An upcoming release of VMware's core NSX networking software will add anomaly detection, analytics, and data-gathering software sensors. Credit: iStock When it comes to protecting data-center-based resources in the highly distributed world, traditional security hardware and software components just aren’t going to cut it. That’s the bottom line for enterprises as they move to distributed digital environments according to Tom Gillis, senior vice president and general manager of VMware’s networking & advanced security business group. The idea is that security needs to be put deep into the infrastructure fabric and protect workloads across their lifecycle, Gillis said during an interview with Network World at the company’s VMworld virtual conference. Read more VMworld news: VMware gears up for a challenging future; VMware reveals new software services for the edge One way VMware will do this is by packing an upcoming release of its core NSX networking software with more security features, including better anomoly detection and analytics. NSX underpins VMware’s software-defined Virtual Cloud Networking architecture that enables enterprises to build and control network connectivity and security from the data center across the WAN to multi-cloud environments. NSX supports everything from private or public cloud-native applications to bare-metal workloads running on multivendor hypervisors. It also supports network-virtualization stacks in Amazon Web Services, Microsoft Azure, Google Cloud, and IBM Cloud, as well as leading Kubernetes container technologies. Security that’s already in NSX includes support for configuring network, management and policy setting across large environments. This NSX Federation feature lets customers generate fault-tolerant zones for containing problems and preventing them from spreading across the enterprise network. In addition, VMware NSX Advanced Threat Prevention combines NSX Distributed IDS/IPS with malware detection software and network traffic analysis acquired from Lastline in 2020. Into that set of security features VMware is adding the ability to put software-based sensors or what traditional network administrators would call network Test Access Points (TAPs) across the enterprise to feed traffic-pattern and network-performance data back to a management console, Gillis said. “Traditional network TAPping is hard, cumbersome for IT, and it isn’t a great way to see what’s going on in a virtual environment,” Gillis said. “With NSX and our hypervisor we can do this network discovery in the hypervisor without TAPs and see everything.” Tanzu improvements Hand-in-hand with deep NSX security is the Tanzu Service Mesh technology that VMware is developing. Tanzu Service Mesh upgrades announced at VMworld let enterprise security teams and app developers better see and understand when, where, and how APIs are communicating, even across multi-cloud environments, Gillis said. It is part of the ongoing VMware effort to secure APIs across application lifecycles. “Traditional applications built with a three-tier web approach just wrap each piece in security, and that’s it,” Gillis said. “A container-based application could have 3,000 different pieces, each with their own API, and each one can be poked by people looking to exploit them. “Tanzu Service Mesh shows customers an exact picture of how an application is being used, all the inner workings, and helps users spot anomalies so they can segment the bad stuff out. Basically it puts a traffic cop between all container flows that understands content and response times. And if it doesn’t like what it sees, it doesn’t let it pass.” The service mesh includes open source Envoy support, which is an application-layer technology that helps manage microservice-based applications. “It helps make up a very potent package for managing modern applications and APIs,” Gillis said. Introducing elastic application security edge VMware announced an NSX service to adjust the networking and security infrastructure at the endge of the data center or cloud as application traffic changes. This elastic application security edge (EASE) will include the NSX Load Balancer and distributed firewall, provide central control, and support any environment, Gillis said. “This sort of elasticity is needed for automation. That’s how the public cloud works; it can scale up and down,” Gillis said. “The news here is that we will support scaling for firewall services that we think is an industry first and will be an extremely powerful enterprise security tool.” Related content news Dell provides $150M to develop an AI compute cluster for Imbue Helping the startup build an independent system to create foundation models may help solidify Dell’s spot alongside cloud computing giants in the race to power AI. By Elizabeth Montalbano Nov 29, 2023 4 mins Generative AI news DRAM prices slide as the semiconductor industry starts to decline TSMC is reported to be cutting production runs on its mature process nodes as a glut of older chips in the market is putting downward pricing pressure on DDR4. By Sam Reynolds Nov 29, 2023 3 mins Flash Storage Flash Storage Technology Industry news analysis Cisco, AWS strengthen ties between cloud-management products Combining insights from Cisco ThousandEyes and AWS into a single view can dramatically reduce problem identification and resolution time, the vendors say. By Michael Cooney Nov 28, 2023 4 mins Network Management Software Cloud Computing opinion Is anything useful happening in network management? Enterprises see the potential for AI to benefit network management, but progress so far is limited by AI’s ability to work with company-specific network data and the range of devices that AI can see. By Tom Nolle Nov 28, 2023 7 mins Generative AI Network Management Software Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe