VMware Contexa, the VMware Threat Intelligence Cloud
VMware Contexa™ sees what others don’t, powering VMware Security to stop threats others can’t.
Rapidly Respond to Ransomware and Advanced Threats

Industry's First NDR Test
Workloads on the VMware multi-cloud platform are the only ones protected against APTs by the NSX NDR solution that is AAA certified by SE Labs.

Exposing Emotet’s Cybercriminal Supply Chain
Get our latest threat report exposing tactics and development lifecycles of two new epochs of Emotet attacks and see how you can mount an ironclad defense.
Increase SOC Efficiency
Enable network security and SOC teams to quickly triage advanced threat campaigns by automatically correlating and mapping threat activities to MITRE ATT&CK with relevant authoritative context.
Reduce False Positives — and Negatives
NSX NDR uses a combination of technologies including NTA, IDPS, Artifact Analysis, and both unsupervised machine and supervised machine learning to distinguish between malicious and benign activity.
Streamline Deployments
NSX Distributed Firewall enables a completely tapless NDR architecture that eliminates network changes and complex traffic hairpinning architectures by distributing network sensor within the hypervisor.
Simplify Response Actions
Facilitate response actions across your security ecosystem for unified access control, threat forensics workflows, and automated response actions that block malicious traffic and quarantines compromised workloads.
Use Cases

Block Lateral Threat Movements
Detect and prevent threats entering or moving laterally within the network, ensuring complete protection — with no blind spots.

Stop Advanced Malware
Leverage the power of a full system emulation network sandbox that sees every malware interaction to detect ransomware, advanced and evasive threats.

Enable Multi-Cloud Security
Quickly deploy Network Detection and Response technology in any cloud for consistent threat visibility and detection across public and private clouds.

Improve SOC Forensics
Utilize a tight integration with NSX Network Security Analytics and Management for single pane of glass across firewall access policies, application and network maps, and MITRE ATT&CK-based threat correlation.
We test NDR products privately and regularly, and have not awarded any other products a AAA rating.
VMware NSX Network Detection and Response helps us sleep better at night—we know that NSX will detect it.
Related Resources

Advanced Threat Prevention with NSX Distributed Firewall
Deliver effective security by using multiple detection technologies, including network sandboxing, combined with a correlation engine.

Ransomware Demands a Layered Defense
Fighting ransomware with prevention alone isn’t enough. You need Network Detection and Response to contain successful attacks.

How to Block Lateral Movement
Elevate network security with advanced detection of lateral movements that goes beyond EDR and logs.

Related Products
NSX Distributed Firewall
Layer 7 internal firewall
Network Traffic Analysis
Detect anomalous activity and malicious behavior as it moves laterally across your network
NSX Sandbox
Complete malware analysis
NSX Distributed IDS/IPS
Signature and behavior based detection of ransomware and other threats at every hop
Frequently Asked Questions
VMware NSX Network Detection and Response™ NSX Network Detection and Response (NDR) is an AI-based threat correlation and forensics engine delivered both standalone and integrated tightly within NSX Firewall. It helps network security and SOC teams efficiently detect malicious activity and block lateral movement of sophisticated threats.
See the NSX Network Detection and Response Solution Overview for a table of recommended hardware specifications.
NSX Network Detection and Response ensures complete coverage of all network traffic without blind spots by ingesting a broad set of threat signals from distributed network sensors spanning an IDS/IPS, NTA and network sandbox. It automatically correlates these and third-party threat intelligence feeds into threat campaigns ordered as timelines mapped to MITRE ATT&CK for higher accuracy detection of malicious activity.
Use cases for NSX Network Detection and Response include:
- Ensuring complete protection by detecting and blocking lateral threat movements
- Stopping advanced malware with a full system emulation network sandbox
- Deployment of Network Detection and Response in Mulit-Clouds
- Improve SOC forensics with single pane of glass management
Key features of NSX Network Detection and Response include:
- Faster SOC triage with automatic MITRE ATT&CK mapping
- Radically streamlined deployments
- Broadest Set of Built-in Detectors
- Distributed Agentless Network Sensors
- Inspection of Encrypted Traffic and Artifacts