Announcing VMware Carbon Black Workload and Cloud Configuration

Security Designed for Cloud-Native Architecture

It is 2023 and organizations are continuing to migrate workloads to public clouds, modernize their applications and adopt cloud native practices at a rapid pace. But all this movement means the attack surface is growing exponentially, and enterprises are finding their traditional security tools and practices are not effective in complex, cloud-native environments. To reduce misconfigurations, detect malicious activity, and prevent unauthorized access, organizations need a unified, “cloud smart” solution that provides consistent visibility, control and security across clouds.

A New Solution for Cloud Security Teams

As VMware progresses further into the cloud-native application space, we are excited to introduce our latest selling motion that brings together the power and capabilities of VMware Carbon Black and VMware Aria Automation for Secure Clouds. (formerly CloudHealth Secure State)

VMware Carbon Black Workload and Cloud Configuration combines real-time security posture management for cloud and Kubernetes, entitlements visibility, threat prevention (NGAV) and advanced detection and response capabilities for workloads (EDR) to deliver a more integrated approach to cloud security. This comprehensive solution enables cloud security teams to identify and reduce risk through configuration and posture management, prevent breaches and respond to attacks faster to keep cloud workloads and resources secure.

Cloud Configuration Security and Compliance

VMware Aria Automation for Secure Clouds is a real-time, contextual cloud configuration security solution. The platform detects misconfigurations in near real-time and adds powerful investigation capabilities to your toolkit through graph search with visualization of resource relationships. Teams can automate actions such as alerts, suppression of non-critical notifications, and risk remediation without write-access. In addition to continuously benchmarking compliance across clouds with access to a rich library of over 1000 rules, teams get a single view of progress made in resolving risks and automated reporting functionalities.  The platform enables correlation of risk due to resource relationships and entitlements with misconfigurations and threat activity, and provides a quantitative risk score to every reported violation that helps with prioritization of risks to be remediated.

The platform draws its power from an Interconnected Cloud Security Model, an intermediate data layer that leverages cloud APIs, change events, and native threat data to help organizations model an entire multi-cloud environment in a single place, which is updated real-time with change in ephemeral cloud resources. The service applies pre-defined security and compliance benchmarks as well as organization specific custom rules to this data model
to detect misconfiguration risks.

cloud security model






Figure 1: Interconnected Cloud Security Model

IT administrators can send actionable alerts to application owners with risk context instantly while application teams can resolve misconfiguration risks either manually using the cloud provider console, or through automated remediation.

Key Benefits:

  • Speed-up security investigation with real-time, graph search that enables visualization of resource relationships.
  • Mitigate cloud risk with real-time misconfiguration detection, infrastructure context, and automated actions across cloud and Kubernetes infrastructure.
  • Continuously improve compliance with pre-defined industry standards and capability to create specific custom frameworks with low-code approach.
  • Gain visibility into principals and their entitlements to cloud resources to identify sensitive access conditions.
  • Prioritize response to critical threats by correlating anomalies with risky misconfigurations.
  • Integrate security checks in continuous integration and continuous deployment (CI/CD) pipelines for a “Shift-left” security approach.

Advanced Cloud Workload Protection

Security teams can’t protect what they can’t see, yet they often lack visibility and control in highly dynamic cloud environments. VMware Carbon Black Workload protects cloud workloads by combining industry leading prevention (NGAV) and detection and response (EDR) with deep visibility and workload hardening to detect, prevent and respond to threats faster. Security teams can analyze attacker behavior patterns over time to detect and stop malware, ransomware, and never-seen-before attacks, including lateral movement and those manipulating known-good software. If an attacker bypasses perimeter defenses, Carbon Black Workload empowers security teams to prevent the attack before it escalates to a data breach. 

Carbon Black Workload enables full visibility into all Amazon Elastic Compute Cloud (EC2) instances, a rich set of metadata, management of ephemeral instances, and management functions such as search and export. This reduces operational overhead and makes account management easier with single and multiple account management modes. Carbon Black Workload also provides flexible deployment options aligned with cloud-native and DevOps standards making it easy to enable security for cloud workloads, including auto-generated continuous integration and continuous deployment (CI/CD) using Chef, Puppet, Ansible and more.

AWS workload db

Figure 2: Unified visibility and actionable insights into all cloud workloads.

 Key Benefits:

  • Block known and unknown attacks including malware, ransomware and living-off-the-land attacks.
  • Stop more malware by combining exploit prevention, machine learning and file reputation, and access lifecycle context to ensure effective protection.
  • Detect anomalous activity with threat intelligence and frequency analysis, and feed response actions directly back into hardening and prevention.
  • Leverage industry-leading detection and response capabilities and enhance visibility with highlighted suspicious workload events.
  • Easily investigate security incidents and visualize attack chains in real time to speed response.
  • Proactively reduce the attack surface with automated compliance reporting and prioritization of vulnerabilities and misconfigurations.
  • Enforce compliance and industry best practices.

VMware Carbon Black Workload provides the advanced prevention, detection and response capabilities required to keep cloud workloads secure, with easy onboarding, setup and deep visibility into cloud environments.

The Future of Cloud Security with VMware Carbon Black Workload and Cloud Configuration

Securing cloud workloads and resource configurations is challenging for security and cloud teams in dynamic multi-cloud environments. VMware, however, takes an intrinsic approach to delivering security— building it into the infrastructure everywhere workloads are deployed. This unique approach eliminates the trade-off between security and operational simplicity by providing a single source of truth for infrastructure and security teams to accelerate response to critical vulnerabilities and attacks, while also enabling collaboration and reducing friction.

Take a proactive stance against lateral movement and privilege escalation in the cloud with VMware’s cloud workload protection and cloud posture solutions, and enable your cloud-native applications to be secure throughout their lifecycle, inside and out.

Additional Resources

Filter Tags

Securing Multi-Cloud Workload Blog Document