Archive

Category Archives for "VMware Network Virtualization Blog"

Learn the 4 Security Requirements for Modern Apps

Flying cars will be available by 2024 — or so they say. Imagine cars being able to run their errands faster, be safer off the ground, and allow for higher-level observability. In the cybersecurity world, we have our own version of a flying car: modern applications. Modern apps are extremely multi-faceted: housing microservices/APIs, they are SLO/SLI driven, and native to the multi-cloud. The innovative and futuristic feel of modern apps is exciting, but the transition to them doesn’t come without complications. Despite modern app complexities, there are standard security best practices you can use to meet your challenges and continue to move your enterprise forward. 

The four major security requirements are:  

  1. Multi-Cloud Secure Connectivity
  2. Traffic Management and Perimeter Security
  3. Security Observability
  4. Distributed Security and Compliance  

Come along for the ride as we break these down. 

Multi-Cloud Secure Connectivity 

A multi-cloud environment is becoming the standard within enterprises today. But just because something is standard doesn’t mean there’s a universal understanding of it. Multi-cloud networks involve the use of multiple cloud computing, storage, and traffic services in a single-space architecture. The multi-cloud aims to provide fast distribution of cloud assets, apps, software, end-to-end encryption, and much more. Adopting this strategy effectively means no room for error. As the multi-cloud is built to speed up an enterprise’s digital transformation, it requires a fast, secure, and reliable foundation to provide a strong end-user experience. If connectivity lags, your organization will Continue reading

VMware Wins Best Network Detection and Response Award From SE Labs 

After months of in-depth testing by SE Labs across a vast spectrum of security products, VMware is honored to receive the 2021 Best Network Detection and Response award.  This award comes on the heels of the announcement earlier this year that SE Labs awarded the industry’s first NDR AAA rating to VMware NSX Network Detection and Response (NDR)  

According to the U.K. based independent testing lab, each of the award winners has demonstrated its excellence in its category. SE Labs bases their conclusions on a combination of continual public testing, private assessments and feedback from corporate clients who use SE Labs to help choose security products and services. 

The efficacy of VMware NSX NDR is clear, proving  100 percent protection across multi-cloud environments from four major advanced and persistent threats (APT) groups—including FIN7&Carbanak, OilRig, APT3 and APT29—while returning zero false positives. This ability allows security operations teams to rapidly detect malicious activity and stop the lateral movement of threats inside the network.  

A Sea Change in Independent Security Testing 

This award and AAA rating from SE Labs is the first in the industry. It is well-known that today’s attackers continually evolve and chain together an ever increasingly complex chain of events. These techniques, tactics and procedures occur across networks and often traverse and bypass traditional security tools like firewalls and antivirus. As our understanding of attacker’s behaviors evolve, so must our engineering and Continue reading

How William Hill Achieved Success in their Journey to Multi-Cloud

A commonly used term in the sports betting world is handicapper. A handicapper is a person who analyzes sports events to predict the winning team or player. This person (or team) focuses on all the moving pieces in a chaotic or high-stakes environment to make business-critical decisions. Similarly, in managing a multi-cloud environment, organizations have a lot at stake, and they must make crucial operational choices for the sake of security and the end-user experience. Having the ability to spot challenges in advance when moving through a multi-cloud journey will make the difference between success and failure. We’re going to look at three of the key multi-cloud challenges organizations face, as well as a real-life customer success story, William Hill, and how they overcame some of their biggest obstacles in their quest for multi-cloud success. 

3 Roadblocks to Multi-Cloud 

Regardless of where your organization started, there are three primary challenges you will likely face in moving to multi-cloud. To begin, every cloud is different in the way that it operates. This creates issues when it comes to connecting services across different cloud environments. Second, each cloud has its own methods and APIs when it comes to securing workloads. Thus, the process can lose consistency when different clouds are trying to communicate with one another. Lastly, providing a winning end-user experience requires strong observability within a multi-cloud environment. If that doesn’t exist, the bread and butter of your enterprise is at stake. 

So, how do you move past these roadblocks?  

There are three must-haves to keep in mind — and to keep you calm, cool, and collected when facing Continue reading

Learn How Real-World Organizations Benefited from an Overhaul of their Security Lifestyle 

Achieving better security is something we all know is necessary but can struggle to get there. It’s like improving your diet: you know you need to eat better and exercise to cultivate a healthier, more well-rounded lifestyle. But you don’t do it because it’s hard, often expensive, and can be a pain. So, you avoid it (trust me, we’ve all been there). But, you learn that putting one foot in front of the other forces you to take small steps toward big results. The same notion applies to needing better security. We know we need it, but it’s not always easy to know where to begin.    

