Q1. VMware has described Contexa as a full-fidelity threat intelligence cloud. What exactly does that mean? What security issue is it that Contexa is designed to address?
Think of VMware Contexa as a massive online brain that leverages the vast amount of telemetry collected by VMware platforms, across endpoints, workloads, users, and networks, and applies powerful machine learning techniques to quickly sniff out subtle anomalies and the most well-disguised attacks.
This is a major advance relative to how most companies check lateral movement today. Today, most companies cannot afford the sheer computing power to look deep within all that rushing East-West flow, so they do the next best thing: examine small portions of the traffic. Many use network taps that typically look at the traffic that crosses a particular network switch. However, in a virtualized, cloud world only a small fraction of the East-West traffic touches a physical switch, most of it stays within VMs on a single server. These tapped network portions are typically analyzed after-the-fact in a separate “sandbox” or with an Intrusion Detection System (IDS), and the findings are recorded in a security information and event management system (SIEM) that serves as a kind of digital library.
Such sampling is no longer a realistic option for stopping attacks - you can’t look at a small sample of east-west traffic and think you are protected. Modern cloud architectures are making the blind spots worse. New silicon and virtualization capabilities can run well over 100 VMs in a physical host, meaning only a small fraction of that VM-to-VM traffic would hit a physical network tap.
VMware Contexa is built for this virtual cloud world. It works on live, “in-band” data where it sees every packet and every process, without relying on a physical network tap. As a result, Contexa can understand the context of the data in real-time, to spot subtle anomalies that could hide malicious activity.
Combining VMware Contexa with our architectural advantage, VMware exclusively sees every process running in an endpoint, every packet crossing the network, every access point, and the inner workings of both traditional and modern apps to identify and stop threats others can’t.
Q2. You were recently quoted as saying the ongoing move to the cloud is an opportunity for enterprise organizations to think differently about security. What is your advice on how they should go about doing that? What exactly do they need to approach differently?
As businesses embrace multi-cloud, they’re confronting a new level of complexity that creates new pain points, including driving consistent governance across all the clouds, driving consistency in app design and in data portability across cloud and designing and operating networking and security in this complex environment. And, as every enterprise company is embracing the cloud operating model in a significant way, security has an opportunity to lead the conversation - not follow it.
As we’re moving towards the cloud operating model, we can’t take the old tool sets and try to graft them on. We are going to have to think differently about how we instrument our VMs, and how we instrument our containers so that we can protect applications from within. In the cloud operating model, we want the private cloud, to look and behave like the public cloud. Public cloud providers aren’t buying expensive firewalls and proprietary load balancers. They are investing in racks and racks of x86 systems with scale out architecture with high level API's that understands the topology of an application. When this is your foundation, security becomes code.
The cloud operating model gives us the combination of operational efficiency and better security. Because all our infrastructure is implemented as software - core switching, routing, firewall, IPS, load balancer, advanced threat protection, etc. - under these high-level API's, we have freed it from the dependencies of proprietary hardware, which means we can pick it up and move it.
Workloads that were born for VMware environments are better protected in that VMware environment with east-west capabilities, and then you can take the workload and the security and move it at any time from private cloud to public clouds. This message is resonating, and customers understand it.
Q3. Why is it important for VMware to be at Black Hat USA 2022? What do you want customers to know about the company’s cybersecurity plans and strategy in the coming years?
Over the past year, security professionals have witnessed an unprecedented rise and sophistication of cyber-attacks. I expect there will be a lot more emphasis at Black Hat this year around the community coming together to share information, expertise, and best practices to operate in a world seeing increasing cyber risks (I published a blog on this earlier this year here).
When it comes to security, our mission at VMware is to fundamentally transform how customers think of and consume security, allowing them to realize the agility and efficiencies of the cloud operating model. We are driving innovation across each of our networking and security products and are stitching them together into a set of well-integrated, API driven and SaaS oriented offerings that allow our customers to embrace the cloud operating model.
Our strategy remains focused on building solutions that are highly differentiated because they leverage the intrinsic attributes of our platforms, and to deliver these unique solutions in a consumption-oriented manner. This means leveraging our core technical attributes; excellence in scale-out software design, excellence in threat understanding and detection, excellence in innovative connectivity solutions, and excellence in delivering ultra-reliable, mission critical software that touches every packet in our customer’s applications.
It also means leveraging the unique attributes of our platforms that allow us to transparently insert services, to protect, manage and operationalize services at scale, and to have an intimate understanding of the end user, as well as a detailed understanding of the operation of the application. Furthermore, our platforms allow us to bring networking and security into the software development life cycle from the build phase to the run phase to the manage phase.