UPDATED 12:36 EDT / MARCH 05 2019

vmware-768x483 SECURITY

Expanding its cybersecurity portfolio, VMware launches a firewall

Adding to the flurry of product announcements coming out of the RSA Conference this week in San Francisco, VMware Inc. today introduced a firewall offering designed to provide an added layer of security for enterprise applications.

The new Service-defined Firewall builds on two of the company’s existing products. One is the NSX network management and security platform and the other is AppDefense, a threat detection engine that scans enterprise infrastructure for suspicious behavior. AppDefense looks for malicious activity by analyzing data from NSX and vSphere, VMware’s ubiquitous virtualization platform, which companies run on their servers to improve hardware efficiency.

The Service-defined Firewall extends these detection features by adding in a layer of automation. It uses operational information that VMware aggregates from its vast customer base to understand what constitutes normal behavior for different applications. Armed with this insight, the underlying algorithms can generate custom security rules for a company’s vSphere-virtualized environment.

VMware said that its firewall can look for malicious activity both in network traffic, via NSX, and the vSphere-powered host machines that make up an environment. It’s the latter capability that is the product’s main differentiator. The software uses vSphere itself to track activity, which means it doesn’t need to install a dedicated piece of monitoring software on each host as traditional security tools do.

Besides reducing operational complexity, this approach makes it harder for hackers to go undetected. Attackers can potentially disable the monitoring software installed on a host if they gain administrative access to the machine. But when the monitoring is done through vSphere rather than locally, that stops being a concern.

“Unlike perimeter firewalls that must filter traffic from an unlimited number of unknown hosts, the VMware Service-defined Firewall has the advantage of deep visibility into the hosts and services that generate network traffic,” Alex Berger, a product marketing manager with VMware’s network and security group, wrote in a blog post.

VMware is targeting Service-defined Firewall at a wide range of enterprise environments. The software can protect virtual machines, containers and bare-metal servers provided without software, with support for Amazon Web Services set to arrive at a later date.

Photo: Robert Hof/SiliconANGLE

Since you’re here …

Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!

Support our mission:    >>>>>>  SUBSCRIBE NOW >>>>>>  to our YouTube channel.

… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.