VMworld 2021: VMware to pack more security into NSX – Reseller News

Forgot password?
Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.
An upcoming release of VMware's core NSX networking software will add anomaly detection, analytics, and data-gathering software sensors.
Tom Gillis (VMware)
When it comes to protecting data-centre-based resources in the highly distributed world, traditional security hardware and software components just aren’t going to cut it.
That’s the bottom line for enterprises as they move to distributed digital environments according to Tom Gillis, senior vice president and general manager of VMware’s networking and advanced security business group. The idea is that security needs to be put deep into the infrastructure fabric and protect workloads across their lifecycle, Gillis said during an interview with Network World at the company’s VMworld virtual conference.
One way VMware will do this is by packing an upcoming release of its core NSX networking software with more security features, including better anomaly detection and analytics. NSX underpins VMware’s software-defined Virtual Cloud Networking architecture that enables enterprises to build and control network connectivity and security from the data centre across the WAN to multi-cloud environments.
NSX supports everything from private or public cloud-native applications to bare-metal workloads running on multivendor hypervisors. It also supports network-virtualization stacks in Amazon Web Services, Microsoft Azure, Google Cloud, and IBM Cloud, as well as leading Kubernetes container technologies.
Security that’s already in NSX includes support for configuring the network, management and policy setting across large environments. This NSX Federation feature lets customers generate fault-tolerant zones for containing problems and preventing them from spreading across the enterprise network. 
In addition, VMware NSX Advanced Threat Prevention combines NSX Distributed IDS/IPS with malware detection software and network traffic analysis acquired from Lastline in 2020. 
Into that set of security features VMware is adding the ability to put software-based sensors or what traditional network administrators would call network Test Access Points (TAPs) across the enterprise to feed traffic-pattern and network-performance data back to a management console, Gillis said. 
“Traditional network TAPping is hard, cumbersome for IT, and it isn’t a great way to see what’s going on in a virtual environment,” Gillis said. “With NSX and our hypervisor we can do this network discovery in the hypervisor without TAPs and see everything.”
Tanzu improvements
Hand-in-hand with deep NSX security is the Tanzu Service Mesh technology that VMware is developing. Tanzu Service Mesh upgrades announced at VMworld let enterprise security teams and app developers better see and understand when, where, and how APIs are communicating, even across multi-cloud environments, Gillis said. It is part of the ongoing VMware effort to secure APIs across application lifecycles. 
“Traditional applications built with a three-tier web approach just wrap each piece in security, and that’s it,” Gillis said. “A container-based application could have 3,000 different pieces, each with their own API, and each one can be poked by people looking to exploit them.
“Tanzu Service Mesh shows customers an exact picture of how an application is being used, all the inner workings, and helps users spot anomalies so they can segment the bad stuff out. Basically, it puts a traffic cop between all container flows that understands content and response times. And if it doesn’t like what it sees, it doesn’t let it pass.”
The service mesh includes open source Envoy support, which is an application-layer technology that helps manage microservice-based applications. “It helps make up a very potent package for managing modern applications and APIs,” Gillis said.
Introducing elastic application security edge
VMware announced an NSX service to adjust the networking and security infrastructure at the edge of the data centre or cloud as application traffic changes. This elastic application security edge (EASE) will include the NSX Load Balancer and distributed firewall, provide central control, and support any environment, Gillis said.
“This sort of elasticity is needed for automation. That’s how the public cloud works; it can scale up and down,” Gillis said. “The news here is that we will support scaling for firewall services that we think is an industry first and will be an extremely powerful enterprise security tool.”
Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.
Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.
Nominations now closed
Your essential guide to New Zealand Distributors
Find distributors by namevendorlocation
Your essential guide to New Zealand Vendors
Find vendors by namecategory
​Reseller News is proud to showcase the winners, highly commended and finalists of the new-look Women in ICT Awards (WIICTA) in 2021, setting a new industry benchmark for female achievement and accomplishment in New Zealand.
The new-look Women in ICT Awards honoured female excellence within the technology channel following an industry-defining celebration in New Zealand, played out in front of more than 310 attendees at Hilton Auckland.
Leading executives within the Kiwi channel united under one roof as Reseller News launched a market-leading agenda at the inaugural Influencer Network in Auckland.
Copyright 2021 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.
IDG Sites: PC World New Zealand | CIO New Zealand | Computerworld New Zealand
Links: Privacy Policy [Updated 13 Sep 19] | | Reprints | Advertising | Books | Downloads
Reseller News Innovation Awards
Reseller News Women in ICT Awards

source