The hardening guide describes a lot of specific VM options but, starting with ESXi 6.0 Patch 5, many of the VM advanced settings are now set to be Secure By Default. This means that the desired values in the Security Configuration Guide are the default values for all new VMs and you don't have to manually set them anymore.

For more information, see the blog post at https://blogs.vmware.com/vsphere/2017/06/secure-default-vm-disable-unexposed-features.html.

For virtual networking, NSX can provide the micro-segmentation capability to enforce network security directly at VM virtual NIC level. Also, at VMworld 2017, a new product was announced—VMware AppDefense, a data center endpoint security product that protects applications running in virtualized environments. AppDefense works inside the VMs (as compared to NSX that works only at the network level) and understands how applications are supposed to work normally and monitors all changes to that behavior state that indicate a threat.