Harness Intrinsic Security for a Better Internal Firewall

Rely on a distributed, L2-L7 firewall to secure east-west traffic via streamlined, intrinsic application protection. Leverage deep visibility into workload behavior and stateful protection as you mitigate risk, ensure compliance, and lower costs while vastly simplifying the operational model of firewalling every workload.

Understand Why Enterprises Are Securing East-West Network Traffic

Understand Why Enterprises Are Securing East-West Network Traffic

Read the Forrester thought leadership paper on enabling zero trust with a new firewall strategy.

See How the Service-defined Firewall Did in Testing

See How the Service-defined Firewall Did in Testing

Review a micro-audit of the Service-defined Firewall versus simulated attacks.

Step Up to a Layer 7 Internal Firewall

Mitigate Security Risk

Leverage the only solution built into the infrastructure that detects and mitigates threats on east-west traffic within the perimeter. From its unique position within the hypervisor, Service-defined Firewall brings unmatched visibility into both network traffic and app behavior to provide better protection against threats.

Drive Automation and Consistency

Eliminate the security blind-spots that result from numerous discrete solutions and misaligned protection policies. Entirely within the infrastructure fabric, Service-defined Firewall automatically creates, distributes, moves, and decommissions policies according to each workload’s lifecycle.

Simplify Security Operations

Replace multiple security appliances with built-in, L2-L7 distributed firewalling and workload protection controls to reduce CapEx by up to 60%. Then slash OpEx and radically simplify operations by eliminating the need for complex traffic hair-pinning architectures and associated management overhead.

Automated baselining of application behavior

Automated baselining of application behavior

Dynamic, object-based policy model

Dynamic, object-based policy model

Comprehensive threat detection and intelligence

Distributed architecture to enforce policy

Distributed architecture to enforce policy

What Are the Key Use Cases for the Service-defined Firewall?

Go from Micro-segmentation to Full Internal Firewalling

Easily create, enforce, and automatically adapt macro and micro-segmentation policies between environments, compliance zones, applications, or even workloads. Leverage stateful Layer 7 firewall controls including AppID, UserID, WAF and URL whitelisting.

More on Micro-segmentation 

Deliver Workload Visibility & Policy Automation

Get 360 degree visibility into every workload, including roles, metadata, process, and network activity. Visualize application topologies, automatically recommend segmentation policies for enforcement, and link policy lifecycles to workloads.

More on Workload Intelligence 

Achieve Compliance with Distributed IDS/IPS

Replace discrete appliances with a fully distributed software IDS/IPS solution to easily achieve compliance, create virtual zones, and detect lateral threat movement on east-west (E-W) network traffic.

More on IDS/IPS 

Expand Your Virtual Cloud Capabilities

Deliver Intrinsic Security

Leverage adaptive, intelligent protection and deep visibility to secure apps and workloads in your data centers, clouds, and endpoints.

More on Enterprise Security Solutions 

Build on a Foundation of NSX

Connect and protect applications across your data centers and clouds with virtualized networking and security via VMware NSX.

More on NSX 

Advanced Threat Detection with IDS/IPS

Replace discrete appliances with a distributed software IDS/IPS solution to detect lateral threat movement on E-W traffic & easily achieve compliance.

More on NSX Distributed IDS/IPS 

Streamline Security Operations

Automate security policy recommendations in order to streamline micro-segmentation deployments and enable a more granular security posture.

More on NSX Intelligence