NSX IDS/IPS provides the capability to manage threats related to custom applications and zero-day vulnerabilities.

Before NSX 4.2.1, security administrators could only use and manage system signatures supplied by NSX through various sources, including NSX Threat Intelligence and Cloud Service (NTICS). NTICS provided threat feeds and intelligence for on-premises deployments, delivering crucial data consumed by the Intrusion Detection and Prevention System (IDS/IPS) among other security features.

Starting with NSX 4.2.1, administrators now have the ability to add custom signatures to the IDS/IPS engine on the NSX Edge Gateway and NSX Distributed Firewall, enhancing the analysis of malicious traffic. This capability is essential for managing threats related to custom applications and zero-day vulnerabilities. For example, custom signature sources, such as those provided by cybersecurity advisories like CISA’s AA22-138A, offer signatures for prevalent cyber-attacks identified by cybersecurity experts and agencies. The Suricata client is used to analyze network and threat detection on hosts, integrating these custom signatures to enhance security measures.