Download PDF version Contact company

VMware, Inc. unveiled expanded cloud workload protection capabilities to deliver security for containers and Kubernetes.

The new solution will help increase visibility, enable compliance and enhance security for containerized applications from build to production in the public cloud and on-premises environments.

Comprehensive cloud platform

Containers and Kubernetes are enabling organizations to develop and modernize applications faster than ever, but the innovation is also expanding the attack surface,” said Patrick Morley, senior vice president, and general manager, Security Business Unit, VMware.

Our solution extends security to containers and Kubernetes to deliver one of the industry’s most comprehensive cloud workload protection platforms. With security built into the development and deployment of applications, we are bridging the gap between the SOC and DevOps teams to help our customers reduce the risks that come with running containers across clouds.”

Addressing threats

For many organizations, migrating to the cloud has had to happen quickly and at a large scale to ensure business continuity amid the global pandemic. Development teams are looking to containers and Kubernetes for speed and the ability to scale application delivery.

According to Gartner, “by 2025 more than 85 percent of global organizations will be running containerized applications in production, which is a significant increase from fewer than 35 percent in 2019.” Organizations need security for modern workloads to address a new set of threats and build resilient digital infrastructure.

Better Security

VMware Carbon Black Cloud Container builds security to analyze and control application risks 

Security is especially complex in multi-cloud infrastructures. VMware Carbon Black Cloud Container builds security into the continuous integration and delivery (CI/CD) pipeline to analyze and control application risks before they are deployed into production.

Expanding the VMware Carbon Black Cloud Workload offering, the new capabilities will enable organizations to better secure containerized applications in Kubernetes environments.

The solution shifts security left to protect the entire lifecycle of Kubernetes applications. InfoSec teams can now scan containers and Kubernetes configuration files early in the development cycle to address vulnerabilities with unparalleled visibility. The solution provides continuous cloud-native security and compliance to better secure applications and data wherever they live.

Enable Collaboration for InfoSec and DevOps Teams

Containers and Kubernetes offer development teams flexibility with an infrastructure-as-code approach. However, security is often a roadblock to faster production deployments and later bolted on as an afterthought.

The VMware container security module will empower InfoSec and DevOps teams to better collaborate and identify risks earlier in the development cycle with built-in security. The expanded offering will provide a new vantage point to allow cross-functional teams to detect and fix vulnerabilities to achieve simple, more secure multi-cloud Kubernetes environments.

Comprehensive solution for InfoSec

VMware’s expanded cloud workload protection capabilities will deliver a comprehensive solution for InfoSec teams including:

  • Security Posture Dashboard: Provides a combined view of vulnerabilities and misconfigurations to enable complete visibility into security posture across Kubernetes workload inventory. InfoSec and DevOps teams can gain deep visibility into workload security posture and governance to enable compliance, with the ability to freely explore Kubernetes workload configuration via customized queries.
  • Container Image Scanning and Hardening: InfoSec and DevOps teams can scan all container images to identify vulnerabilities and restrict the registries and repositories that are allowed in production. Teams can set minimum standards for security and compliance, generate compliance reports and follow CIS benchmarks and Kubernetes best practices.
  • Prioritized Risk Assessment: Vulnerability assessments allow InfoSec and DevOps teams to review images running in production and only approved images are deployed. Security teams can use the prioritized risk assessment to detect and prevent vulnerabilities by scanning Kubernetes manifests and clusters.
  • Compliance Policy Automation: Infosec teams can shift left into the development cycle, streamline compliance reporting, and automate policy creation against industry standards such as NIST, as well as the customer’s organizational requirements. This enables the integrity of Kubernetes configurations through control and visibility of workloads that are deployed to an organization’s clusters. Customizable policies help enforce configuration by blocking or alerting on exceptions.

The Future of Intrinsic Security with VMware Carbon Black and Tanzu

The container security module complements the VMware Tanzu portfolio. Select Tanzu editions include a global control plane for centralized management of all aspects of cluster lifecycle, including policies for access, data protection, and more. Customers can now add powerful security for containers and Kubernetes applications while simplifying operations for InfoSec and DevOps teams.

Customer Quote

DoubleVerify ensures viewable, fraud-free, brand-safe ads.

DoubleVerify powers the new standard of digital marketing performance, ensuring viewable, fraud-free, brand-safe ads.

It’s important that we have full visibility into the risk of our entire Kubernetes workload environment, as well as the ability to detect and prevent vulnerabilities before containers are deployed,” said Roy Berko, Senior Director of DevOps, DoubleVerify.

With VMware’s container security offering, we now have instant visibility to help reduce risk of our containerized applications all from a single dashboard.”

Analyst Quote

IDC is the premier global market intelligence firm, examining consumer markets by devices, applications, networks, and services

Kubernetes has become the de-facto best-practice standard for developing cloud-native applications, yet developers are still leveraging siloed and inefficient tools with limited cross-organization visibility,” said Frank Dickson, Program Vice President, Security & Trust at IDC. “VMware’s container security offering provides an opportunity for security and DevOps teams to work more closely together to leverage the power of Kubernetes and better secure the unique lifecycle development processes of container-based applications.”

Product Availability

VMware container image scanning and CI/CD integration capabilities are expected to be available in April 2021. Runtime security for detection and response will be available later this year.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

In case you missed it

What New Technologies And Trends Will Shape Video Analytics?
What New Technologies And Trends Will Shape Video Analytics?

The topic of video analytics has been talked and written about for decades, and yet is still one of the cutting-edge themes in the physical security industry. Some say yesterday’s analytics systems tended to overpromise and underdeliver, and there are still some skeptics. However, newer technologies such as artificial intelligence (AI) are reinvigorating the sector and enabling it to finally live up to its promise. We asked this week’s Expert Panel Roundtable: What new technologies and trends will shape video analytics in 2021?

