VMware Cloud Web Security: What is it and Why Do You Need it?

Natalie Burke Natalie Burke VMware Partner Development Manager
Natalie Burke

VMware Cloud Web Security: Comprehensive Protection for the Modern Enterprise

As organisations increasingly adopt SaaS and Internet applications, ensuring the security of their users and infrastructure becomes a top priority. VMware Cloud Web Security is a cloud-hosted service that provides comprehensive protection against advanced threats, malware, and data breaches. This article explores the key features and benefits of this powerful solution, as well as common use cases and deployment options.

The Growing Need for Advanced Web Security

The adoption of SaaS and Internet applications in enterprises has grown exponentially over the years. While these applications play a crucial role in enhancing business productivity, they also pose significant risks due to limited IT oversight. The expanding attack surface, coupled with the growth in bring-your-own-device (BYOD) plans and IoT devices, necessitates a robust and agile web security solution.

The Disappearing Network Perimeter

The traditional enterprise network perimeter has all but vanished. Users now expect a secure and seamless experience when accessing enterprise applications from any location, device, or time. Employees want to navigate between enterprise and personal applications without worrying about security threats or compliance violations. IT teams are tasked with ensuring the protection of users and infrastructure without impeding employee productivity.

Legacy Security: A Mismatch for Modern Apps

Legacy web security solutions often lack the agility to cope with the dynamic, contextual nature of applications and personalised websites. Deployed on-premises, these solutions introduce unwanted latency due to suboptimal routing, increasing the cost of WAN usage and delivering a poor user experience. Moreover, appliance-based solutions struggle to scale when inspecting encrypted application traffic, leaving IT teams with limited visibility and control.

Introducing VMware Cloud Web Security

VMware Cloud Web Security is a cloud-hosted service that protects users and infrastructure accessing SaaS and Internet applications from a changing threat landscape. The service offers visibility, control, and compliance to ensure the safe use of these applications. Delivered through a global network of VMware SASE points of presence (PoPs), Cloud Web Security provides optimal access to applications with security enforcement applied along the optimal path.

In today's dynamic work environment, the concept of Anywhere Workspace has gained significant traction. It encompasses a holistic approach to enable secure access to applications, data, and services from anywhere, on any device. VMware Cloud Web Security (CWS) plays a crucial role in this framework by providing robust security for cloud workloads, while its integration with the other Secure Access Service Edge (SASE) components further enhances the overall security posture. In this blog post, we will explore how VMware CWS and SASE integration empower organisations to create a secure and seamless anywhere workspace experience.

VMW-050 blog image

The Secure Anywhere Workspace

The Secure Anywhere Workspace is a transformative concept that brings together various elements to enable secure productivity, collaboration, and access for users, regardless of their location. It encompasses technologies, policies, and solutions that ensure seamless connectivity, data protection, and threat prevention across the workspace. VMware has developed a comprehensive suite of products and services to support the Secure Anywhere Workspace, and VMware CWS with SASE integration is a crucial component of this ecosystem.

VMware CWS and SASE Integration

VMware CWS, with its cloud-native secure web gateway, DLP, and FWaaS capabilities, seamlessly integrates with other SASE components to deliver enhanced security within a secured Anywhere Workspace. By adopting VMware CWS alongside other VMware products such as VMware Workspace ONE, VMware SD-WAN, and VMware Carbon Black, organisations can achieve a unified and comprehensive security framework that covers all aspects of the workspace. VMware Cloud Web Security features in URL filtering, Content filtering, Content inspection (anti-malware, anti-virus) and sandbox, Cloud Access Security Broker (CASB), Data loss prevention (DLP), Analytics and security dashboards, SSL proxy de-encryption, User and user group policy, authentication. And it can also integrate with 3rd party SIEM, EDR, Sandbox or PSA services.

In some of the typical CWS use cases, users want to ensure only authorised users have access to SaaS and Internet applications and enforce policies for safe browsing from anywhere. Websites are categorised based on risks such as known malware and phishing sites, and behaviour including gambling or promoting violence. Security admins can limit exposing the attack surface, tighten security posture, and ensure compliance with the organisation’s Acceptable Use Policy (AUP).

