NSX Cloud uses public cloud security groups in conjunction with the Quarantine Policy set in CSM for threat detection.

For example, if a person with malicious intent forcibly stops the NSX agent on a managed VM, the compromised VM will be quarantined in the public cloud.