Still Using Perimeter Defenses To Protect Your Data Center? Stop, Drop, and Defend—With Micro-Segmentation

posted

There are a lot of reasons that IT organizations are virtualizing their networks more and more—and chief among them is micro-segmentation. Micro-segmentation, which comes hand-in-hand with network virtualization, divides the data center into distinct segments. Each segment can be secured separately. When security controls and network services are separately defined and communications is isolated, an attacker’s Read more...

“Split and smear” your security policies: Static Unidimensional vs. Dynamic Multi-Dimensional Policies

posted

In my previous post I explained why current security architectures aiming at inspecting all inline traffic via hardware appliances are failing to provide proper segmentation and scale in modern day data centers.  As I described, this has nothing to do with the type of security technology being deployed but rather with engineering security services that Read more...

Automating VMware NSX Security Rules Creation using Splunk and Some Code

posted

The VMware NSX network virtualization platform allows us to build sophisticated networking and security constructs in software. NSX has a rich RESTful API which allows one to build highly flexible and automated environments. In this blog, we’re going to focus on operations and automation; we’ll demonstrate one example of automation around security policies/rules that can Read more...

VMware NSX and Split and Smear Micro-Segmentation

posted

While external perimeter protection requirements will most likely command hardware acceleration and support for the foreseeable future, the distributed nature of the services inside the data center calls for a totally different set of specifications. Some vendors have recently claimed they can achieve micro-segmentation at data center scale while maintaining a hardware architecture. As I Read more...

Why It’s Time to Build a Zero Trust Network

posted

Network security, for a long time, has worked off of the old Russian maxim, “trust but verify.” Trust a user, but verify it’s them. However, today’s network landscape — where the Internet of Things, the Cloud, and more are introducing new vulnerabilities — makes the “verify” part of “trust but verify” difficult and inefficient. We Read more...

VMware NSX and vRealize Automation Overview – Part 1

posted

VMware NSX network virtualization and vRealize Automation deliver a feature rich, dynamic integration that provides the capability to deploy applications along with network and security services at provisioning time while maintaining compliance with the required security and connectivity policies. This native integration highlights the value of NSX when combined with automation and self-service and shows Read more...