The News: At its VMware Explore conference, VMware announced new and enhanced existing capabilities for cyber-resiliency. Specifically, it launched its VMware NSX+ and NSX+ VPCs offerings, and it enhanced its Ransomware Recovery service. Additional detail is available in VMware’s press release.
VMware Ups Its Cyber-Resiliency Game With NSX and Ransomware Recovery
Analyst Take: Cyber-crime is continually on the rise and evolving. As a result, approaches for software-defined networking (SDN) are evolving to embrace principles of Zero Trust, in order to inhibit malicious access to the IT environment. Additionally, The Futurum Group sees demand for post-attack forensics and accelerated attack recovery. Arguably most critical is the ability to streamline operations for security and operations teams, to facilitate necessary collaboration against a backdrop of limited headcount and a rapidly changing threat landscape.
In response to these challenges, VMware launched its Ransomware Recovery Solution in Fall 2022. Futurum Labs had the opportunity to audit this solution. As will be discussed in our forthcoming Lab Insight report, we found the offering to be highly scalable, with value-adds including the ability to create secure copies via the Scale-out Cloud File System, as well as the ability to create customizable, automated disaster recovery (DR) workflows and orchestration.
As announced at VMware Explore 2023, VMware is enhancing its Ransomware Recovery service for cyber-resiliency that is sold as an add-on to VMware Cloud Disaster Recovery. The offering is designed to accelerate ransomware recovery with minimal data loss, and it is delivered as an integrated software-as-a-service (SaaS) solution. Specifically, it includes:
- The creation of immutable backup copies that are operationally air-gapped in VMware’s Scale-out Cloud File System (SCFS).
- Access control via authentication and role-based access control (RBAC) and optional multi-factor authentication (MFA).
- Utilization of policy-based plans protection plans to determine the number, type, and location of copies, as well as the ability to more quickly execute recoveries of complex applications.
- The ability to create a variety of recovery points that are minutes, months, or even years old – balancing the ability to mitigate data loss with near-term retention, with the ability to address situations where ransomware has been in the environment for a long time as well as forensics situations via deeper retention.
- The ability to create an isolated recovery environment (IRE) that prevents reinfection from potentially-compromised systems during the validation process.
- From a complementary perspective to the IRE, a wizard-driven recovery workflow that helps to rapidly validate multiple virtual machines (VMs), by first choosing recovery points, and powering on those VMs into the IRE to enable live behavioral analysis with validation scanning from VMware Carbon Black. This process enables security and IT teams to evaluate each VM independently prior to moving a known good copy back into production.
- The ability to granularly recover specific files or folders, allowing for the recovery of more recent recovery points without risking re-infection by bringing the entire associated VM into a production inventory.
To the service, VMware has added the ability to protect Google Cloud VMware Engine workloads, as well as support for concurrent multi-VM recovery operations to further expedite recovery operations and reduce downtime. Additionally, slated for availability in Q3FY24 is the ability for customers to run production workloads in the cloud until forensics are completed. Also previewed at the event was what VMware is describing as a new “cybersecure storage;” specifically, customers will be able to integrate the Ransomware Recovery workflows with native vSAN snapshots. Not only does this stand to help optimize data transfer operations, it also can help customers to reduce the amount of data loss resulting from an attack.
In an additional response to customers’ evolving cyber-resiliency requirements, at VMware Explore 2023, VMware announced NSX+, previously called Project NorthStar, in order to enable consistent operations for networking and security across multi-cloud VMware Cloud environments. This includes centralized policy creation, deployment, and enforcement for security, comprehensive visibility across the network, and network detection and response (NDR) – all delivered as a cloud-hosted managed service. It also has launched NSX+ virtual private clouds (VPCs), which allows for network isolation on multi-tenant VMware cloud infrastructure via the centralized NSX interface. This enables organizations to set up dedicated, self-service environments for specific development or application teams, while still allowing IT operations teams to set operational guardrails for isolation.
Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.
Other insights from The Futurum Group:
VMware Doubles Down on Cross-Cloud Services
Breaking Down the Myths on Broadcom-VMware
Broadcom-VMWare Deal Approved by EU
Author Information
Krista Case brings over 15 years of experience providing research and advisory services and creating thought leadership content. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.
