During a MapleSEC fireside chat, Jim Love, CIO of IT World Canada, welcomed Chad Skipper, global security technologist from VMware, for a conversation that delved into the complexities of modern cybersecurity and the solutions being developed to address them.
Visibility in the virtual battlefield
The discussion revolved around the concept of visibility within organizational networks, particularly focusing on the challenges faced in monitoring internal traffic or “east-west” movement. “If you can’t see it, you can’t protect it,” Skipper pointed out, underlining the critical need for comprehensive visibility inside virtualized infrastructures. Traditionally, network security solutions have focused on north-south traffic, ignoring the internal movements that often go unnoticed.
He also explained how VMware has integrated advanced detection technologies directly into its vSphere clusters, providing a vantage point for inspecting artifacts and detecting anomalies. By gaining visibility into 100 per cent of the internal traffic, VMware’s approach allows for real-time monitoring and detection of malicious activities, he said.
Spotting threat actors early
He emphasized the critical importance of early detection. Threat actors often remain hidden within an organization’s network for extended periods, exploiting various protocols like RDP, SMB Samba, Pass the Hash over Kerberos, and DNS. By leveraging VMware’s integrated technology, he noted, security teams can spot these anomalies and potential threats before significant damage occurs.
Operational efficiency and rapid response
Skipper said that one of VMware’s advantages is its operational efficiency. The security technology is seamlessly integrated into vSphere, requiring only a simple activation process. Security policies can be implemented swiftly, reducing false positives and enabling security teams to respond rapidly to potential threats.
The last piece of the security puzzle
While perimeter security remains vital, the conversation highlighted the fact that the battleground has shifted to internal network movements. Skipper emphasized that once a threat actor infiltrates an organization, lateral movement becomes their focus. VMware’s approach aims to illuminate this hidden battlefield, allowing for efficient segmentation and reducing the threat actors’ impact.
You can view the entire conversation here.