Detect Malicious Behavior Across The Network

Industry's First NDR Test
Workloads on the VMware multi-cloud platform are the only ones protected against APTs by the NSX Network Detection and Response (NDR) solution that is AAA certified by SE Labs.

Exposing Emotet’s Cybercriminal Supply Chain
Get our latest threat report exposing tactics and development lifecycles of two new epochs of Emotet attacks and see how you can mount an ironclad defense.
Operationalize East/West Security
Behavioral analysis on east/west traffic across multi-cloud environments radically closes the security gap for lateral movement tactics defined by the MITRE ATT&CK.
Tapless Architecture
NTA sensors are built directly into the hypervisor for a completely tapless architecture—easing deployment while eliminating hairpinning.
Accelerate Time to Respond
Threats detected by NTA are correlated into attack campaigns with the context you need for rapid triage and response.
Unify Your Network Security Platform
Couple NTA with the NSX Distributed Firewall (DFW) to get a complete suite of access control and advanced threat detection capabilities.
Top Differentiators
Advanced AI Models
Apply supervised and unsupervised ML to detect network protocol and traffic anomalies and differentiate between real threats and false positives.
Distribute NTA as a Service
VMware distributes NTA directly on the hypervisor, essentially virtualizing the entire security stack, making security intrinsic to the infrastructure.
Encrypted Traffic Analysis
Leverage VMware’s machine learning models that operate directly on encrypted traffic to identify malicious communication without the need to inspect any payload.
Gain Authoritative Context
VMware gives you more than alerts. Gain full authoritative context of your environment and threat intelligence that is trustworthy, actionable and readily available.
Use Cases

Eliminate Network Changes
Deliver security as a built-in, distributed service by replacing NTA appliance-based solutions with a software-based architecture that is built directly into the hypervisor and distributed to each host.

Proactive Prevention, Detection, and Response
Prevent lateral movement and exfiltration of data by inspecting every packet for anomalous, advanced, and zero-day attacks across your East-West traffic.

Obtain Broader Threat Visibility
Provide your security team with the highest level clarity when monitoring networking events. NTA ensures your team is best positioned to take action driven by visibility, depth, and accuracy of data collection.

Detect Threats On Encrypted Traffic
VMware pioneered an innovative approach of building models that operate directly on encrypted traffic to identify malicious communication without the need to inspect any payload.
VMware NSX Network Detection and Response helps us sleep better at night—we know that NSX will detect it.
Related Resources
Advanced Threat Prevention with VMware NSX Distributed Firewall
Deliver effective security by using multiple detection technologies, including network sandboxing, combined with a correlation engine.
How to Block Lateral Movement
Elevate network security with advanced detection of lateral movements that goes beyond EDR and logs.
Ransomware Demands a Layered Defense
Fighting ransomware with prevention alone isn’t enough. You need Network Detection and Response to contain successful attacks.

Related Products
NSX Network Detection and Response
AI-powered correlation of events across multiple detection engines
NSX Distributed IDS/IPS
Signature and behavior based detection of ransomware and other threats at every hop
Network Traffic Analysis
Detect anomalous activity and malicious behavior as it moves laterally across your network
NSX Intelligence
Distributed analytics engine for topology visualization & policy recommendations