Many of the most sophisticated attackers spend their days devising ways to sneak into the massive flow of data that takes place behind the perimeter. Often, the plan is to obfuscate payloads and hide their malicious activities within legitimate traffic and slip it into this “East-West” traffic, which can be orders of magnitude larger than the relative trickles of “North-South” data that flows past a firewall or onto an endpoint. Once inside, smart attackers bide their time, hiding within the common noise of your network, discovering assets, moving laterally leveraging common ports and protocols waiting for opportunities to do the most damage—say, to launch a ransomware review film attack or surreptitiously steal customer data. Some of the worst breaches of 2021 fit this description.
Fortunately, the internal traffic is in our wheelhouse. Our heritage in hypervisor technology gives us a privileged position when it comes to understanding precisely what is happening inside the company’s applications and networks—both the aggregate flows of traffic, but also at the most granular level. Thousands of companies use our tools to manage the deployment of software, whether using virtual machines (VMs) or container technology, and to understand network traffic at the packet level. This privileged position gives us visibility and context about every packet like no other.
Today, we’re taking a major step to make the most of this privileged position. We introduced enhancements to our security system focused on detecting and stopping lateral movement of threats, on private and public clouds, made of both VMs and containers. The enhancements include capabilities purpose-built for VM workloads, and a complimentary set of capabilities purpose-built for container-based Modern Applications, all tied together with advanced security analytics and management powered by VMware’s newly announced Contexa threat intelligence cloud.