What is NSX Network Detection and Response?
VMware Contexa, the VMware Threat Intelligence Cloud
VMware Contexa™ sees what others don’t, powering VMware Security to stop threats others can’t.
Rapidly Respond to Ransomware and Advanced Threats
Empower your network security and SOC teams with AI-powered threat correlation and forensics that efficiently detects malicious activity and blocks lateral movement of sophisticated threats. NSX Network Detection and Response (NDR) automatically correlates events from tap-less built-in detectors into threat campaigns creating an attack blueprint and timeline across MITRE ATT&CK that provides authoritative context, enabling faster and more efficient threat hunting.
Industry's First NDR Test
Workloads on the VMware multi-cloud platform are the only ones protected against APTs by the NSX NDR solution that is AAA certified by SE Labs.
Exposing Emotet’s Cybercriminal Supply Chain
Get our latest threat report exposing tactics and development lifecycles of two new epochs of Emotet attacks and see how you can mount an ironclad defense.
Increase SOC Efficiency
Enable network security and SOC teams to quickly triage advanced threat campaigns by automatically correlating and mapping threat activities to MITRE ATT&CK with relevant authoritative context.
Reduce False Positives — and Negatives
NSX NDR uses a combination of technologies including NTA, IDPS, Artifact Analysis, and both unsupervised machine and supervised machine learning to distinguish between malicious and benign activity.
Streamline Deployments
NSX Distributed Firewall enables a completely tapless NDR architecture that eliminates network changes and complex traffic hairpinning architectures by distributing network sensor within the hypervisor.
Simplify Response Actions
Facilitate response actions across your security ecosystem for unified access control, threat forensics workflows, and automated response actions that block malicious traffic and quarantines compromised workloads.
Join the NSX Network Security Roadshow
Use Cases
Block Lateral Threat Movements
Detect and prevent threats entering or moving laterally within the network, ensuring complete protection — with no blind spots.
Stop Advanced Malware
Leverage the power of a full system emulation network sandbox that sees every malware interaction to detect ransomware, advanced and evasive threats.
Enable Multi-Cloud Security
Quickly deploy Network Detection and Response technology in any cloud for consistent threat visibility and detection across public and private clouds.
Improve SOC Forensics
Utilize a tight integration with NSX Network Security Analytics and Management for single pane of glass across firewall access policies, application and network maps, and MITRE ATT&CK-based threat correlation.
We test NDR products privately and regularly, and have not awarded any other products a AAA rating.
Simon Edward, CEO, SE Labs
VMware NSX Network Detection and Response helps us sleep better at night—we know that NSX will detect it.
Related Resources
Advanced Threat Prevention with NSX Distributed Firewall
Deliver effective security by using multiple detection technologies, including network sandboxing, combined with a correlation engine.
Ransomware Demands a Layered Defense
Fighting ransomware with prevention alone isn’t enough. You need Network Detection and Response to contain successful attacks.
How to Block Lateral Movement
Elevate network security with advanced detection of lateral movements that goes beyond EDR and logs.
Related Products
Expand your data center security capabilities with detection and response, firewalling, and more.
NSX Distributed Firewall
Layer 7 internal firewall
Network Traffic Analysis
Detect anomalous activity and malicious behavior as it moves laterally across your network
NSX Sandbox
Complete malware analysis
NSX Distributed IDS/IPS
Signature and behavior based detection of ransomware and other threats at every hop
Frequently Asked Questions
VMware NSX Network Detection and Response™ NSX Network Detection and Response (NDR) is an AI-based threat correlation and forensics engine delivered both standalone and integrated tightly within NSX Firewall. It helps network security and SOC teams efficiently detect malicious activity and block lateral movement of sophisticated threats.
What are the recommended hardware specifications for NSX Network Detection and Response?
See the NSX Network Detection and Response Solution Overview for a table of recommended hardware specifications.
How does NSX Network Detection and Response work?
NSX Network Detection and Response ensures complete coverage of all network traffic without blind spots by ingesting a broad set of threat signals from distributed network sensors spanning an IDS/IPS, NTA and network sandbox. It automatically correlates these and third-party threat intelligence feeds into threat campaigns ordered as timelines mapped to MITRE ATT&CK for higher accuracy detection of malicious activity.
What are the use cases for NSX Network Detection and Response?
Use cases for NSX Network Detection and Response include:
- Ensuring complete protection by detecting and blocking lateral threat movements
- Stopping advanced malware with a full system emulation network sandbox
- Deployment of Network Detection and Response in Mulit-Clouds
- Improve SOC forensics with single pane of glass management
What are the key differentiators of NSX Network Detection and Response?
Key features of NSX Network Detection and Response include:
- Faster SOC triage with automatic MITRE ATT&CK mapping
- Radically streamlined deployments
- Broadest Set of Built-in Detectors
- Distributed Agentless Network Sensors
- Inspection of Encrypted Traffic and Artifacts
Why VMware for Network Detection and Response?
Workloads on the VMware multi-cloud platform are the only ones protected against APTs by the NSX NDR solution that is AAA certified by SE Labs.