VMware adds cloud-based security to SASE stack

At a time when enterprises have heightened concerns over securing home networks for remote workers, VMware is launching Cloud Web Security, a cloud-hosted security service for employees accessing SaaS and Internet applications.

Cloud Web Security is the fourth SASE service VMware has launched. Combined with VMware's existing SD-WAN, Secure Access and AIops services, the vendor says Cloud Web Security provides security for cloud applications for employees working at any location.

In addition, Cloud Web Security is delivered via VMware's 150 global SASE points of presence (PoPs), which is beneficial to users from a performance standpoint, says Sanjay Uppal, SVP & GM, Service Provider and Edge Business Unit (SEBU) at VMware. The vendor's PoPs were initially built in partnership with service providers to provide SD-WAN services, but Uppal says VMware has since added additional SASE services available via the PoPs.

Prior to this announcement, VMware had a PoP to PoP integration with security supplier Zscaler. "What we're announcing is VMware Cloud Web Security in our own PoP – you get these security services without ever exiting the PoP," explains Uppal. Providing security within VMware's PoP simplifies service management and provides a higher level of security, he adds.

"Security, like other functions, is moving away from the premise, and into the cloud, the network and the edge," says Uppal. "The applications are getting highly distributed and it doesn't make sense to send the traffic back to a data center only to have it leave. The changing nature of an enterprise application is one of the major drivers to announcing Cloud Web Security."

In addition, Uppal says home networks are more complicated than enterprise networks and IT teams need a simplified way to address security for remote users.

Cloud Web Security also provides SSL proxy with decryption to inspect most SSL encrypted web applications. IT teams can control which websites employees access, and what kind of content they can upload with URL filtering. In addition, the security service inspects content virus signatures and Day zero malware attacks, and provides IT with traffic and threat visualization logs. IT can also configure and apply security policies to business policies via a centralized orchestrator to provide consistency in policy management for users, including remote workers. Uppal says IT teams don't have to install any software on-premise or add any additional hardware to utilize the Cloud Web Security service.

Mike Frane, VP of Product Management for SD-WAN with Windstream Enterprise, says the service provider is working with VMware to add Cloud Web Security to its managed SD-WAN platform; the additional security service will be available to Windstream's SD-WAN customers later this year. Windstream's enterprise customers are speeding up their cloud migrations, in part to cope with the increasing need to provide business applications to remote workers, says Frane.

"Our customers are asking for security more so than ever," says Frane. "We'll be able to quickly integrate [VMware's Cloud Web Security] into our solution because they're focused on the cloud-based delivery."

At the beginning of the pandemic, Windstream's customers expedited their use of VMware and Winstream's Secure Remote Access service. Customers are now rethinking their approach to security as well, says Frane.

"A lot of our customers have accelerated their cloud migrations over the last year," explains Frane. "There's a shift in their mindset from needing to get to their network and the cloud. They want to get to the cloud and also their network – the cloud is becoming primary so they're shifting their thinking about where they need to put the security envelope and what wrapper they need to put around that new model."

Enterprises don't have time to waste adding additional cloud security – Verizon's recent Data Breach Investigations Report [DBIR] examined new threats to enterprises from the cloud and found that attacks on web applications amount to 39% of all breaches.

"We are seeing more external cloud assets than on-premise assets that are involved in breaches," Suzanne Widup, co-author of the DBIR report and senior principal of Threat Intel for Verizon Business, told Light Reading. "A lot of cloud email is being hacked quite a bit and resulting in data breaches … it's the credential reuse problem and that these companies don't implement two-factor authentication to make these re-used credentials less valuable."

Related posts:

— Kelsey Kusterer Ziser, Senior Editor, Light Reading