Try our new research platform with insights from 80,000+ expert users
PeerSpot user
Owner at David Strom Inc.
Writer
ExpertTop 20
A better way to do breach detection using advanced sandboxing methods

What is most valuable?

The Internet is a nasty place, and getting nastier. Current breach detection products using traditional anti-malware sandbox technologies can’t keep up with advanced persistent and hyper-evasive threats that pummel enterprise networks on an hourly basis. Malware authors encode their exploits with a number of operational vectors, so in case one entry point doesn’t work they can still find a way into your network to do their dirty work. And as more businesses hire more outsourced consultants, part-time workers, and employ mobile devices, they open up additional mechanisms for malware to enter their corporate networks.

Some traditional AV and endpoint protection vendors have responded to these threats by adding features to their security products to do a better job of anticipating badly behaving packets coming through their detectors. They make use of limited virtual machines or operating system emulators to view how a piece of malware operates. That is great, but it isn’t enough. Many malware authors can detect when these simulated environments are active and can evade detection accordingly. For example, some exploits such as W32.DelfInj can literally go to sleep for several days to avoid any detector that will just scan an infected system for the first several minutes.

1aWhat is needed is a next-generation sandbox that can correlate a series of particular breach events add IP and object based reputation analysis and do this in near real-time. This is what the Lastline Breach Detection Platform does. What makes them unique is their range of discovery, the way they can effectively mimic actual PC or smartphone endpoints to examine malware behavior.

Download my full review of their system here.

How has it helped my organization?

Lastline has four major components:

  • Network sensors. Lots of security tools have sensors, and certainly this is the cornerstone of any modern security tool. What makes Lastline more interesting is that it combines IP and domain reputation analysis with malware fingerprinting techniques. 
  • Advanced sandbox screening tool. Suspicious objects that are suspected to be zero-day threats are collected from the sensors and analyzed with the Lastline next-generation sandbox, which emulates a complete endpoint system (OS, memory, and peripherals). Other sandboxing tools leave small in-guest code stubs that can reveal they aren’t “real” endpoints; Lastline doesn’t have these clues for malware to key into and looks just like regular computers. 
  • Reporting and threat analysis tool. Low-level event data is then collected and correlated into a particular security incident, which then updates an online threat database. For example, just by clicking on a few different menu items, we can see how often the same infection was downloaded by a particular endpoint, or why a particular event led to other activities across our network, or how a piece of malware was attached to a series of different email messages.
  • Rich threat intelligence of advanced threats.Known exploits and IP based systems associatedwith advanced malware are highly dynamic and traditional signature-based knowledge bases are ill equipped to keep up. Lastline threat intelligence draws on its global collection of next-generation sandboxes.

What needs improvement?

They just announced added Mac OS X support, which I didn't get to test. 

What was my experience with deployment of the solution?

It is a bit tricky to install the various components and to get it set up properly. But once you do, you can take full advantage of its features. 

Buyer's Guide
VMware NSX
November 2024
Learn what your peers think about VMware NSX. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,067 professionals have used our research since 2012.

What do I think about the stability of the solution?

No.

What do I think about the scalability of the solution?

No, indeed this is one of its main benefits. You can scale it up to handle very large networks with their modular and SaaS-based tools. 

To add flexibility to its system, both the next-generation sandbox and reporting tool can be either hosted or installed on-premises.

Which solution did I use previously and why did I switch?

Their core idea is to run a piece of suspected malware in such a way as to provide the ultimate examination of its operations. Suspected code is extracted from the network traffic flow, analyzed andcorrelated with other network-level events to provide a full picture of what happened. It has one of the most throughout analysis sandbox engines. But what is more important is how they are able to provide actionable intelligence to a wide variety of leading security vendors’ intrusion prevention and unified threat management platforms from WatchGuard, Barracuda, TippingPoint, Juniper, Tripwire and others. Through a combination of application programming interfaces, Lastline can send and receive firewall blocking rules and breach event data to/from the appropriate systems that you have already purchased, so that these threats can be quickly stopped.

Yes, there are other sandboxing securing tools out there, but they aren't as thorough as what Lastline does.

What about the implementation team?