There is no quick fix for sustainable change. Sure, we can make better choices each day, but it takes consistency and a solid structural foundation – a lifestyle change – to maintain these advancements. Losing weight is one thing; when it comes to better multi-cloud security, this is a process that leaves little room for fluctuation. Start with the fundamentals and tighten your belt over time.   

Let’s take a look at real-world organizations that have benefitted from doing the hard stuff. They’ve done the work and have seen the results. Continue reading

Research Recap: How To Automate Malware Campaign Detection With Telemetry Peak Analyzer

Contributors: Jason Zhang, Stefano Ortolani, Giovanni Vigna

Cyber security threats have been growing significantly in both volume and sophistication over the past decade with no sign of a slowdown. Naturally, this has also been accompanied by an increased collection of threat telemetry data, ranging from detonation timelines to IDS/IPS detections. Telemetry data, typically represented by enriched time series, often contains underlying peak signals which in turn correspond to a few informative events: occurrences of malware campaigns, heavily used malware delivery vectors, commonly affected verticals, and even anomalies possibly revealing the presence of false positives. While all this information clearly holds tremendous value, mining these data sets can be expensive and complex. As a result, organizations often find it challenging to gain further insights of the underlying threat landscape even though they have access to the data.

Recently at VirusBulletin Threat Intelligence Practitioners’ Summit (TIPs) 2021, we presented our latest research aiming to tackle the challenges discussed above: Telemetry Peak Analyzer is a statistical approach to detect malware campaigns as they happen by relying on telemetry data in an efficient and scalable manner.

Read on to get the key insights of the presentation. We’ll provide an overview of the characteristics Continue reading

How to Accelerate Your Digital Transformation with VMware’s Cloud Networking Capabilities

Realize What’s Possible with Advanced Cloud Networking Capabilities 

VMworld 2021 – what a whirlwind. Thank you for attending and making the virtual event a success. With so many sessions and so little time, we thought it was important to point out one of the most notable networking sessions of this year: Automation is Modernizing Networks, delivered by Tom Gills, SVP & General Manager, Networking and Advanced Security. 

In case you missed it, we’re going to catch you up on essential insights, networking news, and more. 

Networking by the Numbers 

 The vision behind VMware’s cloud networking is to centralize policy and networking infrastructure. Today, there are more than 23,000 customers using VMware’s virtual networking products. 96 out of the Fortune 100 have chosen VMware to virtualize their network infrastructure. VMware has replaced more than 12,000 power-hungry, hardware load balancer appliances. There are more than 450,000 branch sites globally, accelerating the digital transformation for enterprises of all kinds. 

Leveling Up  

Taking a step back, we can see how clearly all of these developments are enhancing digital operations for our various constituents. With two strokes of a key, our customers can send applications directly into production. This includes scanning for security/compliance violations, enforcing these security and compliance Continue reading

10 Resources to Get Started on Container Network Security

Ready to get started? The following resources and tutorials will enhance your understanding of container network security and help you get started.

Analyst Research

Get an independent analyst’s view on the state of container security:

Blogs

Many container network security experts are blogging about lessons learned and sharing their knowledge on how to secure mod- ern applications. Follow their conversations:

Courses and Certifications

Developers and platform operators alike need to learn how to secure applications and platforms. Why not take a class to enrich your understanding? There are many free and low-cost options, including the following:

Peek Under the Hood: SE Labs NDR Test 

Earlier this month, SE Labs awarded VMware the first ever AAA rating for Network Detection and Response (NDR)–highlighted by our ability to provide 100 percent protection from four major advanced and persistent (APT) groups across multi-cloud environments. The NDR test, the first of its kind, signified the changing threat landscape where enterprises need to identify and stop attackers inside the network where they are able to move freely to discover valuable information they can exfiltrate. Given expanding threat surfaces due to modern applications, work from anywhere and cloud transformation, the assumption is that attackers are likely already inside your network, making legacy cybersecurity tests focused solely on the perimeter increasingly-unsuitable assessments for protecting today’s modern enterprise. 

According to the results from SE LabsVMware NSX NDR provides 100 percent protection across multi-cloud environments from four major advanced and persistent threats (APT) groups—including FIN7&Carbanak, OilRig, APT3 and APT29—while returning zero false positives. This ability allows security operations teams to rapidly detect malicious activity and stop the lateral movement of threats inside the network. 

