Virtual datacenter gave extreme agility and flexibility to the organization to support business growth. To gain most of the benefits, however, organizations require open communication and information access across Network Operation and Security Operations team. At the same time virtualization expanded the ability of criminals to spread malware and attack Applications.
Defining controls by applying communication policies on physical switches and firewalls are the responsibility of NetOps. In the virtual infrastructure, the SecOps team play a vital role. Today’s data centres have more than 90% east-west traffic, which bring those two teams (NetOps, SecOps) a new challenge. Effective communication is a must in a cross-collaboration to achieve proper micro-segmentation.
The AutoNSX Solution gives the ability to speed up micro-segmentation, cover back spots of security
share the visibility across domains by leveraging:
- Easy process of micro-segmentation provided by AutoNSX. No need for manual execution or scripting. AutoNSX automates policy creation and automation of micro-segmentation. Inline verification process while applying security
- Global defined security policies: The security architect defines segmentation conditions and rules that have to be present to every single application including needed or reject communication to the Internet. Network Security defines mutual exclusive rules in case of overlapping communication. An example of that is where a single server belongs to a Production and Non-production environment. This is a very typical use case where the developer uses the same server for production or semi-production activities. Those servers are very valuated by the hacker as they allow exposing production traffic to non-production servers and jump between security zones
- Fast recovery: In case of identifying potential gaps in security, implementing remediation with AutoNSX solution is a straightforward process.
- Vendor integration: The AutoNSX solution integrates via API to leading vendors in the field, like VMware, ServiceNow.
- Rules Verification: NetOps/SecOps can verify what is actually send to the firewall and what objects are created.
- Reuse of global defined security policies and templates and apply them to all segmented applications with a “single” click
- Role-Based Access (RBAC): every user has its own visibility on segmented applications.