VMware spotlights key NSX security tool for deploying security software and services

San Francisco -- VMware's NSX network virtualization platform, expected out by year end, will have a key security tool for deploying security software and services to VMware-based virtual machines.

NSX Service Composer, demoed it this week at VMworld, is a tool that will let administrators with responsibilities for VMware-based networks based on NSX set up a centralized way to deploy anti-malware, vulnerability management, firewall, data-loss prevention and intrusion detection and prevention (IDS/IPS) from third-party vendors. These vendors have to support specific NSX APIs, and be officially accepted into the VMware ecosphere. The security vendors active in NSX that were mentioned by VMware in its demo of NSX Service Composer at VMworld here this week include Rapid7, McAfee, Symantec, Trend Micro, and Palo Alto Networks. But several more are at work to support NSX, including Fortinet and Check Point.

[RELATED:Will VMware's big gamble on network virtualization pay off?

MORE:Hot products from VMworld 2013]

"NSX Service Composer is a way to streamline deployment of third-party security solutions," said Azeem Feroz, VMware's senior manager in networking and security in his demo of it with Sachin Vaidya, VMware security architect.

VMware said the basic idea is to first "register" each security vendor's NSX-supporting product with NSX Service Composer in what is supposed to be a simple process that basically makes NSX Service Composer the central authorization point for decisions about what kind of security protection, such as anti-malware or IPS, will be applied to each NSX-based VM workload or cluster.

According to Feroz, this centralization of security software and services will also allow the administrator to automate how each will be provisioned. The VMware demonstration sought to show how Symantec antimalware would be deployed on just one virtual machine or many according to specific security policies.

During the demo, Vaidya said the NSX Service Composer is intended to be a tool for "orchestration" of security because it lets multiple security products be provisioned via a central management component rather than having to turn to do this through multiple vendor consoles.

NSX Security Composer can establish servers, VMs, data centers, the network and other assets as "security groups" that are supposed to receive certain security protections, including firewall rules. It will monitor "security posture" so if a malware outbreak is reported, for example, there's a way to move infected resources into a quarantine mode automatically. NSX Service Composer is expected to even allow user identity to be a security profile that might require specific security to be in place if the user logs into some resource controlled under NSX.

VMware has ambitious plans to eventually be able to "orchestrate" certain actions be taken on behalf of security between these NSX-supporting third-party security products through a system of "security tags."

For VMware customers that already use the security known as vShield in current VMware's products, it's expected that NSX  Service Composer will be able to accept and apply that rules base.

There may be some drawbacks to NSX Service Composer, at least in the beginning.  Feroz and Vaidya indicated that NSX Service Composer at this point cannot do certain things, such as schedule anti-malware scans, though that's possible in the future. Although the NSX API is open, VMware customers may find some of their security vendors are not in the NSX program. And centralizing security provisioning by tying multiple security vendors consoles and functions into NSX Service Composer raises new questions about how to keep track of monitoring console uptime or other troubleshooting issues. But VMware intends to have a kind of "alarm system" to provide details about these sorts of problems and ways to remedy them.

In addition, NSX service Composer as yet has no way to share critical security information with the type of product known as security information and event management (SIEM)  which centralize and correlate security events.  "There is a plan, but we don't have it yet," acknowledged Vaidya.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: emessmer@nww.com

Read more about data center in Network World's Data Center section.

Join the CSO newsletter!

Error: Please check your email address.

Tags Configuration / maintenanceFortinettrend microsecurityRapid7hardware systemsData CenterVMwarevirtualizationmcafeesymantec

More about Check Point Software TechnologiesFortinetIDGIPSMcAfee AustraliaPalo Alto NetworksRapid7SymantecTrend Micro AustraliaVMware Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts