NTT SmartConnect Launches 'VMware Micro-segmentation' Menu for its Cloud Service

NTT SmartConnect Corporation (Headquarters: Osaka City, Osaka; President: Kento Miyaoku; hereinafter 'NTT SmartConnect') has launched the 'VMware Micro-segmentation' menu for its SmartConnect Cloud Platform (Type-S) (hereinafter 'SCP Type-S') cloud service.

The 'VMware Micro-segmentation' menu is a service where NTT SmartConnect, a VCSP certified partner, utilizes the 'VMware vDefend Firewall' product to provide a 'Distributed Firewall' capable of micro-segmentation, which is communication control within the same segment between virtual machines. The IDS/IPS (Intrusion Detection/Prevention System) feature in this product's distributed firewall is a pioneering function to be launched in Japan.

While perimeter defense (measures at the system's entry/exit points) has been the mainstream approach, this menu enables 'lateral movement countermeasures' to prevent the spread of threats that have infiltrated the system, allowing for more robust security measures against today's sophisticated cyberattacks.

What is SCP Type-S? It is a domestic private cloud service that provides a host-dedicated virtualization platform for customers who want to use their IT infrastructure in the cloud.

What is VMware vDefend Firewall / Distributed Firewall? It is a firewall product from Broadcom that operates at the hypervisor layer and is applied per virtual network interface (vNIC) of a virtual machine.

What is a VCSP Certified Partner? It refers to a VMware Cloud Service Provider certified partner designated by Broadcom.

1. Background and Purpose In recent years, as a countermeasure against increasingly sophisticated cyberattacks, the need for 'lateral movement countermeasures' to prevent the spread of threats that have infiltrated the system has grown, in addition to conventional perimeter defense.

To meet these needs, NTT SmartConnect has launched the 'VMware Micro-segmentation' menu, which enables communication control between virtual machines.

By using this menu, fine-grained communication control on a per-virtual-machine basis becomes possible in the SCP Type-S environment.

<Image of Lateral Movement Countermeasures>

2. Overview and Features The 'VMware Micro-segmentation' menu utilizes the 'VMware vDefend Firewall' product to provide a 'Distributed Firewall' that runs on the hypervisor (ESX) on SCP Type-S *1.

Conventionally, perimeter defense was mainstream, and controlling communication within a LAN required finely segmenting VLANs and passing them through a perimeter firewall. This led to issues with network complexity and communication control within the same segment.

By introducing this menu, it becomes possible to control communication within the same segment between virtual machines (micro-segmentation).