Defense in Depth: User-Centric Security

It’s impossible to create a security system that removes the user from the equation. They are integral and they have to be part of your security program. Security is defined by the individual. The minimum expectation you can have of your users is that they’ll operate in good faith. Avoid complexity because as soon as it’s introduced it drives problems everywhere. Instead, keep asking yourself, how can I make security more usable?
Individuals are suffering from alert fatigue. If you’re going to send an alert to a user, make it relevant and actionable. And always be aware that your security alerts are not the only alert the user is seeing and deciding or not deciding to take action on. Think about all the alerts you completely ignore, like the confidentiality warning in a corporate email.

Spotlight

MobilePundits

MobilePundits is a leading provider of pioneering Enterprise Digital Transformation solutions to mobile start-ups, emerging wireless companies and mature organizations alike. MobilePundits is ISO 9001:2008 Certified by Bureau Veritas & UKAS for its quality and services.

OTHER ARTICLES
Virtual Desktop Tools, Server Hypervisors

Efficient Management of Virtual Machines using Orchestration

Article | April 28, 2023

Contents 1. Introduction 2. What is Orchestration? 3. How Orchestrating Help Optimize VMs Efficiency? 3.1. Resource Optimization 3.2 Dynamic Scaling 3.3 Faster Deployment 3.4 Improved Security 3.5 Multi-Cloud Management 3.6 Improved Collaboration 4. Considerations while Orchestrating VMs 4.1. Together Hosting of Containers and VMs 4.2 Automated Backup and Restore for VMs 4.3 Ensure Replication for VMs 4.4 Setup Data Synchronization for VMs 5. Conclusion 1. Introduction Orchestration is a superset of automation. Cloud orchestration goes beyond automation, providing coordination between multiple automated activities. Cloud orchestration is increasingly essential due to the growth of containerization, which facilitates scaling applications across clouds, both public and private. The demand for both public cloud orchestration and hybrid cloud orchestration has increased as businesses increasingly adopt a hybrid cloud architecture. The quick adoption of containerized, micro-services-based apps that communicate over APIs has fueled the desire for automation in deploying and managing applications across the cloud. This increase in complexity has created a need for VM orchestration that can manage numerous dependencies across various clouds with policy-driven security and management capabilities. 2. What is Orchestration? Orchestration refers to the process of automating, coordinating, and managing complex systems, workflows, or processes. It typically entails the use of automation tools and platforms to streamline and coordinate the deployment, configuration, management of applications and services across different environments. This includes development, testing, staging, and production. Orchestration tools in cloud computing can be used to automate the deployment and administration of containerized applications across multiple servers or clusters. These tools can help automate tasks such as container provisioning, scaling, load balancing, and health monitoring, making it easier to manage complex application environments. Orchestration ensures organizations automate and streamline their workflows, reduce errors and downtime, and improve the efficacy and scalability of their operations. 3. How Orchestrating Help Optimize VMs Efficiency? Orchestration offers enhanced visibility into the resources and processes in use, which helps prevent VM sprawl and helps organizations trace resource usage by department, business unit, or individual user. Fig. Global Market for VNFO by Virtualization Methodology 2022-27($ million) (Source: Insight Research) The above figure shows, VMs have established a solid legacy that will continue to be relevant in the near to mid-term future. These are 6 ways, in which Orchestration helps vin efficient management of VMs: 3.1. Resource Optimization Orchestrating helps optimize resource utilization by automating the provisioning and de-provisioning of VMs, which allows for efficient use of computing resources. By using orchestration tools, IT teams can set up rules and policies for automatically scaling VMs based on criteria such as CPU utilization, memory usage, network traffic, and application performance metrics. Orchestration also enables advanced techniques such as predictive analytics, machine learning, and artificial intelligence to optimize resource utilization. These technologies can analyze historical data and identify patterns in workload demand, allowing the orchestration system to predict future resource needs and automatically provision or de-provision resources accordingly 3.2. Dynamic Scaling Orchestrating helps automate scaling of VMs, enabling organizations to quickly and easily adjust their computing resources based on demand. It enables IT teams to configure scaling policies and regulations for virtual machines based on resource utilization and network traffic along with performance metrics. When the workload demand exceeds a certain threshold, the orchestration system can autonomously provision additional virtual machines to accommodate the increased load. When workload demand decreases, the orchestration system can deprovision VMs to free up resources and reduce costs. 