During VMware Explore 2023 in Las Vegas, VMware presented their newly minted NSX+ platform as part of Tech Field Day Extra. NSX+ is a new SaaS-based solution made up of several products that can be consumed individually and which are all generally available:
NSX+ Policy Management
NSX+ Advanced Load Balancer (ALB)
NSX+ Network Detection and Response (NDR)
NSX+ Intelligence
In this blog we will dive deeper into the NSX+ Intelligence solution and how it enables administrators to manage and secure their networking environments via smarter automation, deeper analysis, and true AI/ML driven policies.
As always, I strongly suggest you tune into the full replay of the VMware presentation and DEMO of NSX+ Intelligence available below:
TechFieldDay Extra: Simplify the Journey to Micro Segmentation and Zero-Trust with VMware NSX+
Introducing NSX+ Intelligence
It just makes sense.
With VMware already virtualizing the networking layers and technically capable of monitoring or “seeing” all the traffic traversing its environment, adding in functionality to provide security, deeper visibility, and threat detection into that mix was the next logical step.
This is where NSX+ Intelligence and NSX+ Network Detection & Response (NDR – which we’ll talk about in a later blog) really “made sense” to me. VMware was already doing a lot of the work but adding these extra bits on top bring significant value to customers – especially given the focus on data security.
Learning the network: Deep analysis and classification
While many focus on perimeter security at the edge, the NSX+ Intelligence solution monitors across the entire network. By tracking data flows and user processes in real-time (and historically) the NSX+ Intelligence can provide granular visibility not otherwise available including visualization of the following:
What are the various systems and services that function together as part of an application on the network. This can be spread across many different VMs, data centers, and even clouds.
Which of these applications are communicating with each other on the network? What are the interdependencies and lines of communication that need to exist?
Are all these normal communications? Do these channels need to be open in both directions? Are any of these anomalous or potential threats?
The legacy concept that an application is entirely housed within a single system or VM rarely exists in today’s hybrid multi-cloud data landscape. Being able to SEE what your application looks like, how it is communicating and with whom enables you not only to better secure all the data flows but implement intelligent and automated policies across your environment. The concept of grouping resources together is not new - I recall a loosely similar capability from EMC vis-à-vis the creation of Consistency Groups. However, these methodologies were all done manually.
NSX+ Intelligence leverages deep context on network and workload data to automate this process as it learns the environment, builds the application and entity inventory, identifies data flows, and provides a visual map of the environment and applications therein. Using AI/ML, the generated map will also provide recommendations on the ideal network segmentations, rules, services, and firewall configurations to implement in order to optimize overall network security. The automated policy recommendations can be easily reviewed (they are identified separately from any manually created policies) and then implemented at the convenience of the administrator. It's done by literally clicking the "magic wand" button in the NSX+ Intelligence dashboard.
You can preview the recommendations prior to implementation, and the resulting visualization is clean and easy to interpret what rules and flows have been put in place by the solution. With various levels of granularity, you can click down several levels to really get detailed information regarding your network traffic and entities talking in the environment.
"It's hard to protect what you can't see or understand." - Ray Budvari, Sr. Staff Technical Product Manager, VMware
No washing here, the AI/ML used by NSX+ Intelligence is legit.
The usage of AI and ML inside the NSX+ Intelligence platform is not limited to building out network security rules and policies, but the technology is also applied to Network Traffic Analysis for threat detection. By way of its inherent monitoring of all network context and flow, NSX+ Intelligence layers on both unsupervised and supervised ML models which are aligned to the MITRE attack framework to accurately detect threats in real-time. This accuracy (lower false positives) stems from the fact that the Intelligence platform has the actual context of the network data – it knows what the data is as thanks to the deep packet inspection used to discover and classify the flows. The types of threats that can be discovered aren’t limited to your typical malware, but can detect lateral movement, Live-off-the-land attacks, and many other malicious activities.
With many vendors shifting services to SaaS and the cloud, it is important to note that while NSX+ Intelligence is a SaaS-based service, the security policies and management run locally (on-premises). This is a critical element to point out as it means that the security features will continue to be enforced and analytics/detection will not be affected if communication with the cloud is interrupted or otherwise cut off.
Wrapping up
The NSX+ Intelligence platform just makes sense – VMware has the ability to not only see the network data moving across its virtual plane but uses its AI/ML models to classify and protect that data from threats. This is VMware elevating their value to security conscious customers by providing some very elegant and automated tools for administrators to easily implement policies into their environments.
When the threats to your data continue to become more intelligent, you need to make sure your defenses are also getting smarter, and NSX+ looks like a solid option to strengthen you security posture.
You can catch up with replays of all of the VMware presentations from TFDx via Tech Field Day:
Written by Matt Tyrer. These posts reflect my own opinion and are not necessarily the opinion of my employer.