VMware and Carbon Black, the leader in next-generation endpoint security, today announced an expanded partnership that will help transform current approaches to cloud and data centre security. The companies have developed a new joint solution that will dramatically shrink an organization’s attack surface, while empowering security teams with automated threat detection and remediation to react faster and more effectively to attacks. Today’s announcement expands on a collaboration announced earlier this year, giving VMware AppDefense customers the ability to leverage Carbon Black’s Predictive Security Cloud (PSC) reputation services.
As applications become more distributed and dynamic, they have also become more difficult to secure. Traditional security solutions are not flexible enough to keep up with applications as they change over time, leading to breakdowns in security. The majority of attacks causing damage today are not simple malware easily rooted out with “known bad” signatures. They require watching behaviour of applications for any deviation from the norm. They hinge on attackers manipulating the executables, processes, and operating system of the endpoint itself. Identifying these threats requires a deep understanding of both application behaviour and threat behaviour, something that traditional endpoint security products don’t possess.
The newly jointly developed solution will combine VMware AppDefense and Cb Defense’s advanced threat protection to provide a unique one-two punch for stopping threats to applications inside the data centre. VMware AppDefense leverages the power of the virtual infrastructure to create least privilege environments around applications. It enforces system integrity using the hypervisor, provides visibility into the intended state and behaviour of applications, and monitors state and behaviour from a protected position. Cb Defense, running on the Predictive Security Cloud, provides a next-generation endpoint protection solution that applies behavioural approaches to detect threats. It uses streaming prevention to monitor for malicious behaviour on a machine to protect against malware- and non-malware-based attacks. The solution combines three key elements to advance cloud and data centre security:
Enforcing Known Good Application Behaviour: By leveraging the virtual infrastructure, the solution will have an authoritative understanding of how data centre endpoints are meant to behave and is the first to know when changes are made. This contextual intelligence will remove the guesswork involved in determining which changes to processes, executables, and operating systems inside a given data centre endpoint are legitimate and which indicate real threats.
Detecting Unknown Threats: The solution will leverage application context to perform advanced behavioural threat detection to provide additional protection beyond least privilege. Any threat that isn’t prevented by locking down the application’s behaviour will be picked up by Carbon Black’s Streaming Prevention – a next-gen threat detection technology that uses event stream processing to correlate multiple events over time to indicate the presence of a threat. Users will see threat activity in real time, visualize the attack chain to see exactly what attackers are trying to do, and respond immediately to shut down attacks in progress.
Automating and Orchestrating Response: Once a threat is identified, the solution will allow for the full understanding of application context during investigation, and again, will use the virtual infrastructure to deliver a library of responses, ranging from suspending or snapshotting a VM, to quarantining the compromised machine and performing forensic analysis.
The new joint solution will be generally available from Carbon Black in VMware’s Q4 FY 2018, which ends on February 3, 2018. Customers can learn more about this joint solution by clicking here. VMware and Carbon Black will be launching a 15-city tour to give enterprises an opportunity to learn firsthand how the new solution protects their virtual data centre infrastructure. Sign up to be notified of dates and locations here.
For more info, check out these resources:
- Link to blog on the partnership
- Learn more about the partnership landing page
- Webinar: Securing the Virtual Data Center with Carbon Black and VMware
- More on AppDefense
- More on Cb Defense
- Carbon Black Threat Report: The Ransomware Economy
Another Apple Security Flaw Found…. This Time In HomeKit
Posted in Commentary with tags Apple on December 7, 2017 by itnerd9to5mac is reporting that yet another security hole in an Apple product has been found. This time it’s the HomeKit framework when used with the recently released iOS 11.2. The flaw allowed remote access by those of ill intent to HomeKit devices. So a real world example of this that the miscreant could say, unlock your doors if you had HomeKit compatible smart locks, and then disable your security cameras if you had HomeKit compatible security cameras before pillaging your home.
Clearly this was not a trivial issue.
However, the only good news out of all of this is that Apple has fixed most of the problem as I type this. Some of the fixes are coming on the server side of the fence. The rest of the fixes will show up in a iOS update that is coming next week. The only catch is that remote access for HomeKit users is disabled until that iOS update comes out.
At this point you have to ask yourself what has gone wrong with Apple’s QA as this highlights what I said about it being an #EpicFail. It never used to be this bad and we’ve now had over a week of solid security issues that are hitting the news. Clearly Apple has dropped the ball in a big way and they really need to pull up their socks or they’ll be ridiculed like Microsoft was in the early 2000’s when they went through their security nightmare.
4 Comments »