VMware buys Mesh7 in cloud security push

The move will better enable VMware to monitor cloud application traffic between virtual machines

VMware is expanding its security capabilities with the acquisition of cloud-native security company Mesh7.

The acquisition, the terms of which have not yet been disclosed, will better enable VMware to monitor cloud application traffic between virtual machines, the company said. 

Many products, such as intrusion prevention systems and firewalls, secure traffic travelling across a network, but increasingly, companies are using virtual machines or containers and sending requests between them using application programming interfaces (APIs).

Organisations need visibility into those APIs to see how the software that uses them is behaving. Mesh7 offers a product that monitors those APIs and calls, called the API Service Mesh, which includes functions including an API firewall and API gateway.

The API Service Mesh can tell when Kubernetes applications are being accessed externally and can monitor API security within applications that are distributed across lots of locations and machines. This makes it ideal for DevSecOps, which is a version of the cloud-focused DevOps development discipline that automates development and deployment. 

Related Resource

On-prem storage vs. public cloud storage

Economic advantages of on-premises object storage vs. public cloud for enterprise data storage

On-prem storage vs. public cloud storage - whitepaper from CloudianDownload now

VMware, with its heritage in virtual machines, was interested in Mesh7's cloud-native API monitoring capabilities. Another thing that made the company an attractive acquisition target was API Service Mesh's reliance on Envoy, which is an open source proxy system built for cloud-native applications originally created at ride-sharing company Lyft.

Envoy enables cloud-native application traffic to run over its communications bus, making it easier for DevOps pros to see what large distributed applications are doing and identify any performance issues or other operational problems. VMware uses Envoy in its own Tanzu Service Mesh that automates networking and security in distributed applications.

"VMware is seeing increased demand for a fully integrated API + service mesh product with Envoy as the foundation. The exact same Envoy architecture used in the initial service mesh use case can also control how one application can talk to another application via APIs," said Tom Gillis, SVP and GM of VMware's security business unit, in a blog post announcing the acquisition.

API security is becoming an increasing problem for developers and operations teams alike as companies move increasingly to API calls. Akamai has said that 83% of web traffic consists of API calls, and 40% of web applications' attack surface is API-based. Salt Security recently revealed that 90% of businesses experienced API security vulnerabilities in 2020.

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Alkira offers Check Point CloudGuard Security to secure virtual cloud networks
Cloud

Alkira offers Check Point CloudGuard Security to secure virtual cloud networks

29 Sep 2021
Iboss protects web sessions with remote browser isolation
Cloud

Iboss protects web sessions with remote browser isolation

16 Aug 2021
Most CISOs worry cloud software flaws aren’t being caught
cloud security

Most CISOs worry cloud software flaws aren’t being caught

7 Jun 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
How to speed up Windows 11
Microsoft Windows

How to speed up Windows 11

7 Jan 2022
Financial regulators concerned about reliance on AWS, Azure and Google Cloud
IT regulation

Financial regulators concerned about reliance on AWS, Azure and Google Cloud

10 Jan 2022