Likely the most intriguing of these announcements is the extension of the NSX platform by delivering multi-cloud networking and security as a service through Project Northstar, which entered Technology Preview.
SAN FRANCISCO – At VMware Explore here, VMware outlined the latest advances in their Software Defined Networking strategy to deepen the efficiency of both their networking and security portfolios. This will include driving their NSX platform forward by delivering multi-cloud networking and security as a service through Project Northstar, which entered Technology Preview. Early access availability was also announced for the expansion of network detection and visibility to the Carbon Black Cloud endpoint protection platform. Also in Technology Preview are Project Trinidad, which extends and advances VMware’s API security and analytics, and Project Watch, a new approach to multi-cloud networking and security that provides advanced app to app policy controls. A significant security announcement has also been made to the VMware NSX Advanced Load Balancer. VMware NSX’s networking and security functions can also now be implemented on Data Processing Units (DPUs], and will at some point handle public cloud DPUs, although don’t look for the latter to be available in product right away.
“VMware is revolutionizing networking and security in the data centre and at the DMZ,” said Tom Gillis, senior vice president and general manager of VMware’s Networking and Advanced Security business group. “VMware is uniquely positioned in the industry for lateral security.”
Gillis highlighted Project Northstar, which can be accessed today through the Technology Preview, and which VMware believes will fundamentally transform how enterprises consume networking and security in a multi-cloud world.
“With Project Northstar, we have taken the management plane for virtual networking structure and are delivering it as a service,” Gillis said. “It will make both security and NSX policy available as a service.”
Project Northstar’s services deliver multi-cloud networking, security, workload mobility and end-to-end threat detection and response with a centralized cloud-console for consistent and simplified SaaS consumption. This family of services includes network and security policy management, network detection and response, NSX Intelligence, advanced load balancing and workload mobility for both private cloud environments and VMware Cloud deployments.
Gillis also highlighted the importance of capitalizing on VMware’s architectural strengths to strengthen lateral security demands that security teams pay closer attention to east-west network traffic than they can examine via network taps.
VMware’s architecture lets customers see processes running in an endpoint, packets crossing the network, access points, and the inner workings of both traditional and modern apps, in order to identify and stop threats that other solutions cannot.
“VMware has unique capabilities for east-west security that can stop movement in ways that no one else can,” Gillis said. “This is not a feature. It’s part of the architecture.”
These lateral security capabilities have now been strengthened by embedding network detection and visibility into Carbon Black Cloud’s endpoint protection platform. This XDR telemetry adds network detection and visibility to endpoints with no changes to infrastructure or endpoints. It is available now to select customers in early access.
New in Technology Preview is Project Trinidad, which extends VMware’s API security and analytics by deploying sensors on Kubernetes clusters and uses machine learning with business logic inference to detect anomalous behavior in east-west traffic between microservices. Also in preview is Project Watch, a new approach to multi-cloud networking and security that provides advanced app to app policy controls to help with continuous risk and compliance assessment.
The introduction of NSX 4.0.1.0 and vSphere 8 allow VMware NSX’s networking and security functions to be implemented on DPUs connected to the host hypervisor.
“Running NSX in vSphere 8 will be very transformative for security,” Gillis said. “Exposing public cloud DPUs into that is theoretically possible, but not something we are working on right now.”
VMware NSX Advanced Load Balancer (ALB) is adding new bot management capabilities, while enhancing the security capabilities of its web application firewall, malware detection, security analytics, and DDoS Protection.
“These new significant security announcement to NSX Advanced Load Balancer, make it much more efficient than a hardware load balancer and remove the need for tickets,” Gillis stated.
VMware’s next-generation NSX Gateway firewall now offers a new stateful active-active edge scale-out capability that significantly increases network throughput for stateful services. VMware now offers advanced threat prevention capabilities with IDPS, malware analysis, sandboxing, URL filtering, TLS proxy, stateful firewall, and stateful Network Address Translation that extend centralized security controls to physical and virtual workloads at the data center and cloud edge.