What is VMware?
VMware is a US software vendor offering cloud computing and virtualization technology. VMware’s server virtualization technology employs a bare-metal hypervisor ESX/ESXi to virtualize x86 architecture.
VMware virtualization involves installing a hypervisor on a physical server and allowing each virtual machine to run an operating system. This process enables several virtual machines (VMs) to run on the same physical server and share server resources like RAM (News - Alert) and networking.
VMware’s hypervisor can also run containerized workloads in a Kubernetes cluster. It enables security, development, and operations teams to manage container-based infrastructure similarly to managing VMs while deploying as many containers as needed. VMware virtualization is the basis of many large scale infrastructure as a service (IaaS) deployments.
There are several common alternatives to VMware virtualization, including Microsoft Hyper-V and the Citrix Hypervisor.
What is Incident Response?
Incident response is a preemptive business function that ensures an organization is able to rapidly respond to cybersecurity threats. All representatives from core aspects of the business can and should be involved in the incident response process. The focus of incident response is to limit the damage caused by a cyberattack and reduce recovery time and cost.
Incident response is typically handled by an organization’s computer security incident response team (CSIRT). The CSIRT comprises information security, IT staff, legal, human resources representatives, and public relations departments, all conducting incident response activities.
The CSIRT should follow a set of procedures outlining the organization’s response to network events, security incidents and confirmed breaches. This set of instructions is known as the incident response plan (IRP).
Incident Response Challenges in a Virtualized Environment
An organization can gain productivity and flexibility in a virtualized environment. However, virtualized environments pose unique risks so an organization needs the ability to respond to an attack, unwanted device, or malicious user behavior. Here are some of the unique security challenges posed by virtualized environments:
VMware Incident Response Solutions
VMware has reacted to the challenges of security in virtualized environment, and now provides its own incident response solution, based on technology it acquired from Carbon Black in 2019. VMware incident response solutions include endpoint detection and response (EDR), which can help react to security incidents affecting individual VMs, and Cloud-Managed Detection and Response, which can help respond to incidents across entire cloud environments.
Carbon Black EDR
Carbon Black EDR is VMware’s incident response and threat hunting solution. It aims to provide continuous visibility for security operations center (SOC) teams working with offline environments and on-premises resources.
The solution continuously records and stores endpoint activity data to enable security professionals to visualize the entire attack kill chain and hunt threats in real-time. It employs threat intelligence aggregated from VMware’s Carbon Black Cloud to identify behavior patterns and detect endpoint threats.
Here are key features of Carbon Black EDR:
VMware Carbon Black Cloud Managed Detection and Response
This managed service is supported by a team of security experts monitoring and analyzing all data in your VMware Carbon Black Cloud. The team leverages advanced machine learning and algorithmic toolsets to provide you with insights into attacks within your VMware Carbon Black Cloud environment.
VMware Carbon Black Cloud Managed Detection and Response experts notify you via email of threats. They provide recommendations for specific policy changes to remediate detected threats as well as incident remediation guidance and threat containment during security incidents.
Here are notable features of VMware Carbon Black Cloud Managed Detection and Response:
In this article, I explained the basics of virtualized environments, incident response, and how teams can react to cyber threats in VMware data centers. I also described two security solutions provided by VMware, which can help secure virtualized environments:
I hope this will be useful as you improve the security posture of your VMware data center.
Author Bio: Gilad David Maayan