Given that this is the first test of its kind, we wanted to give you a look under the hood to see how SE Labs used VMware NDR to detect all malicious network traffic and payloads from a specific threat group—OilRig – APT 34. Check out the Continue reading

The VMworld Aftermath: Continue Cutting Edge Learning with VMware’s Solution Spotlight 2021 Webcast Series

If you attended VMworld 2021 and you’re already itching for more learning, we have just the thing for you. Join our new upcoming VMware Solution Spotlight 2021 webcast series. You will be able to extend your learning and get answers to your burning questions by taking a technical deep dive into the innovations that are driving the Virtual Cloud Network.  

The series experts will be hosting a live Q&A session and will be covering: 

The three-part Cloud Networking Thursday series will take place on November 11th, November 18th, and wrap up on December 2nd.  

Check out a brief synopsis of each session to see the right fit for you: 

Learn How Your Enterprise Gets the Edge with SASE (11/11): 

VMware Tanzu Service Mesh Named a Leader in GigaOm Radar Report on Service Mesh

GigaOm placed VMware Tanzu Service Mesh (TSM) in the leader ring of its 2021 GigaOm Radar Report for Evaluating Service Mesh, cementing VMware’s status as the open-source choice for connecting and securing modern applications across single and multi-cloud environments.

As enterprises continue to split applications into microservices that can be spun up or down as needed, service meshes give DevOps the ability to seamlessly and simply orchestrate connectivity and security services across multi-cloud environments, automatically and at scale. This common abstraction layer for application services enables true app resiliency, observability, and security across single and multi-cloud environments — a critical superpower for organizations focused on delivering powerful and consistent experiences.

VMware continues to lead

Citing Tanzu Service Mesh’s open-source architecture, dominance in the enterprise market, innovative road map, and focus on improving security, the authors of the report feel that Tanzu Service Mesh gives enterprises the best chance of gaining that all-important visibility and control with modern applications.

The key to this, of course, is Tanzu Service Mesh’s ability to seamlessly abstract the application layer from the infrastructure layer through Global Namespace (GNS). By onboarding applications to a Global Namespace, developers, operations, and security gain consistent policy controls and operational Continue reading

VMware Achieves Industry-First AAA Rating for Network Detection & Response from SE Labs

In the first public test of is kind for Network Detection and Response, SE Labs awards the industry’s first NDR AAA rating to VMware NSX Network Detection and Response (NDR). The modern cyber battlefield is everywhere, and every attacker has to traverse multiple networks and in most cases many firewalls to achieve their goals. Internal to networks they look to move freely within the environment discovering valuable information they wish to exfiltrate. As attackers have continually innovated so must the industry and our testing. As a leader in the security industry, VMWare has gone through the industry’s first Network Detection and Response (NDR) test and received a AAA rating. It is well-known that attackers continually evolve and chain together an ever increasingly complex chain of events. These techniques, tactics and procedures occur across networks and often traverse and bypass traditional security tools like firewalls and antivirus. As our understanding of attacker’s behaviors evolve, so must our engineering and testing.

VMware customers can be assured that their data is better protected in this new arena as they continue to modernize their application and network infrastructure as part of their digital transformation initiatives.

According to the results from SE Labs, VMware NSX Continue reading

Open Intelligence Gathering: Light and Dark

A few weeks ago, I asked my manager, Chris Bareford, if he would approve the purchase of a licence to use the https://www.shodan.io open intelligence platform. I was both vague and detailed enough to justify the purchase, something about gathering threat intelligence as far as I can recall. My request was approved, and I am now in possession of the Shodan freelancer API entitlement. This is useful to me in automating certain intelligence and discovery tasks.

This blog, however, is NOT about the Shodan freelancer API.

Part of my job is to help enable cyber readiness for both my internal colleagues and my customers and prospective customers, and as part of this remit I publish a weekly threat landscape report, which is essentially a collection of things I have found to be interesting (and/or concerning) during the previous week from a cyber-security perspective. One element of this report covers what I would consider to be largely opportunistic attacks (or probes), and so I summarize an anonymized set of the past week’s common vulnerabilities & exposures (CVE) that VMware customers have had. When collating this type of information on a regular basis, what you notice is that, in addition Continue reading

Seeking Service Mesh Sessions at VMworld 

It’s that time of the year again, when all of VMware’s customers and the vCommunity at large assemble for the annual gathering of learning and shared knowledge that we call VMworld. 

