VMware announced the general availability of another CloudHealth by VMware service that detects vulnerabilities and threats in real-time while also identifying cloud infrastructure that is potentially at risk of being compromised.
Jason Needham, head of product for cross-cloud services at VMware, said VMware Secure State leverages cloud APIs, change events streams and threat data to enable organizations to understand the true nature of their cloud security posture by scoring risks. As the cloud environment changes, those risk scores are updated in the model created by VMware Secure State, he said.
VMware Secure State already monitors thousands of production cloud accounts across Amazon Web Services (AWS) and Microsoft Azure. Support for VMware Cloud on AWS, Google Cloud Platform and Kubernetes environments is forthcoming.
Additional capabilities currently being made available in preview include a cloud query service, to better determine relationships between various cloud assets; a machine learning service, to improve detection of cloud anomalies and suspicious activity; and an auto-remediation approach that promises to make it easy to apply controls.
Needham said the biggest cloud computing issue organizations still need to overcome is visibility. Public cloud infrastructure is generally more secure than an on-premises IT environment managed by a team of IT professionals, who typically don’t have all the skills a cloud service provider can muster on behalf of thousands of customers. Cloud service providers only secure their own infrastructure, and it’s still up to internal IT teams to secure their cloud applications. It’s exceedingly difficult, he said, to implement best DevSecOps processes without understanding where and how applications are deployed and their relationship to the underlying infrastructure.
Needham noted there are already more than 5,000 organizations that rely on CloudHealth, which VMware acquired last year, to monitor multi-cloud computing environments, so VMware Secure State is a natural extension of those capabilities. The next challenge is to close the cybersecurity loop by making it possible for organizations to leverage the insights surfaced by VMware Secure State to remediate issues automatically, he said.
In an ideal world, developers are reducing the number of potential vulnerabilities in cloud applications by taking on more responsibility for testing for vulnerabilities before an application is deployed. However, even when the most advanced set of DevSecOps processes are implemented, there always will be mistakes. VMware Secure State makes it easier for cybersecurity professionals to discover those errors and one day soon auto-remediate them without having to engage a developer to address every issue. That capability, Needham said, will only become more critical as cloud computing environments made up of containers, serverless computing frameworks and virtual machines become much more complex.
Of course, VMware is not the only vendor trying to close the cybersecurity loop. With the launch of VMware Secure State, however, the company clearly is signaling it’s much further down that path than many cybersecurity professionals might generally expect.