In this section, we will learn how NSX Intelligence and NSX NDR provide a comprehensive approach to East-West lateral security.
Protecting East-West lateral security is a crucial aspect of network security. NSX Intelligence provides visibility into network traffic, detects anomalies, and identifies potential threats. It leverages machine learning to create a baseline of normal behavior and then compares it to current activity to detect any deviations. NSX NDR monitors network traffic, analyzes it in real-time, and uses behavioral analysis to detect and respond to threats. It also provides continuous monitoring of network activity, detects lateral movement of threats, and provides automated responses to mitigate them. Together, NSX Intelligence and NSX NDR provide a comprehensive approach to East-West lateral security, enabling organizations to quickly detect and respond to threats, minimizing the risk of a breach, and maintaining the integrity of their networks.
To Identify and Resolve the attack scenario in this lab, you will these features across five primary steps as shown in the image above.
The NSX Intelligence and ATP (Advanced Threat Prevention) are two powerful features that can be used to enhance network security. NSX Intelligence is a comprehensive security solution that provides visibility and context to security teams, enabling them to quickly identify and respond to security threats. ATP, on the other hand, is a set of advanced security features that can detect and prevent sophisticated attacks such as malware, ransomware, and phishing. By combining the capabilities of NSX Intelligence and ATP, network security teams can detect, isolate, and remediate security threats before they cause any significant damage.
The lab has NSX Advanced Threat Prevention security features set to detect mode, enabling us to monitor the entire multi-stage malware attack chain, from initial access and execution to lateral movement and exfiltration of data
The NSX Intelligence identified a network activity with a high impact score, which was the initial detection of the malicious event. The attacker infected an employee's VDI Desktop (VDI-03) using Magnitude Exploit Kit, then moved laterally through the network, dropping the Cryptowall executable ransomware in VDI Desktop and continuing to move laterally to the Application Server, and production Database Server (ACME-DB02). Finally, the attacker exfiltrated confidential data from the Database Server
The following lab flow will walk you through how to navigate this scenario using the capabilities of NSX Advanced Threat Prevention.
Note: The attacks simulations are automatically generated in this lab, so you can directly start investigating the threat events.