3.3. Faster Deployment Orchestrating can help automate VM deployment of VMs, reducing the time and effort required to provision new resources. By leveraging advanced technologies such as automation, scripting, and APIs, orchestration can further streamline the VM deployment process. It allows IT teams to define workflows and processes that can be automated using scripts, reducing the time and effort required to deploy new resources. In addition, orchestration can integrate with other IT management tools and platforms, such as cloud management platforms, configuration management tools, and monitoring systems. This enables IT teams to leverage various capabilities and services to streamline the VM deployment and improve efficiency. 3.4. Improved Security Orchestrating can help enhance the security of VMs by automating the deployment of security patches and updates. It also helps ensure VMs are deployed with the appropriate security configurations and settings, reducing the risk of misconfiguration and vulnerability. It enables IT teams to define standard security templates and configurations for VMs, which can be automatically applied during deployment. Furthermore, orchestration can integrate with other security tools and platforms, such as intrusion detection systems and firewalls, to provide a comprehensive security solution. It allows IT teams to automate the deployment of security policies and rules, ensuring that workloads remain protected against various security threats. 3.5. Multi-Cloud Management Orchestration helps provide a single pane of glass for VM management, enabling IT teams to monitor and manage VMs across multiple cloud environments from a single platform. This simplifies management and reduces complexity, enabling IT teams to respond more quickly and effectively to changing business requirements. In addition, orchestration also helps to ensure consistency and compliance across multiple cloud environments. Moreover, orchestration can also integrate with other multi-cloud management tools and platforms, such as cloud brokers and cloud management platforms, to provide a comprehensive solution for managing VMs across multiple clouds. 3.6. Improved Collaboration Orchestration helps streamline collaboration by providing a centralized repository for storing and sharing information related to VMs. Moreover, it also automates many of the routine tasks associated with VM management, reducing the workload for IT teams and freeing up time for more complex tasks. This can improve collaboration by enabling IT teams to focus on more strategic initiatives. In addition, orchestration provides advanced analytics and reporting capabilities, enabling IT teams to track performance, identify bottlenecks, and optimize resource utilization. This improves performance by providing a data-driven approach to VM management and allowing IT teams to work collaboratively to identify and address performance issues. 4. Considerations while Orchestrating VMs 4.1. Together Hosting of Containers and VMs Containers and virtual machines exist together within a single infrastructure and are managed by the same platform. This allows for hosting various projects using a unified management point and the ability to adapt gradually based on current needs and opportunities. This provides greater flexibility for teams to host and administer applications using cutting-edge technologies and established standards and methods. Moreover, as there is no need to invest in distinct physical servers for virtual machines (VMs) and containers, this approach can be a great way to maximize infrastructure utilization, resulting in lower TCO and higher ROI. In addition, unified management drastically simplifies processes, requiring fewer human resources and less time. 4.2. Automated Backup and Restore for VMs --Minimize downtime and reduce risk of data loss Organizations should set up automated backup and restore processes for virtual machines, ensuring critical data and applications are protected during a disaster. This involves scheduling regular backups of virtual machines to a secondary location or cloud storage and setting up automated restore processes to recover virtual machines during an outage or disaster quickly. 4.3. Ensure Replication for VMs --Ensure data and applications are available and accessible in the event of a disaster Organizations should set up replication processes for their VMs, allowing them to be automatically copied to a secondary location or cloud infrastructure. This ensures that critical applications and data are available even during a catastrophic failure at the primary site. 4.4. Setup Data Synchronization for VMs --Improve overall resilience and availability of the system VM orchestration tools should be used to set up data synchronization processes between virtual machines, ensuring that data is consistent and up-to-date across multiple locations. This is particularly important in scenarios where data needs to be accessed quickly from various locations, such as in distributed environments. 5. Conclusion Orchestration provides disaster recovery and business continuity, automatic scalability of distributed systems, and inter-service configuration. Cloud orchestration is becoming significant due to the advent of containerization, which permits scaling applications across clouds, both public and private. We expect continued growth and innovation in the field of VM orchestration, with new technologies and tools emerging to support more efficient and effective management of virtual machines in distributed environments. In addition, as organizations increasingly rely on cloud-based infrastructures and distributed systems, VM orchestration will continue to play a vital role in enabling businesses to operate smoothly and recover quickly from disruptions. VM orchestration will remain a critical component of disaster recovery and high availability strategies for years as organizations continue relying on virtualization technologies to power their operations and drive innovation.

