With the adoption of digital transformation, individuals and corporations are all leaning more on digital assets, digital identities, and digital channels to drive revenues and differentiate themselves in the market, which makes comprehensive security across infrastructure and applications of paramount importance. As data security threats increase and regulatory pressure to control such risks grow, organizations are shifting from point security tools to embedded infrastructure solutions. Here are some key challenges and focus areas for customers, when it comes to IT Security:
- Addressing security threats and securing applications are a top IT and business priority.
- Security threats are increasing, and becoming more sophisticated.
- Security needs to be enabled at the foundation of an IT architecture and across the entire environment, not just in one component or layer. IT needs to comprehensively secure – applications, data, infrastructure, and access.
- Security needs to be easy to operationalize in a seamless and transparent manner.
- Traditional security models and anti-virus products can be both ineffective and consume too many system resources. By the time an attack is detected, it is usually too late.
Introducing vSphere Platinum
VMware vSphere Platinum is a new edition of vSphere that delivers advanced security capabilities fully integrated into the hypervisor. This new release combines the industry leading capabilities of vSphere with VMware AppDefense, delivering purpose-built VMs to secure applications.
With these new capabilities, vSphere Platinum secures infrastructure and applications by leveraging the hypervisor and the power of machine learning in a way that is built-in, operationally simple, and with minimal overhead or impact on performance. vSphere Platinum allows the vSphere Admin to deliver secure infrastructure and applications by enabling virtual machines to run in a “known good” state.
New threat vectors appear every day, and vSphere Platinum delivers new capabilities to address these in-guest threats. Included with vSphere Platinum, VMware AppDefense delivers key capabilities to protect applications running on vSphere. AppDefense understands an application’s intended state and behavior, then monitors for changes to that intended state. Any change from this “known good” state would indicate a threat. This method enables the virtual machine to run in “known good” state rather than trying to detect threats that may not fit a known signature.
vSphere Platinum secures applications, infrastructure, data, and access with the combined capabilities of core vSphere and AppDefense. It enables a simple and powerful way to maintain existing workflows, while supporting collaboration amongst vSphere Admins, and Security, Compliance and Application teams; making for less disruptive response and remediation in a security incident.
Benefits for vSphere Admins
- Gain visibility into the intent of each virtual machine, and a detailed inventory of application assets and context.
- Understand how applications behave and be alerted to potential issues and deviations.
- Shrink the attack surface and reduce the risk of security compromise.
- Establish a simple and powerful way to collaborate with security, compliance and application teams.
- Get better visibility and protection with a simple, light-weight and scalable security solution, with no agents to manage, and minimal overhead.
- Use what you already own, understand, and run in your data center – vSphere – with its unique visibility, automation and isolation qualities.
- Play a larger and critical role in the security of your entire IT environment – Be the Security Hero!
Benefits for Security Teams
- Better visibility and situational awareness of application behaviors, and virtual machine purpose.
- Faster detection, analysis, and time to response – quickly understand attacks and make fast decisions using application context and scope.
- Enhance existing security tools and support compliance efforts through contextual visibility and alerts into application communications and deviations.
- Lower false positives – integrated behavioral analytics and machine learning offer a more precise method to identify and respond to threats.
- Big data correlation for better identification and context using cloud SaaS model.
- Security as an agile business enabler – support DevOps environment through continuous learning and protection.
- Easily Coordinate with vSphere Admins and Application teams for better security while respecting existing workflows & maintaining separation of duties.
Key Features and Capabilities
vSphere Platinum delivers comprehensive built-in security and is the heart of a secure SDDC, delivering secure applications, data, infrastructure, and access.
- Secure Applications
- VMware AppDefense – Protects the integrity of applications running on vSphere, using machine learning to monitor against threats and automate responses. AppDefense locks down the guest operating system for all applications, the VMware application stack and third-party applications. To accomplish this, AppDefense gathers inventory data on virtual machines and applications from vCenter Server, development tools, and automation frameworks and applies machine learning to discover the intended state and establish the known good behaviors for the application and machine. Any deviations from this state are detected and prevented, securing the integrity of the applications, infrastructure, and guest operating system. AppDefense provides detailed visibility for better change management and compliance reporting, and also provides a rich set of automated or orchestrated incident response mechanisms to address attacks. Moreover, it leverages machine learning for a simple and automated way to conduct audits and reviews for applications.
- Secure Data
- FIPS 140-2 Validated VM Encryption, and cross-vCenter Encrypted vMotion – Secure against unauthorized data access both at rest and in motion, across the hybrid cloud.
- Secure Infrastructure
- Secure Boot for ESXi – Allows only VMware and Partner signed code to run in your hypervisor.
- Secure Boot for Virtual Machines – Helps prevent images from being tampered with and prevents the loading of unauthorized components.
- Support for TPM 2.0 for ESXi – Enables hypervisor integrity by validating the Secure Boot for ESXi process and enables remote host attestation.
- Virtual TPM 2.0 – Provides the necessary support for guest operating system security features while retaining operational features such as vMotion and disaster recovery.
- Support for Microsoft Virtualization Based Security – Supports Windows 10 and Windows 2016 security features, like Credential Guard, on vSphere.
- Secure Access
- Audit Quality Logging – Enables authorized administration and control by providing high fidelity visibility in vSphere operations.
Additionally, vSphere has deep integration and works seamlessly with other VMware products such as vSAN, NSX and vRealize Suite to provide a complete security model for the data center. To learn more about vSphere Platinum, check out this vSphere Platinum deep dive blog post.
Credits for VMware Cloud on AWS
In order to enable customers accelerate their path to hybrid cloud, customers purchasing 5 or more CPUs of vSphere Platinum licenses will get $10,000 worth of credits for VMware Cloud on AWS. Details as well as terms and conditions for this promotional offer will be available here, once vSphere Platinum reaches general availability.
vSphere is at the heart of VMware Cloud on AWS, which is the only hybrid cloud solution that allows vSphere customers to modernize, protect, and scale mission-critical applications leveraging AWS, the world’s leading public cloud. VMware Cloud on AWS turned 1 today! And with its anniversary, we are very pleased to announce service availability in AWS Asia Pacific (Sydney) Region. We have a number of new capabilities that are being introduced which will help organizations accelerate public cloud adoption and migration. Learn more by reading this blog post.
Introducing vSphere 6.7 Update 1
Along with vSphere Platinum, we are excited to announce vSphere 6.7 Update 1, which includes some key new and enhanced capabilities. Here are some highlights:
- Fully Featured HTML5-based vSphere Client
- Enhanced support for NVIDIA Quadro vDWS powered VMs; and Support for Intel FPGA
- New vCenter Server Convergence Tool
- Enhancements for HCI and vSAN
- Enhanced vSphere Content Library
You can learn all about these and other news in vSphere 6.7 Update 1 in this vSphere 6.7 Update 1 deep dive blog post.