A highly effective way to limit the impact of security breaches and ransomware is to segment the network in order to prevent unauthorized lateral movement inside the data center and to/from it. Gaining visibility into the existing application connectivity is obviously a pre-requisite for defining network segments.
VMware recently introduced a new capability in NSX that complements its distributed firewall micro-segmentation capabilities to address this exact need for application connectivity visibility in NSX data centers – the Application Rule Manager, introduced in VMware NSX 6.3.
This new capability is very much aligned with AlgoSec’s business-driven security approach, so we sat down with our colleagues in VMware and designed an integrated solution to leverage both solutions’ capabilities.
The AlgoSec and VMware NSX solution provides application connectivity visualization, and extends it to the underlying network security infrastructure. This provides the network and security teams with business context for their firewall rules and policies, as well as for security risks and vulnerabilities. In addition, it extends NSX’s application segmentation capabilities to additional network security devices, in the data center and around it – physical or virtual, on-premises or in the cloud – automatically applying whitelist policies to a wide variety of security devices and platforms.
How does it work?
The NSX Application Rule Manager is used for automated application flow discovery. After collecting the raw flow information, you can edit, aggregate, use or create security groups, etc. to create a policy that reflects the application’s connectivity requirements. Then, AlgoSec further leverages this information, and ties it into the underlying network security infrastructure – automatically tagging every security policy rule on every existing security device, platform and technology, to note that it supports the specific business application. You can then easily search for all rules supporting a specific application.
AlgoSec also ties the business application context into detected security risks, vulnerabilities, and compliance gaps – so you can manage security tasks with the business impact in mind. This allows you to verify that the current application connectivity is compliant with organizational and regulatory requirements, and adjust it as needed.
VMware NSX Application Rule Manager discovery process reflects the current connectivity of an application. You can also use this whitelist policy to generate a firewall policy for tighter micro-segmentation – either on the NSX distributed firewall itself (can be done directly from the NSX Application Rule Manager), or on any 3rd party firewall (e.g. a new next-generation firewall with layer-7 filtering capabilities, inside the data center or on its perimeter). AlgoSec will automatically generate the actual policy (per vendor and platform), and then push it to the relevant network security devices – on-prem, on private or public clouds, and across multiple vendors in hybrid environments.
If you’re attending VMWorld in Las Vegas next week, don’t forget to stop by AlgoSec’s booth #124 where we will demonstrate how we help companies manage security across their VMware NSX datacenters. We look forward to seeing you at the show!
Receive notifications of new posts by email.