Server Hypervisors
Article | May 18, 2023
Researchers have published the details of an investigation into CVE-2020-3952, a major vulnerability in VMware's vCenter that was disclosed and patched on April 9. The flaw was given a CVSS score of 10. CVE-2020-3952 exists in VMware's Directory Service (vmdir), which is a part of VMware vCenter Server, a centralized management platform for virtualized hosts and virtual machines. Through vCenter Server, the company says, an administrator can manage hundreds of workloads. The platform uses single sign-on (SSO), which includes vmdir, Security Token Service, an administration server, and the vCenter Lookup Service. Vmdir is also used for certificate management for the workloads vCenter handles.
Read More
Virtual Desktop Strategies, Server Hypervisors
Article | April 27, 2023
Danny Cobb, fellow and vice president of engineering for Dell Technologies’ telco systems business, remembers his company cruising into early 2020: Kicking off a new fiscal year with its operating plan in place, supply chain nailed down and factories humming; people coming into the office each day to the usual routine of looking for parking spots and taking laptops down to the cafeteria.
Then came March, and the first wave of the Covid-19 pandemic hit U.S. shores. In the course of one weekend, Dell pivoted to having more than 90% of its workforce working from home. That meant a dramatic shift in its network needs and operations – one that was only able to be accomplished so quickly because of virtualized infrastructure.
Read More
Server Virtualization
Article | May 17, 2023
Network virtualization (NV) is the act of combining a network's physical hardware into a single virtual network. This is often accomplished by running several virtual guest computers in software containers on a single physical host system.
Network virtualization is the gold standard for networking, and it is being adopted by enterprises of all kinds globally. By integrating their existing network gear into a single virtual network, enterprises can save operating expenses, automate network and security processes, and set the stage for future growth.
Businesses can use virtualization to imitate many types of traditional hardware, including servers, storage devices, and network resources.
Three Forces Driving Network Virtualization
Demand for enterprise networks keeps rising, driven by higher end-user demands and the proliferation of devices and business software. Through network virtualization, IT businesses are gaining the ability to respond to evolving needs and match their networking capabilities with their virtualized storage and computing resources.
According to a recent SDxCentral survey, 88% of respondents believe that adopting a network virtualization solution is "mission critical" and that it is necessary to assist IT in addressing the immediate requirements of flexibility, scalability, and cost savings (both OpEx and CapEx) in the data center.
Speed
Today, consider any business as an example. Everything depends on IT's capacity to assist business operations. When a company wants to 'surprise' its clients with a new app, launch a competitive offer, or pursue a fresh route to market, it requires immediate IT assistance. That implies IT must move considerably more swiftly, and networks must evolve at the rapid speed of a digitally enabled organization.
Security
According to a PricewaterhouseCoopers survey, the average organization experiences two successful cyberattacks every week. Perimeter security is just insufficient to stem the flood, and network experts are called upon to provide a better solution.
The new data center security approach will:
Be software-based
Use the micro-segmentation principle
Adopt a Zero Trust (ZT) paradigm
In an ideal world, there would be no difference between trustworthy and untrusted networks or sectors, but a ZT model necessitates a network virtualization technology that allows micro-segmentation.
Flexibility
Thanks to the emergence of server virtualization, applications are no longer linked to a specific physical server in a single location. Applications can now be replicated to eliminate a data center for disaster recovery, moved through one corporate data center to another, or slipped into a hybrid cloud environment.
The problem is that network setup is hardware-dependent, and hardwired networking connections restrict them. Because networking services vary significantly from one data center to the next, as an in-house data center differs from a cloud, you must perform extensive personalization to make your applications work in different network environments—a significant barrier to app mobility and another compelling reason to utilize network virtualization.
Closing Lines
Network virtualization is indeed the future technology. These network virtualization platform characteristics benefit more companies as CIOs get more involved in organizational processes. As consumer demand for real-time solutions develops, businesses will be forced to explore network virtualization as the best way to take their networks to another level.
Read More
VMware
Article | December 7, 2021
It’s an impactful release focused on significant NSX Security enhancements
Putting a hard shell around a soft core is not a recipe for success in security, but somehow legacy security architectures for application protection have often looked exactly like that: a hard perimeter firewall layer for an application infrastructure that was fundamentally not built with security as a primary concern. VMware NSX Distributed Firewall pioneered the micro-segmentation concept for granular access controls for cloud applications with the initial launch of the product in 2013. The promise of Zero Trust security for applications, the simplicity of deployment of the solution, and the ease of achieving internal security objectives made NSX an instant success for security-sensitive customers.
Our newest release — NSX-T 3.2 — establishes a new marker for securing application infrastructure by introducing significant new features to identify and respond to malware and ransomware attacks in the network, to enhance user identification and L7 application identification capabilities, and, at the same time, to simplify deployment of the product for our customers.
Modern day security teams need to secure mission-critical infrastructure from both external and internal attacks. By providing unprecedented threat visibility leveraging IDS, NTA, and Network Detection and Response (NDR) capabilities along with granular controls leveraging L4-L7 Firewall, IPS, and Malware Prevention capabilities, NSX 3.2 delivers an incredible security solution for our customers“
Umesh Mahajan, SVP, GM (Networking and Security Business Unit)
Distributed Advanced Threat Prevention (ATP)
Attackers often use multiple sophisticated techniques to penetrate the network, move laterally within the network in a stealthy manner, and exfiltrate critical data at an appropriate time. Micro-segmentation solutions focused solely on access control can reduce the attack surface — but cannot provide the detection and prevention technologies needed to thwart modern attacks. NSX-T 3.2 introduces several new capabilities focused on detection and prevention of attacks inside the network. Of critical note is that these advanced security solutions do not need network taps, separate monitoring networks, or agents inside each and every workload.
