Latest Posts

“Split and smear” your security policies: Static Unidimensional vs. Dynamic Multi-Dimensional Policies

posted

In my previous post I explained why current security architectures aiming at inspecting all inline traffic via hardware appliances are failing to provide proper segmentation and scale in modern day data centers.  As I described, this has nothing to do with the type of security technology being deployed but rather with engineering security services that Read more...

Advanced VMware NSX Security Services with Check Point vSEC

posted

VMware NSX provides an integrated Distributed Firewall (DFW), which offers L2-L4 security at the vNIC level and protects East-West traffic, and an Edge Firewall provided by the Edge Services Gateway (ESG), which offers L2-L4 security at the edge and protects North-South traffic in and out of the Software-Defined Data Center (SDDC). Read more...

Automating VMware NSX Security Rules Creation using Splunk and Some Code

posted

The VMware NSX network virtualization platform allows us to build sophisticated networking and security constructs in software. NSX has a rich RESTful API which allows one to build highly flexible and automated environments. In this blog, we’re going to focus on operations and automation; we’ll demonstrate one example of automation around security policies/rules that can Read more...

VMware NSX and Split and Smear Micro-Segmentation

posted

While external perimeter protection requirements will most likely command hardware acceleration and support for the foreseeable future, the distributed nature of the services inside the data center calls for a totally different set of specifications. Some vendors have recently claimed they can achieve micro-segmentation at data center scale while maintaining a hardware architecture. As I Read more...

VMware NSX Reference Design Guide Update

posted

The VMware NSX reference design guide has been a trusted source for NSX implementers to ensure a smooth and successful deployment. The NSX design guide has been incorporated as a baseline in industry recognized and validated architectures such as VCE VxBlock, Federation Enterprise Hybrid Cloud and the VMware Validated Designs. We are introducing a new updated version Read more...

Why It’s Time to Build a Zero Trust Network

posted

Network security, for a long time, has worked off of the old Russian maxim, “trust but verify.” Trust a user, but verify it’s them. However, today’s network landscape — where the Internet of Things, the Cloud, and more are introducing new vulnerabilities — makes the “verify” part of “trust but verify” difficult and inefficient. We Read more...