Securing Modern Applications - Solution Guide
Kubernetes is improving operations concerns like resource utilization and spending, cloud migrations, and application upgrades. However, the challenge of meeting security and compliance requirements has increased.
In 2022, for 59% of organizations, the first challenge encountered in deploying Kubernetes is “Meeting security & compliance requirements”.
This year saw a rise in security concerns for multi-cluster and multi-team Kubernetes use. We asked people to choose up to two security concerns, and here is what they said:
What we see here are concerns that are driven by growing use. As organizations make Kubernetes available for use by other teams, you will want to make sure those new teams are following policy and that the team’s environments are isolated from each other. The focus on that is going around in the industry now comes up as a concern as well, with a third of respondents pondering securing containers.
The goal of Modern Apps Security is to shift left security, and to involve development team in the security of container, it means that Dev, Sec and Ops owns the security together.
Following this overview, the solutions guide provides information on individual products. This solutions guide will cover:
Carbon Black Container
Tanzu Service Mesh
and VMware CloudHealth SecureState
VMware Carbon Black Container
VMware Carbon Black Cloud Container enables enterprise-grade container security at the speed of DevOps by providing continuous visibility, security, and compliance for containerized applications from development to production—in any on-premises or public cloud environment. This solution provides security teams with visibility and the ability to enforce compliance while integrating seamlessly into existing DevOps processes to avoid adding operational complexity. With VMware, organizations can reduce risk,
Key Advantages for Modern Apps Protection:
- Gain complete visibility into the security posture of Kubernetes
- Enable prioritized vulnerability reporting
- Easily define and customize security policies
- Address vulnerabilities and misconfigurations at build
- Enable speed of delivery without compromising security
- Easily deploy and set up products
- Seamlessly integrate into the CI/CD pipeline and existing processes
- To learn more about VMware Carbon Black products, visit our Product Paths in TechZone. Product learning paths are designed to take you from A-Z to understand everything from product overviews to optimization/best practice content per product.
- To learn more about VMware Security Solutions, visit our Solution Path in Tech Zone!
A solutions path is a curated learning experience designed to walk you through security challenges and how to get hands on and solve for your organization with VMware Security. Don't miss out on Securing Modern Applications - Solution Path: https://carbonblack.vmware.com/securing-modern-applications
- If you are trying to put the Dev into DevSecOps, the most critical piece in securing modern applications is notifying Dev early and often if something is not meeting security requirements. Watch this demonstration to see how VMware Carbon Black Container can integrate into your development pipelines.
- Kubernetes continues to gain traction as the leading open-source platform for managing containerized workloads and services. However, the increased agility, portability, and scalability are juxtaposed with susceptibility to vulnerabilities specific to Kubernetes environments. This session will analyze each of the four layers of the Kubernetes tech stack (code, container, cluster, cloud/on-prem data center) to uncover emerging threats and common security pitfalls to avoid. Gain insights into the vulnerabilities, how they came to be, and mistakes to avoid – all to help you strengthen your security posture.
VMware Tanzu Service Mesh
Within the report, 94% of the 130 Banks suffered attacks via API, VMware Tanzu Service Mesh provides advanced, end-to-end connectivity, security, and insights for modern applications—across application end-users, microservices, APIs (Application Programming Interface), and data—enabling compliance with Service Level Objectives (SLOs) and data protection and privacy regulations.
- Multi-cloud and multi-runtime secure connectivity for distributed applications
- Zero Trust application security, with automated DevSecOps workflows
- Visibility and analytics across app end-users, microservices, APIs, and data
- PII detection and protection
VMware CloudHealth Secure State
Reducing misconfigurations, monitoring malicious activity, and preventing unauthorized access are foundational activities necessary to ensure the security and compliance of applications and data in the cloud. As criminals become more sophisticated in their abilities to exploit cloud misconfiguration vulnerabilities, security teams need a smarter approach to prevent security breaches. CloudHealth Secure State is an intelligent cloud security and compliance monitoring platform that helps organizations reduce risk and protect millions of cloud resources by remediating security violations and scaling best practices at cloud speed.
Introduction to CloudHealth Secure State
Monitor multiple cloud providers and understand how a minor configuration change can elevate risk across connected cloud objects
- Quickly discover inventory, explore cloud topology, and drive investigations with a unified search engine for multiple cloud providers, regions, and accounts
- Detect security risks within seconds and monitor ephemeral cloud resources with an event-based approach that minimizes API calls to cloud
- In a single graph view, get deep security context including cloud resource relationships, misconfigurations, threats, metadata, and change activity
- Audit configuration changes and track progress developers make in resolving security and compliance violations across the organization and sub-projects
Define Governance Standards
Build cloud security and compliance program to establish organization-wide standards and fine-tune policies
- Assess misconfiguration and compliance risk by automating benchmarks such as CIS, GDPR, HIPAA, ISO 27001, MITRE ATT&CK Cloud, NIST, PCI, & SOC 2
- Eliminate security and compliance blind spots by defining custom frameworks and rules specific to technical needs
- Reduce false positives and allow exceptions to security policies by automatically suppressing rules or findings based on pre-defined criteria
- Prioritize security of most vulnerable cloud resources with an intelligent risk-scoring algorithm that makes it easy to identify critical findings
Use automation to improve security and compliance posture and build guardrails that prevent mistakes
- Safely embrace auto-remediation with a framework that takes actions without writing permissions to a customer cloud environment
- Mitigate risks at scale with a rich library of pre-defined remediation jobs and the ability to create custom jobs as code
- Click to fix known violations and precisely target resources based on filtering criteria such as a cloud provider type, region, account, or tag
- Proactively prevent mistakes by enabling guardrails that automatically resolve new violations that match specified filtering criteria
Automate cloud security operations in the company with an API-first platform that easily integrates with other IT, security, and developer tools
- Shift-left security to proactively identify and resolve violations through API based verification within CI / CD pipelines
- Enable developers to manage cloud risk with Role-Based Access Controls for monitoring security and compliance findings
- Prioritize security and incident response by correlating threats ingested from third-party sources with native security and compliance findings
- Streamline SOC investigations by easily exporting native findings for additional analytics in Security Information & Event Management systems
Mitigate security and compliance risk with real-time security insights, CloudHealth Secure State does provide the following capabilities to help secure Modern Apps:
- Improve security visibility with real-time inventory search and investigation capabilities for multi-cloud environments.
- Reduce misconfigurations and prioritize threats with visual risk context and a more secure auto remediation approach.
- Benchmark compliance with industry standards with over 950 out-of-the-box rules and enterprise customizations.
- Plan how to operationalize your cloud security program through better collaboration between developers, security, and operations team
Summary and Additional Resources
Discover how VMware Security Solutions address Modern Apps protection.
- Carbon Black TechZone:
- NSX TechZone Security Resources:
The following updates were made to this guide:
Description of Changes
Your feedback is valuable.