Read More
Server Virtualization

Top 15 Virtualization Events to Attend in 2023

Article | May 17, 2023

Virtualization has become integral to modern computing, enabling organizations to optimize their resources and increase efficiency. Following are the upcoming events taking place in France, China, USA, Netherlands, and Germany, from April 2023 to December 2023. Let's take a closer look at each of these events and know what attendees can expect to gain from them. The following events will provide insight into the growing impact of virtualization on upcoming as well as established organizations. The renowned speakers in the following events will give economic value to the concept of virtualization and how it can transform business operations. By attending these events, participants will gain a deeper understanding of the latest trends, technologies, and strategies in virtualization, as well as the potential benefits and challenges associated with its implementation. 1. 18th Workshop on Virtualization in High-Performance Cloud Computing May 25, 2023 | Hamburg (Germany) The VHPC workshop at the International Supercomputing Conference - High Performance 2023 invites researchers and industrial practitioners to submit original and high-quality papers on virtualization in HPC, containers, virtualization, and cloud computing. The workshop will cover a broad range of topics related to virtualization, including virtualization for scientific computing and big data analytics, virtualization for high-performance computing and data centers, and virtualization for edge, fog computing, and more. The workshop will provide a forum for researchers to present their latest research findings, share ideas, and collaborate on new research directions. 2. VMware Explore 2023 August 5-10, 2023 | Nevada (USA) The VMware Explore 2023 conference is a specialized event focusing on virtualization and cloud computing technologies for data centers and virtual workspace infrastructure. It will cover topics on cloud & edge infrastructure, networking & security, modern applications & cloud management, hybrid workforce, vision & innovation. VMware Explore 2023 will host a community of technology users and leaders involved in enterprise applications, cloud architecture, infrastructure, end users, networking, and security. 3. Data Center World May 8 - 11, 2023 | Texas (USA) This is the only global event that brings together the entire data center industry, making it the go-to resource for anybody looking to optimize their data center strategy. Data Center World is the premier event for digital infrastructure, that will cater to the needs of data center managers, IT executives, and the pioneers who will shape the future of the digital sector. The technologies and concepts for designing, managing, and optimizing data centers will be presented at the event, along with expert advice and guidance. 4. The Fourteenth International Conference on Cloud Computing, GRIDs, and Virtualization June 26 - 30, 2023 | Saint-Laurent-du-Var (France) The Fourteenth International Conference on Cloud Computing, GRIDs, and Virtualization is an upcoming conference that will provide a forum for researchers and practitioners to present and discuss the latest research, trends & practical applications in cloud computing, grids, and virtualization. The conference will cover various topics related to these fields, including cloud security and privacy, cloud storage, cloud economics, and more. The conference will provide a platform for attendees to discuss emerging trends, challenges, and opportunities in these fields, as well as present their research findings and insights. 5. Knowledge 2023 May 16 - 18, 2023 | Las Vegas (United States) The event is organized by ServiceNow, which provides cloud-based IT service management, IT operations management, and IT business management solutions. Chairman and Chief Executive Officer Bill McDermott will deliver the opening keynote address. The event will include a wide range of sessions: Hands-on Labs, Presentations from Experts, Art of the Possible HackZone Demo, Annual Hackathon, Community Meetups, challenges, and more. Attendees will be able to connect with visionaries worldwide and gain new ServiceNow skills and fresh insights into the power of digital transformation. 6. 2023 5TH INTERNATIONAL CONFERENCE ON HARDWARE SECURITY AND TRUST (ICHST 2023) July 8 - 10, 2023 | Wuxi (China) The 5th International Conference on Hardware Security and Trust (ICHST 2023) will serve as a workshop for ICSIP 2023 and is sponsored by Southeast University, China, with co-sponsorship from Southeast University Wuxi Campus and the School of Cyber Science and Engineering. ICHST is an annual symposium that will seek to promote the rapid growth of hardware-based security research and development. It will focus on presenting new findings in hardware and system security, covering topics such as secure hardware techniques, tools, design and test methods, architectures, circuits, and applications. 7. .NEXT May 9 - 10, 2023 | Chicago (USA) .NEXT conference is a series of annual events organized by Nutanix, a cloud computing and hyper-converged infrastructure company. It will cover fascinating insights about new work, global supply chains, utopian visions, the metaverse and Web3, smart technology, intelligence, and many more. The conference will typically feature keynote presentations, technical sessions, and hands-on labs focused on cloud computing, data center infrastructure, and digital transformation. Attendees will also be able to experience test-drive demos. 8. Wan Summit: Enterprise Networks Chicago September 28, 2023 | Chicago (USA) Connectivity infrastructure is the main topic of discussion at WAN Summit, an invitation-only conference for network and engineering professionals shaping the future of the workplace. In order to help businesses, provide a better experience for their customers, the WAN Summit will discuss the issues that persist in the networking department. The event will have sessions as network manager focus, enterprise case studies, exhibition and networking drinks reception, and so on. 9. Black Hat USA August 5 -10, 2023 | Nevada (USA) This year marks the 26th annual Black Hat USA conference, which will be held at the Mandalay Bay Convention Center in Las Vegas. Attendees of all experience levels can participate in four days of intensive cybersecurity training. More than a hundred carefully-chosen briefings, hundreds of open-source tool demonstrations in Arsenal, a robust business hall, networking and social events, and much more will fill the two days of the main conference. This year, Black Hat will also debut a live, in-person Certification program that will last for a whole day. 10. Gartner IT Symposium | Xpo October 16 -19, 2023 | Orlando (USA) The strategic concerns of enterprise CIOs and their executive teams are the focus of the Gartner IT Symposium/Xpo. At the Gartner IT Symposium, a worldwide network of experts and peers will talk about game-changing innovations. Chief Information Officers and other IT executives will discuss the latest developments in the fields of accelerating business transformation, cybersecurity, artificial intelligence, customer experience, data analytics, executive leadership, and many other topics that will shape the future of IT and business. 11. Container Days September 11 -13, 2023 | Hamburg (Germany) An amazing learning experience on Kubernetes, Cloud Native, Container Security, DevOps, GitOps, Edge Computing, and more is available at CDS, where the CDS family increases yearly. Global tycoons will gather in person and online to share insights, make connections, and do business. Opportunities to meet like-minded people and open discussion forums are favorites among open-source and cloud-native project fans. More in-depth technical presentations and engaging panel discussions will be live across five stages this year. 12. Big Data Expo September 12 - 13, 2023 | Utrecht (Netherlands) Supply and demand in the big data industry are finally brought together at Big Data Expo. This is the only conference in the Benelux region covering every data management facet. Exhibitors are prioritized who regularly engage in data aggregation, generation, analysis, optimization, and application across a variety of scales and contexts. The two-day conference will cover various topics, from cloud computing and data visualization to data security and machine learning/artificial intelligence. If you're interested in data, the Big Data Expo is the place to be. 13. Red Hat Summit May 23 - 25, 2023 | Massachusetts (USA) The seminars, workshops, demos, laboratories, and training opportunities at Red Hat Summit 2023 in Boston (Massachusetts), will be invaluable to the individuals and their teams. In addition, this year's event will be held in conjunction with AnsibleFest, adding automation to the diverse mix of offerings that are used to address a world of IT challenges, in addition to keynotes, customer and partner stories, topics, and tracks designed to help you make the most of hybrid cloud technology. Participants will be able to watch or rewatch major announcements and view dozens of new sessions and recorded sessions from Boston—at no cost to you. 14. TechNet Cyber 2023 May 2 -4, 2023 | Baltimore convention center, Maryland (USA) TechNet Cyber is the best chance to showcase products & services to the nation's top network security, operations, and defense decision-makers. The U.S. Defense Information Systems Agency is always on the lookout for fresh concepts to help standardize and streamline cyber operations throughout the Department of Defense and the armed forces' various components. To tackle global security concerns and successfully function in a digital world, AFCEA's TechNet Cyber acts as a focal point for a government-wide effort to consolidate the policy, strategic architecture, operations, and C2, as well as the combined capabilities necessary to do so. 15. IEEE International Conference On Smart Information Systems and Technologies May 4 - 6, 2023 | Scientific Society (Kazakhstan) The 2023 IEEE SIST International Conference, technically co-sponsored by the IEEE Ukraine Section, is an essential event in the scientific society of Kazakhstan. Professionals, researchers, scientists, specialists, and students from a unique opportunity for participants to expand their knowledge and various areas of the IT industry from around the globe will attend this conference. The conference will offer perspectives on specific topics, and contribute to finding solutions to current IT trends. Additionally, the conference will be covering several research areas, including technology and engineering management, governance, finance, economy, and more. Conclusion The events will help organizations capitalize on the opportunities presented by virtualization and remain ahead of the curve in today's rapidly evolving digital landscape. The purpose of the events is to facilitate collaboration, the exchange of knowledge, and the discussion of innovative solutions for virtualized computing systems of the future.

