Micro–segmentation and network segmentation are critical components of Zero Trust. But, historically, segmentation projects have been fraught with operational challenges and limited by platform capabilities.
VMware NSX enables a new framework and firewall policy model that allows applications to define access down to the workload level. NSX does this by understanding application topologies and applying appropriate policy per workload. Creating zones in the data center where you can separate traffic by application simultaneously helps stop the spread of lateral threats, create separate development, test, and production environments, and meet certain compliance requirements.
VMworld attendees who want to learn more about how to set up micro-segmentation/network segmentation in their data centers should consider the following sessions:
Micro-segmentation is something that is certainly easier said than done. Although micro-segmentation allows applications to define access down to the component level, the operation of such an environment can be daunting without structure and guidance. In this session, you’ll learn how to develop a new framework and a firewall policy model for automated platforms and self-service clouds. We’ll dive into best practices, lessons learned, and a phased approach for evolving a robust firewall policy design.
Micro-segmentation is one of the key pillars of a Zero Trust network architecture and something that’s top of mind for every CISO. However, achieving Zero Trust micro–segmentation has historically been fraught with operational challenges and limited by platform capabilities. Learn how NSX—which offers layer–7 security controls with traffic inspection to truly enable Zero Trust—has simplified the deployment and operation of micro–segmentation in brownfield environments. We’ll discuss the four key barriers to creating a successful micro-segmentation strategy—and how to overcome them.
NSX Intelligence leverages the distributed architecture of VMware NSX to deliver analytics within the vSphere and NSX platforms. This innovative approach builds on the deep workload and network context unique to NSX to provide new capabilities for networking and security by leveraging artificial intelligence and machine learning. In Part 1 of this two-part session, we’ll cover how NSX Intelligence delivers detailed visualization, automated security policy recommendations, continuous monitoring of every flow, and an audit trail of security policies. We’ll dive deep into the solution architecture and also present a demo of the latest product capabilities, including end-to-end visibility, how to build NSX firewall policy and rules, and security anomaly detection.
While the NSX Intelligence Part 1 session focused on the core NSX Intelligence platform, this session (Part 2) will cover integrations and extensibility with VMware solutions like Carbon Black and vRealize Network Insight, as well as our partner ecosystem. We’ll focus on how NSX Intelligence has been built to enable extensibility through several interfaces and how leveraging these integrations and feeds provides even more context and end–to–end visibility. In addition, you’ll hear from a partner (Ordr) and customer (Christus Health) on their experiences using and integrating NSX Intelligence, and we’ll provide a demonstration.
During this session, we will review the methodology used by VMware Professional Services to operationalize the NSX Distributed Firewall. The process includes collecting firewall information from application vendors and owners, using vRealize Network Insight and NSX Intelligence to inspect physical and virtual netflows, and analyzing existing firewall rule sets. Using all of the information acquired through this analysis, we can architect a comprehensive firewall policy approach that takes advantage of the advanced grouping capabilities of the NSX Firewall to create a policy that is both secure and easy to maintain. NSX Intelligence provides additional application communication visibility that can be used for troubleshooting and iterating the firewall ruleset. Emphasis is placed on utilizing methods which make continued application of the policy easy via automated virtual machine tagging or grouping membership network segment, operating system, or other environment-specific metadata. The end result is a highly effective firewall policy that includes automated enforcement but requires minimal manual processes to onboard new applications.
Implement Micro–segmentation in the Data Center at Scale
Micro–segmentation and Network Segmentation are critical components in building modern networks for modern applications. The ability to separate traffic by application or other characteristic hardens security and meets new compliance requirements. VMware NSX allows you to do this at scale without adding IT complexity or overhead.
Explore how you can implement micro-segmentation/network segmentation in your data center by viewing the VMworld sessions today. Also, check out the on-demand catalog for more Network and Cloud Security sessions.