VMware, at this week’s VMworld 2018 conference, signaled its intention to reduce dramatically the number of products and technologies required to secure an IT environment by eliminating sensors, agents and the need for physical boxes whenever possible.
VMware CEO Pat Gelsinger told conference attendees organizations are spending far too much on IT security.
“The security model needs to change,” he said. “We need to move away from bolt-on security and chasing known bad.”
To provide a step in that direction, VMware announced vSphere Platinum Edition, which integrates VMware AppDefense software. AppDenfense employs machine learning algorithms and behavioral analytics to ensure application workloads have not been tampered with before they run on top of the VMware hypervisor.
VMware is also extending its effort to reduce cybersecurity complexity to the desktop. The company has extended the security functions built into Workspace ONE, which leverages VMware virtual machine software to centralize access to and management of productivity applications. IT organizations employing WorkSpace ONE can now employ predictive Windows 10 OS patching based on operating system and application readiness assessments along with vulnerability scores to proactively apply updates.
Workspace ONE also now includes a Group Policy Object utility that makes it easier to manage and edit Center for Internet Security (CIS) and Microsoft security policy templates.
In addition, VMware announced that Workspace ONE Trust Network, which combines security intelligence from third-party vendors and VMware, is now available with integrations from Carbon Black, Netskope and Lookout in a preview mode. Other security vendors committed to participating in the Workspace ONE Trust Network include TrendMicro, CheckPoint, Palo Alto Networks and ZScaler.
Previews of integrations between Horizon 7 virtual desktop infrastructure (VDI) tools for monitoring, managing and update operating systems images within the Workspace ONE platform are also being made available. VMware has also developed a preview of integration between Horizon and Workspace ONE Intelligence to provide visibility into virtual desktop and application usage.
Longer term, Gelsinger promised VMware would continue to focus on reducing the size of the attack surface IT organizations need to defend. Core to that effort is ongoing integration between vSphere and VMware vSAN storage virtualization and VMware NSX network virtualization technologies. NSX, for example, enables IT organizations to segment east-west traffic in a data center to prevent malware from spreading in the event a virtual machine is compromised. As VMware continues to tighten the integration between these offerings under a common management plane, it should become easier to centrally manage security policies across multiple data center environments. In fact, VMware seems to be betting that IT generalists will play an increasingly larger role in in both defining and implementing cybersecurity rules and policies.
It’s unclear what timetable VMware has set for eliminating sensors, agents and physical appliances that today clutter IT environments. But as the cost of securing IT environments continues to rise chance are high that any effort to reduce cybersecurity complexity will be warmly received.