Distributed Malware Prevention
Lastline’s highly reputed dynamic malware technology is now integrated with NSX Distributed Firewall to deliver an industry-first Distributed Malware Prevention solution. Leveraging the integration with Lastline, a Distributed Firewall embedded within the hypervisor kernel can now identify both “known malicious” as well as “zero day” malware
Distributed Behavioral IDS
Whereas earlier versions of NSX Distributed IDPS (Intrusion Detection and Prevention System) delivered primarily signature-based detection of intrusions, NSX 3.2 introduces “behavioral” intrusion detection capabilities as well. Even if specific IDS signatures are not triggered, this capability helps customers know whether a workload is seeing any behavioral anomalies, like DNS tunneling or beaconing, for example, that could be a cause for concern.
Network Traffic Analysis (NTA)
For customers interested in baselining network-wide behavior and identifying anomalous behavior at the aggregated network level, NSX-T 3.2 introduces Distributed Network Traffic Analysis (NTA). Network-wide anomalies like lateral movement, suspicious RDP traffic, and malicious interactions with the Active Directory server, for example, can alert security teams about attacks underway and help them take quick remediation actions.
Network Detection and Response (NDR)
Alert overload, and resulting fatigue, is a real challenge among security teams. Leveraging advanced AI/ML techniques, the NSX-T 3.2 Network Detection and Response solution consolidates security IOCs from different detection systems like IDS, NTA, malware detection. etc., to provide a ”campaign view” that shows specific attacks in play at that point in time. MITRE ATT&CK visualization helps customers see the specific stage in the kill chain of individual attacks, and the ”time sequence” view helps understand the sequence of events that contributed to the attack on the network.
Key Firewall Enhancements
While delivering new Advanced Threat Prevention capabilities is one key emphasis for the NSX-T 3.2 release, providing meaningful enhancements for core firewalling capabilities is an equally critical area of innovation.
Distributed Firewall for VDS Switchports
While NSX-T has thus far supported workloads connected to both overlay-based N-VDS switchports as well as VLAN-based switchports, customers had to move the VLAN switchports from VDS to N-VDS before a Distributed Firewall could be enforced. With NSX-T 3.2, native VLAN DVPGs are supported as-is, without having to move to N-VDS. Effectively, Distributed Security can be achieved in a completely seamless manner without having to modify any networking constructs.
Distributed Firewall workflows in vCenter
With NSX-T 3.2, we are introducing the ability to create and modify Distributed Firewall rules natively within vCenter. For small- to medium-sized VMware customers, this feature simplifies the user experience by eliminating the need to leverage a separate NSX Manager interface.
Advanced User Identification for Distributed and Gateway Firewalls
NSX supported user identity-based access control in earlier releases. With NSX-T 3.2, we’re introducing the ability to directly connect to Microsoft Active Directory to support user identity mapping. In addition, for customers who do not use Active Directory for user authentication, NSX also supports VMware vRealize LogInsight as an additional method to carry out user identity mapping. This feature enhancement is applicable for both NSX Distributed Firewall as well as NSX Gateway Firewall.
Enhanced L7 Application Identification for Distributed and Gateway Firewalls
NSX supported Layer-7 application identification-based access control in earlier releases. With NSX-T 3.2, we are enhancing the signature set to about 750 applications. While several perimeter firewall vendors claim a larger set of Layer-7 application signatures, they focus mostly on internet application identification (like Facebook, for example). Our focus with NSX at this time is on internal applications hosted by enterprises. This feature enhancement is applicable for both NSX Distributed Firewall as well as Gateway Firewalls.
NSX Intelligence
NSX Intelligence is geared towards delivering unprecedented visibility for all application traffic inside the network and enabling customers to create micro-segmentation policies to reduce the attack surface. It has a processing pipeline that de-dups, aggregates, and correlates East-West traffic to deliver in-depth visibility.
Scalability enhancements for NSX Intelligence
As application infrastructure grows rapidly, it is vital that one’s security analytics platform can grow with it. With the new release, we have rearchitected the application platform upon which NSX Intelligence runs — moving from a stand-alone appliance to a containerized micro-service architecture powered by Kubernetes. This architectural change future-proofs the Intelligence data lake and allows us to eventually scale out our solution to n-node Kubernetes clusters.
Large Enterprise customers that need visibility for application traffic can confidently deploy NSX Intelligence and leverage the enhanced scale it supports.
NSX Gateway Firewall
While NSX Distributed Firewall focuses on east-west controls within the network, NSX Gateway Firewall is used for securing ingress and egress traffic into and out of a zone.
Gateway Firewall Malware Detection
NSX Gateway Firewall in the 3.2 release received significant Advanced Threat Detection capabilities. Gateway Firewall can now identify both known as well as zero-day malware ingressing or egressing the network. This new capability is based on the Gateway Firewall integration with Lastline’s highly reputed dynamic network sandbox technology.
Gateway Firewall URL Filtering
Internal users and applications reaching out to malicious websites is a huge security risk that must be addressed. In addition, enterprises need to limit internet access to comply with corporate internet usage policies. NSX Gateway Firewall in 3.2 introduces the capability to restrict access to internet sites. Access can be limited based on either the category the URL belongs to, or the “reputation” of the URL. The URL to category and reputation mapping is constantly updated by VMware so customer intent is enforced automatically even after many changes in the internet sites themselves.
Read More