DPU solution could change the game for VMware's network and application security model

SECURITY

VMware Inc. announced an intriguing development on the security front during its recent annual conference. The virtualization pioneer unveiled an enhancement for its NSX network platform that leverages data processing unit acceleration using smart network interface controllers.

Behind the technical jargon of VMware’s announcement can be found a simple reality: The DPU has the potential to be a game-changer for VMware when it comes to network security.

“There is an isolation angle to this, which is that firewall we’re putting everywhere,” said Tom Gillis (pictured), senior vice president and general manager of the Networking and Advanced Security Business Group at VMware. “We put it in each little piece of the server, and when it runs on one of these DPUs, it’s in a different memory space. It puts an air gap into the server itself so that if the server is compromised, it’s not going to get into the network. Really powerful.”

Gillis spoke with theCUBE industry analysts John Furrier and Dave Vellante at VMware Explore, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed details surrounding VMware’s NSX platform announcement and a drive to fundamentally change security. (* Disclosure below.)

Focus on east-west traffic

VMware’s SmartNIC solution provides greater visibility into east-west traffic, the movement of information laterally across a network. This is a key element for security because major intrusions have been engineered by malicious actors to provide a damaging level of database access.

“We’re very focused on lateral security or the east-west movement of an attacker, because, frankly, that’s the name of the game these days,” Gillis said. “How do we make it hard for them to move around within the infrastructure and get to the really valuable assets? If they get code running on your machine, they might find some interesting things, but they’re not going to find 250 million credit cards.”

The latest security enhancements are focused on securing applications from within. Using the DPU, VMware now has an ability to secure both virtual machine and container-based applications, according to Gillis.

“For virtual machines, we do it with the hypervisor, with NSX, and we see all in the inner workings,” he  said. “In the container world, we have a service mesh that lets us look at each little snippet of code and how they talk to each other. The anomalies stick out like a sore thumb, and with our unique focus on the infrastructure, we can see each one of these little transactions and understand the conversation. We see the inner plumbing of the app and therefore we can protect the app.”

Gillis joined VMware in 2018, during a time when Pat Gelsinger was still the company’s chief executive. Gelsinger has since departed to lead Intel, but Gillis still remembered a directive from VMware’s top executive when he came on board.

“When I started at VMware four years ago, Pat sat me down in his office and said: ‘Tom, I feel like we have fundamentally changed servers, we fundamentally changed storage, we fundamentally changed networking, but the last piece of the puzzle is security, and I want you to go fundamentally change it,’” Gillis recalled. “The stakes are incredibly high. Just look at the impact these security attacks are having. Companies get taken down.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of VMware Explore:

(* Disclosure: VMware Inc. sponsored this segment of theCUBE. Neither VMware nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE