As organisations continue their journey towards cloud transformation and application modernisation, they require modern security solutions that are both powerful and easy to operate.
Unveiled at VMworld 2020 last week, VMware Carbon Black Cloud Workload delivers advanced protection and is purpose-built for better securing modern workloads to reduce the attack surface and strengthen security posture. This innovative solution combines prioritised vulnerability reporting and foundational workload hardening with industry-leading prevention, detection and response capabilities to protect workloads running in virtualised, private and hybrid cloud environments.
In an exclusive with CyberSecurity Asean, Tom Corn, Senior VP of Security Products at VMware, highlighted the growing need for visibility and control over remote workers as cybersecurity needs have now been pushed to the edge, making endpoint security as well as cloud analytics ever so more important.
“There are no longer perimeters due to hyperextended enterprises. Remote workers at most only have antivirus running on company-provided or their own devices. However, businesses do not have visibility and control over a hardening asset and require more sophisticated protection. They are not instrumented to investigate and respond. Businesses want lightweight sensors to have that whole breadth of capabilities. Carbon Black does it as its solutions can be integrated with a virtual desktop platform”, explained Tom.
According to Tom, endpoints represent a large percentage of the attack surface, especially with more remote workers. Which is why organisations need that visibility.
“We need visibility into risks to reduce the attack surface. If that fails, you need the tech to prevent or disrupt these attacks. It is no longer about malicious software; it is about software being used maliciously. When you can’t prevent or disrupt, you need to detect and respond. You need the ability to rewind a camera to see what has happened. Also, when you deal with an attack, you need to deal with the whole campaign. These three things can’t be treated in a silo”.
Tom added that when organisations respond to an attack, they need to be able to take what they have learnt and use it to adjust prevention policies so that they can become smarter and more secure. The problem however, is that there are various products doing the same thing which can lead to complexity and chances of misconfiguration.
As remote working continues for most organisations, Tom also pointed out that the Security Operations Centre (SOC) has also evolved. It’s no longer about a place, but a type of work and finding out how collaboration can happen remotely. The cloud has enabled the SOC to become a more virtual concept that will benefit organisations. For example, businesses are now able to source for talent beyond physical locations.
VMware Carbon Black Cloud Workload
The solution combines Carbon Black’s security expertise with VMware’s deep knowledge of data centres to build security into workloads. Tightly integrated with VMware vSphere, VMware Carbon Black Cloud Workload provides agentless security that alleviates installation and management overhead and consolidates the collection of telemetry for multiple workload security use cases. This unified solution enables security and infrastructure teams to automatically help secure new and existing workloads at every point in the security lifecycle while simplifying operations and consolidating the IT and security stack.
Workload security is especially complicated in hybrid data centre architectures that employ everything from physical, on-premises machines to multiple public cloud Infrastructure as a Service (IaaS) environments to container-based application architectures. For security teams, VMware Carbon Black Cloud Workload will offer:
Visibility to Identify Risk and Harden Workloads: Carbon Black Cloud Workload helps security and infrastructure teams focus on the most high-risk vulnerabilities and common exploits across their environments because it’s not about finding the most vulnerabilities—it’s about finding the right ones. Prioritise vulnerabilities based on a combination of the Common Vulnerability Scoring System (CVSS), real-life exploitability and real-life frequency of attack, increase patching efficiency with best-in-class prioritisation and take immediate action in vSphere Client.
Prevention, Detection and Response to Advanced Attacks: Security teams often lack visibility and control in highly dynamic virtualised data centre environments. Carbon Black Cloud Workload protects workloads running in these environments by combining vulnerability assessment and workload hardening with industry-leading next-generation antivirus (NGAV), workload behavioral monitoring and Endpoint Detection and Response (EDR) for workloads.
Simplified Operations for IT and Security Teams: The VMware intrinsic approach builds security into the virtual fabric, enabling protection everywhere workloads are deployed and eliminating the trade-off between security and operational simplicity. But organisations also need the infrastructure team to be able to operationalise more security policy and hardening. That requires giving them the right visibility into risk and the tools to harden workloads right inside their own consoles. Carbon Black Workload accomplishes this by building security risk visibility right into VMware vCenter, with the same visibility security operations see in Carbon Black Cloud – giving them a single source of the truth. This will not only accelerate response to critical vulnerabilities and attacks, it will foster far greater collaboration between IT and security teams.
VMware will introduce expanded offerings for Carbon Black Cloud Workload later this year including a new module for hardening and better securing Kubernetes workloads. The new capabilities will give security teams governance capabilities and control of Kubernetes environments.