This week were headed for VMworld 2014 in San Fransisco and we're excited to be talking about how Rapid7 is partnering with industry leaders like Symantec, Palo Alto Networks, and of course VMware to build out the VMware NSX security ecosystem. Together we've created an integrated system that collaborates together leveraging the NSX platform to automate risk identification and mitigation for VMware customers.
Why does this matter to security professionals?
Well, in order to protect against todays threats and evolving landscape, security teams are constantly challenged to deploy best practices as isolation and network segmentation. Including any micro-segmentation by application or asset level. This process can be difficult and costly to manage effectively. With VMware NSX (the network virtualization component of the software-defined data center (SDDC)) teams can more easily adopt these practices.
Let's go through an example scenario on how you can automate isolation and micro-segmentation.
An Application Admin makes a change like applying a patch to their web services in the SDDC. Unknown to the admin the patch he just applied was old and contained an easily exploitable vulnerability that could compromise PII data.
Symantec Data Security Center in real-time detects the change and runs the asset through their security policy rules. In this scenario, a rule determines that a vulnerability assessment needs to be run immediately and notifies Rapid7 Nexpose.
Then Nexpose performs a vulnerability scan directly through the hyper visor, increasing visibility and performance. Nexpose finds this critical vulnerability caused by this patch notifies Symantec Data Security Center.
This is all happening based on the policies and automated workflows.
It keeps going. Palo Alto Networks recommends the machine be quarantined because of sensitive data in this application. The Security admin agrees with that recommendation, so Palo Alto restricts access to the machine and NSX quarantines it. Done. The virtual machine is safely quarantined until further actions are taken to make it secure.
This complete workflow is orchestrated through our Symantec, Palo Alto Networks, and VMware partnerships. It just scratches the service of other automated workflows that are possible. For more information on each solution check of the video or even better join us all at VMworld 2014 this week.