This is the third in a series of three articles and videos featuring VMware’s Tom Corn, SVP, Security Products, and Shawn Bass, VP and CTO, End-User Computing, discussing security transformation and what it means for the future of networking.
Virtualization has created a much simpler operating model for implementing least privilege environments, one of the oldest and most effective security principles. Looking ahead, Tom Corn says the focus is now turning to applying the concept of least privilege beyond basic “blocking use cases” to more nuanced detect and respond scenarios.
A Bright Signal
The basic concept is to use the unprecedented visibility afforded by “our position in the virtualization layer,” Corn says, “to have a clear view into the application, to understand the intent of an application as well as its current run state.” That visibility allows the organization to know if an application, or one of its components, is behaving meaningfully different from its intended behavior. “That’s a very bright signal that someone or something is manipulating that application,” Corn explains, “and it’s very actionable.”
This bright signal, along with the ability to leverage virtualization for automation, opens up new opportunities for detecting and responding to attacks. This represents a new era for the security industry as a whole. It can dramatically shrink the attack surface and help security vendors make their own solutions more effective.
A New Security Model
A parallel development is occurring in the end-user computing space where, as Shawn Bass explains, the understanding is growing “that it’s almost impossible to guarantee you can’t be breached.” As Bass explains, the focus is moving to a new approach that designs “security detection and response to the right level of risk,” and, if breached, to respond as quickly as possible. Organizations will leverage network virtualization and least privilege to correlate data from all of their endpoint devices to get that same bright, early warning signal that indicates a problem.
Looking forward, applying the principle of least privilege to prevention as well as detection and response will be a powerful combination. Organizations “will have the capability to move much more quickly to squash the security threats,” Bass concludes.
Watch the video to learn more from Tom Corn and Shawn Bass how network virtualization and least privilege work together to bring about a new detect and respond security model.