VMware Delivers Advanced Cloud Workload Protection
April 07, 2021

VMware unveiled expanded cloud workload protection capabilities to deliver security for containers and Kubernetes.

The new solution will help increase visibility, enable compliance and enhance security for containerized applications from build to production in public cloud and on-premises environments.

“Containers and Kubernetes are enabling organizations to develop and modernize applications faster than ever, but the innovation is also expanding the attack surface,” said Patrick Morley, Senior VP and GM, Security Business Unit, VMware. “Our solution extends security to containers and Kubernetes to deliver one of the industry’s most comprehensive cloud workload protection platforms. With security built into the development and deployment of applications, we are bridging the gap between the SOC and DevOps teams to help our customers reduce the risks that come with running containers across clouds.”

For many organizations, migrating to the cloud has had to happen quickly and at a large scale to ensure business continuity amid the global pandemic. Development teams are looking to containers and Kubernetes for speed and the ability to scale application delivery. Organizations now need security for modern workloads to address a new set of threats and build resilient digital infrastructure.

Security is especially complex in multi-cloud infrastructures. VMware Carbon Black Cloud Container builds security into the continuous integration and delivery (CI/CD) pipeline to analyze and control application risks before they are deployed into production. Expanding the VMware Carbon Black Cloud Workload offering, the new capabilities will enable organizations to better secure containerized applications in Kubernetes environments. The solution shifts security left to protect the entire lifecycle of Kubernetes applications. InfoSec teams can now scan containers and Kubernetes configuration files early in the development cycle to address vulnerabilities with unparalleled visibility. The solution provides continuous cloud-native security and compliance to better secure applications and data wherever they live.

Containers and Kubernetes offer development teams flexibility with an infrastructure-as-code approach. However, security is often a roadblock to faster production deployments and later bolted-on as an afterthought. The VMware container security module will empower InfoSec and DevOps teams to better collaborate and identify risks earlier in the development cycle with built-in security. The expanded offering will provide a new vantage point to allow cross-functional teams to detect and fix vulnerabilities to achieve simple, more secure multi-cloud Kubernetes environments.

VMware’s expanded cloud workload protection capabilities will deliver a comprehensive solution for InfoSec teams including:

- Security Posture Dashboard: Provides a combined view of vulnerabilities and misconfigurations to enable complete visibility into security posture across Kubernetes workload inventory. InfoSec and DevOps teams can gain deep visibility into workload security posture and governance to enable compliance, with the ability to freely explore Kubernetes workload configuration via customized queries.

- Container Image Scanning and Hardening: InfoSec and DevOps teams can scan all container images to identify vulnerabilities and restrict the registries and repositories that are allowed in production. Teams can set minimum standards for security and compliance, generate compliance reports and follow CIS benchmarks and Kubernetes best practices.

- Prioritized Risk Assessment: Vulnerability assessments allow InfoSec and DevOps teams to review images running in production and only approved images are deployed. Security teams can use the prioritized risk assessment to detect and prevent vulnerabilities by scanning Kubernetes manifests and clusters.

- Compliance Policy Automation: Infosec teams can shift-left into the development cycle, streamline compliance reporting, and automate policy creation against industry standards such as NIST, as well as the customer’s organizational requirements. This enables the integrity of Kubernetes configurations through control and visibility of workloads that are deployed to an organization’s clusters. Customizable policies help enforce configuration by blocking or alerting on exceptions.

The container security module compliments the VMware Tanzu portfolio. Select Tanzu editions include a global control plane for centralized management of all aspects of cluster lifecycle, including policies for access, data protection, and more. Customers can now add powerful security for containers and Kubernetes applications while simplifying operations for InfoSec and DevOps teams.

VMware container image scanning and CI/CD integration capabilities are expected to be available in April 2021. Runtime security for detection and response will be available later this year.

Share this

Industry News

April 15, 2021

Docker announced general availability of the Docker Desktop for Mac [Apple Silicon], enabling developers to leverage the advantages of the latest Macs powered by the M1 chip and extending the reach of their Docker collaborative application development platform to a new architecture.

April 15, 2021

Software AG announced new innovations of its webMethods platform for APIs, Integration and Microservices. With this release, companies can simplify and accelerate their digital transformation initiatives while also speeding their adoption of cloud.

April 15, 2021

Skuid, a toolkit for creating unique and adopted Salesforce experiences, introduced the Skuid Chicago release, a set of features and enhancements providing more declarative support to app designers and builders.

April 14, 2021

SmartBear has integrated TestComplete, its UI test automation tool, with BitBar, its native mobile device cloud.

April 14, 2021

Elastic announced an expanded strategic partnership with Confluent to deliver the best integrated product experience to the Apache Kafka and Elasticsearch community.

April 14, 2021

Threat Stack announced its ability to support AWS Graviton2-based instances through the Threat Stack Cloud Security Platform.

April 13, 2021

Broadcom and Google Cloud announced a strategic collaboration to accelerate innovation and strengthen cloud services integration within the core software franchises of Broadcom.

April 13, 2021

Nylas announced the launch of Components, JavaScript UI/UX solutions that allow developers to bring productivity features to market faster without needing to design front-end elements from scratch.

April 13, 2021

Perforce Software announces its new version control desktop client — Helix Sync — enabling non-coders such as artists and designers to version digital assets, with a simple drag-and-drop UI.

April 12, 2021

ShiftLeft introduced ShiftLeft CORE, a unified code security platform.

April 12, 2021

GrammaTech announced a new version of its CodeSonar SAST (static application security testing) product that helps developers build safer and more secure code without disrupting workflows.

April 12, 2021

Panaya announced a strategic partnership with Being Guided, a Salesforce Consulting Partner, specializing in the CRM and Salesforce ecosystem, to bring Panaya's ForeSight solution to a wider audience.

April 08, 2021

Palo Alto Networks announced the second generation of Checkov, the static analysis tool for infrastructure as code (IaC).

April 08, 2021

Postman now allows any team with up to three members to collaborate in Postman with unlimited shared workspaces and unlimited shared requests at no cost.

April 08, 2021

Taos, an IBM company, has announced 24x5 managed service availability.