VMware Takes on Cisco and Palo Alto Networks With Announcement of VMware Service-defined Firewall
VMware is delving deeper into the IT security segment with its recent announcement at RSA 2019, unveiling its Service-defined Firewall product. VMware will be competing with security giants Palo Alto Networks and Cisco, among others, to introduce the new offering that focuses on the internal network by validating good application behavior.
VMware is seeking to build on the unique aspects and characteristics embodied in its virtualization technology to replace integrated solutions with what it has termed “intrinsic security” vs. integrated security solutions. VMware seeks to focus on known “good assets” as opposed to scanning the universe for unknown threats.
VMware claims the new service can displace other solutions to become the “sole firewall solution for their internal needs.” They go one step further in an effort to build instant credibility for the Service-defined Firewall via the publication of a validation report from Verodin.
VMware’s Service-defined Firewall provides an agentless solution that can be deployed and utilized on bare metal, VM, and container-based environments in the cloud, on premises, or in hybrid cloud environments such as VMware Cloud on AWS. VMware advertises that this solution is a differentiator based on the following product characteristics:
- Application Verification Cloud – leverages “machine intelligence” across VMware’s ecosystem of millions of VMs to map out a “good state” of an application.
- Protected From the Guest – agentless capability that enables guest OS inspection to defend against root attacks. Works at run time to “detect and block malicious traffic on the network.”
- Distributed in Software – extends past the traditional methods of “hairpinning” traffic from the network through a hardware appliance scanning, which is inefficient and not easily scalable in complex applications.
VMware appears serious about this latest foray into the enterprise security space. VMware CEO Pat Gelsinger was quoted, “We're the company that makes [cloud infrastructure] okay for our customers, makes it more efficient, scalable, et cetera but we've never until the last couple of years really said, ‘Hey, we can now start changing the security dialogue in a fundamental way.’”
Our Take
IT security and infrastructure leaders will need to carefully examine the purported capabilities in this new VMware offering before “jumping in” with both feet. Should this solution prove true to VMware’s lofty claims, organizations will have to carefully examine the implications from a cost, licensing, and business operating model approach. With most IT shops already experiencing increased costs due to being a captive customer of VMware’s virtualization technology, this new offering could serve to increase this vendor lock-in. Additionally, the convergence of network and security functionality will drive the CISO and CIO to work off the same page or risk falling behind in a world less tolerant of security breaches.
Want to Know More?
Master the Secrets of VMware Licensing to Maximize Your Investment
VMware AWS Strike a Deal: A Hybrid Cloud Enterprises Have Been Looking For