Home Security VMware NSX for vSphere 6.4 brings greater micro-segmentation and security

VMware NSX for vSphere 6.4 brings greater micro-segmentation and security

Cloud computing and platform virtualisation vendor VMware has announced VMware NSX for vSphere 6.4 is now generally available, bringing with it easier operations and context-sensitive application security.

Cyber security is a constant battle, but VMware is delivering on promises it made during VMworld 2017 to simplify the security burdens on enterprise.

iTWire attended VMware chief executive Pat Gelsinger’s keynote at the company’s annual event last year, where Gelsinger stated the tech industry had failed business, with too many security products across too many segments, with too much complexity to bridge it all together. “We need to restructure security. It has to be built-in and those many components have to go away and be native components with the infrastructure itself. It has to be intrinsically built-in,” Gelsinger said.

Gelsinger committed that VMware would transform cyber security, from “chasing bad” to “ensuring good” and this philosophy is being realised in VMware NSX for vSphere 6.4, among other products.

Specifically, VMware NSX 6.4 builds on micro-segmentation to now deliver context-aware micro-segmentation.

For clarity, micro-segmentation brings security policies traditionally only enforced at the perimeter down to the application. It has proven successful but also creates challenges – where does one begin? How do you manage it as applications change? How will security evolve as breaches are evolving?

VMware saw the virtualisation layer as the ideal place to implement this critical defence capability because NSX is close enough to the application to gain valuable context and enforce granular security, while at the same time being separate enough from the application to protect NSX from the attack surface in the event of malicious exploitation.

Beyond the architectural advantages of NSX, the product has been using attributes in the context of the application — like VM name, OS version, regulatory scope and more — to create policy. This approach enhances security, is more manageable, and can be automated, rather than basing policy on constructs like IP addresses which may change often. VMware NSX for vSphere 6.4 takes this to a higher level adding context-aware micro-segmentation, better securing applications using the full context of the application.

Highlights include:

  1. Network flex app detection and enforcement at layer 7 – while NSX tools like Endpoint Monitoring look within the application, NSX now performs deep packet inspection to identify the application within the network flow. This means micro-segmentation policies from the network view don’t have to infer the application, and NSX will start with a core set of over fifty common application signatures such as HTTP, SSH and DNS, and will grow over time.
  2. Virtual desktop and remote session security per user – securing virtual desktops is a popular starting point for micro-segmentation where no traffic should flow between virtual desktops. However, in many environments, multiple users run desktop sessions on a single host. NSX for vSphere 6.4 can implement security in these environments based on the user and what they should be able to access. This increases security for those environments and also opens the use case to a wider variety of environments such as Citrix and Microsoft’s remote desktop.
  3. Application Rule Manager – VMware is seeking to model the people and processes involved in NSX deployments and micro-segmentation, in addition to making policies more intuitive and application-driven. NSX for vSphere 6.4 brings with it tools to help users be successful in their deployment. Previously Application Rule Manager pushed policies directly into distributed firewalls, and now it includes smarts to suggest rules and suggest application security groups to help build a more cohesive and manageable micro-segmentation security across the data centre. VMware reports one customer found it took 1/3rd of the time to micro-segment their applications with this release of Application Rule Manager over the previous version.

In addition, VMware NSX for vSphere 6.4 delivers many ease of use enhancements, simplifying the GUI, bring dashboard and logging enhancements, and many other operational improvements.

Other functionality includes new routing features, JSON support for custom automation, multi-site enhancements, scale improvements, greater resiliency, health check monitors, and many other improvements.

Security threats continue to evolve, but increasing sophistication of security controls is only half the battle – the solutions must also be simple to deploy and manage in order to operate at scale. VMware says these two goals were major design factors in NSX for vSphere 6.4, and it is generally available now.

Full release notes are available online.

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

RECOVERING FROM RANSOMWARE

Ransomware is a type of malware that blocks access to your files and systems until you pay a ransom.

The first example of ransomware happened on September 5, 2013, when Cryptolocker was unleashed.

It quickly affected many systems with hackers requiring users to pay money for the decryption keys.

Find out how one company used backup and cloud storage software to protect their company’s PCs and recovered all of their systems after a ransomware strike.

DOWNLOAD THE REPORT!

David M Williams

David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. David subsequently worked as a UNIX Systems Manager, Asia-Pacific technical specialist for an international software company, Business Analyst, IT Manager, and other roles. David has been the Chief Information Officer for national public companies since 2007, delivering IT knowledge and business acumen, seeking to transform the industries within which he works. David is also involved in the user group community, the Australian Computer Society technical advisory boards, and education.

 

Popular News

 

Telecommunications