Boost Network Security by Shrinking Attack Surface


VMware’s Network Security Solution - Service-defined Firewall is designed specifically to mitigate threats inside a data center or cloud network. The Service-defined Firewall establishes a verified understanding of known good application behavior and generates adaptive security policies to shrink the application attack surface consistently, across on-premises and multi-cloud environments.

See the Service-defined Firewall in Action

Check out this demo of Service-defined Firewall mitigating an attack.

Watch the demo

Service-defined Firewall Effectiveness Validation Report by Verodin

Curious about the attacks the Service-defined Firewall can mitigate? Read this report on the attack vectors we tested the Service-defined Firewall against.

Read the Report

Service-defined Firewall Key Differentiators 

Intrinsic Application Visibility & Control

Service-defined Firewall leverages its position in the hypervisor for full stack visibility and control of applications and the services that comprise them. This allows for the ability to generate and enforce security policies at the network and process-level of applications, without the need for additional agents on the workload.

Application Verification Engine

Application Verification Cloud combines artificial intelligence with human intelligence and applies both to the problem of building and verifying a model of “known good” application behavior. Armed with a verified model of known good application behavior, the Service-defined Firewall easily defines policies to ensure that run-time behavior doesn’t deviate.

Delivered in Software for Consistent Enforcement

Because the Service-defined Firewall is delivered in software, it can run everywhere applications run, ensuring consistent enforcement of security policies across VMs, containers, or bare metal servers, whether they are hosted on-premises or in the public cloud.

Secure Your Network with the Right Tool 

You wouldn’t use a screwdriver to dig a hole in the ground, so why use a perimeter firewall to secure the inside of your network? Shrinking the attack surface inside the network perimeter is complicated and requires a specialized tool. VMware’s Service-defined Firewall is exactly that, a purpose-built solution for protecting your applications against lateral movement and other attack vectors unique to the inside of your environment.

  • Deep application visibility goes well beyond simple Layer 7 packet inspection to deliver the context needed for intelligent control
  • Full stack control points built into the virtualization layer enable policy enforcement at the process- and network-level of applications
  • A distributed architecture delivered in software ensures that policies are enforced consistently across your environment

Network Security Products 

VMware NSX Data Center

The network virtualization software platform for the Software-Defined Data Center (SDDC), delivering networking and security entirely in software, abstracted from the underlying physical infrastructure.

VMware AppDefense

An application security product designed to discover, verify, and enforce an application’s intended state and behavior to shrink its attack surface.