





























New enhancements include Self-Service Lateral Security with VCF Automation, Unified Lateral Threat Prevention for VMs and VKS Workloads, High-Performance Threat Prevention with IDPS Turbo Mode, and Enhanced Distributed Firewall capabilities.
The rapid adoption of production AI workloads is reshaping the enterprise technology landscape, driving the growth of Kubernetes environments alongside existing VM-based infrastructure. As organizations deploy AI agents and AI workloads across private cloud environments spanning VMs and Kubernetes, the attack surface becomes larger and more dynamic. The result is a rapidly evolving threat landscape, driving the need to secure both VM- and Kubernetes-based environments efficiently and consistently.
Recent incidents, including the CISA-reported BRICKSTORM malware activity and the rise of AI-assisted semi-autonomous cyberattacks, underscore that adversaries are now operating at machine speed. At the same time, enterprises face several practical challenges: reducing the attack surface to prevent lateral propagation of threats, securing workloads at the speed of application deployments, enforcing consistent security across VMs and Kubernetes environments, delivering the performance required for AI and high-capacity workloads, and consolidating security within the core platform rather than relying on fragmented point solutions.
VMware vDefend is integrated with the VMware Cloud Foundation (VCF) platform, providing plug-and-play zero-trust lateral security that protects modern distributed workloads, including AI and high-performance computing, without compromising the performance and agility they demand.
vDefend’s hypervisor-native, distributed, software-defined model provides a closed-loop security architecture that uniquely enables visibility, prevention, detection, and mitigation for comprehensive multi-layer defense. Additionally, vDefend’s distributed policy orchestration allows policies to be created once and automatically enforced as workloads are created or moved.
Built upon these key capabilities, vDefend serves as the comprehensive lateral security foundation for VCF, protecting VMs, containers, and AI workloads. The following sections will detail each of these key features.
VDefend 9.1 introduces a comprehensive self-service security model that empowers Tenant Admins to manage network security directly within VCF Automation through five system-defined Security Profiles. The VPC Simplified Security feature provides one-click security for Virtual Private Clouds (VPCs) using consistent, repeatable security profiles. Tenant Admins can select a security profile for new and existing VPCs, automatically setting the default security posture and eliminating the need to manually create foundational Distributed Firewall (DFW) rules. The system-defined per-VPC DFW rules cannot be modified manually. Security policies follow a precedence order, with user-defined policies enforced before system-defined VPC security policies. This structure supports a self-service security model with automated DFW policies. In addition, this new release provides granular firewall control for both Distributed and Gateway Firewalls while enabling automated orchestration using Privileged Labels.
vDefend delivers unified lateral threat prevention by extending its hypervisor-native IDS/IPS capabilities from VMs to vSphere Kubernetes Service (VKS) workloads via CNI integration. This architecture allows security teams to enable IDS/IPS at the pod level. This capability enables vDefend IDS/IPS to continuously inspect traffic, detect, and prevent threats for mixed-mode hosts (VMs and Kubernetes).
VMware vDefend 9.1 delivers a major performance boost with the introduction of “Turbo Mode” for Distributed IDS/IPS, which triples threat-prevention throughput from 3 Gbps to 9 Gbps per host and up to 9 Tbps within a single VCF instance. In addition, this release provides granular control over inspected traffic with exempt actions. The new exempt actions allow security admins to select which traffic to inspect and exclude trusted traffic, such as nightly backup traffic. This also improves efficiency.
The Distributed Firewall enhancements include Layer 7 (L7) visibility and simplified policy management based on Application identification. A 5x increase in Application identification, adding ~4,000 new Application IDs, provides enhanced application visibility and enables security teams to create granular firewall rules based on the application itself rather than relying solely on ports and protocols, making security enforcement simpler and more effective. Additionally, federated identity-based firewalling has been introduced to enable uniform policy enforcement across large (multi-site) deployments.
The rapid growth of AI workloads and distributed infrastructure has made traditional perimeter-based security measures insufficient. This evolving threat landscape is further complicated by AI-assisted, semi-autonomous attacks and the emergence of software vulnerabilities identified by AI models, which greatly widen the attack surface. As a result, lateral security is now an essential part of a comprehensive security strategy, not just an optional addition to perimeter defenses. Security teams need controls that match the agility of their workloads, enforce policies uniformly across containers and VMs, and enable lateral security to prevent the lateral movement of threats. VMware vDefend, along with its new capabilities, enables infrastructure and security teams to implement Zero Trust lateral security to protect VCF workloads at the speed and scale the AI era demands.
To learn more about vDefend, see the links below.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。