This year, like last year, VMworld will be held in a virtual format and, just like last year, it’s completely free! Last year’s VMworld was a big success, with many great sessions and a record number of attendees who joined from around the world. 

As for Tanzu Service Mesh, I have good news for all you service mesh enthusiasts — and for those who are just starting to learn about service mesh. This year will see an exponential increase in the number of sessions that cover Tanzu Service Mesh. —

Service Mesh Sessions You Won’t Want to Miss: 

  1. Solutions Keynote: DevSecOps Your Way to Any Cloud (And Delight Customers) [V13190]
    This session, led by Ajay Patel, SVP and GM of the Modern Apps and Management Business Unit, will review VMware solutions that enable a DevSecOps practice for our customers — and that includes Tanzu Service Mesh. Pratik Roychowdhury a Tanzu Service Mesh director of product management, will talk about how Tanzu Service Mesh provides a way to observe and control API calls exchanged between micro-services. Pratik will also describe our PII Data Leakage protection Continue reading

How to Utilize Automation to Revolutionize Modern Networks

At VMworld 2021, we’re imagining what’s possible when it comes to the public cloud experience everywhere.  IT enterprises are expected to keep up with increasing consumer demands, focusing on fast application roll out across multiple clouds. There’s an industry wide emphasis being placed on delivering immediate, secure, and strong end-user network experience to get the job done right. At this year’s conference, we’re looking at real customers and their experiences when it comes to optimizing automation in modern network environments. 

Dankse Bank, a leader in the financial industry, learned what was necessary to achieve the most simplified self-service functionality possible. By starting with Day 0 deployment and all the way to Day 2 delivery, Dankse Bank secured sustainable service delivery and self-service modifications. VMworld 2021 session Network Operations: Intelligence and Automation from Day 0 to Day 2 takes a deeper look at this customer’s intelligence journey to show how you can achieve simplification within the public cloud, too.  

Simplifying Day 0 and Day 2 ops are action steps IT can take to streamline business ops but understanding the modern enterprise – and the complexities involved – is evergreen. Learning the ins-and-outs of the modern network with end-to-end virtualization allows businesses like yours to succeed in even the most diverse environments. Tom Gillis, Business Group leader, NASBG, of VMware, takes us on a deep dive of why building out a better security posture within diverse infrastructure is crucial. You Continue reading

Symbexcel: Bringing the Power of Symbolic Execution to the Fight Against Malicious Excel 4 Macros

Office macros are a popular attack vector to compromise a user’s environment and deploy additional components. That’s because macros can hide within documents, often under several layers of obfuscation. In recent years, there has been an increase in attacks that leverage Excel 4.0 macros as threat actors have realized the power that this legacy functionality provides to an attacker.

Analyzing Excel 4.0 macros can be a daunting task, because the analysis often requires manual, step-by-step execution of the code to extract behaviors and IoCs such as the URLs from which additional malware components will be downloaded.

In this blog, we present Symbexcel, a novel solution based on symbolic execution for the automated de-obfuscation and analysis of Excel 4.0 macros. Our approach was recently presented at BlackHat 2021 [1].

What Are Excel 4.0 Macros?

Excel 4.0 macros, or XLM macros, are a 30-year-old feature of Microsoft Excel that allows one to encode a series of operations into the contents of spreadsheet cells. Distinct from the traditional functions provided by an Excel spreadsheet (such as SUM), Excel 4.0 macro functions have access to the Windows API and can be used to interact with the underlying operating Continue reading

Simplification through Unification: One Network Across the Entire Multi-Cloud

Two major pillars of VMworld 2021 focus on enhancing productivity and consistency. More than ever, businesses are demanding consistent, secure, and reliable communication between apps and users. What Networking professionals at VMworld want to reinforce is that multi-cloud ops shouldn’t have to slow down due to poor app distribution among workspaces. The network should be durable and secure everywhere. While  threats are inevitable, businesses can be prepared by learning how to converge networking, security, and threat detection within the cloud. And that’s exactly what we’re going to teach you at this year’s virtual event. 

Valued customers of all different industries have chosen to allow VMware’s multi-cloud ops solutions to guide them through their digital transformation. Susan Wu, Senior Product Marketing Manager, and Aamer Aakhter, Product Manager, are two seasoned VMware leaders who will take you through how customers achieved multi-cloud excellence, and how you can say “Goodbye Compromises Everywhere. Hello Productivity Anywhere,” with this VMworld session. 

