Enter the NSX Giveaway – Tune In on LinkedIn

Do you remember the 21st night of September?

At VMware NSX, we sure do – and you can bet we’ll be dancing to Earth, Wind & Fire all September long. Whether or not this is your September song of choice, there’s no better way to listen to your favorite tunes than on a top-notch speaker. VMware NSX wants to help by giving away new portable Sonos Roam Speakers that you can bring wherever your grooving takes you.

Yep, you heard us – we’re hosting a giveaway! Entering for a chance to win is easy, too: just follow our new Networking & Security LinkedIn.

For an extra entry, tag a friend or colleague who would enjoy NSX content in the comments of the announcement post.

We’ll select winners from our new followers after the giveaway closes on Oct. 14, 2021. In the meantime, we’ll be listening to “September” on repeat.

This giveaway is limited to those living in the US. If you live somewhere else you can still participate, but we may not be able to deliver your prize. See full Terms and Conditions below. If you have questions, reach out to us on LinkedIn or Twitter.

How to Simplify Your Journey to Zero Trust with NSX Workshops

At its core, Zero Trust is an operational framework that helps enterprises secure modern network environments. Zero Trust insists organizations strip away ambiguity from their security and focus on the basics: committing to a risk-based approach across end-users, networks, data, devices, and much more. If you’re ready to take the next step toward built-in, Zero Trust networking (ZTN), we can help. Learn how to successfully implement Zero Trust networking and segmentation strategies at one of our upcoming NSX Network Security Workshop Sessions on Tuesday, September 28, 2021 or on Wednesday, September 29, 2021.

During these live virtual events, Patricio Villar, Principal Network Architect and VMware Certified Expert/Network Virtualization, will cover Zero Trust foundational concepts, including:

How to identify communication paths to segment and build policy to protect your data center
How implementing NSX security supports ZTN framework
How to easily implement stronger distributed security with VMware NSX

NSX Network Security Workshop topics include:

If you’re ready to simplify Zero Trust so you can have simply zero worries, grab your spot and register today.

See you there!

The post How to Simplify Your Journey to Zero Trust with NSX Workshops appeared first on Network and Security Virtualization.

HelloKitty: The Victim’s Perspective

In the past few months, we have witnessed several indiscriminate attacks targeting big companies. Whereas years ago different threat actors focused on specific sectors, nowadays the same techniques, tactics, and procedures (e.g., how the perimeter is penetrated, which tools are used for lateral movement) are consistently applied regardless of company size, location, or industry. Target selection is much more dependent on an organization’s IT infrastructure: for example, recent trends show several actors (among them REvil, HelloKitty, or what was known as Darkside) increasingly targeting companies running workloads on VMware ESXi by adding to their ransomware capabilities to gracefully stop virtual machines before encrypting them (see Figure 1).

Figure 1: HelloKitty stopping virtual machines gracefully

Another important trend we have seen growing in the last few months is the use of ransomware to seize sensitive customer data — first by exfiltrating it, then encrypting it, and later pressuring the victim into paying a ransom under the threat of disclosing such data publicly (a technique called “double extortion”). Notable victims include CD Projekt RED, which faced the leak of the source code of some of its most famous video games.

While many threat reports have already dissected the technical Continue reading

Explore VMware’s Modern App Connectivity Services with Amazon EKS-Anywhere

As enterprises accelerate their application modernization journey, there is a stronger need for running applications across multi-cloud environments. Today, AWS announced General Availability of Amazon EKS-Anywhere, expanding the AWS portfolio to support these use cases.

We are thrilled to integrate with and extend EKS by providing secure connectivity services that work cross-cluster and cross-cloud with VMware’s Modern App Connectivity Services. By delivering these capabilities, applications can enjoy the level of resiliency, scalability, and security needed for enterprise-critical applications.

VMware Modern App Connectivity Services accelerate the path to app modernization by extending connectivity and security between EKS and EKS-D, and to other platforms. Built on cloud-native principles, it enables a set of important use cases that automate the process of connecting, observing, scaling, and better-securing applications.

VMware enables EKS customers to leverage connectivity, resiliency, and security capabilities:

Application connectivity
Across both multi-cluster and hybrid clouds, in addition to VM environments. This enables discoverability and connectivity between distributed microservices across hybrid EKS, EKS-D, and VMware vSphere environments.
Application resiliency
This enables cluster load balancing level on-prem to communicate with the rest of the customer’s environments both on-prem and on the cloud with this global load balancing solution.
Application security
This enables Continue reading

It’s Time to Rethink Security Across the Software Supply Chain

Open Source has proven instrumental in accelerating software development — providing developers with feature velocity, ease of customization, and quality reusable code. However, the open-source security landscape has clearly changed: it’s clear that the unwritten rule among the open-source community has expired, and open season on hacking open-source software projects has begun. Today’s threat actors have no qualms about injecting malicious code upstream as a way to target downstream applications. Developers need to recognize this new reality and rethink security across the software supply chain.

