A Micro-audit of NSX-T Micro-segmentation for Microservices, Containers, and Virtual Machines
In this benchmark third-party audit and security firm Coalfire performed testing of the effectiveness of NSX-T micro-segmentation for securing both virtual machines (VMs) and “containers” orchestrated by Kubernetes (K8s) on supported hypervisors. While PCI DSS does not specifically address the use of containerization in cardholder data environments (CDE), the alignment of requirements and recommendations focuses specifically on capabilities of NSX-T to provide network segmentation for isolation of CDE for the protection of cardholder data (CHD), per PCI DSS recommendations and best practices for assessment scope reduction. Coalfire also evaluated the applicability of the NSX-T Distributed Firewall (DFW) for segmentation between PCI DSS CDE and non-CDE environments for virtual machines. See the full details and results of the benchmark in the attached report.