Broadcom strengthens VMware Cloud with advanced compliance & security

Broadcom has introduced new cyber compliance and security updates to VMware Cloud Foundation (VCF) and associated services, targeting the requirements of organisations using private cloud in regulated sectors.

Organisations are increasingly concerned about cyber resilience and compliance, amid statistics indicating that 65% of attacks on large firms led to data encryption and 30% involved data exfiltration. Multinational enterprises also face significant regulation hurdles, with 71% struggling to adhere to compliance requirements across borders.

The latest enhancements are designed to assist customers in meeting these challenges, particularly those brought by complex regulatory environments and the security needs of AI-driven workloads.

New compliance service

Broadcom has launched VCF Advanced Cyber Compliance, an advanced service aimed at facilitating cyber-risk governance and compliance management at scale. Utilising VCF SaltStack capabilities, the service enables automated monitoring and remediation, continuous compliance enforcement, and greater visibility across VCF environments. Customers will also receive managed and secure data engine images, with enterprise support and automated patching to bolster compliance for critical databases.

The service includes fully automated cyber and disaster recovery functionalities for on-premises VCF clean rooms. Customers will benefit from integrated push-button virtual machine network isolation, enabling swift recovery from ransomware incidents and various IT disruptions. Secure restore operations are supported through cyber recovery workflows and validation tools that target both fileless and file-based malware strains. Automated operational cloning, backup and restore further enhance data resilience.

Additional features include access to secure-by-design container images, advanced secure computing for improved infrastructure protection, continual compliance risk assessments, and early access to compliance updates.

"Cyber-attacks and failure to meet regulatory requirements carry significant human and financial consequences," said Paul Turner, Vice President of Products, VMware Cloud Foundation Division at Broadcom. "A cyber-resilient private cloud based on VMware Cloud Foundation and Advanced Services provides a unified approach to infrastructure hardening, threat prevention, compliance, and cyber recovery that inherently eliminates the complexities and vulnerabilities of disparate point solutions. With our latest innovations, we're taking the next step in simplifying cyber compliance and better protecting AI workloads."

Security updates for vDefend

VMware vDefend, in combination with VCF, brings micro-segmentation, Zero Trust security, and embedded threat detection to compute, storage, and networking functions. The most recent updates position vDefend to address the security challenges posed by agentic AI workloads running on private clouds. This includes a tech preview for Zero Trust lateral security, which secures communications and access controls between AI workloads to minimise potential attack surfaces.

Other additions to vDefend include new automated workflows to streamline the implementation of Zero Trust approaches through multi-stage segmentation. Initial protections are applied to foundational services, with more granular application-level security deployed gradually. A new Firewall Rule Analysis tool is designed to optimise firewall configurations by identifying redundancies and misconfigurations, supporting efficient security policy creation.

Threat detection capabilities are also being expanded with the introduction of a Network Detection and Response (NDR) sensor, which will provide comprehensive threat visibility across entire data centres. This facilitates identification and response to campaigns targeting enterprise workloads. Fileless malware defence is enhanced through detection features targeting in-memory attacks using PowerShell, VBScript, and Jscript, with forensic telemetry for further analysis. Windows workloads benefit from integration with the Antimalware Scan Interface (AMSI), enabling interception of malicious scripts before execution.

Advancements with Avi Load Balancer

VMware Avi Load Balancer is also being updated to offer additional security for workloads operating on VCF. Key new features include support for post-quantum cryptography (PQC), designed to protect data against threats posed by future quantum computing capabilities through algorithms specified by the National Institute of Standards and Technology (NIST).

Avi will also support mutual Transport Layer Security (mTLS) authentication for Kubernetes application traffic, providing cryptographic authentication for both client and server interactions in these environments.

A built-in Web Application Firewall (WAF) assessment tool will allow administrators to quickly assess web application vulnerabilities and generate reports, facilitating a phased roll-out of WAF protection starting with high-risk applications.

For AI developers using Model Context Protocol (MCP), Avi introduces a tech preview feature to secure MCP traffic with WAF protection, session persistence, and authorisation, addressing the expanded attack surface linked with agentic AI applications.

The updates target the compliance and cyber resilience requirements faced by enterprises operating modern private clouds in regulated environments, especially where AI and cross-border data processing introduce new challenges.