How did we get here? The push to accelerate digital transformation may be inadvertently introducing vulnerabilities into the software supply chain. Developers, under constant pressure to deliver new software to market faster, often rely on containerized open-source software and public repositories to meet dynamic, agile needs. According to Gartner, nearly three-quarters of global organizations will be running three or more containerized applications in their production environments by 2023. The Cloud Native Computing Foundation (CNCF) also confirmed a similar pattern in its survey, which found the use of containers in production has increased to 92 percent since 2019. With Kubernetes the dominant container orchestration solution, 32% of respondents in the CNCF survey indicated that security Continue reading

What’s New in VMware HCX 4.2

Real-time Estimation of vMotion and Replication Assisted vMotion Migration

HCX analyzes migration metrics and provides an estimate of the time required to complete the relocation phase of every configured vMotion, as well as the time required to complete the transfer phase of every RAV migration. For each virtual machine migration, the estimate is shown in the progress bar displayed on both the Migration Tracking and Migration Management pages while the transfer is underway.

The following snapshot shows an estimate of time remaining for the vMotion-based migration to complete.

Here we see a similar estimate for a RAV– (Replication Assisted vMotion) based migration.

Predictive Estimation of Replication Assisted vMotion (RAV) Migrations

For RAV migrations in draft state, HCX uses machine learning to generate an estimate of the time required to complete the migration. The estimate is shown in the progress bar displayed on the Migration Management page. Predictive estimation is available for Early Adoption (EA) with both RAV and Bulk migration.

5The following snapshot shows how the user can get a predictive estimate of the time needed for Replication Assisted vMotion (RAV) to migrate workloads of virtual machines in a Mobility group.

OS Assisted Migration (OSAM) with HCX for VMware Cloud

HCX OS Assisted Migrations enable transitions from non-vSphere-based environments to vSphere-based environments. OSAM can now be run in VMware Cloud Continue reading

Explore Future:NET for a Chance to Win a Bose Headset

Hey there, NSXers!

The skies are blue, the sun is shining, and summer is in full swing. Whether you’re getting your summer on by grooving to some tunes, or embracing the grind at home or back in the office, there’s one thing you can count on needing: a sweet set of headphones.

The Future:NET team is here to help! At Future:NET, industry luminaries deliver exclusive insights into all things networking – including a discussion of the lasting impacts of 2020 and predictions on the future of the industry, from app-centric connectivity to ubiquitous access across clouds. Now you can get all that Future:NET goodness — and a pair of Bose noise-canceling headphones too! All you need to do is:

1. Follow Future:NET on Twitter.

2. Watch the Looking Back, Looking Forward session.

3. And post a screenshot of the video in the comment section of our Twitter announcement post.

Then, we’ll select winners from thee comments and announce them on August 2. Yep, it’s that easy!

Take your work from anywhere to the next level – with these headphones, you can groove from anywhere while you’re at it.

PROMOTIONAL DRAWING TERMS & CONDITIONS

NO PURCHASE NECESSARY TO ENTER OR WIN. Void in Quebec and where prohibited. All federal, state, provincial and local laws Continue reading

From Zero Visibility to Zero Trust in the Data Center

Imagine someone breaking into your home. If you catch them in the act, they’re most likely leaving right away, and you’re upping your security system. Now imagine someone breaking into your home, and staying for nine months – now what? They’ve prolonged their stay completely unnoticed and destroyed the security system you once trusted and relied upon. Your next move? Trying to reinstate the faith you once had in security and completely reconfigure your security blueprint.

Let’s break down why data center security has taken center stage as of late with the increasing challenges of securing east-west traffic and the journey from zero visibility to Zero Trust thanks to Forrester and VMware’s collaborative webinar session. (Or, feel free to get straight to all the juicy details, and watch the webinar now.)

The Catapult for Enhanced Data Center Security

We’re on the heels of the global COVID-19 pandemic, and wow, have things changed. As a global community, we were trying to juggle the unknown and potential threats that COVID-19 had posed. From an industry perspective, we had to engage in an overhaul that changed the way we worked – forever. For organizations everywhere, remote work is now a part of the new normal routine. So, with these massive changes, Continue reading

What’s the Most Secure Network of Them All?

