Vivek Bhandari

Author Archives: Vivek Bhandari

VMware Wins 2021 Global InfoSec Award as Market Leader in Firewall 

Today at RSA Conference 2021, we’re excited to announce that VMware is a winner of the CyberDefense Magazine 2021 Global InfoSec Award as Market Leader in Firewall.  One of VMware’s core beliefs is that we need structural and architectural changes to how organizations approach security. This means taking a fresh look at how we approach issues such as internal data center security. This is exactly what led us to deliver the VMware NSX Service-defined Firewall.

The NSX Service-defined Firewall is one of the foundations of VMware Security. This solution is a unique distributed, scale-out internal firewall that protects all east-west traffic across all workloads without network changes. This radically simplifies the security deployment model. It includes a distributed firewall, advanced threat protection, and network traffic analytics. With the VMware NSX Service-defined Firewall, security teams can protect their organizations from cyberattacks that make it past the traditional network perimeter and attempt to move laterally. Its key differentiating capabilities include:

  • Distributed, granular enforcement: The NSX Service-defined Firewall provides distributed and granular enforcement of security policies to deliver protection down to the workload level, eliminating the need for network changes.
  • Scalability and throughput: Because it is distributed, the Service-defined Firewall is elastic, Continue reading

Simplify your micro-segmentation implementations

Microsegmentation is critical component of Zero Trust. But, historically, micro-segmentation has been fraught with operational challenges and limited by platform capabilities.  


Not anymore 


VMware NSX enables a new framework and firewall policy model that allows applications to define access down to the workload levelNSX does this by understanding application topologies and applying appropriate policy per workload. Creating zones in the data center where you can separate traffic by application simultaneously helps stop the spread of lateral threats, create separate development, test, and production environments, and meet certain compliance requirements. 


VMworld attendees who want to learn more about how to set up micro-segmentation in their data centers should consider the following sessions: 



Permit This, Deny That – Design Principles for NSX Distributed Firewall (ISNS2315D) 

Micro-segmentation is something that is certainly easier said than done. Although micro-segmentation allows applications to define access down to the component level, the operation of such an environment can be daunting without structure and guidance. In this session, youll learn how to develop a Continue reading

Eliminate East-West Traffic Hair-Pinning

A firewall is a firewall, right? While on the surface that assumption may appear to be correcta closer look reveals that there are critical differences between a traditional, appliance-based firewall that protects your network perimeter and a distributedscale-out internal firewall that protects east-west traffic within your data center.  

It’s true that both types of firewalls monitor network traffic, detect threats, and block malicious activity. However, appliance-based firewalls are designed to monitor north-south traffic, which has different volumes and characteristics than east-west traffic. Traditional north-south firewalls were never designed to be used interchangeably to protect both north-south and east-west traffic 

East-West Data Center Traffic

Figure 1: Data center traffic patterns

While it might appear to be the right choice, provisioning appliance-based firewalls for east-west traffic monitoring is not only expensive, it’s highly ineffective in delivering the level of control and performance required to protect growing numbers of dynamic workloads.  

Creating Traffic Jams During Volume Spikes     

One of the most common drawbacks of using appliance-based firewalls as internal firewalls is the need to hairpin east-west traffic to and Continue reading

Security that’s Designed for the Modern Data Center

The last 12 months have been incredibly exciting for the security business at VMware. Last year at RSA Conference 2019, VMware CEO Pat Gelsinger outlined our Intrinsic Security strategy in his keynote presentation, “3 Things the Security Industry Isn’t Talking About”. We also announced the VMware Service-defined Firewall, a stateful Layer 7 data center firewall. As pioneers of micro-segmentation, the Service-defined Firewall extended our leadership in protecting east-west traffic in the data center.

Later in the year, we announced two major acquisitions –Avi Networks and Carbon Black. The acquisition of Carbon Black brought to VMware an industry-leading endpoint security platform, and made the entire industry take notice of VMware’s intentions to transform security. With Avi Networks, we acquired a software-defined, elastic, and high-performance load balancer that comes equipped with a full-featured web application firewall (WAF). Maintaining the momentum in building out our security portfolio for the digital enterprise, we announced the VMware NSX Distributed Intrusion Detection and Prevention System which will bring advanced threat controls to the Service-defined Firewall.

At RSA Conference 2020, we are introducing VMware Advanced Security for Cloud Foundation, a modern data center security solution for today’s private and public clouds. This solution will include VMware Carbon Continue reading