When deploying Zero Trust to quickly address security gaps and improve segmentation posture in a brownfield or greenfield environment, customers need a prescriptive, multi-stage segmentation workflow designed to progressively secure east-west traffic in the VMware Cloud Foundation (VCF) private cloud. vDefend delivers Distributed Firewall (DFW) 1-2-3-4* — an automated workflow that helps security administrators systematically strengthen their private cloud security posture. Customers can now simplify and fast-track the path to Zero Trust with a structured sequence of segmentation phases — from protecting critical infrastructure services to securing traffic between zones, and ultimately achieving application-level micro-segmentation. Additionally, over time, security policies can become bloated and inefficient. The new Firewall Rule Analysis feature efficiently manages this by analyzing DFW rules, so organizations can ensure their security policies are lean and effective.
Why Comprehensive Segmentation is the Need of the Hour
In today’s ransomware threat landscape, protecting only the perimeter has proven to be insufficient. Traditional security solutions, such as perimeter firewalls, protect only north-south traffic. Given that east-west (lateral) application traffic is approximately four times the volume of north-south traffic, it is critical and urgent to deploy lateral security to extend defenses beyond the perimeter.
As a result, large portions of the private cloud workloads remain vulnerable, enabling attackers to compromise underprotected workloads and laterally move to compromise high-value assets—the “crown jewels”. In 2025, cyber attacks caused substantial business downtime in days and weeks across various industries (including automobile, retail, and manufacturing), leading to financial losses in hundreds of millions.
Additionally, attackers are adopting AI/GenAI technologies to identify weaknesses in enterprise environments. These AI-driven attacks are not only faster, but in many cases, autonomous. Now more than ever, organizations need segmentation to get deployed faster. However, many organizations jump to app-level micro-segmentation and then face deployment challenges due to the lack of visibility into application communications and time-consuming coordination between infrastructure and app team silos. What they need is a guided zero-trust journey to quickly deploy comprehensive segmentation for all their workloads.
vDefend is purpose-built to auto-discover application communications, provide guidance on security rules, and verify policy correctness in a non-disruptive manner. The result: 360-degree segmentation with built-in automated workflows that include both macro- and micro-segmentation and continuous monitoring, all in a prescriptive manner.
Read the full blog here.