VMware NSX Distributed IDS/IPS Announced Features

VMware is continuing to strengthen their security position, tools, and solutions for offering top notch security to the enterprise. If you have been following allow this year with VMworld US 2019, you know that VMware acquired Carbon Black to bolster their endpoint security solution. You could feel that more is to come with the ever strengthening NSX solution. At VMworld Europe 2019, VMware has announced VMware NSX Distributed IDS/IPS which brings new features and functionality to the NSX platform. Let’s take a look at VMware NSX Distributed IDS/IPS Announced Features to see what this addition brings to the table.

Evolution of Security

VMware’s stance on security is what they call “Intrinsic Security” or security that is built in, and not bolted on. It is true these days that security can no longer be an afterthought and must be part of the overall design of your infrastructure.
Traditional security takes hardware appliances like the traditional hardware firewall (even next-generation firewalls) and places them at the edge of the environment where it filters traffic from the outside, and even filters and applies security to traffic internally between different network segments.
This approach, however, leads to traffic hair-pinning where all traffic has to leave your servers, go all the way up to the router/firewall, have security applied and then come back down.
With the NSX service-defined firewall solution, VMware is able to intelligently reduce the amount of overhead with security filtering and “rules” that are applied in the environment. Due to the “intrinsic security” and the understanding and intelligence to identify services, the NSX security solution “knows” which rules need to be applied to which workloads.

VMware NSX Distributed IDS/IPS Announced Features

VMware has now announced the VMware NSX Distributed IDS/IPS solution. Bascially, they are taking the same proven approach with the service-defined firewall and using this same technology to take IDS/IPS to the next level with the NSX advanced Layer-7 internal firewall.
The new distributed IDS/IPS takes advantage of VMware’s intrinsic security posture and the understanding of services due to the service-defined firewall and applies this understanding to IDS/IPS. Since NSX service-defined firewall intrinsically understands the services, the specific IDS/IPS signatures are applied to specific technologies and the servers hosting them.

NSX Distributed IDS/IPS Key Use Cases

The key use cases for the VMware NSX Distributed IDS/IPS solution are the following:
  • Easily Achieve Regulatory Compliance – Turning on effective IDS/IPS is as simple as turning on traffic inspection. No appliances are needed.
  • Replace Discrete Appliances – Turning on IDS/IPS functionality means you get native IDS/IPS capabilities that scale with your NSX software solution by means of the ESXi hosts backing your NSX environment. This means you can replace discrete standalone firewalls and virtual appliances applying these technologies.
  • Create Virtual Zones – You can create “virtual zones” without any physical separation of the network
  • Detect Lateral Threat Movement – Dangerous security threats today often move laterally and are hard to detect with traditional tools. With NSX IDS/IPS you can inspect east-west traffic at every workload to effectively detect both known and unknown threats.

NSX Distributed IDS/IPS Advantages

What are the advantages of the VMware NSX Distributed IDS/IPS solution? There are many, but they come down to the following:
  • Easy to deploy and consume
  • Linear scaling and no Traffic Hair-Pinning
  • IDS/IPS rules are applied in a Single Pass

Easy to Deploy and Consume

Traditional firewalls that are used for security and specifically for IDS/IPS are expensive, often difficult to manage, and offer proprietary solutions that do not scale well. The NSX Distributed IDS/IPS solution is easy to deploy, consume, and build upon using the NSX solution.

Linear Scaling and No Traffic Hair-Pinning

The VMware Distributed IDS/IPS scales as each workload consumes or releases capacity. It utilizes the power of all CPUs across servers in a vSphere datacenter. This means you are not limited to only the processing power contained in a single firewall device. This means there is no traffic hairpinning and traffic is efficiently secured with a solution that scales as needed.

IDS/IPS Rules Are Applied in a Single Pass

The IDS/IPS rules are applied in a single pass. As workloads are brought online, the correct rulesets are attached to the specific workloads that need them. Workloads that are moved have the appropriate rules applied with them.

Wrapping Up

VMware is continuing to strengthen the security stance of VMware NSX and the service defined firewall that allows you to have “intrinsic security”. With IDS/IPS, you can now effectively filter and apply policy to prevent lateral threats in your environment in a way that scales and does not rely on hardware appliances that hair-pin traffic.
The new NSX IDS/IPS solution is distributed in that it is able to leverage the processing power of all the ESXi hosts in your vSphere datacenter for processing power for the solution. Workloads either grab or release processing power for the IDS/IPS solution as they are provisioned or retired.

Post a Comment

0 Comments