Vendor team was first rate.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Cloud Article at Oracle
Real User
Feature-rich platform for network virtualization and security, with straightforward installation and configuration
Pros and Cons
  • "The security offered by VMware NSX is the most valuable, plus it's a feature-rich product that's straightforward to install and configure."
  • "VMware NSX should be able to scale for different customers, even the big ones. Its scalability needs improvement. Stability for it should also be improved."

What is most valuable?

What I found most valuable is the security offered by VMware NSX. I also like that it is a feature-rich product.

What needs improvement?

VMware NSX should be able to scale for different customers, even the big ones. Its scalability needs improvement. Stability for it should also be improved.

An additional feature I'd like to see in the next release of this product is for it to have more integration with other public clouds.

What do I think about the stability of the solution?

I have concerns on the stability of VMware NSX, because it breaks multiple times in customer environments, especially when you scale it across a big data center.

What do I think about the scalability of the solution?

VMware NSX still has a lot of scalability limitations, and needs improvement on how it can scale.

How are customer service and support?

The support for VMware NSX has not been good recently. Some of their experienced staff have left the company, and that has impacted all their business units, including support.

How was the initial setup?

VMware NSX is straightforward to install and configure, but for a user who's new to it, the product can be somewhat complex to understand, though not too complex.

What's my experience with pricing, setup cost, and licensing?

The pricing model for VMware NSX is good, especially because it has a lot of features.

What other advice do I have?

VMware NSX is a good product. It's the best solution in terms of the Enterprise FTN.

I'm quite competent on this product, because I've been working on it for a long time, so I find it easier to use.

I'm rating VMware NSX nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Buyer's Guide
VMware NSX
November 2024
Learn what your peers think about VMware NSX. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,067 professionals have used our research since 2012.
PeerSpot user
VMware NSX Engineer at a tech services company with 201-500 employees
Video Review
Real User
Enables us to put our network onto any network there is, we just spin something up whenever we need to
Pros and Cons
  • "NSX gives us the ability to put our network, NSX, onto any network there is, which allows us not to have to go to the network team to create networks our VLANs for networks."
  • "It still needs to grow. There are still some features that it doesn't do, like it doesn't do multicasting."

What is most valuable?

NSX gives us the ability to put our network, NSX, onto any network there is, which allows us not to have to go to the network team to create networks our VLANs for networks. We can just create all our networks right from the start. Whenever we want to spin something up, we just spin it up.

What needs improvement?

So far, what I've seen here at VMworld, it seems to be improving just the same line as everything else. It's going to expand, grow and grow and grow. It's going everywhere. It's not just going into "I'm using the V version of NSX," but it's going out to every environment. It's going out to all the clouds so that even if you have the V, you can also use the cloud part and put it into there, so it seems to be growing where it needs to go.

It still needs to grow. There are still some features that it doesn't do, like it doesn't do multicasting. It does do some multicasting, but it's within their own infrastructure, but multicasting in general, it doesn't do.

What do I think about the stability of the solution?

So far, it's been very stable. I've used it since the very beginning and it's been very stable in the beginning, and as they've added more and more features, it's become more and more stable in the environment; that is, better in the environment because we're able to use more and more features within it.

What do I think about the scalability of the solution?

So far it's been very scalable, and with the new versions that are coming out, it's even more and more scalable. They've added more and more features of routing that they didn't have in the first versions, which allow it to be more scalable. It's become better than the actual infrastructure, the original network infrastructure that's there, because we can lay it on anything and it will scale to any part of the network that we want.

How is customer service and technical support?

So far, I've had very good tech support. A lot of the guys we talk to are very knowledgeable, and if they don't know it, they're able to talk to others within their group that will know it. So I've gotten very good results from them.

How was the initial setup?

The installation is very straightforward. The part that gets complex is how you do your routing, how you do your ESGs, how you set up the actual network itself within it. But once it's set up, you just create virtual switches and put any network you want on it. It becomes almost seamless.

What other advice do I have?

In terms of criteria for selecting a vendor, it's a little of everything. It's the reputation that they have, but it's also more of the tech support, as well as the documentation that they have, because not everybody in their environment, as well as your own environment, knows everything. So you have to be able to look up stuff and have that knowledge to be able to do it, as well as allow them to do it.

They have a lot of good KB articles on what's going on, so if you need a problem solved, you look at that first and you'll be able to find it pretty easily.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Infrastructure Architect
Video Review
Real User
The we can actually extend Layer 2 networking across datacenters, and also Layer 3 networking, which comes along with it
Pros and Cons
  • "The we can actually extend Layer 2 networking across datacenters, and also Layer 3 networking, which comes along with it."
  • "They could branch out to the physical layer."