Tackling The Challenge Of The Growing Cybersecurity Gap
Tackling The Challenge Of The Growing Cybersecurity Gap

The SolarWinds cyberattack of 2020 was cited by security experts as “one of the potentially largest penetrations of Western governments” since the Cold War. This attack put cybersecurity front and center on people’s minds again. Hacking communication protocol The attack targeted the US government and reportedly compromised the treasury and commerce departments and Homeland Security. What’s interesting about the SolarWinds attack is that it was caused by the exploitation of a hacker who injected a backdoor communications protocol.  This means that months ahead of the attack, hackers broke into SolarWinds systems and added malicious code into the company’s software development system. Later on, updates being pushed out included the malicious code, creating a backdoor communication for the hackers to use. Once a body is hacked, access can be gained to many. An explosion of network devices What has made the threat of cyberattacks much more prominent these days has been IT's growth in the last 20 years, notably cheaper and cheaper IoT devices. This has led to an explosion of network devices. IT spending has never really matched the pace of hardware and software growth Compounding this issue is that IT spending has never really matched the pace of hardware and software growth. Inevitably, leading to vulnerabilities, limited IT resources, and an increase in IoT devices get more attention from would-be hackers. Bridging the cybersecurity gap In the author’s view, this is the main reason why the cybersecurity gap is growing. This is because it inevitably boils down to counter-strike versus counter-strike. IT teams plug holes, and hackers find new ones, that is never going to stop. The companies must continue fighting cyber threats by developing new ways of protecting through in-house testing, security best practice sources, and both market and customer leads. End-user awareness One of the key battlegrounds here is the education of end-users. This is an area where the battle is being won at present, in the author’s opinion. End-users awareness of cybersecurity is increasing. It is crucial to educate end-users on what IoT devices are available, how they are configured, how to enable it effectively, and critically, how to use it correctly and safely. Physical security network A valuable product that tackles cybersecurity is, of course, Razberi Monitor™, which is new to ComNet’s portfolio. Monitor™ is a software platform that provides a top-down view of the physical security network and ecosystem. Monitor™ is a software platform that provides a top-down view of the physical security network and ecosystem It monitors and manages all the system components for cybersecurity and system health, providing secure visibility into the availability, performance, and cyber posture of servers, storage, cameras, and networked security devices. Proactive maintenance By intelligently utilizing system properties and sensor data, Razberi’s award-winning cybersecurity software prevents problems while providing a centralized location for asset and alert management. Monitor™ enables proactive maintenance by offering problem resolutions before they become more significant problems. Identifying issues before they fail and become an outage is key to system availability and, moreover, is a considerable cost saving.

Will Airport Security’s Pandemic Measures Lead To Permanent Changes?
Will Airport Security’s Pandemic Measures Lead To Permanent Changes?

Travel volumes at airports have been increasing of late, although still below the 2.5 million or so passengers the Transportation Security Administration (TSA) screened every day, on average, before the pandemic. As passengers return, they will notice the airport security experience has changed during the pandemic – and many of the changes are likely to continue even longer. Need for touchless technology The lowest U.S. air travel volume in history was recorded last April, with approximately 87,500 passengers. As passenger traffic plummeted, the aviation community sought to explore the potential of new technologies to make security checkpoints more contactless and flexible when the traffic numbers return. The pandemic has seen an increase in touchless technology deployed in the screening area. Used for cabin baggage screening, Computed Tomography (CT) produces high-quality, 3-D images to enable a more thorough analysis of a bag’s contents. Imaging Technology Millimeter-wave body scanners began replacing metal detectors globally as a primary screening method Enhanced Advanced Imaging Technology (eAIT), which uses non-ionizing radio-frequency energy in the millimeter spectrum, safely screens passengers without physical contact for threats such as weapons and explosives, which may be hidden under a passenger’s clothing. Millimeter-wave body scanners began replacing metal detectors globally as a primary screening method.  AI algorithms Other innovations include an automatic screening lane, centralized image processing, and artificial intelligence (AI). Looking ahead, AI algorithms have the ability to clear most passengers and bags automatically, making the process smoother and freeing up staff to focus only on alarms. The pandemic’s need for contactless screening may accelerate the adoption of AI.   CAT machine Credential Authentication Technology (CAT) machines automatically verify identification documents presented by passengers during the screening process. The TSA continues to accept expired Driver’s Licenses and state-issued IDs for up to a year after expiration, based on the premise that license renewals may be delayed and/or more difficult during the pandemic. The REAL ID enforcement deadline was extended to Oct. 1, 2021.  Health precautions Checkpoint health precautions have been a part of the airport screening experience since early in the pandemic. Last summer, the TSA announced the “Stay Healthy. Stay Secure” campaign, which included requirements such as social distancing among travelers, ID verification without physical contact, plastic shielding installed at various locations, and increased cleaning and disinfecting. In January 2021, President Biden signed an Executive Order requiring travelers to wear face masks when in airports and other transportation facilities (to remain in effect until May 11). Checkpoint screening Clear is a privately owned company that provides expedited security that uses biometrics either a person’s eyes or face to speed along the process of getting people through checkpoints. TSA officers wear masks and gloves at checkpoints and may also wear eye protection or clear plastic face shields. The limits on allowable liquids a passenger may take on board were broadened to include a hand sanitizer container of up to 12 ounces, one per passenger in a carry-on bag. a paradigm shift Just as aviation security changed after 9/11, the COVID-19 crisis is expected to lead to a paradigm shift to create a safer and more secure environment. Measures were implemented so that passengers, staff and other stakeholders could have continued assurance and confidence in airports amid and after the pandemic.