Virtualized Security Services

Software-defined adaptive security for securing hybrid cloud, data center and branch


Nuage Networks Virtualized Security Services (VSS) let you use the power of software-defined networking (SDN and SD-WAN)
to prevent, detect and respond to security incidents across the WAN, datacenter and cloud.

Addressing security and compliance issues is considered the biggest obstacle to making applications and services cloud-ready. The threat landscape is getting more sophisticated with the rise of ransomware, web based malware, botnets and phishing emails resulting in significant financial loss and data breaches.

Enterprise IT needs an SDN security solution, based on a unified intent based security policy automation and visibility platform, that can enable enterprise-wide software-defined segmentation, visibility, threat detection, and dynamic response for securing branches, hybrid cloud and datacenter environments.

To provide for security requirements described above, Nuage Networks VSS:

  • Supports Prevention, Real-time Detection and Automated Response to security threats
  • Has built-in security capabilities such as L3-L7 Firewall, Web/URL Filtering
  • Provides Real-time Security Analytics
  • Is unique in the marketplace to provide End-to-end security across branch, DC and cloud

Choose an SDN and SD-WAN platform that is unmatched for security services and automation


Nuage Networks VSS is the first distributed, end-to-end (cloud, DC, branch) solution for network security, visibility and security automation. Built on our proven SDN platform, VSS lets you automate IT tasks for security policy protection and remediation to support an on-demand cloud environment.

How we help you

Traditional network security solutions deliver security within a particular enterprise network, either at the network perimeter or within the cloud or datacenter. VSS is the industry’s first distributed, end-to-end (cloud, datacenter, branch) software-defined network security, visibility and security automation solution.


  • Prevent security incidents by minimizing attack surface with software-defined segmentation and policy enforcement across cloud, data center and branch
  • Detect security threats and monitor compliance with contextual network visibility and security analytics
  • Respond in near-real time to incidents by dynamically automating security remediation processes

VSS works across heterogeneous workload types, including virtual machines (VMs), containers and bare-metal servers, as well as any existing IP underlay network across hardware platforms.

new-image

Key features and benefits

Embedded L3-L4
Firewall and SaaS
Access Control

Embedded L3-L7 distributed firewall allows the control branch access to and from internet using stateful L3-L4 security. Restrict branch user access to specific applications using L7 DPI.
Validated by 3rd party for PCI-DSS v3.2 network firewall requirements. Logging of ACL actions for compliance and auditing. Supports pre-defined SaaS services such as Office365, Webex, Salesforce, Github, JIRA, Azure, AWS and Google.

End-to-end segmentation from branch offices to applications in the cloud

Restrict lateral movement of malware from branch to data center. Control branch user access to datacenter applications and internet. Block branch user access to inappropriate or malicious internet content using content/website Category based filtering. Web Categorization and Threat Intelligence.

Contextual flow visualization and application flow mapping

Visualize traffic flows within virtual network between branch locations and internet, other branch sites as well as data centers. Group and visualize flows by logical grouping such as security zones, branch locations. Visibility and logging of L7 application information (supports 1900+ application signatures).

Security monitoring, analytics and automated response

Security dashboards and alerts based on access control lists (ACLs). Policy based mirroring of selected traffic to security analytics. Prevent malware from infected branch device from entering corporate network Leverage network security analytics to identify suspect end-points based on threshold alerts.