Read More
Virtual Desktop Strategies, Server Hypervisors

VM Applications for Software Development and Secure Testing

Article | April 27, 2023

Contents 1. Introduction 2. Software Development and Secure Testing 3. Using VMs in Software Development and Secure Testing 4. Conclusion 1. Introduction “Testing is an infinite process of comparing the invisible to the ambiguous in order to avoid the unthinkable happening to the anonymous.” —James Bach. Testing software is crucial for identifying and fixing security vulnerabilities. However, meeting quality standards for functionality and performance does not guarantee security. Thus, software testing nowadays is a must to identify and address application security vulnerabilities to maintain the following: Security of data history, databases, information, and servers Customers’ integrity and trust Web application protection from future attacks VMs provide a flexible and isolated environment for software development and security testing. They offer easy replication of complex configurations and testing scenarios, allowing efficient issue resolution. VMs also provide secure testing by isolating applications from the host system and enabling a reset to a previous state. In addition, they facilitate DevOps practices and streamline the development workflow. 2. Software Development and Secure Testing Software Secure Testing: The Approach The following approaches must be considered while preparing and planning for security tests: Architecture Study and Analysis: Understand whether the software meets the necessary requirements. Threat Classification: List all potential threats and risk factors that must be tested. Test Planning: Run the tests based on the identified threats, vulnerabilities, and security risks. Testing Tool Identification: For software security testing tools for web applications, the developer must identify the relevant security tools to test the software for specific use cases. Test-Case Execution: After performing a security test, the developer should fix it using any suitable open-source code or manually. Reports: Prepare a detailed test report of the security tests performed, containing a list of the vulnerabilities, threats, and issues resolved and the ones that are still pending. Ensuring the security of an application that handles essential functions is paramount. This may involve safeguarding databases against malicious attacks or implementing fraud detection mechanisms for incoming leads before integrating them into the platform. Maintaining security is crucial throughout the software development life cycle (SDLC) and must be at the forefront of developers' minds while executing the software's requirements. With consistent effort, the SDLC pipeline addresses security issues before deployment, reducing the risk of discovering application vulnerabilities while minimizing the damage they could cause. A secure SDLC makes developers responsible for critical security. Developers need to be aware of potential security concerns at each step of the process. This requires integrating security into the SDLC in ways that were not needed before. As anyone can potentially access source code, coding with potential vulnerabilities in mind is essential. As such, having a robust and secure SDLC process is critical to ensuring applications are not subject to attacks by hackers. 3. Using VMs in Software Development and Secure Testing: Snapshotting: Snapshotting allows developers to capture a VM's state at a specific point in time and restore it later. This feature is helpful for debugging and enables developers to roll back to a previous state when an error occurs. A virtual machine provides several operations for creating and managing snapshots and snapshot chains. These operations let users create snapshots, revert to any snapshots in the chain, and remove snapshots. In addition, extensive snapshot trees can be created to streamline the flow. Virtual Networking: It allows virtual machines to be connected to virtual networks that simulate complex network topologies, allowing developers to test their applications in different network environments. This allows expanding data centers to cover multiple physical locations, gaining access to a plethora of more efficient options. This empowers them to effortlessly modify the network as per changing requirements without any additional hardware. Moreover, providing the network for specific applications and needs offers greater flexibility. Additionally, it enables workloads to be moved seamlessly across the network infrastructure without compromising on service, security, or availability. Resource Allocation: VMs can be configured with specific resource allocations such as CPU, RAM, and storage, allowing developers to test their applications under different resource constraints. Maintaining a 1:1 ratio between the virtual machine processor and its host or core is highly recommended. It's crucial to refrain from over-subscribing virtual machine processors to a single core, as this could lead to stalled or delayed events, causing significant frustration and dissatisfaction among users. However, it is essential to acknowledge that IT administrators sometimes overallocate virtual machine processors. In such cases, a practical approach is to start with a 2:1 ratio and gradually move towards 4:1, 8:1, 12:1, and so on while bringing virtual allocation into IT infrastructure. This approach ensures a safe and seamless transition towards optimized virtual resource allocation. Containerization within VMs: Containerization within VMs provides an additional layer of isolation and security for applications. Enterprises are finding new use cases for VMs to utilize their in-house and cloud infrastructure to support heavy-duty application and networking workloads. This will also have a positive impact on the environment. DevOps teams use containerization with virtualization to improve software development flexibility. Containers allow multiple apps to run in one container with the necessary components, such as code, system tools, and libraries. For complex applications, both virtual machines and containers are used together. However, while containers are used for the front-end and middleware, VMs are used for the back-end. VM Templates: VM templates are pre-configured virtual machines that can be used as a base for creating new virtual machines, making it easier to set up development and testing environments. A VM template is an image of a virtual machine that serves as a master copy. It includes VM disks, virtual devices, and settings. By using a VM template, cloning a virtual machine multiple times can be achieved. When you clone a VM from a template, the clones are independent and not linked to the template. VM templates are handy when a large number of similar VMs need to be deployed. They preserve VM consistency. To edit a template, convert it to a VM, make the necessary changes, and then convert the edited VM back into a new template. Remote Access: VMs can be accessed remotely, allowing developers and testers to collaborate more effectively from anywhere worldwide. To manage a virtual machine, follow these steps: enable remote access, connect to the virtual machine, and then access the VNC or serial console. Once connected, full permission to manage the virtual machine is granted with the user's approval. Remote access provides a secure way to access VMs, as connections can be encrypted and authenticated to prevent unauthorized access. Additionally, remote access allows for easier management of VMs, as administrators can monitor and control virtual machines from a central location. DevOps Integration: DevOps is a collection of practices, principles, and tools that allow a team to release software quickly and efficiently. Virtualization is vital in DevOps when developing intricate cloud, API, and SOA systems. Virtual machines enable teams to simulate environments for creating, testing, and launching code, ultimately preserving computing resources. While commencing a bug search at the API layer, teams find that virtual machines are suitable for test-driven development (TDD). Virtualization providers handle updates, freeing up DevOps teams, to focus on other areas and increasing productivity by 50 –60%. In addition, VMs allow for simultaneous testing of multiple release and patch levels, improving product compatibility and interoperability. 4. Conclusion The outlook for virtual machine applications is highly promising in the development and testing fields. With the increasing complexity of development and testing processes, VMs can significantly simplify and streamline these operations. In the future, VMs are expected to become even more versatile and potent, providing developers and testers with a broader range of tools and capabilities to facilitate the development process. One potential future development is integrating machine learning and artificial intelligence into VMs. This would enable VMs to automate various tasks, optimize the allocation of resources, and generate recommendations based on performance data. Moreover, VMs may become more agile and lightweight, allowing developers and testers to spin up and spin down instances with greater efficiency. The future of VM applications for software development and security testing looks bright, with continued innovation and development expected to provide developers and testers with even more powerful and flexible tools to improve the software development process.

