Microservices — fine-grained, often single-function and containerized services — offer great convenience and resiliency for application developers. Whether purchased and integrated or built in-house, these services are a great way to provide functionality that can be added in, upgraded, or removed without deploying or re-deploying an entire cloud application. Many cloud-native apps (such as Amazon, Uber, Netflix, and others) include hundreds of containerized microservices.
Because of its flexibility, this type of decentralized architecture is steadily gaining ground against the traditional monolithic application. But the proliferation of microservices and their corresponding APIs in these environments also add complexity.
While Kubernetes orchestrates deployment and load balancing, service meshes, such as VMware Tanzu Mesh, were created to provide enhanced visibility and control at the application level. The service mesh — which operates via proxies called “sidecars” — consolidates the logic and oversight into an infrastructure layer. Unlike with traditional virtual networking, a service mesh gives us a window “into” the app, so we can understand microservices’ behavior at a deeper level.
But when it comes to security, there’s a bit of a gap. While you can set security policies within Tanzu Service Mesh, these policies can only govern what is known — not zero-day vulnerabilities or unknown anomalies. This is no trivial situation: the growth of laterally moving threats necessitates greater attention to dynamic threats within east-west network traffic.
The answer may lie within Project Trinidad, which was recently unveiled at VMware Explore. Project Trinidad currently exists as a “tech preview” (meaning that it is not yet generally available). It leverages machine learning (ML) to detect anomalous east-west API traffic patterns and interactions between microservices in modern applications. We define these anomalies by comparing them to normal API communication via ML models (which we are still developing and hardening).
Project Trinidad, which can be delivered via a SaaS application or hosted on customers’ own infrastructure, will allow users to take immediate action on anomalies and zero-day attacks. No instrumentation or service mesh is required for deployment.
Since it’s still in its infancy, we’re not quite sure where Project Trinidad will fit within our product offerings. One thing we do know is that it represents a significant advancement in microservices security.
The Project Trinidad development team is actively seeking design partners and will be happy to walk you through the solution in greater depth. If you are interested in collaborating, please reach out to firstname.lastname@example.org.