Complete Lateral Security for Zero Trust

Threat actors moving throughout your infrastructure and increasingly sophisticated ransomware attacks make east-west the new battleground. Get the advantage with a software-defined Layer 7 firewall that delivers granular enforcement at scale to secure east-west traffic across today’s multi-cloud world. Easily segment the network, stop the lateral spread of threats, and securely move at the speed of development on your path to Zero Trust.

Deep Visibility and Granular Control

Gain visibility across all network flows to easily achieve granular micro-segmentation and generate context-aware policies for each workload.

Lateral Threat Detection and Prevention

Reduce the attack surface and defend against known and unknown threats moving within and across clouds with a modern, distributed firewall solution that is purpose-built to secure multi-cloud traffic across virtualized workloads.

Application Agility with Security

Unlock business agility by ensuring that workloads maintain their security policies throughout their lifecycle, regardless of where the workload lives or moves. Write policy once and automatically enforce everywhere.

Key Capabilities

Distributed Architecture

Get complete network security coverage across all flows with a stateful layer 7 firewall built-into the hypervisor and distributed at every workload.

No Network Changes

Radically simplify firewall deployment and operations without changing your network — no traffic hair-pinning required.

Elastic Throughput

Automatically scale with your workloads for massive traffic inspection capacity, eliminating the throughput constraints typical of appliance-based firewalls.

Superior Workload Context

Enjoy in-depth workload and network context from a unique position in the hypervisor. Achieve superior threat detection and faster forensics while remaining isolated from the attack surface.

Scalable Traffic-Flow Analysis

Get visualization, analysis and monitoring of all traffic flows for complex modern apps and large networks to enable micro-segmentation at scale.

Advanced Threat Prevention

Leverage signature and behavior-based detection engines to quickly identify and block known threats and new, evolving threats that have never been seen before.

VMware Explore Is on the Horizon

Set your sights higher. 4 days. Hundreds of sessions. Endless ideas.

Address Critical Security Use Cases

Get Real-Time Visibility and Analytics at Scale

Get real-time visibility into applications and their security posture when you visualize workloads and traffic flows with contextual application topology maps. Quickly identify security gaps and get granular policy recommendations for segmentation.

Rapidly Deploy Network Segments

Easily create network segments by defining them entirely in software and avoid the need to re-architect your network or deploy discrete appliances.

Operationalize Zero Trust with Micro-Segmentation

Micro-segment all applications to achieve zero trust. Reduce the attack surface and isolate applications with granular segmentation policies that enable user- and application-specific access controls and mitigate lateral movement.

Ubiquitous Virtual Patching

Monitor traffic flows at every host and identify malicious traffic on a per hop basis with IDS/IPS. Then, apply virtual patching so that unpatched servers inside the data center are not exploited.

Rapidly Respond to Ransomware and Advanced Threats

Combine multiple detection engines including IDS/IPS, NTA, and Network Sandboxing to quickly identify and block threats from moving laterally across your network, even across encrypted traffic. Correlate security events across all detection engines with network detection and response (NDR) to help you prioritize and rapidly respond to threats.

Application Visualization

Get Real-Time Visibility and Analytics at Scale

Get real-time visibility into applications and their security posture when you visualize workloads and traffic flows with contextual application topology maps. Quickly identify security gaps and get granular policy recommendations for segmentation.

Network Segmentation

Rapidly Deploy Network Segments

Easily create network segments by defining them entirely in software and avoid the need to re-architect your network or deploy discrete appliances.

Zero Trust

Operationalize Zero Trust with Micro-Segmentation

Micro-segment all applications to achieve zero trust. Reduce the attack surface and isolate applications with granular segmentation policies that enable user- and application-specific access controls and mitigate lateral movement.

Virtual Patching

Ubiquitous Virtual Patching

Monitor traffic flows at every host and identify malicious traffic on a per hop basis with IDS/IPS. Then, apply virtual patching so that unpatched servers inside the data center are not exploited.

Block Advanced Threats

Rapidly Respond to Ransomware and Advanced Threats

Combine multiple detection engines including IDS/IPS, NTA, and Network Sandboxing to quickly identify and block threats from moving laterally across your network, even across encrypted traffic. Correlate security events across all detection engines with network detection and response (NDR) to help you prioritize and rapidly respond to threats.

Learn, Evaluate, Implement

Resources

Explore technical documentation, reports, trial, communities and more.

VMware Security Blogs

Read up on the latest network security topics.

Partners

Use Partner Locator to quickly find a VMware partner near you.

FAQ

View common question and answers about NSX.

NSX Security Tech Zone

Get the latest technical resources on the VMware NSX Security portfolio.

Ready to Get Started?