NSX improves the security of today's modern workloads by preventing lateral movement, which feature of NSX can be used to achieve this?
NSX improves the security of today's modern workloads by preventing lateral movement, which feature of NSX can be used to achieve this?
NSX improves the security of today's modern workloads by preventing lateral movement through network segmentation. This feature involves dividing a network into smaller, isolated segments to enforce security policies and thereby limiting the spread of threats within the network.
Network Segmentation is not a "feature" of NSX. DFW would be the feature you'd be using to implement microseg. Virtual Security Zones are a "feature" of NSX IDS/IPS so must be the correct response
Reference: https://www.techtarget.com/searchsecurity/answer/Use-microsegmentation-to-mitigate-lateral-attacks
Selected Answer: B Without NSX, all application network traffic must traverse a physical firewall to be segmented, even when residing on the same physical server. With NSX, application network traffic can be efficiently isolated via microsegmentation, regardless of its physical location or underlying network topology. NSX micro-segmentation provides a foundational architectural shift to enable topology agnostic, distributed security services to applications in the evolving data center.
One key feature of NSX Intelligence is its ability to provide recommendations for micro-segmentation policies based on network traffic data. https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwijjcKqnvKFAxVynP0HHeo9Bf0QFnoECBkQAw&url=https%3A%2F%2Fwww.vmware.com%2Fcontent%2Fdam%2Fdigitalmarketing%2Fvmware%2Fen%2Fpdf%2Fproducts%2Fnsx%2Fvmware-nsx-microsegmentation.pdf&usg=AOvVaw0tpf3V6po5vYeKoF2XgD64&opi=89978449
Network Segmentation is not a "feature" of NSX. DFW would be the feature you'd be using to implement microseg. Virtual Security Zones are a "feature" of NSX IDS/IPS so must be the correct response