DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • DevOps Chats
    • DevOps Unbound
  • Webinars
    • Upcoming
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Communities
    • AWS Community Hub
    • CloudBees
    • IT as Code
    • Rocket on DevOps.com
    • Traceable on DevOps.com
    • Quali on DevOps.com
  • Related Sites
    • Techstrong Group
    • Container Journal
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About
  • AI
  • Cloud
  • Continuous Delivery
  • Continuous Testing
  • DevSecOps
  • Leadership Suite
  • Practices
  • ROELBOB
  • Low-Code/No-Code
  • IT as Code
  • More
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps

Home » Blogs » DevSecOps » VMware Looks to Meld IT and Security Operations

DevOps Intel VMware security

VMware Looks to Meld IT and Security Operations

By: Mike Vizard on October 2, 2020 4 Comments

VMware has acquired SaltStack as part of an effort to unify IT and security operations management. The announcement was made during the online VMworld 2020 conference this week.

Recent Posts By Mike Vizard
  • Buildkite Adds Analytics Tools to Identify Flaky App Tests
  • Survey Reveals High Cost of Application Modernization
  • Salesforce Adds RPA Bots to MuleSoft Integration Platform
More from Mike Vizard
Related Posts
  • VMware Looks to Meld IT and Security Operations
  • Broadcom’s Software Strategy: Milk the Cash Cow, Exploit ‘Synergies’
  • Could Buying VMware Bring Broadcom Hybrid Cloud Bona Fides?
    Related Categories
  • Blogs
  • DevSecOps
    Related Topics
  • acquisition
  • Cybersecurity
  • development
  • devsecops
  • IT operations
  • saltstack
Show more
Show less

SaltStack has developed an open source IT automation platform to automate IT operations. In recent months it has been extended to also address security and compliance management.

DevOps Connect:DevSecOps @ RSAC 2022

At the same time, VMware released a bevy of updates to its security portfolio, including VMware Carbon Black Cloud Workload. That offering combines vulnerability reporting with workload hardening software for both legacy platform and microservices-based applications deployed on Kubernetes clusters. It also includes elements of AppDefense, which VMware developed to harden workloads running on VMware vSphere platforms.

VMware also announced VMware NSX Advanced Threat Prevention, which combines NSX Distributed IDS/IPS with malware detection software and network traffic analysis (NTA) technologies acquired from Lastline Inc.

Finally, VMware announced it has committed to reselling a secure web gateway from Menlo Security as part of the VMware SD-WAN portfolio and formed an alliance with Zscaler to manage security as a service.

SaltStack provides VMware with an IT automation framework that can be applied across multiple clouds running virtual machines and containers. The current vRealize IT automation framework is optimized for instances of VMware vSphere.

Tom Corn, senior vice president for the Security Business Unit for VMware, said VMware’s entire approach to security is predicated on making it easier for IT operations teams rather than cybersecurity professionals to implement security controls. There are simply not enough cybersecurity professionals available to implement cybersecurity controls when DevOps teams are rolling out and updating application workloads multiple times a week, he said.

Cybersecurity teams will continue to define what controls will need to be put in place, but it will be left to the IT operations teams to implement those controls in much the same way responsibility for application security is now also being shifted left as part of best DevSecOps practices.

Corn said it’s clear IT security is a team sport that requires greater collaboration among IT operations teams, developers and cybersecurity professionals. VMware has been investing in security technologies with an eye toward making it easier for IT operations teams to automate security operations in much the same way any other IT task is being automated, he noted.

That convergence isn’t going to occur overnight. There are many challenges including culture. Many cybersecurity professionals view IT operations and developers as being equally responsible for many of the root causes of a cybersecurity breach. It may be a while before cybersecurity teams have enough confidence in the ability of IT administrators and developers to proactively address cybersecurity issues before and after applications are deployed in production environments.

Of course, there’s no alternative. The days of waiting two months or more for a security review as part of a waterfall development process are over. Security, like it or not, needs to become as agile as the rest of IT.

Filed Under: Blogs, DevSecOps Tagged With: acquisition, Cybersecurity, development, devsecops, IT operations, saltstack

Sponsored Content
Featured eBook
The State of Open Source Vulnerabilities 2020

The State of Open Source Vulnerabilities 2020

Open source components have become an integral part of today’s software applications — it’s impossible to keep up with the hectic pace of release cycles without them. As open source usage continues to grow, so does the number of eyes focused on open source security research, resulting in a record-breaking ... Read More
« Shift Left … With In-Sprint UI Test Automation (?!?)
Cloudflare Expands Range of CDN Alternatives to the Public Cloud »

TechStrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Continuous Deployment
Monday, July 11, 2022 - 1:00 pm EDT
Using External Tables to Store and Query Data on MinIO With SQL Server 2022
Tuesday, July 12, 2022 - 11:00 am EDT
Goldilocks and the 3 Levels of Cardinality: Getting it Just Right
Tuesday, July 12, 2022 - 1:00 pm EDT

Latest from DevOps.com

Rust in Linux 5.20 | Deepfake Hiring Fraud | IBM WFH ‘New Normal’
June 30, 2022 | Richi Jennings
Moving From Lift-and-Shift to Cloud-Native
June 30, 2022 | Alexander Gallagher
The Two Types of Code Vulnerabilities
June 30, 2022 | Casey Bisson
Common RDS Misconfigurations DevSecOps Teams Should Know
June 29, 2022 | Gad Rosenthal
Quick! Define DevSecOps: Let’s Call it Development Security
June 29, 2022 | Don Macvittie

Get The Top Stories of the Week

  • View DevOps.com Privacy Policy
  • This field is for validation purposes and should be left unchanged.

Download Free eBook

DevOps: Mastering the Human Element
DevOps: Mastering the Human Element

Most Read on DevOps.com

Developer’s Guide to Web Application Security
June 24, 2022 | Anas Baig
What Is User Acceptance Testing and Why Is it so Important?
June 27, 2022 | Ron Stefanski
Chip-to-Cloud IoT: A Step Toward Web3
June 28, 2022 | Nahla Davies
DevOps Connect: DevSecOps — Building a Modern Cybersecurity ...
June 27, 2022 | Veronica Haggar
Quick! Define DevSecOps: Let’s Call it Development Security
June 29, 2022 | Don Macvittie

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2022 ·Techstrong Group, Inc.All rights reserved.