Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    • SPONSORED CONTENT

    Virtual, Multi-Cloud Networks Require New Approaches to Security

    By VMWare - January 28, 2019

    The following is sponsored content. It may not reflect the views of our editorial staff.

    Share
    Facebook
    Twitter
    Linkedin
      By: MATT GILLESPIE FOR VMWARE

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Cyberattacks are becoming more pervasive and destructive by the day, and network operators consistently report that responding to security challenges is a top concern. The accelerating pace of business, coupled with budgetary limitations, can make this challenge even greater. Stealthy new dangers have also emerged, such as advanced persistent threats (APTs) that are designed to strike silently, from inside the network perimeter.

      Moreover, in addition to coping with the evolving nature of the threats themselves, enterprises must also adapt their security postures to accommodate their changing infrastructures. Measures developed for bare-metal servers inside a controlled data center are not well suited for organizations that have adopted approaches such as server virtualization and private cloud.

      Traditional network topologies isolated sensitive workloads using basic segmentation and focused protection at the perimeter using measures such as firewalls and intrusion protection. Perimeter measures protect solely against threats from outside the network; they cannot see internal traffic.

      The coexistence of multiple workloads side-by-side on shared servers sets the stage for attacks from within. By compromising a trusted source such as an end user, a cyber-attack can breach the perimeter and become an internal threat. Once inside, the attack can move laterally to infect a broad swath of the network, unless measures are taken that are specifically designed to address internal threats.

      Isolating and Securing Applications with NSX Micro-Segmentation

      In multi-tenant environments, workloads must be protected against internal threats that may originate from other workloads. VMware introduced micro-segmentation within the NSX network virtualization platform to address this need. Micro-segmentation isolates sensitive workflows from each other and allows administrators to secure them individually using fine-grained network controls and security policies.

      Critical to NSX’s implementation of micro-segmentation is the hypervisor-embedded NSX Distributed Firewall, which enforces policy rules that govern the flow of traffic through individual virtual network interfaces. It is a stateful firewall, meaning that it monitors and tracks the states of active connections as the basis for context awareness.

      Using that context, the distributed firewall can determine what application generated a piece of traffic, regardless of what port it is operating on and what protocol it is using. This visibility into the application layer (L7) is a distinguishing characteristic of the NSX Distributed Firewall, compared to competing solutions. It allows for firewall rules that are based on individual applications, reducing the attack surface for would-be assaults.

      An application-centered security approach using micro-segmentation also automates and simplifies management. Firewall rules are automatically created when new VMs are spawned, remain with the VMs as they migrate across physical hosts and environments, and are removed when VMs are terminated.

      In the broader context of enterprise virtualization, automating security along with the other factors of network, compute, and storage is central to transforming the enterprise for greater agility and efficiency while also improving

      services. Full integration of all these factors into the VMware vSphere environment ensures optimal performance, security, and scalability compared to solutions cobbled together using bolt-on services.

      Securing Workloads in a Multi-Cloud World

      Micro-segmentation allows organizations to lock down workloads directly, rather than focusing on physical infrastructure. This ability helps IT embrace a world where workloads are distributed across multiple premises and public clouds that the organization doesn’t control.

      In particular, organizations operating in a multi-cloud context cannot hope to efficiently create bespoke networking and security postures for each cloud they use; the operational complexity of doing so would simply be prohibitive. What’s needed is a way of controlling and securing applications and data across on-premises data centers, public clouds, and the network edge.

      NSX addresses this need by applying a consistent set of security policies in software to workloads across all these environments. Equally important to having consistent policy is to enforce it consistently across all the locations and types of workloads in the enterprise. The NSX Distributed Firewall interface provides a centralized means of applying policy and providing verifiable, consistent enforcement both on-premises and off.

      The NSX Cloud solution is pre-verified and optimized for use with leading public clouds, including Amazon Web Services and Microsoft Azure. It also applies and enforces security policy consistently across various types of workloads, whether they run on bare metal, in VMs, or in containers.

      Adapting to Constant Change in Modern Applications

      The applications that enterprise workloads are based on are no longer the localized and static entities that have prevailed for decades. Today’s enterprise software may be distributed across multiple locations and clouds instead of being hosted on a single server, and it may self-update frequently, creating a dynamic, constantly changing identity and set of behaviors.

      The distributed and dynamic nature of modern applications makes it difficult for IT organizations to create and maintain security policies that take advantage of an understanding of application behavior. In addition, those organizations typically lack the tools and control points to enforce such policies, particularly across the full spectrum of infrastructure where the applications operate.

      Adaptive micro-segmentation addresses these shortcomings, enabling IT to automatically maintain and enforce security policies for dynamic, distributed applications. It begins by using VMware AppDefense to analyze applications based on their workloads and network traffic. That analysis generates deep intelligence and understanding of intended, known-good application behavior.

      Based on that understanding, AppDefensecreates creates micro-segmentation and other security policies that eliminate unnecessary communications and pushes them to NSX, reducing the attack surface. NSX also provides control points for robust, holistic enforcement of those security policies, even across multiple data centers and clouds. It locks down workloads and legitimate communication paths to protect against direct attacks on applications.

      To address the dynamic nature of applications, adaptive micro-segmentation watches for changes to any software component. AppDefense automatically adapts security policies in response to application changes, then applies those policies with NSX, dramatically simplifying management and maintenance, as well as improving the protection of applications and their component workloads over time.

      Conclusion

      VMware NSX provides application-oriented security suited to the multi-tenant reality of today’s virtualized and multi-cloud networks. It expands on the traditional security emphasis at the network perimeter, extending protection to the internal network, where the vast majority of traffic occurs. It also automates security, protecting networks and workloads as they are dynamically created and decommissioned, while responding to the changing needs of applications and the environment.

      Software-first networking with NSX protects workloads across bare metal, virtual machines, and containers, whether on-prem or in a multi-cloud environment, with greater visibility and control over workloads and data. NSX positions network operators to better protect their data and the rest of the business as they reach for the agility, flexibility, and cost efficiency benefits available to them from software-first multi-cloud networking.

      To learn more about software-first networking, visit
      www.vmware.com/software-first-networking

      Contributor: Matt Gillespie is a technology writer based in Chicago. He can be found at www.linkedin.com/in/mgillespie1.

      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.