VMware amps up security for network, SASE, SD-WAN products

Tom Gillis (VMware)

At its virtual VMworld 2020 conclave this week, VMware took the wraps off a number of security enhancements aimed at the growing Covid-driven remote workforce.

For starters, the company boosted security for remote and mobile workers by extending its partnerships with zScaler and Menlo for its secure-access service edge (SASE) offering, VMware SD-WAN Zero Trust Service. VMware's SASE technology melds its Workspace ONE platform with its SD-WAN package.

According to VMware, the Workspace ONE platform securely manages end users' mobile devices and cloud-hosted virtual desktops and applications from the cloud or on-premise. With Workspace ONE, a customer's remote-access client automatically connects to the closest VMware SD-WAN cloud point of presence.

VMware's SASE platform takes advantage of VMware SD-WAN's global footprint of more than 2,700 cloud service nodes across 130 PoPs, the company stated this week.

Under a "preferred partnership" with cloud security vendor Zscaler, customers can let only trusted devices and users access applications hosted on-premises or in the cloud. The service uses Zscaler's Secure Web Gateway, which features URL filtering, malicious-code detection and filtering, and application controls for popular web-based applications.

Another component of a SASE offering is a cloud access service broker (CASB), and for that VMware is partnering with Menlo for its cloud-based CASB service, which enforces access and security policies and controls for cloud applications.

Gartner, which coined the term SASE, this week stated that by 2024, more than 60 per cent of software-defined, wide-area network (SD-WAN) customers will have implemented a SASE architecture, compared with about 35 per cent in 2020.

Related to the SASE/SD-WAN integration, VMware said a new version of its VMware vRealize Network Insight software will get expanded SD-WAN management features.

"These updates will enable better planning for virtual and physical networks, improved network uptime and resiliency, faster troubleshooting, and proactive identification of potential network problems based on intent, and more effectiveness in achieving service level agreements," VMware stated.

On a broader scope, VMware announced Edge Network Intelligence, which is the integration of technology the company acquired from AI-based network management and analytics firm Nyansa in January.

Combining VMware's SD-WAN/ SASE package with Nyansa's cloud-based AIOps platform offering, "users will have access to a single platform that can deliver comprehensive and actionable data on network traffic and application performance from the cloud, to branch offices, to the end user and across their wired and/or wireless devices," VMware stated.

VMware Edge Network Intelligence is part of VMware's Virtual Cloud Network architecture that defines how enterprises can build and control network connectivity and security from the data centre across the WAN to multi-cloud environments. It includes the company's core networking software, VMware NSX, which underpins the VCN architecture.

The company announced NSX version 3.1 and said with it, customers will be able to support larger-scale deployments and disaster recovery use cases and automated deployment workflows.

One feature of NSX is the ability to control and synchronise multiple virtual networks as a single entity. Called NSX Federation, the feature lets customers set network configuration, management and policy setting across large environments. NSX Federation lets customers generate "fault tolerant zones" where they could contain network problems in a single zone, minimising problems and preventing them from spreading, VMware stated.

With version 3.1, VMware said it will double the scale of NSX Federation, add new API-driven advanced routing and multicast capabilities, and offer Terraform provider support.

Also under NSX, the company said it will roll out its stateful Layer 7 firewall-as-a-service, which will be useful for customers of its SASE package, offering customers cloud-based security protection, the company said.

VMware also announced NSX Advanced Threat Prevention, which combines NSX distributed IDS/IPS with advanced malware detection and AI-powered network traffic analysis the company acquired from AI-based network detection and response vendor Lastline in June. The package lets customers identify threats and minimise false positives, VMware said.

"The NSX architecture will allow Lastline to perform network analytics at massive scale, across tens of thousands of cores, without the burden of tapping network traffic," wrote Tom Gillis, senior vice president and general manager of VMware's Networking and Security Business Unit, in a blog about the Lastline purchase.

"Furthermore, NSX has an intrinsic understanding of application topology and speaks Layer 7. So it knows the difference between a web server and a database and understands what an application is doing."