Virtualization and cloud architectures present new cybersecurity challenges in the data center, including lack of visibility into virtualized environments. Cyber attacks are often at a mature stage when they reach the data center, characterized by internal reconnaissance, lateral movement, command-and-control traffic, and the compromise of user and administrator credentials.
Why integrate VMware with Vectra
Through its interoperability with the VMware vSphere hypervisor, vCenter management console and NSX Network Virtualization and Security Platform, the Vectra AI cybersecurity platform addresses critical vulnerabilities at every layer of the virtualized data center and exposes cyber attacks against applications, data, virtualization layers and the underlying physical infrastructure
Benefits of integrating VMware with Vectra
- Native visibility into vSphere, including traffic between virtual machines on the same server or different servers, regardless of physical or virtual switches.
- Exposes cyber attacks against data center applications, data, the physical infrastructure and virtualization layers.
- Displays data from the vCenter console, such as virtual machines spun up and down and the activity of critical workloads.
- Email notifications are sent to the relevant administrators about changes in the VMware environment that merit security consideration.
- VMware NSX micro-segmentation and adaptive security policy-enforcement capabilities improve mitigation response-times and reduce risk.
The Vectra AI and VMware solution
The Vectra AI platform is a pioneer in the cybersecurity industry, offering a comprehensive approach to identifying cyber attacks that target data centers. By leveraging artificial intelligence, Vectra AI can effectively detect and respond to attacks across various layers, including applications, data, virtualization, and physical infrastructure.
Vectra AI continuously monitors all network traffic to uncover attackers who have gained trusted positions within the network. This is achieved through advanced threat detection models that utilize data science, machine learning techniques, and behavioral analysis to identify the underlying behaviors of every cyber attack.
Within the data center, Vectra AI persistently monitors critical applications, data, and the physical infrastructure itself. By learning normal behaviors over time, Vectra AI tracks all traffic entering, circulating within, and leaving the data center network. This enables the system to detect abnormal behaviors and promptly alert security teams to potential compromises or rogue administrators. Additionally, Vectra AI can detect the use of previously-unused administrative protocols or their unconventional usage within the data center.
Vectra AI extends this methodology to virtual data centers, focusing on detecting exfiltration, abuse of administrative privileges and protocols, as well as signs of rootkits and backdoors in the physical infrastructure. The primary goal of Vectra AI is to identify attacks well before data is accessed, even detecting fast, high-volume or slow, low-volume data exfiltration attempts. The platform also monitors and detects staged transfers within the network and uncovers hidden tunnels within protocols like HTTP, HTTPS, and DNS.
With native interoperability with virtualization platforms such as VMware vSphere hypervisor, vCenter management console, and NSX Network Virtualization and Security Platform, Vectra AI provides real-time visibility into attacker behavior in cloud data centers. This enhances its capabilities by providing visibility into all traffic between VMware-based virtual machines, regardless of their location or the switches they are connected to.