There is arguably not a more important priority for organizations today than cybersecurity. Most businesses are desperately trying to strengthen their cybersecurity posture. Unfortunately, it is becoming more difficult as infrastructure spans both on-premises and cloud environments. Traditional tools were developed for on-premises workloads and were not well suited for workloads running in the cloud. Modern, purpose-built tools are needed. VMware recently announced a new offering for Amazon AWS workloads – Advanced Workload Security for AWS. What is this new offering, and what capabilities does it provide?
Security challenges facing organizations today
Many cybersecurity challenges face organizations today. As businesses transition to hybrid cloud services and architecture, they need new modern tools that allow securing cloud workloads. Amazon AWS has been the market leader in cloud IaaS solutions and is used by many organizations worldwide. However, many companies have struggled to have the visibility, security tools, and cybersecurity posture management of workloads in Amazon AWS, such as EC2 workloads.
A lack of security tooling has contributed to staggering cybersecurity numbers. For example, over the past 18 months, over 80% of businesses have experienced a data breach. Data breach events are some of the most dangerous and costly for organizations. What are some of the costs of a data breach?
IBM recently released the Cost of a Data Breach Report 2022. It details the skyrocketing costs of data breach events and the factors contributing to the increasing number of cybersecurity events and breaches across the board. Note the following statistics:
Likelihood and frequency
- 83% of organizations studied had at least one data breach event
- Breached organizations passed on 60% of the costs associated with the breaches to customers
- 79% of critical infrastructure organizations didn’t deploy zero trust architecture
- 19% of breaches came from a compromised business partner
- 45 percent of breaches were cloud-based
Data breach costs
- $4.35 million – the average cost of a data breach
- $4.82 million – the average cost of a critical infrastructure data breach
- $4.54 million – the average cost of a ransomware attack
- $9.44 million – the average cost of a data breach in the United States (the highest cost in the study)
Why are cloud environments hard to secure?
Why do cloud environments present challenges to organizations using them today? First, cloud environments are a different type of infrastructure than traditional infrastructure managed by organizations on-premises. Businesses often spin up workloads in the cloud without thinking about the security challenges or tooling required to secure these types of workloads properly.
Vulnerabilities and cloud misconfigurations are weaknesses targeted by attackers looking to compromise business-critical data stored in cloud environments. As a result, organizations must bolster the cybersecurity posture of their cloud infrastructure and have the tools needed to manage, harden, provide visibility, and detect abnormal activity in cloud workloads.
VMware Advanced Workload Security for AWS
As most are aware, VMware purchased Carbon Black in 2019 and has been evolving the products in the Carbon Black portfolio since. Recently, VMware announced a new product offering called Advanced Workload Security for AWS. So what is the new security solution for AWS, and what are its capabilities?
Organizations today are accelerating their cloud journey. In addition, businesses are choosing to use not only one public cloud vendor but multiple clouds to meet their business and technical objectives. The VMware Carbon Black Workload solution, including AWS, is a solution that is equally at home securing workloads in the cloud as it is on-premises workloads.
- It combines vulnerability reporting and security hardening of nodes with detection and response capabilities for hybrid workloads. It also is a powerful prevention solution helping to provide strong defensive capabilities against modern cybersecurity threats, including ransomware.
- It also automates many of the tedious tasks in managing the solution, including account management. In addition, it provides flexible options for AWS security, including CI/CD capabilities using Chef, Puppet, and Ansible. It provides a solution allowing businesses to replace traditional antivirus solutions with next-generation antivirus (NGAV).
- What kinds of advanced attacks is VMware Carbon Black Advanced Workload Security for AWS able to protect against? It is positioned to help protect against threats, including lateral movement, ransomware, malware, supply-chain attacks, and others.
- It helps organizations build on the concept of what VMware refers to as intrinsic security. Intrinsic security is the approach of delivering security as part of the infrastructure. It can help businesses to eliminate multiple security solutions in favor of a single solution that contains the tools needed for hybrid cloud resources.
VMware Carbon Black Advanced Workload Security for AWS allows security teams to secure their Amazon AWS EC2 instances and VMware vSphere workloads. With the new capability, businesses can have visibility across their hybrid cloud workloads, including VMware vSphere, AWS, private, public, and hybrid clouds. It helps to meet one of the major cybersecurity objectives for most businesses moving forward.
Cybersecurity and SecOps teams will benefit from many features and capabilities of the console as part of the solution. These include:
- Real-time insights
- Consolidated security metrics and visibility
- Unified patching process
- AWS EC2 instance protection status and policies assigned
- View a summary of the metrics and actionable items
- Access to a rich dataset for EC2 instances, including AWS tags and vulnerabilities, and trigger various management actions
Features of VMware Advanced Workload Security for AWS
What are the specific features of VMware Advanced Workload Security for AWS as it relates to your EC2 instances? Note the following:
It helps to reduce the attack surface – With the solution, you can gain visibility into indicators of compromise (IOCs), and other ordinary events to understand the vulnerability posture of the workloads. You can run configuration state checks and run assessments of your environment. All of these features help SecOps to detect attacks that may have infiltrated the perimeter of your network.
It helps to secure your workloads against modern threats – These types of attacks include attacks that are hard to discover, such as fileless malware and living-off-the-land attacks. It features the following:
- Agentless installation and lifecycle management
- Vulnerability assessments
- Real-time workload audit
- Next-generation antivirus (NGAV)
- Behavior monitoring and EDR capabilities
VMware Contexa
VMware makes note that VMware Carbon Black Advanced Workload Protection is powered by their own cybersecurity threat intelligence cloud, called VMware Contexa. Many security vendors are leveraging the power of the cloud with artificial intelligence (AI) and machine learning (ML) to help shift the advantage in their favor. Machine intelligence helps to parse through the massive amount of security data to pinpoint and extract anomalous behaviors and other activities.
Unified dashboard
The unified dashboard and deep forensics provided by VMware Carbon Black Advanced Workload Security provides a seamless management and visibility experience with its unified dashboard. In the dashboard, IT admins and SecOps alike can see all of their worklloads, including vSphere, VMware Cloud, AWS, and other hybrid infrastructure. This unified view helps to reduce the time to remediation for cybersecurity events.
VMware Carbon Black Advanced Workload security for AWS unified dashboard
Organizations have streamlined visibility to their AWS EC2 instances using the VMware Carbon Black Cloud console. It also pulls detailed metadata about the AWS EC2 instances. This metadata includes protection status, security policies, actionable metrics, deregistering EC2 instances after termination, and enhanced management of ad-hoc EC2 instances.
VMware Workload Security for AWS provides rich information about AWS EC2 instances
Wrapping Up
As organizations continue the rapid shift to cloud resources and multi-cloud resource consumption, security continues to be a priority that is top of mind for most businesses. However, transitioning from on-premises infrastructure to cloud-based resources presents challenges for companies still using traditional security products or that have not adopted modern cloud-capable solutions.
VMware Workload Advanced Security for AWS is a modern, cloud-based solution that enables organizations to protect their cloud workloads and on-premises workloads in the enterprise data center. It also provides a single-pane-of-glass dashboard that provides visibility to security threats, manages updates, and quickly remediates cybersecurity incidents as they unfold.
Many businesses use Amazon AWS EC2 instances to house business-critical workloads. Therefore, it is critical to secure and harden these and any other cloud resources to help bolster cybersecurity posture. The capabilities provided by the VMware Carbon Black Advanced Security for AWS solution help businesses protect their Amazon AWS EC2 instances intelligently and efficiently.
You can learn more about VMware Carbon Black Workload Security here: