Recently, I was accepted to Nutanix’s Partner Elite program, designed to empower the vendor’s top partners with a range of benefits and resources. It was an honor to be included, and I’ve used the opportunity to explore new ways Agisko’s customers can benefit from Nutanix infrastructure.
One of the most exciting developments from Nutanix over the past year might also be one that attracts relatively little notice: the seamless and advanced integration of Nutanix’s Flow Network Security with Palo Alto Networks’ next-generation firewalls (VM-Series).
Flow Network Security is an application-centric micro segmentation solution that protects east-west traffic in Nutanix environments, for both on-premises AHV and NC2 clusters.
Many of our Nutanix customers already use Palo Alto solutions, putting them in a strong position to leverage the benefits of this new integration through service insertion.
In the past, these organizations had visibility into their network traffic, but not necessarily into traffic at the application level. In many (private) cloud environments, east-west traffic is rarely monitored, leaving security teams poorly equipped to detect or contain lateral movement once attackers get past the perimeter. Today, they can gain a deeper and more holistic view of their environments using service insertion without disrupting applications or redesigning their entire network.
Here are some of the most important features and benefits of this integration:
App Classification (App-ID)
A traffic classification system that identifies applications based on their protocol, port, encryption, and other characteristics.
Intrusion Prevention System (IPS)
Filters out malicious activity before it reaches other security devices or controls.
Sandboxing
A critical component of incident response that runs untrusted or potentially harmful code in a secure, isolated 'sandbox' environment.
URL Filtering
Enables security administrators to restrict or control access to specific websites or web content based on their URLs.
SSL/TLS Inspection
Decrypts, examines, and re-encrypts encrypted network traffic—particularly HTTPS traffic secured by SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols.
Before taking advantage of these benefits, infrastructure and security teams should ensure they have the right tools in place. The integration with Palo Alto Networks’ VM-Series Next-Generation Firewalls requires a minimum Nutanix Cloud Infrastructure (NCI) release 7.3.
In addition to the software version, the appropriate Nutanix licenses are also required. This includes the Security Add-on for NCI when using the NCI Pro license, or it comes built-in with the NCI Ultimate license.
Once this integration is in place, security teams gain enhanced visibility and simplified operations—delivering streamlined management, granular policy enforcement, deep insights, proactive threat detection, adaptive scaling, and built-in resilience.
If you’d like to learn more, feel free to contact me.