NSX and the Kobayashi Maru: changing the conditions for better visibility, context and containment

The ultimate test for any of us involved in network security is to maintain our systems and data secure, making sure our valuable assets don't get corrupted or exfiltrated.  However, the current limitations imposed by physical network infrastructure have left large "blind spots" in our data centres, large areas of uninspected traffic leading to advent of threat analysis tools requiring logging more data from more sources in order to provide visibility and context.

In this blog post I explain why NSX network virtualization provides unique properties that can be leveraged to change some fundamental building blocs in the design of our security architecture.  These changes are so profound that they almost appear as if we were cheating...  to our advantage.

Some of the initial ideas behind this post were seeded by John Kindervag during a tour we did together last Spring

Check it out and let me know if you think this has value or if I should change drug ;)    

BTW if this post resonates with you and if you are at VMworld 2016 US, make sure you attend Dennis Moreau's group discussion Tuesday afternoon "NET10710-GD closing the security loop: analytics, response and attestation in virtualized datacenters" which will cover simillar points, and you get to benefit from Dr Moreau's expertize !

Cheers   

https://blogs.vmware.com/networkvirtualization/2016/08/nsx-securing-anywhere-part-v.html#.V7rr22SF7UI