Rapidly Respond to Ransomware and Advanced Threats
Increase SOC Efficiency
Enable network security and SOC teams to quickly triage advanced threat campaigns by automatically correlating and mapping threat activities to MITRE ATT&CK with relevant authoritative context.
Reduce False Positives — and Negatives
NSX NDR uses a combination of technologies including NTA, IDPS, Artifact Analysis, and both unsupervised machine and supervised machine learning to distinguish between malicious and benign activity.
NSX Distributed Firewall enables a completely tapless NDR architecture that eliminates network changes and complex traffic hairpinning architectures by distributing network sensor within the hypervisor.
Simplify Response Actions
Facilitate response actions across your security ecosystem for unified access control, threat forensics workflows, and automated response actions that block malicious traffic and quarantines compromised workloads.
Block Lateral Threat Movements
Detect and prevent threats entering or moving laterally within the network, ensuring complete protection — with no blind spots.
Stop Advanced Malware
Leverage the power of a full system emulation network sandbox that sees every malware interaction to detect ransomware, advanced and evasive threats.
Enable Multi-Cloud Security
Quickly deploy Network Detection and Response technology in any cloud for consistent threat visibility and detection across public and private clouds.
Improve SOC Forensics
Utilize a tight integration with NSX Network Security Analytics and Management for single pane of glass across firewall access policies, application and network maps, and MITRE ATT&CK-based threat correlation.
Frequently Asked Questions
VMware NSX Network Detection and Response™ NSX Network Detection and Response (NDR) is an AI-based threat correlation and forensics engine delivered both standalone and integrated tightly within NSX Firewall. It helps network security and SOC teams efficiently detect malicious activity and block lateral movement of sophisticated threats.
See the NSX Network Detection and Response Solution Overview for a table of recommended hardware specifications.
NSX Network Detection and Response ensures complete coverage of all network traffic without blind spots by ingesting a broad set of threat signals from distributed network sensors spanning an IDS/IPS, NTA and network sandbox. It automatically correlates these and third-party threat intelligence feeds into threat campaigns ordered as timelines mapped to MITRE ATT&CK for higher accuracy detection of malicious activity.
Use cases for NSX Network Detection and Response include:
- Ensuring complete protection by detecting and blocking lateral threat movements
- Stopping advanced malware with a full system emulation network sandbox
- Deployment of Network Detection and Response in Mulit-Clouds
- Improve SOC forensics with single pane of glass management
Key features of NSX Network Detection and Response include:
- Faster SOC triage with automatic MITRE ATT&CK mapping
- Radically streamlined deployments
- Broadest Set of Built-in Detectors
- Distributed Agentless Network Sensors
- Inspection of Encrypted Traffic and Artifacts