2 min

VMware has launched its own firewall. The Firewall is designed to provide an extra layer of security for enterprise applications. That’s what Silicon Angle reports.

The new Service-defined Firewall builds on two of the company’s existing products. One is the NSX network management and security platform. The other is AppDefense, a threat detection engine that scans the enterprise infrastructure for suspicious behavior. AppDefense searches for malicious activities by analyzing data from NSX and vSphere, VMware’s virtualization platform. Companies run those services on their servers to improve hardware efficiency.

The Firewall further extends these detection functions by adding a layer of automation. It uses operational information that VMware collects from its large customer base to understand exactly what normal behavior means for various applications. With this insight, the underlying algorithms can generate their own security rules for a vSphere virtualized environment of a company.


VMware states that its firewall can search for malicious activity in both network traffic via NSX and vSphere-controlled host machines. With the latter possibility, the product distinguishes itself. The software uses vSphere itself to track activities, which means there is no need to install a special piece of monitoring software on each host, which traditional security tools do.

This approach reduces operational complexity, but also makes it more difficult for hackers to hide. Attackers may be able to disable the monitoring software on a host if they are given administrator access to a machine. But if the monitoring is done via vSphere, that’s no longer a problem.

“Unlike perimeter firewalls that have to filter traffic from an unlimited number of unknown hosts, the VMware Service-defined Firewall has the advantage or deep visibility into the hosts and services that generate network traffic,” said Alex Berger, product marketing manager at the VMware network and security group.


The Service-defined Firewall addresses a large number of enterprise environments. The software can protect virtual machines, as well as containers and bare-metal servers without software. Support for Amazon Web Services (AWS) will be added later on.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.