IDS and IPS in NSX-T
IDS and IPS in NSX-T
IDS/IPS
IDS stands for Intrusion Detection System and IPS stands for Intrusion Prevention System. It is what is says on the tin, it protects your environment from an attack. IDS is a system that monitors the traffic in case of an attack and In the event of this IPS will block the network traffic. In the newest release of NSX-T which was 3.0 this came with IDS with IPS following shortly. IDS works with NSX as a hypervisor based and it doesn’t need an agent as it communicates via VMware Tools. For this approach the NSX manager will need to have access to the internet however there is an offline version if needed.
The Benefits
- No bottlenecks as Scale inspection capacity is built in
- simpler network designs and less network congestion
- Less dedicated appliances are needed as there is better utilisation of comput capacity
- Better threat detection
- Amazing Intrinsic Security
Use Cases
Listed below are some of the main use cases of IDS and IPS
- Easily Achieve Regulatory Compliance – Simply turn-on traffic inspection with a software-driven deployment model without needing to buy expensive appliances.
- Virtualize Security Zones – Create and customize multiple virtual security zones for internal teams and partners without requiring physical separation of network.
- Replace Discrete Appliances – Leverage NSX’s native IDS/IPS capabilities to replace traditional IDS/IPS appliances including standalone, firewall-based, or virtual host-based.
- Detect Lateral Threat Movement – Granularly inspect east-west network traffic at every workload to effectively detect both known and unknown threats.