News

VMworld Keynote Highlights AI Ensuring Better Security

• By David Ramel
• 08/27/2018

VMware CEO Pat Gelsinger hit all the high points of cutting-edge virtualization and networking technology during today's opening keynote address at the company's VMworld conference in Las Vegas.

With an emphasis on artificial intelligence (AI) and machine learning (ML), Gelsinger discussed innovations in networking and security, framing new announcements in the context of four "technology superpowers," which he categorized into the areas of cloud, mobile, AI/ML and Edge/AI.

AI and ML were interwoven throughout the presentation, with Gelsinger declaring, "I really love the topic of AI," and hearkening back to a prior role where he worked on an AI chip in 1986, demonstrating the technology's age. "AI is today a 30-year overnight success," he said.

One area in which AI is being put to use, an area that Gelsinger said was "most important to me personally," is security. VMware, he said, is totally rethinking the approach to security.

"It's broken today," Gelsinger said, "the industry got it wrong." The industry, he said, has been trying to bolt on security products, in effect "chasing bad." The industry needs "much less security products" and "much more security." With that goal in mind, the company is providing "intrinsic security" to "ensure good" by building security into every core product, to lock the product down and ensure it behaves as it intended.

"We're not chasing threats or adding on but rather dramatically reducing the attack surface," Gelsinger said.

Continuing that theme, he made two major announcements concerning security, including Adaptive Micro-segmentation. He said micro-segmentation wasn't new but wasn't made practical until the advent of NSX, the VMware software-defined networking (SDN) network virtualization and security platform.

Gelsinger said the company was leaping beyond current micro-segmentation technology with new capabilities, defined by three words: learn, lock and adapt. In other words, security capabilities in VMware core products will: learn about the applications by looking into them to understand their behavior and how they should operate; lock them down to ensure they do operate that way; and, finally, adapt via new automation capabilities that change based on current behavior.

In an announcement, the company said Adaptive Micro-segmentation provides:

• Much more application intelligence -- By better understanding application composition and the intended state and behavior of the workloads that make up the application, we are turning visibility into security policy definition, thereby taking the guesswork out of policy creation.
• Workload control (in addition to network control) -- By directly locking down the workloads that comprise applications, Adaptive Micro-segmentation now protects against direct attacks on the application, itself. Additionally, it protects the services that traverse traditional segment boundaries (i.e. domain controllers, agents, jump servers, etc.) so that attackers cannot use legitimate communication paths to compromise applications.
• Adaptation to change -- One of the core problems with operationalizing a zero trust model is building controls that are flexible enough to accommodate the rapid rate of change of modern applications. As the name suggests, Adaptive Micro-segmentation allows for the automated redrawing of workload and network security policy when any component of the application is changed.

Along with Adaptive Micro-segmentation, the other major security announcement was VMware vSphere Platinum, which Gelsinger said "now has AppDefense built right in."

"VMware vSphere Platinum is a new edition of vSphere that delivers advanced security capabilities fully integrated into the hypervisor," the company said. "This new release combines the industry leading capabilities of vSphere with VMware AppDefense, delivering purpose-built VMs to secure applications."

AI was also showcased in the announcement of an update to Workspace ONE, described as an "intelligence-driven digital workspace platform. "The chaos is now over," Gelsinger declared, speaking about the complexity of IT infrastructures. To highlight that, he pointed to an example of automating the process of addressing issues with Windows 10 updates.

Specifically, VMware announced, "Workspace ONE Intelligence, a cloud-based service delivering data-driven insights and automation across the entire digital workspace, is now enabling new capabilities to accelerate this transition. Predictive Windows 10 OS patching based on OS and app readiness assessments and CVE vulnerability scores ensures devices are proactively maintained and remediated. Additionally, new industry-first UEM support for 100 percent Group Policy Object coverage makes it easy for IT to manage GPOs with editable Center for Internet Security (CIS) and Microsoft security policy templates."

In other major announcements, VMware detailed:

• Its intent to acquire CloudHealth Technologies, described as providing a global platform for multi-cloud operations. "CloudHealth Technologies delivers a cloud operations platform across AWS, Microsoft Azure and Google Cloud," the company said. "The platform enables customers to help analyze and manage cloud cost, usage, security, and performance centrally for native public clouds."
• Amazon Relational Database Service (Amazon RDS) on VMware. "Amazon RDS on VMware is a service that will make it easy for customers to set up, operate, and scale databases in VMware-based software-defined data centers and hybrid environments and to migrate them to AWS or VMware Cloud on AWS," VMware said. "Amazon RDS on VMware automates database management regardless of where the database is deployed, freeing up customers to focus on developing and tuning their applications. Available in the coming months, Amazon RDS on VMware will support Microsoft SQL Server, Oracle, PostgreSQL, MySQL, and MariaDB databases."
• A new vSAN 6.7 Update 1. "VMware will launch vSAN 6.7 Update 1 to make it easier for customers to adopt HCI through simplified operations, efficient infrastructure and rapid support resolution," the company said. "The new release will reduce maintenance operations time with built-in intelligence capabilities. It will also enable admins to spin up new HCI clusters faster than ever by introducing a 'Quickstart' guided cluster creation and extension wizard that guides the user through the deployment process for both vSAN and non-vSAN clusters."
• New and enhanced VMware Cloud Services, including VMware Cloud Assembly, VMware Service Broker and VMware Code Stream. "VMware's cloud automation services are a set of cloud services that leverage the award-winning vRealize Automation on-premises offering," VMware said. "These services make it easy and efficient for developers to build and deploy applications. The cloud automation services consist of VMware Cloud Assembly, VMware Service Broker, and VMware Code Stream. Together, these services streamline application delivery, enable cloud flexibility and choice, and control risks. Additionally, these services facilitate collaboration between traditionally siloed groups helping further accelerate business innovation."

Stay tuned for more coverage of VMworld every day this week.