VMware Redefines Security After a Surge in Attacks
Enterprise virtualization software giant VMware says it is “redefining” security as it seeks to help customers meet the challenges associated with a skyrocketing number of threats, more numerous attack vectors, and having fewer human resources at their disposal to help keep attacks at bay.
“So what we’re asking all of these IT security teams to do is essentially to do more — and there’s a lot more complexity,” Patrick Morley, senior vice president and general manager of VMware’s security business unit, said during a press conference. “What we’re asking all of these IT security teams to do is essentially to do more with not a lot of increase in personnel, which is a real challenge.”
VMware recently released a study that quantified these security trends, prompted largely by how organizations have struggled to accommodate a surge in remote workers during the pandemic. This served to both add to the complexity of security management and widen the number of potential attack vectors.
According to VMware’s recently released 2020 Threat Landscape report results, 81% of the survey respondents reported a breach during the past 12 months — with four out of the five breaches (82%) deemed material. At the same time, 76% of the respondents reported that their attack volumes had increased, with remote workers largely accounting for the leap. Almost two-thirds of the respondents 61% also agreed that they needed to consider security differently considering that the number of potential attack vectors have increased, VMware said.
“One of the things we understand very well about security, is that no matter what you do with the perimeter, somehow, someway, the bad guys are going to get it. Whether it’s an exotic attack, like SolarWinds — which is one of the most cleverly designed attacks I’ve seen in my career — or a more pedestrian situation where ‘oops, I’ve got a version of [Apache] that’s unpatched,’ which is what happened during high-profile breaches at a credit rating agency,” Tom Gillis, senior vice president, VMware network and security business unit, said. “The point is, the attacker is going to find a way to get a foothold.”
Meanwhile, the elephant in the room was ransomware attacks. According to the survey, 76% of respondents reported more ransomware attacks, while 79% said the attacks had become more sophisticated. Later in the week following the press conference, The Wall Street Journal reported that in the wake of the numerous high-profile attacks during the recent weeks on the meat, oil and gas-distribution and ferry-transportation networks, FBI Director Christopher Wray compared the threat to the Sept. 11, 2001 terrorist attacks.
Among the tools described during the press conference to help prevent ransomware attacks, Gillis described how Carbon Black is integrated with workspaces to help mitigate not only malware ransomware, but other kinds of threats. NSX can read Layer 7 traffic by “speaking the language of the application or looking at it in a ‘flow basis in order to say ‘you know what, this is a real flow, and we recognize that we want to be able to understand the context of what’s happening in the network and actually read the content,’ which we think is really, really significant,” Gillis explained.
At the same time, despite the rising level of sophistication in attacks, ransomware breaches are more preventable than other attacks, Paul Green, chief development officer for medical transport services provider Angel MedFlight, said. An organization, while using the appropriate tools and platforms, can also mitigate ransomware attacks through user training and education. “We’re doing a lot more in education, making sure people understand what they’re looking at and not just clicking,” Green said. “I think a ransomware attack is a much more preventable attack, because you can be proactive with your users and coach them and train them [ahead of time].”
VMware security offerings also rely heavily on what Morley described as the “dream” of extended detection and response (XDR). “XDR [is about] how to deliver the right level of telemetry at the right spot and take it from the right sources — not every source but the right sources,” Morley said.
VMware’s XDR covers five components, Morley said. They include host-based, cloud, workload, network and identity information data security. Additionally, email data is “where most detection is coming in,” Morley said. “So, in the five core areas for VMware, I would argue that we participate in three and a half: we certainly provide great host and cloud coverage with Carbon Black and network security with NSX.”
While VMware does not offer an identity platform, VMware Workspace ONE Access provides information about identity, conditional access “and other situations, we don’t have the whole thing,” Morley said. However, for the missing components, “we can deliver a whole lot of security value, where we have context and we partner for the other spots.”