In the decades to come, 2014 could well be seen as a pivotal moment in the evolution of the modern data center. Vendors like VMware are quite literally making history, redefining the parameters of what can be achieved as they push towards the vision of the Software Defined Data Cener (SDDC). By virtualizing computer, network and storage, the SDDC automates provisioning and massively reduces time-to-market for applications and services.
But perhaps less well-known are the enormous security improvements that can come from VMware’s newly-released software-defined networking platform NSX. At Trend Micro, we believe this new technology can help customers finally realize the goal of effective, affordable network micro-segmentation. Add Deep Security on top of that platform, and you’ll get levels of data center security that were simply not possible before. Here’s how:
Danger in the Data Center
We all know that cybercriminals are an agile, resilient and increasingly well-resourced bunch. What this means is that they’ve been able to take advantage of the gaps that exist in many poorly-secured virtual environments to attack VMs and steal the organizational crown jewels. In this context, traditional perimeter approaches to security are woefully outdated. For one thing, they allow inter-VM attacks. This tactic is favoured by targeted attackers who typically infiltrate one virtual machine and then move laterally inside a data center to others until they find what they’re looking for, often barely stopped by any internal security controls.
To combat such attacks, data center managers need security options which can enable self-defending VMs. But they would also benefit from micro-segmentation at a network level to limit this lateral malicious movement inside virtual data centers. With both, they can ensure VMs of different sensitivities can sit happily side-by-side in a “zero trust” model.
The Problem with Micro-Segmentation
Up until now, micro-segmentation just hasn’t been possible from an operational or cost point of view. Placing expensive traditional/physical firewalls into a virtual environment to create segmentation creates a huge number of “choke points” on the network which can strangle throughput capacity interminably. The operational hit on IT resources of forcing admins to modify the rules on each firewall as each new VM is provisioned or de-provisioned would also soon swamp the department.
Enter the Software Defined Data Center and the NSX platform, which automates the provisioning of firewall policies and delivers an impressive 20Gbps of firewall throughput – supporting over 80,000 connections per second, per host.
Securing the Data Center of the Future
NSX has quite literally enabled the micro-segmentation of virtual networks on a scale and at operational efficiency levels never before possible – and all at a manageable cost. It means enterprises can create “shrink-wrapped” security for any workload or VM, allowing the creation of customized policies and modules right down to the individual VM level.
So what does Trend Micro bring to the table?
- Our flagship data center security solution, Deep Security, now supports NSX, effectively extending micro-segmentation by having its security policies and capabilities follow each VM automatically wherever it goes.
- This enables sensitive workloads (e.g., PCI-compliant content) to sit next to VMs of little sensitivity with complete independence and maximum security.
- We offer the most complete suite of capabilities of any VMware partner, including: file-integrity monitoring and log inspection for improved compliance; IDS/IPS for virtual patching; bi-directional firewall; web reputation; and anti-malware.
- All managed from one console for ease-of-use.
- Trend Micro is the only vendor to deliver agentless security across network and file-based security controls for NSX, giving customers even more choice and flexibility over deployment.
- Trend Micro is also using NSX to combine detection capabilities (agentless anti-malware, file integrity monitoring , IDS/IPS, etc.) with NSX tagging. This enables Deep Security to trigger specific remediations when a threat is detected, such as automatically quarantining a compromised VM from the virtual network.
The era of the SDDC is coming. So find out today how VMware and Trend Micro can help you accelerate and secure that journey to the data center of the future.
Check out our announcement today from VMworld that includes our new features for VMware, and learn more about how we partner with VMware from the recent posts in my blog series: Optimize Your Modern Data Center with Next Generation Technologies; Extend Your Virtualized Data Center to the Cloud with Ease; Operational Efficiency: the Key to Data Center Success.
If you’re at VMware, don’t forget to drop by our booth, #1505, to try out our demo stations!