Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

09:45 AM
Dark Reading
Dark Reading
Products and Releases

VMware Expands Into Container Security

PALO ALTO, Calif. – April 7, 2021 – VMware, Inc. (NYSE: VMW) today unveiled expanded cloud workload protection capabilities to deliver security for containers and Kubernetes. The  new solution will help increase visibility, enable compliance and enhance security for  containerized applications from build to production in public cloud and on-premises  environments. 

“Containers and Kubernetes are enabling organizations to develop and modernize applications  faster than ever, but the innovation is also expanding the attack surface,” said Patrick Morley,  senior vice president and general manager, Security Business Unit, VMware. “Our solution  extends security to containers and Kubernetes to deliver one of the industry’s most  comprehensive cloud workload protection platforms. With security built into the development  and deployment of applications, we are bridging the gap between the SOC and DevOps teams to help our customers reduce the risks that come with running containers across clouds.” 

For many organizations, migrating to the cloud has had to happen quickly and at a large scale  to ensure business continuity amid the global pandemic. Development teams are looking to  containers and Kubernetes for speed and the ability to scale application delivery. According to  Gartner, “by 2025 more than 85 percent of global organizations will be running containerized  applications in production, which is a significant increase from fewer than 35 percent in 2019.”1 Organizations now need security for modern workloads to address a new set of threats and build resilient digital infrastructure. 

Better Secure the Complete Lifecycle of Kubernetes Applications 

Security is especially complex in multi-cloud infrastructures. VMware Carbon Black Cloud  Container builds security into the continuous integration and delivery (CI/CD) pipeline to analyze  and control application risks before they are deployed into production. Expanding the VMware  Carbon Black Cloud Workload offering, the new capabilities will enable organizations to better  secure containerized applications in Kubernetes environments. The solution shifts security left to protect the entire lifecycle of Kubernetes applications. InfoSec teams can now scan  containers and Kubernetes configuration files early in the development cycle to address  vulnerabilities with unparalleled visibility. The solution provides continuous cloud-native security  and compliance to better secure applications and data wherever they live. 

Enable Collaboration for InfoSec and DevOps Teams 

Containers and Kubernetes offer development teams flexibility with an infrastructure-as-code  approach. However, security is often a roadblock to faster production deployments and later bolted-on as an afterthought. The VMware container security module will empower InfoSec and  DevOps teams to better collaborate and identify risks earlier in the development cycle with built-

in security. The expanded offering will provide a new vantage point to allow cross-functional  teams to detect and fix vulnerabilities to achieve simple, more secure multi-cloud Kubernetes  environments. 

VMware’s expanded cloud workload protection capabilities will deliver a comprehensive solution  for InfoSec teams including:  

● Security Posture Dashboard: Provides a combined view of vulnerabilities and  misconfigurations to enable complete visibility into security posture across Kubernetes  workload inventory. InfoSec and DevOps teams can gain deep visibility into workload  security posture and governance to enable compliance, with the ability to freely explore  Kubernetes workload configuration via customized queries. 

● Container Image Scanning and Hardening: InfoSec and DevOps teams can scan all  container images to identify vulnerabilities and restrict the registries and repositories that  are allowed in production. Teams can set minimum standards for security and  compliance, generate compliance reports and follow CIS benchmarks and Kubernetes  best practices.  

● Prioritized Risk Assessment: Vulnerability assessments allow InfoSec and DevOps teams to review images running in production and only approved images are deployed.  Security teams can use the prioritized risk assessment to detect and prevent  vulnerabilities by scanning Kubernetes manifests and clusters.  

● Compliance Policy Automation: Infosec teams can shift-left into the development  cycle, streamline compliance reporting, and automate policy creation against industry  standards such as NIST, as well as the customer’s organizational requirements. This  enables the integrity of Kubernetes configurations through control and visibility of  workloads that are deployed to an organization’s clusters. Customizable policies help  enforce configuration by blocking or alerting on exceptions. 

The Future of Intrinsic Security with VMware Carbon Black and Tanzu  The container security module compliments the VMware Tanzu portfolio. Select Tanzu editions  include a global control plane for centralized management of all aspects of cluster lifecycle,  including policies for access, data protection, and more. Customers can now add powerful security for containers and Kubernetes applications while simplifying operations for InfoSec and  DevOps teams.  

Customer Quote 

DoubleVerify powers the new standard of digital marketing performance, ensuring  viewable, fraud-free, brand-safe ads. 

“It’s important that we have full visibility into the risk of our entire Kubernetes workload  environment, as well as the ability to detect and prevent vulnerabilities before containers are  deployed,” said Roy Berko, Senior Director of DevOps, DoubleVerify. “With VMware’s container  security offering, we now have instant visibility to help reduce risk of our containerized  applications all from a single dashboard.” 

Analyst Quote 

IDC is the premier global market intelligence firm, examining consumer markets by  devices, applications, networks, and services  

“Kubernetes has become the de-facto best practice standard for developing cloud-native  applications, yet developers are still leveraging siloed and inefficient tools with limited cross  organization visibility,” said Frank Dickson, Program Vice President, Security & Trust at IDC.  “VMware’s container security offering provides an opportunity for security and DevOps teams to  work more closely together to leverage the power of Kubernetes and better secure the unique lifecycle development processes of container-based applications.” 

Product Availability 

VMware container image scanning and CI/CD integration capabilities are expected to be  available in April 2021. Runtime security for detection and response will be available later this  year. For more information, please visit our website. 

Additional Resources 

• Blog: Automate DevSecOps for Full Lifecycle Container Security 

• Blog: Securing Containers and Kubernetes-Orchestrated Environments 


1. Gartner, Best Practices for Running Containers and Kubernetes in Production, Arun  Chandrasekaran, August 2020.  

About VMware 

VMware software powers the world’s complex digital infrastructure. The company’s cloud, app  modernization, networking, security, and digital workspace offerings help customers deliver any  application on any cloud across any device. Headquartered in Palo Alto, California, VMware is  committed to being a force for good, from its breakthrough technology innovations to its global  impact. For more information, please visit https://www.vmware.com/company.html


Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-23
In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function...
PUBLISHED: 2021-04-23
The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.
PUBLISHED: 2021-04-22
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...
PUBLISHED: 2021-04-22
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...
PUBLISHED: 2021-04-22
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...