Today at RSA Conference 2021, we’re excited to announce that VMware is a winner of the CyberDefense Magazine 2021 Global InfoSec Award as Market Leader in Firewall. One of VMware’s core beliefs is that we need structural and architectural changes to how organizations approach security. This means taking a fresh look at how we approach issues such as internal data center security. This is exactly what led us to deliver the VMware NSX Service-defined Firewall.
The NSX Service-defined Firewall is one of the foundations of VMware Security. This solution is a unique distributed, scale-out internal firewall that protects all east-west traffic across all workloads without network changes. This radically simplifies the security deployment model. It includes a distributed firewall, advanced threat protection, and network traffic analytics. With the VMware NSX Service-defined Firewall, security teams can protect their organizations from cyberattacks that make it past the traditional network perimeter and attempt to move laterally. Its key differentiating capabilities include:
- Distributed, granular enforcement: The NSX Service-defined Firewall provides distributed and granular enforcement of security policies to deliver protection down to the workload level, eliminating the need for network changes.
- Scalability and throughput: Because it is distributed, the Service-defined Firewall is elastic, with the ability to auto-scale as workloads spin up or down.
- Intra-application visibility: The Service-defined Firewall automatically determines the communication patterns across all types of workloads, makes security policy recommendations based on those patterns, and checks that traffic flows to conform to deployed policies.
- Declarative API: With the NSX Service-defined Firewall, security teams can move at the speed of development to deliver a true public cloud experience on-premises.
- Advanced Threat Prevention: With the NSX Service-defined Firewall security teams can easily deploy advanced threat prevention capabilities such as distributed IDS/IPS, network sandboxing, and network traffic analysis/network detection and response (NTA/NDR) to protect against known and zero-day threats.
With these capabilities, customers can deploy network segments rapidly to get the speed and flexibility needed to quickly create and reconfigure network segments, or virtual security zones by defining them entirely in software. The NSX Service-defined Firewall also allows users to prevent lateral movement of attacks by extending east-west security with stateful Layer 7 firewalling, including AppID and UserID-based policies, as well as advanced threat protection. VMware’s solution enables customers to meet regulatory requirements via its inspection of all traffic, which provides complete coverage to eliminate blind spots with a distributed IDS/IPS delivered in software. Finally, customers can easily create, enforce, and automatically manage granular micro-segmentation policies between applications, services, and workloads across multi-cloud environments to achieve zero trust.
A great example of an organization that leveraged VMware’s NSX Service-defined Firewall is the United States Senate Federal Credit Union (USSFCU). They turned to VMware for a unified solution that stretches from the perimeter to the data center, across its network and virtual desktop infrastructure (VDI), with granular policy controls to protect applications, services, and workloads. With VMware’s Service-defined Firewall, USSFCU fortified its environment with streamlined east-west monitoring, remediation, and blocking capabilities that deliver impressive visibility and granular control. USSFCU protects Horizon virtual desktops by using NSX to segment the digital workspaces and inspect their traffic flows for any threats trying to move laterally. Firewall policies are applied to VDI workloads to mitigate threats from otherwise vulnerable users and desktops. Click here to learn more about how VMware’s Service-defined Firewall helped USSFCU.
Need further proof that a new approach is required? Read of our recently released threat landscape report, “North-by-South-West: See What Evaded Perimeter Defenses.” The evidence is clear that East-West Security is the new battleground for IT.
Check out these additional resources on the VMware AWARD-WINNING NSX Service-Defined Firewall.
- Service-defined Firewall Datasheet
- How VMware IT Uses Zero Trust in the Data Center
- Internal Firewalls for Dummies Guide
- Customers Talk Data Center Firewalling
- Forrester: To Enable Zero Trust, Rethink Your Firewall Strategy