, 32% of respondents in the CNCF survey indicated that security Continue reading

What’s New in VMware HCX 4.2

Real-time Estimation of vMotion and Replication Assisted vMotion Migration 

HCX analyzes migration metrics and provides an estimate of the time required to complete the relocation phase of every configured vMotion, as well as the time required to complete the transfer phase of every RAV migration. Foreach virtual machine migration, the estimate is shown in the progress bar displayed on both the Migration Tracking and Migration Management pages while the transfer is underway. 

 The following snapshot shows an estimate of time remaining for the vMotion-based migration to complete. 

Here we see a similar estimate for a RAV (Replication Assisted vMotion) based migration.  

Predictive Estimation of Replication Assisted vMotion (RAV) Migrations 

For RAV migrations in draft state, HCX uses machine learning to generate an estimate of the time required to complete the migration. The estimate is shown in the progress bar displayed on the Migration Management page. Predictive estimationis available for Early Adoption (EA) with both RAV and Bulk migration. 

5The following snapshot shows how the user can get a predictive estimate of the time needed for Replication Assisted vMotion (RAV) to migrate workloads of virtual machines in a Mobility group. 

OS Assisted Migration (OSAM) with HCX for VMware Cloud 

HCX OS Assisted Migrations enable transitions from non-vSphere-based environments to vSphere-based environments. OSAM can now be runin VMware Cloud Continue reading

Explore Future:NET for a Chance to Win a Bose Headset

Hey there, NSXers!  

The skies are blue, the sun is shining, and summer is in full swing. Whether you’re getting your summer on by grooving to some tunes, or embracing the grind at home or back in the office, there’s one thing you can count on needing: a sweet set of headphones.  

The Future:NET team is here to help! At Future:NET, industry luminaries deliver exclusive insights into all things networking – including a discussion of the lasting impacts of 2020 and predictions on the future of the industry, from app-centric connectivity to ubiquitous access across clouds. Now you can get all that Future:NET goodness — and a pair of Bose noise-canceling headphones too! All you need to do is: 

1. Follow Future:NET on Twitter.


2. Watch the Looking Back, Looking Forward session. 


3. And post a screenshot of the video in the comment section of our Twitter announcement post.  

Then, we’ll select winners from thee comments and announce them on August 2. Yep, it’s that easy! 

Take your work from anywhere to the next level – with these headphones, you can groove from anywhere while you’re at it. 

NO PURCHASE NECESSARY TO ENTER OR WIN. Void in Quebec and where prohibited. All federal, state, provincial and local laws Continue reading