Advanced Security For The SDDC That’s Really Advanced

Data center virtualization has come a long way – from concept to a reality in a few short years. The latest evolution, virtualizing the network, lets data center operators treat the underlying infrastructure as a pool of resources – compute, storage and network capacity – that can be called upon to dynamically bring up new applications and services or expand existing ones.

Essentially, network virtualization transforms the data center from a hardware-focused to application-focused environment, enabling businesses to be more efficient and agile. As an added bonus, VMware NSX – the network virtualization pillar of the Software-Defined Data Center (SDDC) – delivers inherently better data center security.

NSX is a complete solution with native security capabilities including isolation, segmentation and automated security operations, making the concept of micro-segmentation within the data center operationally feasible for the first time.

The NSX network virtualization platform includes native firewalling as the segmentation base for the SDDC. In addition, NSX provides the foundation for automated deployment, orchestration and scale-up of additional security services like Check Point vSEC. This means that vSEC advanced security can be deployed just like any native NSX service.

security lock

Check Point vSEC for VMware NSX provides multi-layered protection for east-west data center traffic. NSX enables vSEC advanced security protections to be seamlessly inserted and enforced at the hypervisor level and between virtual machines. As network VMs are created, moved or deleted by NSX, vSEC advanced security is dynamically delivered for transparent threat prevention throughout the SDDC.

While competing solutions leverage the same point of integration with NSX, only Check Point and VMware go the extra mile by partnering together to deliver an advanced security architecture for SDDCs that really is advanced.

The combination of Check Point vSEC and VMware NSX is differentiated in several key areas:

  • Since vSEC leverages the same layered protections of our Software Blade architecture, advanced security features can be easily tailored to suit any environment. Essential security features like IPS, AntiVirus, Anti-Bot and other threat defenses are fully integrated to proactively stop malware and zero-day attacks. Features can be easily added to accommodate future needs without requiring additional changes to the security infrastructure.

cp vsec

  • The level of orchestration between vSEC and NSX extends beyond deployment to deliver context-aware threat protection. Infected VMs tagged by vSEC are quarantined and shared with NSX, allowing fully auto-remediation workflows to be triggered, even with other 3rd party security services, something other competing solutions just aren’t equipped to handle.
  • The Check Point vSEC integration with NSX also delivers enhanced visibility through the sharing of context. Most security solutions don’t have a good mechanism for learning about the virtual environment – segment names, VM tags, VM groups or other virtual objects. It’s hard to protect what you don’t know.
    Our single click integration to vCenter and NSX manager delivers trusted automation with limited scope – inherently providing better security. This tight integration allows vSEC to automatically fetch vCenter and NSX objects for use in Check Point security policies, provides automatic tagging and isolation of threats without the need for a 3rd party solution or complex customization efforts, and allows for VM objects to be displayed in Check Point security logs.
    This provides comprehensive visibility across both the physical and virtual environments. What’s more, Check Point’s unified management of virtual and physical gateways simplifies security management and control across the data center.
  • Finally, only Check Point can enhance native NSX micro-segmentation with security sub-policies. This unique capability enables delegation of actions finely tuned to advanced threats. This means more control and more effective real-time security even in the most highly automated environments.

    cp nsx

Customer can truly realize the full potential of the SDDC while enjoying maximum protection against threats with VMware NSX and Check Point vSEC. Interested in learning more? Register for a free NSX virtual event on November 18 and hear firsthand how vSEC delivers truly advanced security for VMware NSX.