VMware launches 'threat intelligence cloud' Contexa

VMware on Thursday launched Contexa, a new service the company described as a "full-fidelity threat intelligence cloud."

VMware Contexa was unveiled to press and analysts Wednesday in an RSA Conference 2022 pre-briefing led by Tom Gillis, senior vice president and general manager of VMware's networking and advanced security business group.

According to Gillis, Contexa is "an amalgamation of all of our different security intelligence clouds." In short, it's a service built into VMware products that combines previously separate threat intelligence databases into one integrated brand. The point of this integration, Gillis said, is to offer comprehensive visibility at the endpoint, network and access point levels.

"We gather telemetry about how the user is behaving itself from our EDR solution; we gather telemetry at the point of access with our SASE solution; we gather telemetry at the egress point of native clouds [and] hybrid clouds," he said at the briefing.

"We also gather telemetry for the east-west from a service mesh for containers, and we gather telemetry for the east-west traffic from [virtual machines]. Pulling all of this together, it allows us to spot and see these attackers who are trying to mask themselves like real application traffic far more effectively than any other solution."

According to the virtualization vendor, VMware Contexa collects and processes more than 1.5 trillion endpoint events and 10 billion network flows each day, revealing approximately 2.2 billion suspicious behaviors daily. The data is analyzed by machine learning technology as well as more than 500 human researchers from VMware's own Threat Analysis Unit and third-party partners.

VMware said in a press release that Contexa is integrated into all of the company's security products and will be available to new and existing customers at no additional cost.

Eric Parizo, managing principal analyst for Omdia Cybersecurity, said VMware is "breaking new ground" with Contexa's advanced telemetry across endpoints, applications, virtual and hybrid data centers and distributed cloud edge environments.

"By combining threat insights from NSX, Carbon Black and Workspace One and supplementing it with machine learning and human expertise, VMware has an opportunity to excel as a provider of threat intelligence and threat detection, investigation and response across the entire modern enterprise," he said.

Also announced Thursday were new enhancements to the vendor's Workspace One. The first comes in the form of Mobile Threat Defense, which adds functionality from mobile security provider Lookout to protect enterprise employee mobile devices. The second major enhancement improves patch management for Windows devices.

Not discussed at the briefing was last week's announcement that Broadcom plans to acquire a majority of VMware for approximately $61 billion in cash and stock. The deal, expected to close within Broadcom's financial year ending in October 2023, would result in Broadcom's Software Group operating and rebranding as VMware.

A spokesperson for VMware said at the start of the briefing that no questions related to the acquisition would be answered.

Parizo argued that while VMware's security strategy is strong, the Broadcom acquisition merits consideration for enterprises.

"While the security division of VMware is perhaps at its historic height in terms of capabilities and strategic relevance, the announced acquisition of VMware by Broadcom has to also be considered," he said. "Because it is highly likely that Broadcom will seek to reshape VMware to achieve a more efficient operating model, it's likely that VMware's strategy and roadmaps across all its businesses, including security, could dramatically shift should the Broadcom acquisition be successfully completed. This, frankly, would put VMware's very positive security efforts in grave peril."

VMware has bolstered its security offerings in recent years with acquisitions such as Lastline and Carbon Black, as well as home-grown products and services like its Service-defined Firewall, which was designed to provide better visibility and control over east-west traffic within an enterprise environment.

Alexander Culafi is a writer, journalist and podcaster based in Boston.