VMware Service-Defined Firewall

Additional Info

CompanyVMware
Websitehttps://www.vmware.com/
Company size (employees)10,000 or more

Overview

VMware’s Service-defined Firewall is a distributed, scale-out internal firewall that protects all east-west traffic with security that’s intrinsic to the infrastructure, radically simplifying the security deployment model. It includes a distributed firewall, an intrusion detection and prevention system (IDS/IPS), and deep analytics. With the VMware Service-defined Firewall, security teams can protect their organizations from internal threats and minimize damage from cyberattacks that make it past the traditional network perimeter. Its key differentiating capabilities include:

• Distributed, granular enforcement: The Service-defined Firewall provides distributed and granular enforcement of security policies to deliver protection and control down to the workload level.
• Scalability and throughput: Because it’s distributed, the Service-defined Firewall is elastic, with the ability to autoscale as workloads spin up or down.
• Intra-application visibility: The Service-defined Firewall automatically determines the communication patterns between workloads and microservices, makes security policy recommendations based on those patterns, and checks that traffic flows conform to deployed policies.
• Declarative API: With the Service-defined Firewall, security teams can move at the speed of development to deliver a true public cloud experience on premises. The API-driven, object-based policy

With these capabilities, customers can deploy network segments rapidly to get the speed and flexibility needed to quickly create and reconfigure network segments, virtual security zones or partner domains by defining them entirely in software. The Service-defined Firewall also allows users to prevent lateral movement of attacks by extending east-west security with stateful Layer 7 firewalling, including AppID and UserID-based policies, as well as advanced threat protection. VMware’s solution also enables customers to meet regulatory requirements via its inspection of all traffic, which provides complete coverage to eliminate blind spots with a distributed IDS/IPS delivered in-software. Finally, customers can also easily create, enforce, and automatically manage granular micro-segmentation policies between applications, services and workloads across multi-cloud environments to achieve zero trust.

How we are different

• Enterprises need a better way to defend the growing number of dynamic workloads—and, correspondingly, the large volumes of east-west (internal) network traffic—against cyberattacks. Traditional, appliance-based security solutions are no longer adequate to protect today’s applications, and perimeter firewalls designed for north-south traffic are ineffective at delivering the control and performance needed for dynamic workloads. Bolted-on security solutions can’t deliver the scalability, agility and cost effectiveness needed by today’s security teams.
• As the only solution that makes security intrinsic to the infrastructure, the VMware Service-defined Firewall is delivers distributed, granular enforcement for securing east-west traffic while reducing operational cost and complexity. CISOs and their teams can use the VMware Service-Defined Firewall to mitigate risk, enable compliance, accelerate security operations, and simplify security architectures to move at the speed of development.
• VMware’s approach to firewalling has been independently verified. To validate the effectiveness of the VMware Service-defined Firewall, VMware teamed with Verodin, a leader in enabling organizations to measure, manage, and improve their cybersecurity effectiveness. VMware leveraged Verodin’s Security Instrumentation Platform (SIP) to validate that the VMware Service-Defined Firewall can effectively identify and stop threats whether they are known or unknown. While running the solution in both Detect and Prevent mode, the VMware Service-Defined Firewall detected or prevented 100 percent of the malicious attacks used in the Verodin test sequence.