What is most valuable?

Some of NSX's most valuable features are:

  • Its distributed firewall
  • The we can actually extend Layer 2 networking across datacenters, and also Layer 3 networking, which comes along with it.
  • The routing and switching.

What needs improvement?

They could branch out to the physical layer. Today, it's just the virtual layer, and they're starting to talk about the physical layer. We'd like to see the physical layer incorporated.

What do I think about the stability of the solution?

We've been using NSX now with Layer 2 stretching for approximately 10 months. We're getting ready to really ramp up the DFW, which is the distributed firewall piece, which we and our security team are very excited about.

NSX is a very stable product.

What do I think about the scalability of the solution?

We've already scaled it across two data centers. We'll be incorporating two additional data centers, to give us that footprint, or IP address migration across four data centers. So, it's quite scalable.

How is customer service and technical support?

The tech support for NSX is awesome. We are a premier production customer for VMware, therefore the tech support and the tech support representatives don't start a lower level. We start at the mid-level of the tech support engineers. Thus, we get answers very quickly. We also work with our technical account manager who knows what we're doing and what we've got coming up, so he's able to push things for us on the tech support side.

Our tech support's awesome.

Which other solutions did I evaluate?

The most important criteria when selecting a vendor (like VMware), it's important to us that they have the following:

  • Their name recognition.
  • The support that they provide.
  • Their placement in the industry as a leader.
  • The things that they're doing with NSX, which are phenomenal.

We're a supporter of VMware, and likewise they're a supporter and a partner with us and what we're doing.

What other advice do I have?

It's really a great product. It fits all of our needs. Everything that we've asked it to do or asked VMware to help us get done with it, we've been able to do. Therefore, we're very excited about the product.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
MadhuV - PeerSpot reviewer
Global Practice Head - Cloud and Platforms at Tech Mahindra Limited
Real User
Quicker results with valuable features, complex setup, and easy implementation
Pros and Cons
  • "The best part is the blueprint creation where I can create their things and then move on to the target environment."
  • "They could do more with cloud management."

What is our primary use case?

It is helping me get an entire blueprint done of the source and the target. I was able to make it into a catalog and can set up anything on the cloud quickly. 

What is most valuable?

The best part is the blueprint creation where I can create their things and then move on to the target environment.

What needs improvement?

The price is pretty high and their product stack forces me to use the feature set compared to all the others out there in the market from India. They could do more with cloud management, I need some third-party tools.

For how long have I used the solution?

I have been using VMware NSX for the past four years.

What do I think about the stability of the solution?

VMware NSX is a stable solution.

What do I think about the scalability of the solution?

The scalability is not a problem.

What's my experience with pricing, setup cost, and licensing?

It was complex, but we worked on all the templates and now it is easy.

What other advice do I have?

I would recommend getting your case worked out well before you get into any customer environment. When it comes to an out-of-the-box feature set on the website, it is not how it really works. Do the POC before you go into a real-time production implementation. I would rate VMware NSX an eight out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1551519 - PeerSpot reviewer
Mechanical Maintenance Manager at a consumer goods company with 10,001+ employees
Real User
An expensive solution that's great for building a virtualized environment
Pros and Cons
  • "Over the last two years, they've enhanced a lot, especially in regard to integration with OpenStack."
  • "They need to enhance their technical support."

What is our primary use case?

Our clients consist of enterprise companies. 

What is most valuable?

From my experience, VMware on a private cloud is a good choice. They offer some great webinars and workshops to learn how to use the product better.

Over the last two years, they've enhanced a lot, especially in regard to integration with OpenStack.

It's great for building a virtualized environment. It features great motion mobility, its own logical distributor, router switches, load balance, firewall, etc. 

For how long have I used the solution?

I have been using VMware NSX for four to five years. 

What do I think about the stability of the solution?

Personally, I find VMware NSX to be very stable. 

How are customer service and technical support?

They need to enhance their technical support. There is no comparison between VMware technical support and Cisco's technical support. It's one of the main criteria that everyone is looking for.

How was the initial setup?

The initial setup was straightforward. Deployment was very easy.

What's my experience with pricing, setup cost, and licensing?

VMware NSX is expensive and everything is licensed. We have to pay for each individual feature. 

What other advice do I have?

Be sure to read over the documentation on their website. They announce a lot of webinars and workshops for the product. It's good marketing and you should attend them. 

Overall, on a scale from one to ten, I would give this solution a rating of six. 

Which deployment model are you using for this solution?

Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1164561 - PeerSpot reviewer
Senior Cloud Consultant with 201-500 employees
Reseller
Good security with improved scalability and allows for the creation of virtual access networks
Pros and Cons
  • "One of the big improvements between the NSX-V and NSX-T is that in NSX-T you are no longer dependent on V-Center anymore."
  • "Some configuration maximums are limiting to the user, especially when it comes to the deployment of very, very large environments."

What is our primary use case?

I work with two different companies with different large cloud environments. 

This product is a software-defined network, and that allows you to create virtual access networks and managing security to allow for different workloads.

What is most valuable?

The solution offers a very good software-defined network that allows you to create virtual access networks. It's very helpful at allowing you to manage security to allow for different workloads. 

One of the big improvements between the NSX-V and NSX-T is that in NSX-T you are no longer dependent on V-Center anymore. That was a huge improvement due to the fact that it allows you to take into account new cases, and have better scalability, among other improvements.

What needs improvement?

There is always room for improvement, in any solution. 

In some cases, this product is very technical. 

Some configuration maximums are limiting to the user, especially when it comes to the deployment of very, very large environments. There are limits to the number of firewall rules, security groups, et cetera. With the number of security groups, you can nest all these limits, however, somehow limiting the use cases may be restrictive for the free design of different use cases.

For how long have I used the solution?

I've been working with the solution for a while at this point. It's been at least a couple of years.

What do I think about the scalability of the solution?

The scalability capabilities have improved in NSX-T. It is much better than when the NSX-V version was out.

I work with two different clients, both of which are quite sizeable. They have thousands of machines and thousands of security groups.

Which solution did I use previously and why did I switch?

I didn't work with another solution per se, however, the previous triggered cloud tool that we had was by VMware. It was not really, at least at the very beginning, a tool for a software-defined network, however, there were some elements that allowed you to create customer networks practically on the fly. There were also some other network visualization techniques, which allowed you actually to encapsulate the traffic and to create networks on the fly. You had some security constructs, including tenents constructs, that you can find somehow in the VRA today. The tenant concept is also present in NSX.

What's my experience with pricing, setup cost, and licensing?

Our customers can use the solution for free, however, this comes with restrictions.

What other advice do I have?

We are consultants and integrators. We have a business relationship with VMware.

I am working with both NSX-V and NSX-T. The latest one is actually NSX-T.

On a scale from one to ten, I would rate it at an eight.

Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
PeerSpot user
it_user730311 - PeerSpot reviewer
IT Support Specialist at a mining and metals company with 10,001+ employees
Real User
Scalable; takes care of our whole environment

What is most valuable?

Security. Our Trend platform runs off NSX.

How has it helped my organization?

We use the solution strictly for security.

For how long have I used the solution?

Roughly six months.

What was my experience with deployment of the solution?

We didn't have this issue, but I would recommend to others looking at this solution to make sure that their hardware is compatible.

What do I think about the scalability of the solution?

It seems to be taking care of our whole environment. It seems to be pretty scalable.

How are customer service and technical support?

I have not used it, but my coworker has. Every time he talks to them, they're easy to get a hold of; very knowledgeable and they solve his issues right away.

If you put in a trouble ticket, they contact you very quickly (in response). If there is a problem, it usually isn't around very long. They jump on it, fix it, and it's done.

Which solution did I use previously and why did I switch?

We were on McAfee, and we switched to Trend. We switched to Trend because Trend supports virtual environment a lot better than McAfee does.

Trend migrated in a way that it will only work with NSX. The older version of Trend that we were on worked without NSX. The newer version does not. Now, we use NSX in conjunction with Trend.

We upgraded Trend to keep up-to-date and all the security loopholes closed.

What other advice do I have?

Most important criteria when selecting a vendor:

  • They have to be able to support the environment you're running.
  • The service and support is a big must. We work at an Enterprise level, so sometimes you can't go with the little new guy. You need that 24 hour service and support, seven days a week. It is very important for us.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user