Srini Nimmagadda

Author Archives: Srini Nimmagadda

Simplify NSX Security for Brownfield vSphere Deployments with NSX-T 3.2

Perimeter-only security controls are just not sufficient to address sophisticated attacks on mission-critical infrastructure. VMware NSX pioneered the “micro-segmentation” approach, in which granular security controls enable Zero-Trust Security. With micro-segmentation, each individual workload inside the network receives unprecedented protection from attacks originating from both external as well as internal threat actors. One of the primary reasons for NSX’s instant success in the industry was the fact that deploying Zero-Trust security across the infrastructure is quite easy and effectively mitigates malicious lateral movement with L4 and L7 Application controls. With the NSX 3.2 release, we are further simplifying the NSX Security deployment experience.

This blog captures why deploying NSX for micro-segmentation is already a simple experience, and how NSX 3.2 further simplifies that experience. Specifically, the following two key capabilities will be covered:

  1. NSX Distributed Security support for vSphere Distributed Switch-based workloads, and
  2. Embedded vCenter-based NSX Distributed Firewall workflows

Achieving Zero-Trust for Applications with NSX today

From the initial days of VMware NSX, we strongly believed that achieving micro-segmentation should not come at the cost of complexity.

Graphical user interface, applicationDescription automatically generated

If you ask our customers, this is why they love NSX:

VMware NSX 3.2 Delivers New, Advanced Security Capabilities 

It’s an impactful release focused on significant NSX Security enhancements

Putting a hard shell around a soft core is not a recipe for success in security, but somehow legacy security architectures for application protection have often looked exactly like that: a hard perimeter firewall layer for an application infrastructure that was fundamentally not built with security as a primary concern. VMware NSX Distributed Firewall pioneered the micro-segmentation concept for granular access controls for cloud applications with the initial launch of the product in 2013. The promise of Zero Trust security for applications, the simplicity of deployment of the solution, and the ease of achieving internal security objectives made NSX an instant success for security-sensitive customers.

Our newest release — NSX-T 3.2 — establishes a new marker for securing application infrastructure by introducing significant new features to identify and respond to malware and ransomware attacks in the network, to enhance user identification and L7 application identification capabilities, and, at the same time, to simplify deployment of the product for our customers.

“Modern day security teams need to secure mission-critical infrastructure from both external and internal attacks. By providing unprecedented threat visibility leveraging IDS, NTA, and Network Detection and Response (NDR) capabilities along with granular controls leveraging L4-L7 Firewall, IPS, and Malware Prevention capabilities, NSX 3.2 delivers an incredible security solution for our customers“  

– Umesh Mahajan, SVP, GM (Networking and Security Business Unit) 

This blog captures critical enhancements NSX-T 3.2 delivers from a security perspective. And stay tuned —we’ll follow up with more detailed blogs on Continue reading