NETWORK SECURITY
Micro-segmenting the network safeguards healthcare infrastructure, applications, and devices
One of the best ways to stop cyberattacks is to limit the attack vectors available. VMware NSX® allows administrators to micro-segment their networks by de ning security policies at the individual workload level. This process of micro-segmentation ensures a least-privileged model for network communication between critical applications, such as the EMR, and prevents the lateral spread of threats throughout the data center.
VMware NSX gives healthcare IT organizations the agility to adapt their networking and security operations to increasingly dynamic clinician work ows integral to driving positive patient outcomes.
Traditional data center Micro-segmentation data center
Perimeter  rewall
Inside  rewall
RESULT: Perimeter-centric  rewalling does not help to protect against the lateral spread of threats.
DMZ/Web VLAN
VM VM
EMR
VM VM
PACS
App VLAN
VM VM
EMR
VM VM
PACS
Services/Management VLAN
VM VM
Service Mgmt
DB VLAN
VM VM
EMR
VM VM
PACS
X
Perimeter  rewall
App VLAN
VM VM
DMZ/Web
VM VM
App
VM VM
DB
PACS Environment
VM VM
DMZ/Web
VM VM
App
VM VM
DB
Services/Management Group
VM VM
Service Mgmt
RESULT: Firewall policies for every server’s virtual NIC prevents the lateral spread of threats.
8
Traditional data center vs. micro-segmentation: Complementing the physical network segmentation traditionally used to comply with regulations such as HIPAA and PCI-DSS, VMware NSX enables micro- segmentation at the individual virtual machine and workload level, such as with EMR and PACS systems, to precisely control the lateral movement of threats across the data center versus the traditional method of protecting just at the edge.