You’re standing in front of three doors. Door number one is big, tall, and sturdy. Nothing fancy, but seemingly safe. Door number two has more bells and whistles, fancy engravings, and twice the number of locks. Elevated security for sure, but you suspect more form over function, so you’re not entirely sold. Door number three features a winning combination of practicality and advanced locks. This one has to be the best choice, right?

You can’t see behind any door, so your choice is limited to inference. That’s frustrating. Today, choosing the right security solution for your business is no different. Bells and whistles can distract us from our core objective of ultimate, unwavering security. And old reliable doesn’t seem capable of repelling an onslaught of modern threats and distributed exposures.

Organizations need to make the right network security choice to successfully secure their networks in a highly dynamic, distributed world where it’s not a matter of if intruders will get in, but when. Turns out, the right approach is as much about philosophy as it is about technology: trust no one. But, before we get into the relationship between trust and better security, let’s begin with a review of how Continue reading

How to Build a Better Security Posture Post-Pandemic

What a whirlwind of a year it has been! Covid has accelerated digital transformation — but also made painfully obvious the data center’s continuing security vulnerabilities. We’ll explore VMware’s data center security insights and solutions at RSA Conference 2021.

Ah, 2020, a year we won’t soon forget. Initially, I know a lot of us had planned to work from home more frequently, given our ability to be physically anywhere with internet access, but who would have thought we would be forced to? I’m thankful we are in an industry that supports and encourages us to be mindful of our health and safety. And so, while conferences like Black Hat and DEFCON (“hacker summer camp”) are moving towards a hybrid model allowing a limited number of attendees to be physically present, I am choosing to stay home and participate remotely.

Why We’re Here

I am confident the underlying theme of the ’cons this year will be how the global pandemic, by requiring us to socially isolate, has forced innovation in the way we work. This has had a profound impact on the industry — accelerating us into a digital transformation that relies on cloud and other technologies. A transformation a lot Continue reading

It’s Raining Beacons: Automated Generation of Cobalt Strike Traffic

Introduction

Cobalt Strike [1] is a tool to support red teams in attack simulation exercises. To this end, Cobalt Strike provides several techniques that allow a red team to execute targeted attacks to compromise a target network, established a bridge head on a host, and then move laterally to gain additional access to computers, accounts, and, eventually, data.

While the goal of Raphael Mudge, the author of Cobalt Strike, was to provide a framework to test network defenses to support the development of effective detection mechanisms and incident response procedures, the power provided by the tools was not lost on malicious actors (see, for example, [2]).

Soon, Cobalt Strike was copied, modified, and included in the toolset used in attacks against targets of all kinds. For example, recently Cobalt Strike was used as part of both the SolarWinds supply-chain attack [3] and the ransomware attacks against Colonial Pipeline [4]. The tool is so popular that there are Telegram channels and GitHub repositories dedicated to obtaining or producing modified, pirated copies of the Cobalt Strike software [5].

Given its “dual nature” and wide adoption by both sides of the security battlefield, it is not surprising that security teams struggle to develop Continue reading

How VMware IT Achieved Zero Trust in the Data Center: a Step-by-Step Approach

Security keeps getting more complex, and despite a multitude of products, tools and processes, organizations find it challenging to prevent 100 percent of breaches or unwanted access. Zero Trust holds the promise of achieving tighter security by only trusting network traffic that is specifically permitted by a security policy. While the task appears daunting, those organizations that follow a step-by-step approach can achieve success.

The process followed by VMware IT (VMIT) can serve as a blueprint for other organizations, removing some of the mystery and complexity. VMIT embarked on a Zero Trust project for data center security to prevent unwanted lateral movement, restricting communication among workloads to only the minimum needed to complete their jobs. The goal was to make Zero Trust the new normal for all applications in the data center. To do so, the team needed to gain a complete understanding of all applications, down to the workload level. Once understood, effective policies can be crafted to permit only the desired behavior.

Step one: macro-segmentation

Achieving Zero Trust fits neatly into a five-step approach (see A Practical Path to Zero Trust in the Data Center white paper), which starts with macro-segmenting the network and culminates in micro-segmenting all Continue reading

Integrating MISP with NSX Advanced Threat Analyzer

Contributors: Stefano Ortolani (NSBU TAU)

MISP (originally Malware Information Sharing Platform) is a platform to share, store, and correlate Indicators of Compromise (IOCs) from targeted attacks, threat intelligence, or even financial fraud information. One of the reasons underlying MISP’s success is its extensibility via third-party modules. However, as the number of contributors increases, coordination and distribution can quickly become a challenge. To solve this issue, MISP’s authors created a satellite project called MISP modules.

