As just released at VMworld Barcelona, VMware is taking security really serious! Not stopping at full Mirco-Segmentation and service redirection but completely integrating IDS/IPS deep packet inspection in a really smart and intrinsic way. Here is what it does and why this is a true game changer in the security world:
Starting with IDS (Intrusion Detection System) in the next major release of NSX VMware is already integrating Carbon-Black in its NSX portfolio. Next stage/release the NSX fabric will be able to detect and (automatically) protect using IPS (Intrusion Protection System) technology, which is truly amazing if you ask me! No more hair-pinning through expensive power hungry hardware appliances and back-holing traffic to you’re on premise data-center for traffic inspection! IPS anywhere, at the most effective and efficient place you could wish for (a.k.a. intrinsic)!
The approach is the same as the VMware Distributed Firewall (DFW), central management resides on the NSX Management cluster. This also is the place where the detection signatures are centrally downloaded and managed. By creating rules and integrating these with the DFW rules, we only need the signatures for the traffic type which is allowed by the firewall rules. Why push and match signatures which will never be used/hit, right?! This in turn keeps the overhead and performance impact low for the individual hypervisors. The detection signatures will move along with the VM when vMotioned just as the DFW rules do.
Another great feature is the integration with NSX Intelligence which will tell you in detail what workloads are protected, in danger or under attack. This explanes the beefie sized analytics engine, which can also simulate and push new application rules to the NSX fabric.