DPU solution could be a game-changer for VMware’s network and application security model
VMware Inc. announcement an intriguing development on the security front at its recent annual conference. The virtualization pioneer has unveiled an enhancement for its NSX networking platform that takes advantage of data processing unit acceleration using intelligent network interface controllers.
Behind the technical jargon of VMware’s announcement lies a simple reality: the DPU has the potential to be a game-changer for VMware when it comes to network security.
“There is an isolation angle to this, which is this firewall that we put everywhere,” said Tom Gillis (pictured), senior vice president and general manager of the Networking and Advanced Security business group at VMware. “We put it into every little bit of the server, and when it’s running on one of those DPUs, it’s in a different memory space. It puts an air gap in the server itself so that if the server is compromised, it won’t enter the network. Really powerful.
Gillis spoke to industry analysts theCUBE furry jeans and Dave Vellante at Explore VMware, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s live streaming studio. They discussed the details surrounding VMware’s NSX platform announcement and a desire to fundamentally change security. (*Disclosure below.)
Focus on east-west traffic
VMware’s SmartNIC solution provides greater visibility into east-west traffic, the lateral movement of information across a network. This is a key element for security, as major intrusions have been engineered by malicious actors to provide a detrimental level of access to the database.
“We’re very focused on side safety or an attacker’s east-west movement because, frankly, that’s the name of the game these days,” Gillis said. “How can we make it difficult for them to move around the infrastructure and access the really valuable assets? If they run some code on your machine, they might find some interesting stuff, but they won’t find 250 million credit cards.
The latest security enhancements are focused on securing apps from the inside. By using the UPDVMware now has the ability to secure both VM-based and container-based applications, according to Gillis.
“For virtual machines, we do it with the hypervisor, with NSX, and we see everything in the inner workings,” he said. “In the world of containers, we have a service mesh that allows us to look at every little snippet of code and how they talk to each other. Anomalies stick out like a sore thumb, and with our unique focus on infrastructure, we can see each of these small transactions and understand the conversation. We see the internal plumbing of the application and therefore we can protect the application. »
Gilles joined VMware in 2018, at a time when Pat Gelsinger was still the company’s chief executive. Gelsinger has since left to lead Intel, but Gillis still remembered a directive from VMware’s top executive when he came on board.
“When I started at VMware four years ago, Pat sat me down in his office and said, ‘Tom, I feel like we’ve fundamentally changed servers, we’ve fundamentally changed storage, we fundamentally changed networking, but the last piece of the puzzle is security, and I want you to go fundamentally change that,” Gillis recalled. “The stakes are incredibly high. Just look at the impact of these security attacks. Businesses are dismantled.
Here’s the full video interview, some of SiliconANGLE and theCUBE’s coverage of Explore VMware:
(* Disclosure: VMware Inc. sponsored this segment of theCUBE. Neither VMware nor other sponsors have editorial control over the content of theCUBE or SiliconANGLE.)