Workload and Container Security Innovations in 2022

Cloud Workload Protection

December 9, 2022 

As we look back on 2022 it is amazing just how much we have accomplished in terms of new product and feature launches over just 12 short months. Our dedicated Engineering and Product Management teams have listened to you and introduced many innovations to make your lives more secure. 

We’re proud of this great work and want to take the opportunity to recap all of the innovations we’ve brought to customers to in 2022. 

Public Cloud Security 

In August, we announced support for AWS EC2 instances for VMware Carbon Black Workload. Security and cloud teams can now use a single solution and console to gain unparalleled visibility into and advanced security for workloads running across vSphere, VMware Cloud and AWS. By integrating into existing infrastructure, teams can reduce the attack surface and strengthen security posture while achieving consistent and unified visibility for workloads – wherever they are. 

For more details on this release, read the blog here


Figure 1. Unified visibility, security and control across AWS and virtual workloads in a single dashboard. 

Ransomware Recovery with VCDR 

VMware Ransomware Recovery offers a comprehensive ransomware protection solution that is built into the virtualization layer across the entire ransomware protection cycle: Identify, Protect, Detect, Respond and Recover. VMware Carbon Black and VMware NSX Advanced Firewall address the initial stages of this ransomware protection cycle, while VMware Ransomware Recovery provides the last line of defense and leverages native integrations with these security products, so they work better together. 

For more details on this release, read the blog here. 


Figure 2. The Ransomware Protection Cycle 

Container Security

Runtime Security for Containers 

Combined with our existing hardening and compliance capabilities, VMware Carbon Black Container has introduced runtime security for containers – enabling security and DevOps teams to secure containers throughout the full application lifecycle from development to production. Some of the newly released runtime security features include Runtime Image Cluster Scanning, Network and Workload Anomaly Detection, Egress and Ingress Security and Threat Detection. 

For more details on this release, read the blog here. 

image-20221213174012-1Figure 3. Integrated Alerts Dashboard 

Tanzu Application Platform (TAP) Integration 

As a part of the latest VMware Tanzu Application Platform (TAP) 1.3 release, we are excited to announce that TAP customers will now be able to integrate with and use the VMware Carbon Black Container vulnerability scanning capabilities. Users can now simplify the process of getting started and leverage their existing investments. Additionally, a centralized vulnerability monitoring dashboard will be introduced to aid Development teams with their pre-deployment security checks.   

For more details on this release, read the blog here. 

image-20221213174012-2Figure 4. Seamless integration into the CI/CD pipeline and existing processes in Tanzu Application Platform (TAP) 

Auto-Enforce for Containers 

VMware Carbon Black Container has added a new Auto Enforce feature to allow for an alternative to the typical “alert” or “block” model. With the Auto Enforce feature, SecOps teams can audit workload vulnerabilities and use VMware Carbon Black Container to mutate the workload to the desired state. The tool uses automation to mitigate and enforce policy management across environments at the cluster layer. 

For more details on this release, read the blog here. 

Support for Virtual Workloads 

VMware has introduced a new capability for virtual workloads to help reduce noise for DevSecOps teams. With VMware Carbon Black Container, users can now identify groups as they are aggregated together in one instance. This virtual workload will show everything you are used to viewing for a specific containerized workload in Carbon Black Container including, risk score, exceptions, and hierarchy. The best part is, there is no need to declare a virtual workload – Carbon Black will do it for you. 

For more details on this release, read the blog here. 


  • Elizabeth Schultheisz, Product Line Manager at VMware Carbon Black
  • Kellie Regan,  Manager, Product Marketing, VMware Carbon Black

Filter Tags

Workload Container Blog Document