While simplicity may look different depending upon an organization’s goals, there is one thing that remains constant: performance shouldn’t have to be sacrificed for safety. Your enterprise should be able to streamline the entire multi-cloud to remain agile, productive, and increasingly adaptive against any threat or operational hiccup.  

IT portfolios are becoming increasingly Continue reading

Learn How to Implement Stronger Multi-Cloud Security at VMworld 2021

One of the major focuses at VMworld 2021 is to educate network security teams on how they can achieve the strongest security posture by enabling Zero Trust. The Zero Trust model is essential to securing your entire digital footprint and to remain secure as it grows. Leaders like the White House, CISOs, and industry analysts of all kinds, agree that the Zero Trust approach to network architecture is the best way to protect not only the existing perimeter but also the critical apps and workloads inside.  

During the Never Trust: Building Zero Trust Networks VMworld 2021 session, industry leaders will take a practical look at what it takes to adopt Zero Trust at scale, offer a blueprint to the Zero Trust Architecture model, and suggest next steps to implement Zero Trust for your organization. 

An extension of learning to build Zero Trust networks is sharing tangible solutions to get your business the strength and security it needs. VMware leaders Christopher Kruegel, VP of Security Services, and Vivek Bhandri, Senior Director of Product Marketing, share VMware’s NSX Distributed Firewall service that will strengthen your East-West security to protect any workload in any cloud. Add A Modern Firewall For Any Cloud and Any Workload [SEC2688] to your VMworld itinerary now.   

To gain visibility and control within the network via Zero Trust, means giving enterprises room to breathe.  Eliminating any hesitation when it comes to threat prevention hardens your organization’s security infrastructure Continue reading

All Things Networking at VMworld 2021

Must-See Sessions for Networking 

This year’s networking sessions – based on the audience feedback from VMworld 2020 – not only feature more customers stories and interviews, but have a balance of innovation, industry trends, roadmap, and technical get-your-hands-dirty sessions. The VMworld 2021 Session Types and Levels summary gives you an idea of what’s available for you and your colleagues.  

If you’re not sure about the different learning tracks or what they will include, check out the VMworld learning index here. The robust Content Catalog will allow you to filter sessions based on topic, tracks, products, type and level; the scheduler lets you to build an itinerary.  

Lastly, we have made a list of can’t miss sessions based on your role.  

For Networking Leaders:  

 For Networking Practitioners:  

Augmented MISP Integration with NSX Advanced Threat Analyzer

Contributors: Jason Zhang (NSBU TAU), Stefano Ortolani (NSBU TAU)

Introduction

Formerly known as the Malware Information Sharing Platform, MISP is a leading open-source threat intelligence platform (TIP) that organizations of all sizes can leverage to store, share, and enrich threat indicators of compromise (IoCs).

The MISP ecosystem primarily comprises two parts: MISP core (or engine) and MISP modules. MISP core is responsible for the main functionality of the platform, while MISP modules were introduced to extend the capability of MISP without changing MISP core components.

Thanks to the simple API interface provided by MISP, many third-party MISP modules have been developed to greatly extend MISP’s capabilities. There are mainly three types of MISP modules: expansion modules, import modules, and export modules. More details on MISP modules can be found on MISP’s GitHub MISP module repository, which includes three modules developed by Lastline (now part of VMware) that integrate MISP with VMware NSX Advanced Threat Analyzer (ATA), as we reported earlier.

Recently VMware’s Threat Analysis Unit (TAU) developed a new expansion module, which replaces the three Lastline modules. The improvements from the new module are twofold: a simplified enrichment process and an augmented enrichment capability.

In this blog post, Continue reading

Guide to NSX Security at VMworld 2021

The world is changing and as a result, the ability to operationalize network security at scale is more important than ever. Organizations need the ability to monitor and protect both East-West and North-South traffic at scale without adding operational complexity or impacting the user experience. How do organizations do all this in the face of reduced budgets, increasing network complexity, radical changes throughout IT architectures and an increase in volume and sophistication of cybersecurity threats?

We’ll show you at VMworld 2021 with sessions dedicated to helping you operationalize network security at scale in today’s modern world.

To register or learn more about VMworld, visit the portal. Without further ado, check out our quick guide to NSX Security sessions at this year’s event.

Keynote

Multi-Cloud

Firewall

Threat Prevention

1 3 4 5 6 7 28