Before joining the NSX family, we at Lastline contributed three different modules to the MISP project in order to better integrate MISP with the sandbox that is now part of the NSX Advanced Threat Analyzer (ATA) product offering. The main idea was to enrich the file indicators referencing an artifact with behavioral information extracted by detonating the artifact in the sandbox, or by retrieving the analysis result of previous detonations. We accomplished this by relying on three different modules:

lastline_submit: An enrichment module used to submit new files to the sandbox; as dynamic analysis requires some time to terminate, the output of this module is an external analysis link represented by a new MISP attribute.
lastline_query: An enrichment module to expand a Continue reading

Introducing VMware NSX Advanced Firewall for VMware Cloud on AWS

We are pleased to announce the introduction of VMware NSX Advanced Firewall for VMware Cloud on AWS, which takes the network security capabilities of VMware Cloud on AWS SDDC to a new level. Adding NSX Advanced Firewall features allows organizations to define security policies at Layer 7 while enabling deep packet inspection across all vNICS within the software-defined data center (SDDC).

NSX Advanced Firewall capabilities help you secure your applications against a never-expanding set of threats on the internet. Specifically, it includes a robust set of networking and security capabilities that enable customers to run production applications in the cloud.

This capability allows you to:

Detect attempts at exploiting vulnerabilities in your workloads.
Gain protection against vulnerabilities inside your SDDC with granular application-level security policies.
Reduce the attack surface of your workloads by allowing only the intended application traffic to run in your SDDC.
Seamlessly provide inspection for all traffic without a single inspection bottleneck.
Achieve your compliance goals.
Customers can purchase the NSX Advanced Firewall as an add-on in VMware Cloud on AWS.

Get the full summary on the VMware Cloud Blog or directly access the product page.

The post Introducing VMware NSX Advanced Firewall for VMware Cloud on AWS appeared first on Network and Security Virtualization.

Announcing VMware HCX 4.1

VMware HCX is a crucial component of the modernization journey for many VMware customers as they transform their data centers into SDDCs, both on-premises and in the public cloud. HCX, an application mobility platform, simplifies application migration, workload rebalancing, and business continuity across data centers and clouds, and enables large-scale migration of workloads to modern environments.

With the HCX 4.0 release, we rolled out some major updates. Now, the journey continues steadily forward with the release of HCX 4.1. Let’s dive in and see what’s new.

What’s New

Migrations Estimations: Predictive Estimations for Bulk Migrations

One key capability that was launched in HCX 4.0 was Migration Estimation — which provides real-time predictions for bulk migrations. With the HCX 4.1 release, customers will see a more accurate predictive estimate for bulk migrations in draft stage before wave execution.

Seed Checkpoint for Bulk Migration

In the past, failed replication-based migrations, like bulk migrations with HCX, automatically executed a cleanup process, which would lead to a total loss of replicated data. To the customer, this entailed losing all migration progress, while for larger VM profiles this meant the loss of many days of replication progress.

The seed checkpoint Continue reading

Exploring VMware’s Kubernetes App Connectivity and Security Solution: A Deep Dive, with Demos

Modern apps need to run in multi-cluster, multi-cloud environments across a mix of traditional and microservices architectures. In this context, enterprise platform, infrastructure, and operations teams are presented with unique challenges in securely connecting and managing modern workloads, in delivering scalable services, or bridging between traditional VM workloads and containers, and supporting production operations for modern apps.

VMware recently introduced the “VMware Modern Apps Connectivity solution”, which brings together the advanced capabilities of Tanzu Service Mesh (TSM) and VMware NSX Advanced Load Balancer ALB (formerly Avi Networks) address today’s unique enterprise challenges.

In this blog, we’ll take a deeper look at this solution and demonstrate how its cloud-native principles enable a set of important use cases that automate the process of connecting, observing, scaling, and better securing applications across multi-site environments and clouds. We’ll also show how state-of-the-art capabilities in this solution — like Global Server Load Balancing (GSLB) and Intelligent Autoscaling — enable enterprises to deliver advanced use cases such as cloud-bursting.

