VMware sharpens security focus with vSphere Platinum, ‘adaptive micro-segmentation’

VMware is expanding its security range with a new version of its virtualization software that has security integrated into the hypervisor.

“Our flagship VMware vSphere product now has AppDefense built right in,” VMware CEO Pat Gelsinger told the audience at VMworld 2018, which kicked off this week in Las Vegas. “Platinum will enable virtualization teams – you – to give an enormous contribution to the security profile of your enterprise.”

Announced one year ago, AppDefense is VMware’s data-center endpoint-security product, designed to protect applications running in virtualized environments. AppDefense uses machine learning and behavioral analytics to understand how an application is supposed to behave, and it detects threats by monitoring for changes to the application’s intended state.

The new Platinum edition combines vSphere’s native security capabilities with AppDefense. It’s designed to help vSphere administrators deliver more secure applications and infrastructure by enabling VMs to run in a “known good” state. With visibility into VM intent and application behavior, an enterprise can bolster its threat detection and response capabilities.

With AppDefense, “you can see whatever a VM is for – it’s purpose, it’s behavior – and tell the system that’s what it’s allowed to do, dramatically reducing the attack surface without impacting operations or performance. The capability is so powerful, so profound, we want you to be able to leverage it everywhere, and that’s why we’re building it directly into vSphere,” Gelsinger said.

“I call it the burger and fries. Nobody leaves the restaurant without fries. Who would possibly run a VM in the future without turning security on? That’s how we want this to work going forward.”

VMware vSphere Platinum Edition is expected to become available by early November.

In the big picture, VMware sees enterprises making a shift from point security tools to security that’s embedded in infrastructure. VMware is aiming its message of intrinsic security at enterprises that are grappling with increasing security threats and greater regulatory pressure to control risks.


VMware offers ‘adaptive micro-segmentation’

Along with unveiling vSphere Platinum, VMware also bolstered its micro-segmentation offering.

Micro-segmentation is a method of creating secure zones in data centers and cloud deployments that allows companies to isolate workloads from one another and secure them individually. The goal is to decrease the network attack surface: Enterprises can create policies that limit network and application flows between workloads to those that are explicitly permitted, reducing the risk of an attacker moving from one compromised workload or application to another.

VMware has been talking about micro-segmentation at the network level for about five years, and it’s a core element of VMware’s NSX networking and security platform. At VMworld, it took micro-segmentation a step further, announcing what it terms “adaptive micro-segmentation.”

Adaptive micro-segmentation brings segmentation up the stack from the network level to include the application layer, tying VMware’s network products – NSX and vRealize Network Insight for operations management – more closely together with AppDefense. Working together, the products can identify the composition and intended behavior of an application, align policy to the application, and lock down the workload and network elements of the application. As an application changes throughout its lifecycle, the combined technologies can automatically rework compute and network security policy to address application component changes.

“As powerful as micro-segmentation has been as an idea, we’re taking the next step with what we call adaptive micro-segmentation,” Gelsinger said. “We are fusing together AppDefense and vSphere with NSX to allow us to align the policies of the application through vSphere and the network. We can then lock down the network and compute, and enable this automation of the microsegment formation. Taken together: adaptive micro-segmentation.”

Kubeflow brings Kubernetes to machine learning workloads

Now in beta, the open source Kubeflow project aims to help deploy a machine learning stack on the Kubernetes container orchestration system.

The Kubeflow machine learning toolkit project is intended to help deploy machine learning workloads across multiple nodes but where breaking up and distributing a workload can add computational overhead and complexity. Kubernetes itself is tasked with making it easier to manage distributed workloads, while Kubeflow centers on making the running of these workloads portable, scalable, and simple. Scripts and configuration files are part of the project. Users can customize their configuration and run scripts to deploy containers to a chosen environment.

To help management deployments, Kubeflow works with Version 0.11.0 or later of the Ksonnet framework, for writing and deploying Kubernetes configurations to clusters. Kubernetes 1.8 or later is required, in a cluster configuration. Kubeflow also works with the following technologies:

  • TensorFlow machine learning models, which can be trained for use on premises or in the cloud.
  • Jupyter notebooks, to manage TensorFlow training jobs.
  • Seldon Core, a platform for deploying machine learning models on Kubernetes.

Kubeflow extends the Kubernetes API by adding custom resource definitions to a cluster, so Kubernetes can treat machine learning workloads as first-class citizens. Described by the open source project as being cloud-native, Kubeflow also integrates with the Ambassador for Ingress and Pachyderm projects for management of data science pipelines. Plans call for extending Kubeflow beyond TensorFlow, with backing considered for the PyTorch and MXNet deep learning frameworks.

Top web browsers 2018: Chrome edges toward supermajority share

Google’s Chrome last month continued to creep up on a two-thirds supermajority of browser share, while Microsoft’s once-dominant position deteriorated. Again.

According to analytics company Net Applications, Chrome’s user share climbed half a percentage point in August, reaching 65.2%, an all-time high. In the last 12 months, Chrome has gained 5.9 percentage points, the only browser of the top four – others include Apple’s Safari, Microsoft’s Edge and Internet Explorer (IE), and Mozilla’s Firefox – to add to its total during that period.

Net Applications calculates user share by detecting the agent strings of the browsers people use to visit its clients’ websites. The firm then tallies the visitor sessions – which are effectively visits to the site, with multiple sessions possible daily – rather than count only users, as it once did. Net Applications primarily measures activity, although it does so differently than rival sources, which total page views.

If the trend of the last 12 months continue, Chrome will take the two-thirds prize in November. Barring any change in the browser battle, Chrome will account for 70% of the global share by June 2019.

The only other browsers to have accumulated that much share since the web broke out of its academia-government ghetto in the 1990s were Netscape’s Navigator and Microsoft’s IE. The former faded under assault from the latter, vanishing for good in early 2008; IE is following in its one-time rival’s footsteps.