{"id":152,"date":"2026-04-09T19:21:19","date_gmt":"2026-04-09T19:21:19","guid":{"rendered":"https:\/\/gigabrit.com\/?p=152"},"modified":"2026-04-09T19:26:53","modified_gmt":"2026-04-09T19:26:53","slug":"navigating-the-vdefend-security-journey","status":"publish","type":"post","link":"https:\/\/gigabrit.com\/?p=152","title":{"rendered":"Navigating the vDefend Security Journey"},"content":{"rendered":"\n

Stage 1: The Security Segmentation Score<\/strong><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

It happens every time I talk to a Security Team. Someone says something like \u201cZero Trust sounds great, but where do I even start without breaking the whole network?\u201d It\u2019s a valid fear. Most organizations are flying blind, guessing which firewall rules are actually doing work and which ones are just legacy clutter. If you want real results, you need trackable metrics. That\u2019s why the first step of the vDefend Security Journey isn’t about writing rules\u2014it’s about getting your Security Segmentation Score.<\/p>\n\n\n\n

Not another score to track! <\/strong><\/p>\n\n\n\n

Stay with me here. The goal here isn’t to give your managers another metric to track how well you’re doing your job as a Security team. <\/p>\n\n\n\n

Instead think of this as a “credit score” for your data center\u2019s health. Instead of you manually auditing thousands of rows of spreadsheet data, the vDefend Security Services Platform (SSP) uses Security Intelligence to analyze your actual traffic flows (up to 30 days’ worth) and compares them against your existing Distributed Firewall (DFW) policies.<\/p>\n\n\n\n

The result? A single number from 0 to 95 that tells you exactly how much of your environment is actually protected versus how much is sitting in an exposed “blast radius.”<\/p>\n\n\n\n

Why not a 100? Because simply put, the only way to really get a 100 score on anything related to Security is either to turn off the VM, or Unplug it from the Network. <\/p>\n\n\n\n

Let’s walk through the process together. <\/strong><\/p>\n\n\n\n

    \n
  1. Calculate Score : In the Security Services Platform on the “Monitor & Plan” tab overview section, click “Calculate Score” <\/li>\n<\/ol>\n\n\n\n
    \"\"<\/figure>\n\n\n\n

    Noted in the UI is the following info about each mode.<\/p>\n\n\n\n

    Strict
    “Customers looking for a score that accurately reflects their data center security posture should use Strict mode. This mode highlights achieved security while applying stricter penalties for any allowed unidentified traffic.”<\/p>\n\n\n\n

    Relaxed
    “Customers creating security policies for their data center workloads may be cautious about denying traffic for fear of disrupting production applications. Relaxed mode emphasizes progress in rule creation rather than strict enforcement.”<\/p>\n\n\n\n

    I recommend running the Strict mode, at this point there is no actual enforcement happening so there is minimal risk to causing any harm.<\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n

    Now I’m already starting to see a picture of what I need to do in my environment to reduce my attack surface. <\/p>\n\n\n\n

    A few details to point out in the Image above. <\/p>\n\n\n\n

    Infrastructure Protection score is 0 because all infrastructure flows are currently unprotected. <\/p>\n\n\n\n

    Environment Protection score is 0 because no environment is defined yet.<\/p>\n\n\n\n

    Application Protection score is 0 because no applications are currently secured, and the datacenter is not locked down.<\/p>\n\n\n\n

    Security Segmentation Reports<\/strong><\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n

    Sample Report<\/p>\n\n\n\n

    \n
    \"\"<\/figure>\n\n\n\n
    \"\"<\/figure>\n<\/figure>\n\n\n\n

    Breaking Down the Report: A Reality Check<\/strong><\/p>\n\n\n\n

    When you pull your first Security Segmentation Report, don\u2019t expect a gold star. In my recent assessment\u2014run in Strict Mode over a 30-day period\u2014the environment pulled a score of 6. <\/p>\n\n\n\n

    Why so low? Because in Strict Mode, the system doesn’t give you credit for “trying”; it only counts explicitly identified and secured traffic. Anything matching a “Default Allow” rule is a direct hit to your score.<\/p>\n\n\n\n

    The report looks at five core domains to see where you’re vulnerable. Here\u2019s how my lab measured up:<\/p>\n\n\n\n