Or the business is looking for a solution to protect its users and infrastructure against malware attacks from known viruses using the latest threat intelligence. The solution protects against zero-day malware with sandbox support where file behavior is inspected in a contained environment. Employees can safely download documents, access emails and open attachments without becoming a target of phishing or ransomware attacks.

With VMware Cloud Web Security, IT can get visibility into user activities when they access SaaS applications. The solution uses inline Cloud Access Security Broker (CASB) capabilities to help set policies for different actions users can undertake based on application type. For example, IT can determine that full-time employees can have login access, download access, or upload access for file-type applications such as Box, Dropbox etc., but summer interns cannot download files. The solution also provides control and security when employees navigate between enterprise and social applications. For example, users can download a file from Dropbox, but they cannot attach any file to their LinkedIn email.

5 Key Benefits of VMware Cloud Web Security

VMware Cloud Web Security offers distinct advantages, including:

1. Rich user experience and higher productivity: Integrated service delivery ensures that security functions such as SSL decryption, inspection, and enforcement are performed on the optimal path between users and their applications. This eliminates multi-hop processing and reduces latency, bandwidth consumption, and cost, ultimately increasing productivity.

2. Local presence with a cloud-scale platform: The industry-proven deployment architecture powering VMware SASE allows customers to adopt security services with ease and agility. This ensures compliance with local regulations and offers visibility into application and employee activities.

Cloud Web Security applies consistent policies based on identity, context, policy, and application destination, eliminating the need to manage multiple policy sets depending on user location. The global network of SASE PoPs ensures that security is brought closer to users, while users are nearer to their applications.

3. Single management pane: A centralised orchestrator offers a single pane to manage security services and network services as a converged stack. This simplifies policy configuration and ensures consistent security enforcement across the distributed enterprise. The VMware SD-WAN Orchestrator ensures that security policies are deployed across the network, offering a consistent experience without any policy implementation mismatches.

4. Pervasive security for anywhere users: VMware Cloud Web Security provides comprehensive security coverage for users working from anywhere. Security policies follow the user, ensuring consistent enforcement regardless of location and delivering a seamless experience for the distributed workforce.

5. Reduced operational cost: Cloud Web Security reduces the need for on-prem security appliances, offering cost savings from managing the life cycle and refresh of physical or virtual appliances. Additional cost savings come from reduced bandwidth consumption on MPLS links without backhauling traffic to the data center.

4 Common Use Cases for VMware Cloud Web Security

VMware Cloud Web Security addresses various use cases, including:

1. Web security: The solution acts as a central security control point to ensure authorised user access to SaaS and Internet applications. Security admins can configure web access policies based on risk, behaviour, location, user groups, and more.

2. Email and document download protection: Cloud Web Security protects users from phishing and ransomware attacks by inspecting email attachments and documents for malware. The solution employs file hash checks, anti-virus protection, and sandboxing to protect against known and Day 0 malware attacks.

3. SaaS application visibility and control: The inline Cloud Access Security Broker (CASB) capabilities of Cloud Web Security enable IT teams to set policies for different user actions based on application type. This provides control and security when employees navigate between enterprise and social applications.

4. Data protection and compliance: VMware Cloud Web Security prevents sensitive data from leaving enterprise premises, monitoring, detecting, blocking, and reporting data exposure. The solution helps address compliance needs such as HIPAA, PCI, GDPR, and other data privacy laws.

Deployment Options for VMware Cloud Web Security

VMware Cloud Web Security can be deployed through the global network of VMware SASE PoPs, either together with VMware SD-WAN or VMware Secure Access, or as a standalone deployment using a web proxy. For more information about VMware Cloud Web Security, visit https://sase.vmware.com/cws.

Dicker Data now offers match-up. Whenever you come across other vendors' quotes for SD-WAN, SD-Firewall, access control, web security, DLP, etc., we are more than willing to match them up with VMware products and prices.

Let’s talk about the VMware SASE solution now!

Contact sales@dickerdata.com.au for all your technology needs.


Start a discussion, not a fire. Post with kindness



Subscribe to the Dicker Data blog

for regular updates and insights