VMware Secure State FAQs


VMware Secure State helps organizations embrace public clouds by providing smart, real-time security insights and streamlining security best practices across application teams. An easy to use SaaS, Secure State correlates security events and changes to surface an emerging class of threats that are critical but easily overlooked across service layers.

Anyone who wants to enable security, compliance and governance in a public cloud environment will benefit from Secure State service. Users of Secure State service include Information Security teams, Cloud Operations and Engineering teams, as well as developers building application in cloud.

Today, Secure State supports AWS and Azure. Support for other public clouds will be added in the future

Most solutions in the market today rely on a simple set of API based configuration checks, provide limited visibility across service layers and often overwhelm the security teams. Unlike these solutions, Secure State provides a smarter more scalable approach for cloud infrastructure security monitoring, providing organizations with a deeper level of intelligence and visibility to look across their cloud assets and teams. Unique differentiators include ability to:

  • Detect violation chains across objects - These are a set of vulnerabilities that occur due to a series of isolated configurations that individually appear to be correct but as a collection pose a serious threat to your cloud environment.
  • Deliver real-time monitoring - Enables detection of all critical security events and changes within minutes without bombarding your cloud infrastructure with unnecessary API calls.
  • Become more proactive - Enable security teams to detect and fix issues before an unfortunate security incident happens. With Secure State, you can minimize the attack surface and remediate issues quickly by collaborating with application teams and automating sharing of critical insights with useful context to the right teams at cloud speed.

A "violation chain" is a serious risk posed to your public cloud environment that occurs due to a whole chain of configured cloud services that together represent a critical misconfiguration. Because today's cloud services are comprised of many silo'd elements and configurations, it's really hard to understand new risks without a greater context for the environment and how a particular configuration, which may appear to be correct but could combine with other configurations to become a critical vulnerability in your cloud environment. With Secure State, we detect not just isolated misconfigurations but also such violation chains that together represent the next-generation of security detection capabilities that are unique to the Secure State service.

Secure State presents all findings in the context of your deployment, allowing users to see violations and threats within the context of their cloud environment. Each finding is prioritized with a risk score, providing a smarter, more dynamic, view of the risks that may affect your business most.

Yes, the service is available for sale. To request a trial or initiate a sales enquiry, please fill this form here.

There is no country specific restriction for using Secure State service today.

You can request for a proof of concept by filling in this simple form here.

To learn more about Secure State, please visit the VMware Secure State website. To setup a personal meeting with a VMware cloud security expert, please fill this form here.


Secure State is priced based on the average number of resources you secure in the cloud on a monthly basis. While Secure State monitors all the services and resource types, it only charges for certain specific resources such as virtual machine instances and database nodes.

Secure State offers convenient 1-year, 2-year and 3-year subscriptions terms to users.

This is Answer 3A

This is Answer 4A

This is Answer 5A

This is Answer 6A

This is Answer 7A

This is Answer 8A

This is Answer 9A

This is Answer 10A


Secure State is available as a Software-as-a-Service solution easily accessible from VMware Cloud Services portal.

Secure State takes a unified approach across all public cloud providers to deliver a real-time and proactive approach to find issues quickly, provide visibility across application and infrastructure layers, and minimize the number of security solutions needed. With Secure State teams can reduce risk and improve security posture by getting alerts to the right channel and people. The results are near real-time with clear and actionable information. The solution further helps automate actions and allows customers to reduce unwanted noise.

Secure State’s tracking and reporting capabilities enable users to visualize all providers, accounts and teams in one place. By providing actionable intelligence on various events and users who initiate those events, the service allows teams to view a snapshot of the current state and track changes over time, resulting in improved visibility and better security across clouds.

The Secure State uses a read only cloud account role to index a cloud account and create a model of the configured resources and policies. In order to track changes to an account, Secure State also uses a log event stream of API calls from the cloud provider to make precise updates to the model and capture change data. These updates are used to evaluate specific security queries in real-time that look for both direct and related service vulnerabilities that may be caused by a change. The service can run in “index only” mode or with both indexing and event streams enabled.

Secure State is a SaaS product offering, that can easily be accessed using common web browsers such as Chrome or Firefox. To get started, a user only requires the access keys and standard read-only permissions to grant access to data from public cloud accounts.

Yes, customers are responsible for their secure use of Cloud IaaS resources. As your cloud infrastructure and users grow, ensuring secure cloud operations becomes a difficult task. Secure State centralizes critical change information with the goal of providing insights to central cloud security teams and service owners, thus helping them meet the requirements of the public cloud shared responsibility model.

No. The service is API based and requires no agents to be installed.

Yes. As an enterprise using VMware Cloud Services, you can set up federation with your corporate domain. Federating your corporate domain allows you to use your organization's single sign-on and identity source to sign in to VMware Secure State. You can also set up multi-factor authentication as part of federation access policy settings. You can find detailed steps for federation setup on our documentation site here.

This is Answer 8B

This is Answer 9B

This is Answer 10B

Header on Bottom

We’ll be there to help you accelerate your AWS journey and maximize your AWS investment. Fill out the form below to schedule a meeting during the event.