VMware buys Mesh7 in cloud security push

The move will better enable VMware to monitor cloud application traffic between virtual machines

VMware is expanding its security capabilities with the acquisition of cloud-native security company Mesh7.

The acquisition, the terms of which have not yet been disclosed, will better enable VMware to monitor cloud application traffic between virtual machines, the company said. 

Many products, such as intrusion prevention systems and firewalls, secure traffic travelling across a network, but increasingly, companies are using virtual machines or containers and sending requests between them using application programming interfaces (APIs).

Organisations need visibility into those APIs to see how the software that uses them is behaving. Mesh7 offers a product that monitors those APIs and calls, called the API Service Mesh, which includes functions including an API firewall and API gateway.

The API Service Mesh can tell when Kubernetes applications are being accessed externally and can monitor API security within applications that are distributed across lots of locations and machines. This makes it ideal for DevSecOps, which is a version of the cloud-focused DevOps development discipline that automates development and deployment. 

Related Resource

On-prem storage vs. public cloud storage

Economic advantages of on-premises object storage vs. public cloud for enterprise data storage

On-prem storage vs. public cloud storage - whitepaper from CloudianDownload now

VMware, with its heritage in virtual machines, was interested in Mesh7's cloud-native API monitoring capabilities. Another thing that made the company an attractive acquisition target was API Service Mesh's reliance on Envoy, which is an open source proxy system built for cloud-native applications originally created at ride-sharing company Lyft.

Envoy enables cloud-native application traffic to run over its communications bus, making it easier for DevOps pros to see what large distributed applications are doing and identify any performance issues or other operational problems. VMware uses Envoy in its own Tanzu Service Mesh that automates networking and security in distributed applications.

"VMware is seeing increased demand for a fully integrated API + service mesh product with Envoy as the foundation. The exact same Envoy architecture used in the initial service mesh use case can also control how one application can talk to another application via APIs," said Tom Gillis, SVP and GM of VMware's security business unit, in a blog post announcing the acquisition.

API security is becoming an increasing problem for developers and operations teams alike as companies move increasingly to API calls. Akamai has said that 83% of web traffic consists of API calls, and 40% of web applications' attack surface is API-based. Salt Security recently revealed that 90% of businesses experienced API security vulnerabilities in 2020.

Featured Resources

Defeating ransomware with unified security from WatchGuard

How SMBs can defend against the onslaught of ransomware attacks

Free download

The IT expert’s guide to AI and content management

How artificial intelligence and machine learning could be critical to your business

Free download

The path to CX excellence

Four stages to thrive in the experience economy

Free download

Becoming an experience-based business

Your blueprint for a strong digital foundation

Free download

Recommended

Iboss protects web sessions with remote browser isolation
Cloud

Iboss protects web sessions with remote browser isolation

16 Aug 2021
Most CISOs worry cloud software flaws aren’t being caught
cloud security

Most CISOs worry cloud software flaws aren’t being caught

7 Jun 2021

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Apple patches zero-day flaw abused by infamous NSO exploit
exploits

Apple patches zero-day flaw abused by infamous NSO exploit

14 Sep 2021
Hackers develop Linux port of Cobalt Strike for new attacks
Security

Hackers develop Linux port of Cobalt Strike for new attacks

14 Sep 2021