The Deploying and Managing VMware NSX Application Platform using Automation Appliance document describes how to automate deployment, configure, and manage VMware NSX® Application Platform.

Depending on your license, you can access the following security service capabilities after a successful installation.

VMware NSX® Intelligence™

The NSX Intelligence service provides a distributed network analytics engine for managing the security posture of your NSX data center environment.
  • A detailed graphical visualization of every workload in your NSX data center and all the traffic flows that occurred with those workloads during the specified period. The visualization includes a complete inventory and meta-data of every workload and the continuous layer 7 analysis of every flow. This feature helps eliminate security blind spots and accelerates security incident remediation.
  • The ability to generate firewall recommendations for security policies, policy security groups, and application services. The recommendations assist you with implementing firewall micro-segmentation at the application level. Implementing the recommendations can enforce a more dynamic security policy by correlating traffic patterns of communication between the VMs, physical servers, and IP addresses in your NSX data center environment.

For more information, see the Activating and Upgrading VMware NSX Intelligence documentation.

VMware NSX® Network Detection and Response™

NSX Network Detection and Response service provides a scalable threat detection and response solution for workloads. The NSX Network Detection and Response correlation engine analyzes Intrusion Detection/Prevention System (IDS/IPS) events based on threat campaigns, which helps prevent alert overload and simplifies your security operations monitoring processes. This service provides simplified threat triage, scoping, and threat hunting aligned to the MITRE ATT&CK® Framework.

With NSX Network Detection and Response, you can strengthen your network security posture, enhance threat detection capabilities, and respond more effectively to potential security incidents, ultimately reducing the risk of data breaches and unauthorized access to sensitive information.

For more details, see the VMware NSX Network Detection and Response documentation.

VMware NSX® Malware Prevention

NSX Malware Prevention extracts files from the east-west traffic and north-south traffic and analyzes these files for malicious behavior.

NSX Malware Prevention can detect and prevent known and unknown malicious files. Unknown malicious files are also referred to as zero-day threats. To detect malware, NSX Malware Prevention uses a combination of the following techniques:
  • Hash-based detection of known malicious files
  • Local analysis of unknown files
  • Cloud analysis of unknown files

For information more details, see the VMware NSX Malware Prevention documentation.

VMware NSX® Metrics

NSX Metrics collects data to monitor key statistics across the entities in your NSX and NSX Application Platform environments.

By default, the data collection feature is available after a successful deployment and cannot be turned off.

For more details, see the NSX Application PlatformMetrics API.

Intended Audience

This information is intended for enterprise system administrators who must deploy or manage the NSX Application Platform Automation Appliance and activate the NSX applications hosted on the platform. Familiarity with the administration of VMware NSX®, VMware vCenter Server®, and vSphere with Tanzu is assumed.