Read More
VMware

VMware NSX 3.2 Delivers New, Advanced Security Capabilities

Article | December 7, 2021

It’s an impactful release focused on significant NSX Security enhancements Putting a hard shell around a soft core is not a recipe for success in security, but somehow legacy security architectures for application protection have often looked exactly like that: a hard perimeter firewall layer for an application infrastructure that was fundamentally not built with security as a primary concern. VMware NSX Distributed Firewall pioneered the micro-segmentation concept for granular access controls for cloud applications with the initial launch of the product in 2013. The promise of Zero Trust security for applications, the simplicity of deployment of the solution, and the ease of achieving internal security objectives made NSX an instant success for security-sensitive customers. Our newest release — NSX-T 3.2 — establishes a new marker for securing application infrastructure by introducing significant new features to identify and respond to malware and ransomware attacks in the network, to enhance user identification and L7 application identification capabilities, and, at the same time, to simplify deployment of the product for our customers. Modern day security teams need to secure mission-critical infrastructure from both external and internal attacks. By providing unprecedented threat visibility leveraging IDS, NTA, and Network Detection and Response (NDR) capabilities along with granular controls leveraging L4-L7 Firewall, IPS, and Malware Prevention capabilities, NSX 3.2 delivers an incredible security solution for our customers“ Umesh Mahajan, SVP, GM (Networking and Security Business Unit) Distributed Advanced Threat Prevention (ATP) Attackers often use multiple sophisticated techniques to penetrate the network, move laterally within the network in a stealthy manner, and exfiltrate critical data at an appropriate time. Micro-segmentation solutions focused solely on access control can reduce the attack surface — but cannot provide the detection and prevention technologies needed to thwart modern attacks. NSX-T 3.2 introduces several new capabilities focused on detection and prevention of attacks inside the network. Of critical note is that these advanced security solutions do not need network taps, separate monitoring networks, or agents inside each and every workload. Distributed Malware Prevention Lastline’s highly reputed dynamic malware technology is now integrated with NSX Distributed Firewall to deliver an industry-first Distributed Malware Prevention solution. Leveraging the integration with Lastline, a Distributed Firewall embedded within the hypervisor kernel can now identify both “known malicious” as well as “zero day” malware Distributed Behavioral IDS Whereas earlier versions of NSX Distributed IDPS (Intrusion Detection and Prevention System) delivered primarily signature-based detection of intrusions, NSX 3.2 introduces “behavioral” intrusion detection capabilities as well. Even if specific IDS signatures are not triggered, this capability helps customers know whether a workload is seeing any behavioral anomalies, like DNS tunneling or beaconing, for example, that could be a cause for concern. Network Traffic Analysis (NTA) For customers interested in baselining network-wide behavior and identifying anomalous behavior at the aggregated network level, NSX-T 3.2 introduces Distributed Network Traffic Analysis (NTA). Network-wide anomalies like lateral movement, suspicious RDP traffic, and malicious interactions with the Active Directory server, for example, can alert security teams about attacks underway and help them take quick remediation actions. Network Detection and Response (NDR) Alert overload, and resulting fatigue, is a real challenge among security teams. Leveraging advanced AI/ML techniques, the NSX-T 3.2 Network Detection and Response solution consolidates security IOCs from different detection systems like IDS, NTA, malware detection. etc., to provide a ”campaign view” that shows specific attacks in play at that point in time. MITRE ATT&CK visualization helps customers see the specific stage in the kill chain of individual attacks, and the ”time sequence” view helps understand the sequence of events that contributed to the attack on the network. Key Firewall Enhancements While delivering new Advanced Threat Prevention capabilities is one key emphasis for the NSX-T 3.2 release, providing meaningful enhancements for core firewalling capabilities is an equally critical area of innovation. Distributed Firewall for VDS Switchports While NSX-T has thus far supported workloads connected to both overlay-based N-VDS switchports as well as VLAN-based switchports, customers had to move the VLAN switchports from VDS to N-VDS before a Distributed Firewall could be enforced. With NSX-T 3.2, native VLAN DVPGs are supported as-is, without having to move to N-VDS. Effectively, Distributed Security can be achieved in a completely seamless manner without having to modify any networking constructs. Distributed