Boost Network Security by Shrinking Attack Surface

VMware Service-defined Firewall is a network security solution designed specifically to mitigate threats inside a data center or cloud network. This new approach to firewalling establishes a verified understanding of known good application behavior and generates adaptive security policies to shrink the application attack surface consistently, across on-premises and multi-cloud environments.

(18:53)

See the Service-defined Firewall in Action

Check out this demo of Service-defined Firewall mitigating an attack.

Service-defined Firewall Solution Overview

Shrink application attack surface and prevent the lateral movement of threats within the network perimeter.

Read the Solution Overview

Service-defined Firewall Effectiveness Validation Report by Verodin

Curious about the attacks the Service-defined Firewall can mitigate? Read this report on the attack vectors we tested it against.

Read the Report

Service-defined Firewall Key Differentiators 

Intrinsic Application Visibility & Control

Service-defined Firewall leverages its position in the hypervisor for full stack visibility and control of applications and the services that comprise them. This allows for the ability to generate and enforce security policies at the network and process-level of applications, without the need for additional agents on the workload.

Application Verification Cloud

Application Verification Cloud combines artificial intelligence with human intelligence and applies both to the problem of building and verifying a model of “known good” application behavior. Armed with a verified model of known good application behavior, the Service-defined Firewall easily defines policies to ensure that run-time behavior doesn’t deviate.

Delivered in Software for Consistent Enforcement

Because the Service-defined Firewall is delivered in software, it can run everywhere applications run, ensuring consistent enforcement of security policies across VMs, containers, or bare metal servers, whether they are hosted on-premises or in the public cloud.

Secure Your Network with the Right Tool 


You wouldn’t use a screwdriver to dig a hole in the ground, so why use a perimeter firewall to secure the inside of your network? Shrinking the attack surface inside the network perimeter is complicated and requires a specialized tool. VMware Service-defined Firewall is exactly that, a purpose-built solution for protecting your applications against lateral movement and other attack vectors unique to the inside of your environment.

  • Deep application visibility goes well beyond simple Layer 7 packet inspection to deliver the context needed for intelligent control
  • Full stack control points built into the virtualization layer enable policy enforcement at the process- and network-level of applications
  • A distributed architecture delivered in software ensures that policies are enforced consistently across your environment

Network Security Products 

VMware NSX Data Center

The network virtualization software platform for the Software-Defined Data Center (SDDC), delivering networking and security entirely in software, abstracted from the underlying physical infrastructure.

VMware AppDefense

An application security product designed to discover, verify, and enforce an application’s intended state and behavior to shrink its attack surface.