An upcoming release of VMware's core NSX networking software will add anomaly detection, analytics, and data-gathering software sensors. Credit: iStock When it comes to protecting data-center-based resources in the highly distributed world, traditional security hardware and software components just aren’t going to cut it. That’s the bottom line for enterprises as they move to distributed digital environments according to Tom Gillis, senior vice president and general manager of VMware’s networking & advanced security business group. The idea is that security needs to be put deep into the infrastructure fabric and protect workloads across their lifecycle, Gillis said during an interview with Network World at the company’s VMworld virtual conference. Read more VMworld news: VMware gears up for a challenging future; VMware reveals new software services for the edge One way VMware will do this is by packing an upcoming release of its core NSX networking software with more security features, including better anomoly detection and analytics. NSX underpins VMware’s software-defined Virtual Cloud Networking architecture that enables enterprises to build and control network connectivity and security from the data center across the WAN to multi-cloud environments. NSX supports everything from private or public cloud-native applications to bare-metal workloads running on multivendor hypervisors. It also supports network-virtualization stacks in Amazon Web Services, Microsoft Azure, Google Cloud, and IBM Cloud, as well as leading Kubernetes container technologies. Security that’s already in NSX includes support for configuring network, management and policy setting across large environments. This NSX Federation feature lets customers generate fault-tolerant zones for containing problems and preventing them from spreading across the enterprise network. In addition, VMware NSX Advanced Threat Prevention combines NSX Distributed IDS/IPS with malware detection software and network traffic analysis acquired from Lastline in 2020. Into that set of security features VMware is adding the ability to put software-based sensors or what traditional network administrators would call network Test Access Points (TAPs) across the enterprise to feed traffic-pattern and network-performance data back to a management console, Gillis said. “Traditional network TAPping is hard, cumbersome for IT, and it isn’t a great way to see what’s going on in a virtual environment,” Gillis said. “With NSX and our hypervisor we can do this network discovery in the hypervisor without TAPs and see everything.” Tanzu improvements Hand-in-hand with deep NSX security is the Tanzu Service Mesh technology that VMware is developing. Tanzu Service Mesh upgrades announced at VMworld let enterprise security teams and app developers better see and understand when, where, and how APIs are communicating, even across multi-cloud environments, Gillis said. It is part of the ongoing VMware effort to secure APIs across application lifecycles. “Traditional applications built with a three-tier web approach just wrap each piece in security, and that’s it,” Gillis said. “A container-based application could have 3,000 different pieces, each with their own API, and each one can be poked by people looking to exploit them. “Tanzu Service Mesh shows customers an exact picture of how an application is being used, all the inner workings, and helps users spot anomalies so they can segment the bad stuff out. Basically it puts a traffic cop between all container flows that understands content and response times. And if it doesn’t like what it sees, it doesn’t let it pass.” The service mesh includes open source Envoy support, which is an application-layer technology that helps manage microservice-based applications. “It helps make up a very potent package for managing modern applications and APIs,” Gillis said. Introducing elastic application security edge VMware announced an NSX service to adjust the networking and security infrastructure at the endge of the data center or cloud as application traffic changes. This elastic application security edge (EASE) will include the NSX Load Balancer and distributed firewall, provide central control, and support any environment, Gillis said. “This sort of elasticity is needed for automation. That’s how the public cloud works; it can scale up and down,” Gillis said. “The news here is that we will support scaling for firewall services that we think is an industry first and will be an extremely powerful enterprise security tool.” Related content news Nvidia unveils new Blackwell systems, accelerates release of Spectrum-X networking The systems, announced at Computex in Taipei, will power what the company calls ‘AI factories’. By Lynn Greiner Jun 02, 2024 4 mins Generative AI GPUs news Singapore government pushes energy-efficient data center plan The city state is looking at greener energy sources and wants to make every aspect of data center energy consumption, from cooling to coding, more efficient. By John Leyden May 31, 2024 4 mins Energy Efficiency Data Center Design Data Center Management news Everyone but Nvidia joins forces for new AI interconnect Hyperscalers and chip makers, including AMD, Broadcom, Cisco, Google, HPE, Intel and Microsoft, are partnering to develop a high-speed chip interconnect to rival Nvidia’s NVLink technology. By Andy Patrizio May 30, 2024 4 mins CPUs and Processors Data Center news AT&T taps Cisco fixed 5G wireless gateways for WAN service Cisco Meraki devices are also part of fixed 5G wireless services from T-Mobile and Verizon. By Michael Cooney May 30, 2024 3 mins 5G Wireless Security WAN PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe