Security Services Platform

From Cramsession
Jump to navigationJump to search
✍️ Verified Author: MflavellClick to view professional profile & credentials

Tech Notes > Security Services Platform

Overview

  • Runs Vdefend security services
  • This is an integrated security platform that can be deployed in the cloud.
  • Services run inside kubanties on virtual machines


Services include

  • Security Intelligence
  • Network Detection and Response
  • Malware prevention
  • Rule Analysis


Install process

  • Install SSP on vSphere
  • Install NSX
  • Link SSP to NSX
  • Install platform features


vSphere > SSPI > NSX > NSX Features


Components

vSphere

  • vSphere controls the clusters.
  • By default a cluster has 3 hosts
  • This default is often expanded


  • Virtual machines are started on the hosts
  • SSPI and NSX run on their own VM's
  • Other VM's include:
  • Ssp-service-controller
  • SSP-servie-md-0-worker two of these


This configuration gives a total of 5 VM's and 3 Guest OS in a basic configuration.


NSX

  • Management is performed in NSX.
  • After deployment of the NSX connect to the web UI using IP / FQDN


'Features are based off the configuration you set in NSX:'


  • Security Intelligence
This feature provides distributed visibility and policy recommendations within an NSX environment, and lets you visualize security posture, analyze traffic flows, and create micro-segmentation policies.


  • Network Detection and Response (NDR)
This feature continuously monitors your network for threats and anomalous behavior, using techniques like network traffic analysis, IDS (Intrusion Detection System), IPS (Intrusion Prevention System), and advanced threat analysis, and then responds to identified threats.



  • Malware Prevention Service (MPS)
This feature provides file-level protection against known and unknown malicious files, including zero-day threats, by analyzing traffic and extracting files for analysis.



  • Network Traffic Analysis (NTA)
This feature monitors and inspects network traffic patterns and identifies anomalies or suspicious behavior.



  • Metrics
This feature collects point-in-time, time-series, and lifetime data to let you perform analyses (such as Top N) of your environment.



[1]

Reference Material

techdocs

Retrieved from "https://cramsession.net/index.php?title=Security_Services_Platform&oldid=1042"