VMware Contexa Threat Intelligence Debuts
June 3, 2022
made significant enhancements to its unique lateral security
capabilities to help customers achieve strong security for both
modern and traditional applications, across multi-cloud
environments. Ahead of RSA Conference 2022, VMware introduced
Contexa, VMware’s full-fidelity threat intelligence capability
that observes the breadth of VMware’s network, endpoint, and
user technologies. With Contexa, VMware is reframing traditional
security analytics with enriched threat intelligence to enhance
its security and management portfolio.
“Threat actors are increasingly deploying sophisticated infiltration tactics, including the use of stolen credentials in order to exploit vulnerabilities and hide in the noise of normalcy,” said Tom Gillis, senior vice president and general manager, Networking and Advanced Security Business Group, VMware. “In a world where the stakes in security continue to rise, lateral security has become the new battleground. Combining VMware Contexa with our architectural advantage, VMware exclusively sees every process running in an endpoint, every packet crossing the network, every access point, and the inner workings of both traditional and modern apps to identify and stop threats others can’t.”
VMware Contexa Leaves Attackers with Nowhere to Hide
VMware Contexa is a full-fidelity threat intelligence cloud that
sees what other solutions don’t and stops what other solutions
can’t. With a privileged position in the infrastructure, Contexa
observes and understands the inner workings of both modern and
traditional apps every step of the way— from user, to device, to
network, to run time, to data.
VMware Contexa records and processes over 1.5 trillion endpoint eventsi and over 10 billion network flowsii daily, along with strategically curated threat intelligence data captured through technology partnerships. This rich context is further analyzed using machine learning and insights of over 500 researchers across VMware’s Threat Analysis Unit and incident response partners. Today, Contexa uncovers over 2.2 billion suspicious behaviors dailyiii, achieving zero touch detection and automated, graduated response for over 80 percent of these events.
Integrated into every VMware security product, Contexa will be available to all new and existing customers at no additional cost. The company that pioneered virtualization, now protects VMs like no other—and is driving innovation in modern application security.
An Innovator in App Modernization Secures Apps at Scale
VMware Tanzu is a trusted partner for companies in their app
modernization journey, helping them build, operate, and better
secure modern applications at scale on any cloud. Today, VMware
announced further enhancements to its Modern Apps Connectivity
Services (MACS) solution that allows customers to build security
into the full application lifecycle. With VMware Tanzu Service
Mesh’s capabilities, customers now gain deep visibility and
insights into the inner workings of application micro-services
as they interact with each other via internal (East-West)
APIs—and help to better protect them. VMware Contexa allows
Tanzu Service Mesh to understand the context of the internal
traffic flows, and therefore more accurately identify legitimate
internal traffic from the internal movement of attacks such as
A Pioneer in Virtualization Protects VMs Like No Other
A leader in virtualization, VMware has introduced innovative and
powerful distributed security capabilities for its multi-cloud
platform over the years, allowing the company to make customer
workloads more secure on VMware cloudsiv. As innovations in
server virtualization have driven higher virtual machine
densities on a single physical server, less lateral traffic is
visible to a network tap. This makes it difficult for a Security
Information and Event Management (SIEM) technology or security
analytics solution to identify lateral security threats by
analyzing sampled data such as network flow records or selected
network traffic taken from taps.
VMware has introduced new capabilities to help customers identify and respond to malware and ransomware attacks in the network by integrating its advanced intrusion detection & prevention (IDS/IPS) and Network Traffic Analysis (NTA) directly into the virtualization layer with VMware NSX. These new enhancements, powered by VMware Contexa, now inspect and analyze every packet and every process to provide extremely high-fidelity alerts that other systems relying on sampled data cannot match.
Anywhere Workspace Platform Advances Security for Employee Devices
innovations to VMware Workspace ONE will make it easier for IT
teams to manage and better secure all employee devices, while
contributing to Contexa’s rich data set. VMware is today
introducing Workspace ONE Mobile Threat Defense, which
incorporates technologies from Lookout, a leader in the mobile
security space. The new offering will help protect employees’
mobile devices from a wide range of application, device, and
network-originated threats. Workspace ONE Mobile Threat Defense
can be activated within Workspace ONE Intelligent Hub. For IT,
this means there are no separate apps or agents to download or
deploy, and vital information – including alerts and suggested
resolutions – is conveyed via a resource that employees use for
VMware is also introducing new Workspace ONE capabilities that will make managing updates/patches even easier and elevate the security posture of Windows devices. For instance, the new capabilities will enable IT to automate critical updates to pre-approved groups, hand test patches more likely to create issues, and pause or rollback patches if an issue is detected. Further Workspace ONE enhancements are detailed here.
Joins the XDR Alliance to Modernize the SOC
VMware is announcing it has joined the XDR Alliance™, a partnership of leading cybersecurity industry innovators committed to an inclusive and collaborative XDR framework and architecture. VMware is well positioned with very mature endpoint and network offerings that offer a high level of insight and context for identifying and responding to threats. The mission of the XDR Alliance is to work in collaboration to make an open approach to XDR a reality for SecOps teams and help them effectively protect their organizations from cyberattacks.