VMware with the NSX network

“Many techniques have been tried over the years to achieve security. Some of them have been touted as the end-all, be-all of security only to be debunked years later as ineffective.  

Think, for example, about antivirus software, which was once billed as an effective datacenter security measure but is now considered largely obsolete. And the concept of protecting the network through firewalls alone is another failed concept. Once hackers get into the network, they will move laterally at will to gain access to sensitive information.

Any effective security strategy needs to handle issues of both network entry and containment of east/west unauthorized traffic.  And it has become clear over the years that a series of firewalls positioned around the network like a shell doesn’t work.  These are too easy to bypass and can’t be adjusted to keep up with both new threat actors as well as changing levels of information sensitivity within the corporation around specific groups and/or projects.  Something faster, more responsive, and scalable is needed. 

Enter the new era of networking--using software to provision and configure everything from VLANs to firewalls—called network virtualization. This also allows security policies that would normally be administered at the firewall level to be applied down at the group or even single user level.  This means users are connected instantaneously at each moment/situation based on policies related to access need, level, and job function, and this is a more effective and appropriate way to secure a network. 

VMware with the NSX network virtualization product is leading the charge in this category.  VMware NSX does to network virtualization what vSphere did to server virtualization over ten years ago.  It provides policy-based security at the group, user, and workload level so the right context is given with the access request.  The ability to apply static or dynamic policy based on changing security conditions within the infrastructure is extremely powerful. As example, an identified virus is or intrusion detection will automatically firewall-protect the infrastructure from the compromised VM. This not only distributes security at a granular level, it allows a level of protection across VMs that would not be possible otherwise.”