VMware has taken the wraps off a firewall it says protects enterprise applications and data inside data centers or clouds.\nUnlike perimeter firewalls that filter traffic from an unlimited number of unknown hosts, VMware says its new Service-defined Firewall gains deep visibility into the hosts and services that generate network traffic by tapping into into its NSX network management software, vSphere hypervisors and AppDefense threat-detection system.\n\n\u201cVMware\u2019s service defined firewall is significant because it leverages host and network context via AppDefense and NSX, respectively, to apply contextual, adaptive access control policies, hence the positioning of the offering as an internal versus external firewall\u201d said Doug Cahill, Group Director and Senior Analyst with the Enterprise Strategy Group.\nThe product doesn\u2019t require added software agents to do its job as many security packages do, VMware said. It also lets organizations more easily enforce security policies without forcing traffic to go through a security appliance for scanning, VMware stated.\nThe firewall works in bare metal, virtual-machine and container-based application environments, and will support hybrid cloud settings such as VMware Cloud on AWS and, down the road, AWS Outposts.\nUsing network-generated information to determine and verify the expected \u2013 or \u201cknown good\u201d \u2013 behavior of applications, the firewall\u2019s Application Verification Cloud builds an accurate map of the good or normal state of the application. Any transactions outside that behavior are then blocked.\nOnce a verified understanding of known good application behavior is established, the system can generate security policies for the Service-defined Firewall that are layer 7 capable and can perform full stateful inspection, wrote Alex Berger product marketing manager with the Networking & Security business unit at VMware in a blog about the announcement.\nThe idea is to consistently allow an application\u2019s known good behavior across heterogenous workloads and private and public clouds, Burger stated.\u00a0\n\u201cIn today\u2019s modern data center, change is constant. A dynamic approach to segmentation allows customers to keep pace with change,\u201d Cahill said.\n\u00a0 \u201cApplications are more distributed, deployed across multiple private and public clouds, using many different types of infrastructure and accessed from many different devices," said Rajiv Ramaswami, chief operating officer, products and services, VMware in a statement. "Security sprawl \u2013 too many products, agents, and interfaces deployed across an organization \u2013 creates complexity for security management.\u201d\nVMware\u2019s strategy is to remove the complexity inherent with security today and deliver security that is intrinsic from endpoint to cloud, Ramaswami\u00a0 stated.