Micro-segmentation with NSX Intelligence is a security technique that allows for the division of a network secure segments. This is achieved by creating logical boundaries within the network, which can then be assigned different security policies. This allows for granular control over the flow of traffic within the network, making it more difficult for attackers to move laterally and access sensitive data.
One key feature of NSX Intelligence is its ability to provide recommendations for micro-segmentation policies based on network traffic data. This is done by analyzing traffic patterns and identifying potential security risks, such as unsecured communication between devices or the presence of malicious traffic. The system then uses this information to recommend specific micro-segmentation policies that can be implemented to mitigate those risks.
This feature is useful because it automates the process of configuring micro-segmentation policies, which can be a time-consuming and complex task. It also allows for more dynamic and adaptive security, as the system can automatically adjust policies as network traffic and security risks change. Additionally, it can help organizations to identify possible vulnerabilities on their network and allow them to take actions to minimize the risk of data breaches.
In this section we will generate an automatic recommendation of DFW rules for East-West traffic for ACME application Virtual Machines.
acme-web02 --> acme-app02 --> acme-db02
Plan & Troubleshoot
1. Click on Plan & Troubleshoot and select Recommendations from the left panel.
Recommendations
2. Expand the Recommendation rule for observing its entities.
You can see that we've run the recommendation wizard to come up with a set of rules required for application communication. Beyond reducing the attack surface by implementing segmentation and micro segmentation policies we can also prevent the download and transfer of malware as well as exploit and other threat-related network traffic.
Distributed Firewall
3. Click on Security from the main tab and select Distributed Firewall from the left panel. In order to protect our workloads we have created multiple segmentation policies. We will review the App Connectivity Strategy created by NSX Intelligence.
Firewall Policy in detail
4. The NSXSecOps-ACME policy is created by NSX Intelligence. In the lab the NSXSecOps-ACME is deleted to allow the creation of NDR Threat Campaign.
Conclusion
In conclusion, NSX Intelligence is a powerful security feature of VMware NSX that provides advanced capabilities such as micro-segmentation, Firewall, and intrusion detection and prevention. One of its key features is the ability to provide automated recommendations for micro-segmentation policies based on network traffic data. This feature allows organizations to quickly and easily configure micro-segmentation policies, which can be a complex and time-consuming task. Additionally, it enables a more dynamic and adaptive security approach, as the system can automatically adjust policies as network traffic and security risks change. With this feature, organizations can enhance their network security and reduce the risk of data breaches, making it an important tool for any organization looking to protect their sensitive data.