VMware has announced significant enhancements to its lateral security capabilities to help customers achieve strong security for both modern and traditional applications, across multi-cloud environments. Ahead of RSA Conference 2022, VMware introduced Contexa, VMware’s full-fidelity threat intelligence capability that observes the breadth of VMware’s network, endpoint, and user technologies. With Contexa, VMware is reframing traditional security analytics with enriched threat intelligence to enhance its security and management portfolio.
Tom Gillis, senior vice president and general manager, Networking and Advanced Security Business Group, VMware, says: “Threat actors are increasingly deploying sophisticated infiltration tactics, including the use of stolen credentials in order to exploit vulnerabilities and hide in the noise of normalcy. In a world where the stakes in security continues to rise, lateral security has become the new battleground. Combining VMware Contexa with our architectural advantage, VMware exclusively sees every process running in an endpoint, every packet crossing the network, every access point, and the inner workings of both traditional and modern apps to identify and stop threats others can’t.”
With a privileged position in the infrastructure, Contexa observes and understands the inner workings of both modern and traditional apps every step of the way from the user to the device, to network, to run time, to data.
VMware Contexa records and processes over 1.5 trillion endpoint events and over 10 billion network flow daily, along with strategically curated threat intelligence data captured through technology partnerships. This rich context is further analysed using machine learning and insights of over 500 researchers across VMware’s Threat Analysis Unit and incident response partners. Today, Contexa uncovers over 2.2 billion suspicious behaviours daily, achieving zero-touch detection and automated, graduated response for over 80% of these events.
Integrated into every VMware security product, Contexa will be available to all new and existing customers at no additional cost. The company that pioneered virtualisation now protects VMs—and is driving innovation in modern application security.
VMware has introduced innovative and powerful distributed security capabilities for its multi-cloud platform over the years, allowing the company to make customer workloads more secure on VMware clouds. As innovations in server virtualisation have driven higher virtual machine densities on a single physical server, less lateral traffic is visible to a network tap. This makes it difficult for a Security Information and Event Management (SIEM) technology or security analytics solution to identify lateral security threats by analysing sampled data such as network flow records or selected network traffic taken from taps.
VMware has introduced new capabilities to help customers identify and respond to malware and ransomware attacks in the network by integrating its advanced intrusion detection and prevention (IDS/IPS) and Network Traffic Analysis (NTA) directly into the virtualisation layer with VMware NSX. These new enhancements, powered by VMware Contexa, now inspect and analyse every packet and every process to provide extremely high-fidelity alerts.