Updated on

Your enterprise can now deploy VMware NSX Security as a standalone security product, deploying it in an existing environment with no changes to your network. NSX 4.1 provides strong, multi-cloud, easy-to-operationalize network defenses that secure application traffic within and across clouds. NSX 4.1 makes it easier for you to enable Zero Trust application access across multi-cloud environments—so you can secure traffic across applications and individual workloads with security controls that are consistent, automated, attached to the workload, and elastic in scale.

About NSX 4.1 Security Lab

In this NSX 4.1 Security Lab, you'll get hands-on experience with NSX Security Advanced Threat Prevention features such as Malware Prevention, Network Detection and Response, Intrusion Detection and Prevention System, DFW micro-segmentation, and more.  This lab is intended for intermediate to advanced-level users exploring VMware NSX security use cases, helping you to explore security concepts and plan with NSX 4.1.

How NSX Advanced Threat Prevention Combats Ransomware

This lab will use a scenario involving ransomware, which is one of the most common threats in the modern cybersecurity landscape. There are many different variants, but the purpose remains largely the same for attackers: to generate as much revenue as possible by extorting their victims.

Like other forms of malware, ransomware is delivered by cybercriminals exploiting vulnerabilities in an organization's system. For example, attackers will take advantage of systems that have already been compromised or use social engineering tactics, such as phishing emails that attempt to trick users into downloading infected files or clicking on malicious links, to gain initial access to the victim's network. Once inside, attackers follow a multi-staged approach to take over files or systems, exfiltrating or encrypting key information to render it unusable to the organization. The attacker will demand a ransom be paid in exchange for a decryption key, which will presumably return the files to their original state.

Let's now see how NSX Advanced Threat Prevention (ATP) can help prevent and protect against these attacks.

NSX Malware Prevention and Network Detection and Response

NSX Advanced Threat Prevention (ATP) is a suite of analysis tools designed to defend against advanced threats that use known and unknown attack vectors. ATP augments more common security solutions aimed at repelling known intrusion strategies.

Key protection features include:

  • Malware Prevention detects and prevents malicious file transfers by using a combination of signature-based detections of known malware, including static and dynamic analysis of malware samples. You can configure Malware Prevention on your gateway firewall for North-South traffic. For East-West traffic, it can be configured in distributed Intrusion Detection and Prevention System (IDPS), utilizing Guest Introspection to protect virtual machines (VMs).
  • Network Detection and Response (NDR) collects the traffic from the entire network infrastructure across on-premises, cloud and hybrid cloud. It uses AI techniques to analyze traffic and gain insights about advanced threats. With NDR, you can visualize the entire traffic flow, which is correlated and presented as campaign cards along with affected hosts and a detailed timeline of threats. Additionally, NDR maps to the MITRE ATT&CK tactics and techniques for resourceful understanding of key events in the campaign.

Why Do You Need NSX Advanced Threat Prevention?

Cybercriminals are continuously developing more sophisticated strategies to gain access to networks. These attacks are typically well-funded, often specifically targeted, and involve complex malware thats designed to avoid common security defenses. Countering advanced threats requires advanced analytic tools that can provide rapid visibility, analysis, context, and response into the contents and actions of malicious network traffic.

Benefits of NSX Advanced Threat Prevention

By incorporating a leading ATP solution into your security stack, you harness three critical advantages:

  • Maximum Network Threat Visibility: In using multiple threat detection techniques at once (IDS/IPS, NTA, Network Sandbox, etc), ATP delivers deep visibility into all your network traffic.
  • Advanced Malware Detection: ATP helps secure both Private and Public Cloud workloads against threats that have been engineered to evade standard security tools.
  • Lower False Positives: ATP can greatly improve the accuracy of your alerts, which means your security teams can focus on a smaller set of actual intrusions.

One of the most performant ATP solutions available today is the VMware Advanced Threat Prevention offering for the NSX Service-defined Firewall. Using a combination of network traffic analysis, intrusion detection and prevention, and advanced malware analysis with comprehensive network detection and response capabilities, the solution is purpose-built to protect data center traffic with the industry’s highest fidelity insights into advanced threats.

How Does NSX Advanced Threat Prevention Work?

Fundamentally, ATP solutions perform sophisticated detection and analysis on suspicious network traffic, often employing hardware emulation, and supervised and unsupervised machine learning models. ATP solutions attempt to identify threats early before they can do damage and respond quickly in the event of a breach.

The goal of this lab is to illustrate how NSX Advanced Threat Prevention security solutions help organizations to gain actionable insights into advanced threats and to defend against their attack vectors.