NSX+ Network Detection and Response

What is NSX+ Network Detection and Response?

NSX+ Network Detection and Response (NDR) provides a scalable threat detection and response solution for workloads deployed in private or public clouds. The NSX+ NDR correlation engine analyzes Intrusion Detection/Prevention System (IDS/IPS) events based on threat campaigns, which helps in preventing alert overload and simplifies your security operations monitoring processes. This service provides simplified threat triage, scoping, and threat hunting aligned to the MITRE ATT&CK framework. 

image-20230816114258-1

NSX+ NDR delivers network detection and response capabilities as Software-as-a-Service (SaaS). Security teams will realize the following benefits of this deployment model: 

  • Easier operationalization 
    • Easily operationalize network detection and response as there are fewer components for a security team to install and manage. Also, scaling is simpler as resources for network detection and response are obtained and managed by VMware personnel. Finally, the NSX+ console is highly available without additional effort from the security team. 
  • Multi-Cloud scope
    • Easily protect multi-cloud deployments as the NSX+ console supports private and public cloud out-of-the-box without additional components. 

What are the capabilities of NSX+ NDR?

NSX+ Network Detection and response consists of three complementary engines: 

  1. Aggregation Engine - the aggregation engine collects signals from the available detection technologies - IDS/IPS, Network Sandboxing, and NTA. Then, the engine combines the signals to reach a verdict (malicious or benign) for each network activity. 
  2. Correlation Engine - the correlation engine combines multiple related malicious activities into an easy-to-digest "intrusion campaign" view. 
  3. Context Engine - the context engine collects data from multiple sources (including sources outside NSX) to add helpful context to the information provided to security analysts. For example, this engine provides information on who registered a particular domain and which accounts were accessed by a specific user. 

At NSX+ initial availability, network detection and response with NSX+ will only ingest signals from IDS/IPS. 

 

 

 

Filter Tags

Security Document Overview