Use Cases for Software-Driven Security
NSX makes network micro-segmentation feasible for the first time. It enables granular firewalling and security policy enforcement for every workload in the data center, independent of the network topology and complexity.
Most people are familiar with the concept of network segmentation; the act of splitting a network into smaller segments that can be secured individually. The concept of micro-segmentation takes this to a much more granular level; the individual workload. Micro-segmentation refers to the definition and enforcement of security policies on each individual workload in the environment. A micro-segmented network limits the connections a workload has to other workloads in order to promote a zero-trust architectural model. This limits the amount of east-west traffic (traffic between workloads) within the data center and therefore limits the avenues an attacker can take to explore the environment and sniff out information to steal.
NSX enables security and advanced services to be dynamically assigned to workloads independent of the underlying physical network. This dramatically improves time to response, overall security posture, and third-party integration.
Micro-segmentation allows NSX to give each desktop its own perimeter defense and per-App VPN access from mobile devices, eliminating unauthorized access between adjacent workloads.