3 Replies Latest reply on Dec 1, 2017 4:10 AM by shivkumar4

    VMWare virtual IDS/IPS appliance on network overlays

    Sateesh_vCloud Hot Shot

      My Customer requirement is to deploy "VMWare virtual IDS/IPS appliance on network overlays"


      Do we have such feature in NSX?


      vCNS is also having such features?

        • 1. Re: VMWare virtual IDS/IPS appliance on network overlays
          thakala Expert

          NSX itself does not provide IDS or IPS functionality, but it provides API for 3rd party tools to provide these features on virtual networks. At least Palo Alto Networks and Intel Security have NSX compatible virtual firewall appliances which provide IPS and IDS functionality. For IDS only NSX supports Netflow and IPFix for exporting flow data which allows use of any Netflow or IPFix capable IDS like Lancope StealthWatch.

          1 person found this helpful
          • 2. Re: VMWare virtual IDS/IPS appliance on network overlays
            jakewilson Lurker

            Since NetFlow and IPFIX (Standard) are supported by many vendors, you can also use the IDS capabilities provided by Scrutinizer from Plixer.  It also scales to meet the demands of larger networks.

            • 3. Re: VMWare virtual IDS/IPS appliance on network overlays
              shivkumar4 Lurker

              For support  VMware NSX and Open Stack allows organizations to unify security across physical and virtual networks. It Protects workloads in Amazon Web Services (AWS) through highly-efficient virtual deployment.

              If administrators want to set up a VM by pointing and clicking, why can’t they turn up a firewall or IDS/IPS in the same way, This is what NFV enables.

              NFV also reduces the need to abundance: rather than buying big firewall or IDS/IPS boxes that can handle a whole network,

              A host-based IDS may still function properly on virtual machines, but will now consume resources drawn from a shared pool, making putting in of a security agent less desirable.

              There are three major activity related to IDS/IPS appliance on network.

              1. Software Defined Networking
              2. Network Virtualization
              3. Network Functions Virtualization


              Recently, IDS/IPS technologies have been written off by many as obsolete, ineffective and of no use today. The truth lies somewhere in between these two edges. Realistically, IDS/IPS technologies are one very important component of a broad attack and susceptibility detection system, working alongside many other types of venture security controls.

              1 person found this helpful