Firewall workflows in vCenter With NSX-T 3.2, we are introducing the ability to create and modify Distributed Firewall rules natively within vCenter. For small- to medium-sized VMware customers, this feature simplifies the user experience by eliminating the need to leverage a separate NSX Manager interface. Advanced User Identification for Distributed and Gateway Firewalls NSX supported user identity-based access control in earlier releases. With NSX-T 3.2, we’re introducing the ability to directly connect to Microsoft Active Directory to support user identity mapping. In addition, for customers who do not use Active Directory for user authentication, NSX also supports VMware vRealize LogInsight as an additional method to carry out user identity mapping. This feature enhancement is applicable for both NSX Distributed Firewall as well as NSX Gateway Firewall. Enhanced L7 Application Identification for Distributed and Gateway Firewalls NSX supported Layer-7 application identification-based access control in earlier releases. With NSX-T 3.2, we are enhancing the signature set to about 750 applications. While several perimeter firewall vendors claim a larger set of Layer-7 application signatures, they focus mostly on internet application identification (like Facebook, for example). Our focus with NSX at this time is on internal applications hosted by enterprises. This feature enhancement is applicable for both NSX Distributed Firewall as well as Gateway Firewalls. NSX Intelligence NSX Intelligence is geared towards delivering unprecedented visibility for all application traffic inside the network and enabling customers to create micro-segmentation policies to reduce the attack surface. It has a processing pipeline that de-dups, aggregates, and correlates East-West traffic to deliver in-depth visibility. Scalability enhancements for NSX Intelligence As application infrastructure grows rapidly, it is vital that one’s security analytics platform can grow with it. With the new release, we have rearchitected the application platform upon which NSX Intelligence runs — moving from a stand-alone appliance to a containerized micro-service architecture powered by Kubernetes. This architectural change future-proofs the Intelligence data lake and allows us to eventually scale out our solution to n-node Kubernetes clusters. Large Enterprise customers that need visibility for application traffic can confidently deploy NSX Intelligence and leverage the enhanced scale it supports. NSX Gateway Firewall While NSX Distributed Firewall focuses on east-west controls within the network, NSX Gateway Firewall is used for securing ingress and egress traffic into and out of a zone. Gateway Firewall Malware Detection NSX Gateway Firewall in the 3.2 release received significant Advanced Threat Detection capabilities. Gateway Firewall can now identify both known as well as zero-day malware ingressing or egressing the network. This new capability is based on the Gateway Firewall integration with Lastline’s highly reputed dynamic network sandbox technology. Gateway Firewall URL Filtering Internal users and applications reaching out to malicious websites is a huge security risk that must be addressed. In addition, enterprises need to limit internet access to comply with corporate internet usage policies. NSX Gateway Firewall in 3.2 introduces the capability to restrict access to internet sites. Access can be limited based on either the category the URL belongs to, or the “reputation” of the URL. The URL to category and reputation mapping is constantly updated by VMware so customer intent is enforced automatically even after many changes in the internet sites themselves.

Read More

Spotlight

MobilePundits

MobilePundits is a leading provider of pioneering Enterprise Digital Transformation solutions to mobile start-ups, emerging wireless companies and mature organizations alike. MobilePundits is ISO 9001:2008 Certified by Bureau Veritas & UKAS for its quality and services.

Related News

How to Get a Prospect to Test Your Security Product

Spark Media Solutions, LLC | February 21, 2018

I’ve never met a harder sale than cybersecurity to the IT team,” admitted a security vendor. The challenges are unique at each firm and they are reluctant to even take a call let alone share real concerns. ”In the security products market, cybersecurity vendors simply want to be considered, and that often requires compelling a prospect to test the darn product. But getting a response from a prospect, let alone a product test, is often a Herculean task. One vendor I spoke to said he would often have to initiate ten contacts with a prospect before he’d even get an acknowledgement. Companies whose primary objective is to test products can’t even keep up with the volume. As of last December, 451 Research was aware of more than 1,600 security vendors. “Those were only the ones we had time to write down,” said Wendy Nather (@WendyNather), formerly of 451 Research and now director, advisory CISOs at Duo Security. “That wasn’t even the total number of products!”

