VMware Takes On Lateral Security with Contexa Threat Detection
VMware will offer broad threat detection with telemetry from its various solutions.
June 2, 2022
VMware has added threat detection capability called VMware Contexa that discovers lateral network traffic. The new technology, released on Thursday, is a cloud-based service that VMware is adding across its various offerings.
The launch of Contexa comes in advance of next week’s RSA Conference in San Francisco, where VMware will demonstrate it. It also comes a week after Broadcom agreed to acquire VMware for $61 billion. VMware had planned the Contexa launch before the announcement of the deal.
Detecting lateral network movement is important because it has become a prevalent threat. Lateral movement typically indicates an undiscovered attack that often has occurred months or in some cases, years earlier.
VMware claims that Contexa is more likely to discover lateral network traffic than current security information and event management (SIEM) and extended detection and response (XDR) solutions. That’s because SIEM and XDR offerings rely on sampled telemetry, said Tom Gillis, senior VP and general manager of VMware’s Advanced Security Business Group.
VMware’s Tom Gillis
“It’s a hint or an indicator of what’s happening, but it doesn’t give you the visibility,” Gillis said of SIEM and XDR offerings. “It’s not because the analytics of SIEM [or XDR] are bad; it’s because [they] doesn’t have access to the raw data to be able to understand what’s happening.”
VMware Contexa is not a product; rather, it is analytics technology that monitors traditional virtual environments through VMware NSX and endpoints via VMware Workspace One and Carbon Black. For modern, cloud-native app environments, Contexa detects threats via VMware Tanzu. VMware is offering it at no additional cost.
Advances in silicon from AMD and Intel have resulted in 128 core servers, making it possible to run more than 100 VMs on physical host, Gillis emphasized. Little of that traffic is actually analyzed, Gillis noted.
“By instrumenting the virtualization layer, we see every packet and every process,” he said. “And we understand them in context.”
Billions of Threats Detected
Contexa currently processes more than 1.5 trillion endpoint events and 20 billion network flows daily, according to a VMware internal analysis performed last month. Contexa detects roughly 2.2 billion suspicious activities each day, according to the analysis. VMware combines the machine learning data with information from 500 human researchers across the VMware Threat Analysis Unit and among different incident response partners. Among those events, VMware said it provides automated responses to more than 80% of them.
Omdia’s Eric Parizo