In his RSA Conference keynote, Pat Gelsinger talked about the fractured nature of the security vendor landscape, and the need to focus on shrinking the attack surface by making security intrinsic, rather than spending the majority of resources chasing threats. This is particularly true with respect to the public cloud. Many executives with whom I speak are struggling with basic visibility, security of their data and resources, and managing the complexity when it comes to cloud. And because of the dynamic and distributed nature of cloud, older tools and approaches don’t meet the new cloud challenges.
Today, we are pleased to announce the availability of Vmware Secure State, which helps customers shift to a more proactive, integrated security approach that is DevOps friendly. VMware Secure State will be available from CloudHealth by VMware, which currently enables more than 5,000 customers to optimize their multicloud environments. Together the two products form a powerful pairing that addresses the most pressing customer challenges around cloud visibility, cost, security, automation, and governance so businesses can take full advantage of all the cloud has to offer. VMware Secure State's capabilities around public cloud security provide demonstrable business benefits to organizations advancing on their cloud journey. VMware Secure State enables customers to visualize at-risk infrastructure, detect vulnerabilities and threats at real-time speed, and automate security and compliance across multiple clouds. The service is available to customers globally.
This announcement further strengthens our security vision and extends VMware's security strategy from the application and network layer to users and devices to helping customers reduce the attack surface across multicloud environments.
Challenges with first-gen cloud security
At VMware, we have had first-hand experiences that made it very clear to us why a service such as VMware Secure State will be an imperative for customers. As we were operationalizing security across our own growing multicloud footprint, we realized the following:
- In public cloud, the way users build and configure applications is constantly changing. Correlating risk across cloud misconfigurations and threats in a dynamic environment is a real challenge for teams. And to enable better security, several groups need more visibility – from vulnerability management and security operations to engineering and DevOps teams that spin up resources.
- Without context, solutions that periodically scan the cloud to validate configurations can overlook serious vulnerabilities, overwhelm security teams with false positives, and create cloud usage conflicts with DevOps teams due to API throttling.
Put simply, we found that the first-generation approaches aimed at performing simple, siloed, periodic checks were leaving critical gaps in an organization’s cloud security posture.
Minimizing cloud security risk with an Interconnected Data Model
VMware Secure State takes a fundamentally different approach to public cloud security. It improves visibility, the speed and sophistication of vulnerability and threat detection, and correlation of risk across dynamic cloud infrastructure.
A prime example of VMware Secure State in action today is Zipwhip, a leader in business text messaging. As a fast growing SaaS company with 262% YoY message-volume growth through API and software solutions, being able to scale effectively is critical. “ We cannot let a lack of visibility derail our pace of innovation and expansion, particularly when it comes to ensuring proper security across our multicloud environment and managing our ongoing SOC2 compliance,” said Kolby Allen, Platform Operations Architect at Zipwhip.
Foundational to VMware Secure State is an Interconnected Cloud Security model, an intermediate data layer that leverages cloud APIs, change events streams, and native threat data, to give you a better understanding of posture vulnerabilities, how different assets are interconnected, and the associated risks and threats across multiple clouds. As cloud objects, data, and relationships change, VMware Secure State intelligently updates the model in near real-time to understand both the direct and correlated risks of each change.
Security violation chain and risk scores
Speaking on the benefits of this approach, Zipwhip’s Kolby has said: “VMware Secure State enables us to visualize risk with a graph view, so that we can easily convey the impact of changes to key stakeholders – for example, we can show that something is not just affecting a server but also certain databases that are connected to it.”
As their cloud infrastructure becomes more dynamic, companies look for detection approaches that are more sophisticated and can keep pace with transitory changes. data.world is another great example of a company leveraging VMware Secure State to unlock this new level of visibility. “VMware Secure State clearly stands out for me in two ways. First, how it handles changes is different. Most configuration audit solutions offer a point-in-time assessments only. VMware Secure State monitors for new findings as they occur, and immediately attributes them to root causes,” explained Steve Verleye, Director of Engineering Operations at data.world, a modern catalog for data and analysis with hundreds of thousands of datasets.
Elaborating further on his experience with VMware Secure State, Steve said: “Second, while other solutions are limited to one-dimensional inspections of resources, VMware Secure State tracks our entire infrastructure and the relationships between resources. With a graph representation of our infrastructure, VMware Secure State is able to detect transitive exposures other solutions cannot. Having a connected data representation of cloud configuration provides a rich resource for detecting security problems as well as a visual aid for our administrators and developers to understand complex deployment environments.”
Today, VMware Secure State is already monitoring thousands of production cloud accounts across AWS and Azure and helping multiple customers:
- Better understand cloud deployments, relationships and risks
- Automate cloud compliance monitoring
- Improve Cloud Security Posture Management (CSPM) to detect interconnected service violations
- Investigate and correlate vulnerabilities with cloud native threat detection
- Distribute real-time security insights across DevOps teams
VMware previews forthcoming VMware Secure State capabilities
VMware is also announcing the following VMware Secure State capabilities can be made available to customers in preview*:
- A new cloud query service to allow powerful investigation of cloud asset relationships
- A machine learning service to improve detection of cloud anomalies and suspicious activity
- A new auto-remediation approach that enables flexible controls across security and DevOps teams
*Note: Feature(s) released in preview are intended to gather feedback and there is no commitment or obligation from VMware that items in 'Preview' status will become 'Available'.
In addition to these services, we will continue to extend our multicloud support to other cloud environments including Google, Kubernetes and VMware Cloud on AWS. We look forward to partnering with our customers on these solutions.
Support for a broader, open security ecosystem: what partners are saying
- “The cloud offers enormous business benefits, along with a foreseeable increase in cybersecurity risk exposure. Organizations want to see their cloud security posture relative to the risks, and they want to manage that risk without sacrificing innovation and speed. VMware Secure State can help organizations maintain visibility across multi-cloud environments and get the risk insights they need to make timely business decisions.”
– Wendy Thomas, SVP, Business & Product Strategy, Secureworks
- “As experts in digital risk management, RSA knows that the risks organizations face change as they move workloads to the public cloud. Essential to mitigating digital risk in multicloud environments is proper configuration, monitoring malicious activity and preventing unauthorized access to applications and data. With VMware Secure State, security teams get a scalable solution that empowers developers to embed security checks early into application deployment and configuration. That can fill a major gap in the industry, as the number of cloud services and the sophistication of cloud-native applications expand.”
– Grant Geyer, SVP, Products, RSA
- “Within dynamic cloud infrastructure, it’s important for SOC teams to continuously monitor cloud assets, quickly detect vulnerabilities and correlate risk across the overall threat landscape. The availability of VMware Secure State brings a novel security approach and powerful visualization capabilities to market. Together with VMware, Splunk is committed to driving product integrations that help joint customers better detect and respond to risk across multi-cloud environments.”
- Aziz Benmalek, VP, Global Partners and Channel Chief, Splunk
Learn more about VMware Secure State and CloudHealth
Jason Needham, founder of VMware Secure State, joins Joe Kinsella, founder of CloudHealth by VMware, to discuss the ever-growing relationship between the two companies and what should be driving your security decisions in the cloud.