Read More

How to Uncover Security Concerns When Customers Won’t Tell You

Spark Media Solutions, LLC | February 06, 2018

“What are your security concerns?” It’s the one question all security vendors want to know from potential customers. It’s also the one question potential customers don’t want to divulge for obvious security, privacy, and “I don’t have the time” reasons. All is not lost! There is still a way, in fact multiple ways, security vendors can sleuth out a company’s security needs. I asked a few security professionals how they go about figuring out the answer to the “what keeps you up at night” concern. Here’s their advice (plus one tip from me!): “While everyone likes to say their problems are unique and challenging in a way no one has ever seen before, it’s really not true,” said Michael Farnum (@m1a1vet), SA manager, Set Solutions. You may not even need to dig that deep, or at all. If your product solves a rudimentary security need you will probably already be in sync with a company’s security concerns. Farnum believes many organizations are still struggling just dealing with the basics of security.

Read More

30 Security Vendor Behaviors That Set Off a CISO’s BS Detector

Spark Media Solutions, LLC | February 19, 2019

I had never seen such disdain and aggravation from a CISO. Richard Rushing (@SecRich), CISO of Motorola Mobility, sent me an email with a litany of vendor pitches. Each one punctuated with vitriolic commentary and frustration. It appears a lot of companies will fully protect his network and automatically detect threats. Rushing’s diatribe was so vicious that any security vendor would be horrified to know their marketing emails were eliciting this reaction. Now I’m telling you. ‘Tried and true’ marketing and sales techniques can often be irritants to very wise security buyers. They’re not fooled. Worse, they’re turned off. Read on for sales techniques and claims you should avoid when communicating to a security professional. For each item to avoid, I asked security professionals how they’d prefer to be engaged. This is a long article, but it’s jammed with gems. Take it slowly.

Read More

How to Get a Prospect to Test Your Security Product

Spark Media Solutions, LLC | February 21, 2018

I’ve never met a harder sale than cybersecurity to the IT team,” admitted a security vendor. The challenges are unique at each firm and they are reluctant to even take a call let alone share real concerns. ”In the security products market, cybersecurity vendors simply want to be considered, and that often requires compelling a prospect to test the darn product. But getting a response from a prospect, let alone a product test, is often a Herculean task. One vendor I spoke to said he would often have to initiate ten contacts with a prospect before he’d even get an acknowledgement. Companies whose primary objective is to test products can’t even keep up with the volume. As of last December, 451 Research was aware of more than 1,600 security vendors. “Those were only the ones we had time to write down,” said Wendy Nather (@WendyNather), formerly of 451 Research and now director, advisory CISOs at Duo Security. “That wasn’t even the total number of products!”

Read More

How to Uncover Security Concerns When Customers Won’t Tell You

Spark Media Solutions, LLC | February 06, 2018

“What are your security concerns?” It’s the one question all security vendors want to know from potential customers. It’s also the one question potential customers don’t want to divulge for obvious security, privacy, and “I don’t have the time” reasons. All is not lost! There is still a way, in fact multiple ways, security vendors can sleuth out a company’s security needs. I asked a few security professionals how they go about figuring out the answer to the “what keeps you up at night” concern. Here’s their advice (plus one tip from me!): “While everyone likes to say their problems are unique and challenging in a way no one has ever seen before, it’s really not true,” said Michael Farnum (@m1a1vet), SA manager, Set Solutions. You may not even need to dig that deep, or at all. If your product solves a rudimentary security need you will probably already be in sync with a company’s security concerns. Farnum believes many organizations are still struggling just dealing with the basics of security.

Read More

30 Security Vendor Behaviors That Set Off a CISO’s BS Detector

Spark Media Solutions, LLC | February 19, 2019

I had never seen such disdain and aggravation from a CISO. Richard Rushing (@SecRich), CISO of Motorola Mobility, sent me an email with a litany of vendor pitches. Each one punctuated with vitriolic commentary and frustration. It appears a lot of companies will fully protect his network and automatically detect threats. Rushing’s diatribe was so vicious that any security vendor would be horrified to know their marketing emails were eliciting this reaction. Now I’m telling you. ‘Tried and true’ marketing and sales techniques can often be irritants to very wise security buyers. They’re not fooled. Worse, they’re turned off. Read on for sales techniques and claims you should avoid when communicating to a security professional. For each item to avoid, I asked security professionals how they’d prefer to be engaged. This is a long article, but it’s jammed with gems. Take it slowly.

Read More

Events