Rezilion to bring autonomous cloud workload protection to VMware Tanzu Service Mesh
Security never rests. Especially at the speed and scale of cloud workloads. Have you heard that VMware announced our collaboration for bringing self-healing as a service for cloud-native workloads communicating via VMware Tanzu Service Mesh, built on VMware NSX? We’ve been getting a lot of questions on the topic and so consider this a first stab at spelling out what we’re doing with Tanzu Service Mesh. You can expect much more detail in the coming weeks.
First and foremost, the combination of Rezilion with Tanzu Service Mesh will provide automated security operations by certifying services and applications running in the service mesh are in a healthy and desired state. The result is a self-healing service mesh that’s able to automatically defend itself from various attacks and misconfigurations.
With deep visibility into production workloads, Rezilion also provides Tanzu Service Mesh with continuous adaptive risk and trust assessment (CARTA) for every service in the mesh — based on the code actually running at any given moment.
“Rezilion enhances Tanzu Service Mesh by turning an organization’s CI/CD pipeline into a whitelist of known good relationships and dependencies.”
– Pere Monclus, vice president and CTO, networking and security business unit, VMware.
Let’s look at a use case:
When Rezilion detects a container executing a rogue function or command, it assigns a high-risk score which triggers Tanzu Service Mesh to automatically isolate the affected container and reroute traffic to other clean containers. Meanwhile, Rezillion automatically returns the workload to a known-good state so that it can once again participate in the service mesh.
The combination of Tanzu Service Mesh and Rezilion helps a service mesh to become more inherently risk-aware and helps reduce exposure to security threats in an automated way.
The solution allows enterprises to address vulnerabilities on the basis of risk and asset value. In this way, the Tanzu Service Mesh policy engine allows enterprises to prioritize remediation based on the risk of the vulnerability (e.g., those loaded into memory) and value of the asset (e.g., does the service handle PII data).
“As an added benefit, Rezilion also provides visibility into the code actually running in real-time and prioritizes any associated vulnerabilities.”
– Liran Tancman, co-founder and CEO, Rezilion
Rezilion is bringing autonomous cloud workload protection to Tanzu Service Mesh by integrating with its open policy framework. When used together, the Tanzu Service Mesh policy engine allows enterprises to define and enforce attribute-based access control rules based on the continuous risk data provided via the integration with Rezilion.
Rezilion cloud workload protection provides a unique self-healing approach that doesn’t rely on human vetting to separate intended functionality from malice and misconfiguration. Rezilion works by analyzing the code coming from your CI/CD pipeline, creating a dynamic blueprint of all connections, relationships, and dependencies, thus knowing the appropriate state for every instance in production with certainty, and verifying that all services are in an uncompromised, intended state—functioning only as they were programmed or configured to behave.
We’re excited to offer this new approach to security to Tanzu Service Mesh customers. Through our collaboration, Tanzu Service Mesh customers can now weave security directly into the entire DevOps fabric, reducing administration friction and overhead.
