Blog

Secure your Applications and Stop Malware Spread with Nutanix Flow

  • 9 September 2020
  • 0 replies
  • 1606 views
Secure your Applications and Stop Malware Spread with Nutanix Flow
Userlevel 7
Badge +35

This post was authored by Jason Burns Nutanix

We’re happy to announce that Nutanix Test Drive now includes Flow, an application security solution from Nutanix. With just a few clicks, you can start using Nutanix Flow to isolate virtual environments, secure your applications, and thwart malware attacks.

Flow microsegmentation provides policy-based security from Prism Central for workloads on AHV, the native Nutanix hypervisor. Built into the AHV hypervisor virtual switch, Flow is a distributed, stateful firewall that protects VMs at the virtual NIC level. Flow also visualizes the network traffic in your environment, so that you can deploy applications following a zero-trust methodology and seamlessly add or block newly detected traffic.

Test Drive Nutanix Flow

Get started from our Nutanix Flow Test Drive site. When you log in, you will be greeted with the Test Drive menu inviting you to Protect Your Data and Apps From Network Threats.

Flow Test Drive menu over the Prism UI

The guided tour covers four separate topics, giving you the tools to quickly secure your applications from network threats.

  • Getting Started by enabling Flow and categorizing VMs
  • Using an isolation policy to separate environments
  • Building a least-privilege application policy to allow desired traffic
  • Blocking traffic to quarantine an infected VM

Getting Started by Enabling Flow and Categorizing VMs

Enable Flow microsegmentation from Prism Central settings

Test Drive allows you to start from scratch with a fresh cluster and see for yourself how easy it is to enable Nutanix Flow. The Getting Started section shows you how to enable Flow in Prism Central and categorize VMs into groups, such as Production and Dev.

In just a few minutes, you’ll be ready to start protecting these critical environments and workloads.

Define an Isolation Policy

Flow application policy protecting a two-tier task manager app

Security policies are the mechanism Flow microsegmentation uses to define allowed traffic. Isolation policies are a strict block between two groups that cannot be violated.

The “isolate environments” section lets you create an isolation policy that blocks all traffic between the Production and Dev environments. You’ll create the policy and test it with real virtual machines that you assign to these environments

Define an Application Policy

Flow application policy protecting a two-tier task manager app

Application policies in Flow define allowed inbound and outbound traffic for an application. You can even add tiers to the application and define traffic among tiers, as well as within each tier. This helps reduce the surface attack area for the spread of malware from one VM to another by allowing only desired traffic.

The Flow Test Drive creates a simple two-tier application and categorizes it for you. You’ll build an application policy around this app that allows production to talk to the web tier, allows the web tier to talk to the database, and blocks all other inbound traffic to the application. You’ll even see how Flow policy visualization can highlight detected traffic so you can see what traffic exists on the network.

Quarantine a VM

Client1 VM quarantined using Flow

You’ll also get hands-on experience with the VM quarantine operation. You’ll learn how to quickly cut off network communication for one or more problem VMs in just a few clicks in Prism Central. Use strict quarantine to completely isolate VMs, or use a forensic quarantine to allow your defined sources to analyze the quarantined VM.

We hope you are now excited to Test Drive anti-malware and application security with Flow!

Tip and Tricks

  • Feel free to explore outside the guided tour to create your own security policies to visualize and secure traffic among the client VMs and the TaskMan application.
  • Move the VM console window to a dedicated part of your screen or a second monitor to see the impact of policies in real time.
  • If you want to start over, feel free to ‘X’ out of the current step and click on Quick Links at the bottom and select “Welcome to Flow - Main Menu” or any of the individual modules.
Quick Links

Other Features of Test Drive

You can read about the other features of Test Drive--including hybrid cloud, DBaaS, DRaaS, file and object storage services, and integrated backup services--by checking out our latest blogs!

Join the Community

Be sure to join the conversation at our NEXT Community Forums!

To learn more about Nutanix Flow, please visit our Flow page.

We are continuing to expand the experiences offered in Nutanix Test Drive, so stay tuned for what’s to come! Check it out now at www.nutanix.com/testdrive!


©️ 2020 Nutanix, Inc. All rights reserved. Nutanix, the Nutanix logo and the other Nutanix products and features mentioned on this post are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. All other brand names mentioned on this post are for identification purposes only and may be the trademarks of their respective holder(s). This post may contain links to external websites that are not part of Nutanix.com. Nutanix does not control these sites and disclaims all responsibility for the content or accuracy of any external site

 


This topic has been closed for comments