Step 0: Set up (typical HA architecture for a modern distributed app)

Let’s start by looking at our set-up, which is a typical architecture for a highly-available modern app deployment Continue reading

Introducing OSPF Support in NSX-T 3.1.1

NSX-T has revolutionized the data center and plays a key role in modern data center fabrics. Its unmatched capabilities are key elements in any effort to modernize networking in the data center.

NSX-T version 3.1.1 will go down as a critical milestone in this journey, as it supports OSPF version 2.

Based on RFC 2328, Open Shortest Path First Version 2 (OSPF v2) provides fast convergence, scalability, and is widely known among network architects and their operations teams. As a result, it is one of the most popular link state routing protocols in enterprise networks and data centers.

Interconnecting your physical networking fabric with NSX-T was possible using static routes and BGP. OSPF is now an option to consider leveraging dynamic routing protocols in the data center. By supporting OSPF as a dynamic routing protocol, existing NSX for vSphere customers can migrate seamlessly to NSX-T.

In this blogpost, we will demonstrate how to implement OSPFv2 within NSX-T in your data center.

OSPF Support in NSX-T

Providing connectivity between users and applications in a data center is crucial. The main purpose of any routing protocol is to dynamically exchange or share information regarding the reachability of a network.

Don’t Be Fooled by Agent Tesla’s Football Club Red Herring

Contributors: Subrat Sarkar (T-Rex), Jason Zhang (NSBU TAU)

Agent Tesla is a remote access tool (RAT) that is known for stealing credentials from several applications, including web browsers, VPN clients, and mail and FTP applications. It also supports keylogging, screen grabbing, and other functionality. Since it first came on to the scene in 2014, Agent Tesla has evolved into a fully customizable commercial malware tool, which is readily available on underground markets. Given the huge popularity of the malware, this threat has been thoroughly covered by the threat intelligence community, including our analysis in 2018 [1], our reports on COVID-19 related cyber threats [2] [3], and a recent article describing a surge of infections [4]. More recently, we detected a new wave of Agent Tesla attacks that exhibited some interesting characteristics, such as requesting a connection to top European football club websites.

In this blog post, we first present some of VMware’s NSX Advanced Threat Prevention telemetry and email metadata from the attack. We then provide our analysis detailing the most distinctive aspects of the attack, from the use of well-known European football club websites to key tactics, techniques, and procedures (TTPs).

The Agent Tesla Campaign

Figure 1 shows Continue reading

Is Your Perimeter Firewall Enough?

It’s not unnecessary, but a perimeter firewall is not enough. Picture this: innocent end-user at a mid-size commercial firm clicks on an email link originating in a phishing email attack. Sigh. The bad actor is now already behind the firewall. Without lateral controls, the exploit can quickly propagate throughout the network. In fact, according to our recent Threat Landscape Report, email is still the number one vector to deliver malware, and 4% of all emails are malicious. So if you have 701 emails in your inbox right now (no? just me?) 28 of them may be malicious. Yikes.

See What Evaded the Perimeter Threat Landscape Report

Most data center traffic happens within the data center and behind perimeter firewalls—a.k.a. east-west traffic, internal traffic, or lateral traffic—as opposed to north-south traffic, which is inbound/outbound. Likewise, most of the high-profile attacks in recent times have involved malware sitting inside the network, moving laterally from server to server and remaining undetected for months. This is what causes real damage. You simply need more visibility and control in east-west traffic to prevent attackers’ lateral movement.

Perimeter Firewalls Weren’t Made to Secure East-West Traffic

It’s true, traditional appliance-based firewalls Continue reading

How to Protect Azure VMware Solution Resources with Azure Application Gateway

Azure VMware Solution (AVS) is a VMware validated private cloud solution managed and maintained by Azure. It runs on dedicated bare-metal Azure infrastructure. AVS allows customers to manage and secure applications across VMware environments and Microsoft Azure with a consistent operating framework. It supports workload migration, VM deployment, and Azure service consumption.

As AVS private cloud runs on an isolated Azure environment, it is not accessible from Azure or the Internet by default. Users can use either ExpressRoute Global Reach (i.e., from on-prem) or a jump box (i.e., on an Azure VNet) to access AVS private cloud. This means AVS workload VMs are confined within AVS private cloud and not accessible from the Internet.

But what if customers want to make AVS Private Cloud resources, such as web servers, accessible from the Internet? In that case, Public IP needs to be deployed. There are couple of ways to do this: (1) Azure Application Gateway, and (2) Destination NAT or DNAT using Azure WAN Hub and Firewall. Azure Application Gateway is Continue reading

« Previous 1 … 4 5 6 7 8 … 28 Next »

Archive