Infrastructure as a Service (IaaS) is a popular type of cloud services. While allowing users to rent virtual machines (VMs) to save the management and hardware cost, it also blurs the boundary between the internal and external networks, causing security threats such as insider attacks which cannot be observed by traditional firewalls or security devices in the network boundary. Coordination of network function virtualization (NFV) and software-defined network (SDN) is a promising approach to address this issue, and an optimal placement mechanism is necessary to minimize the computing resources and bandwidth cost for network security monitoring. In this work, we present a mechanism of placing virtualized network functions for network security monitoring, abbreviated as NSM-VNF, in a data center network (DCN) to watch communications between pairs of VMs. We model the placement issue as the minimum vertex cover problem and the bin packing problem to optimize the number and position of NSM-VNFs subject to the availability of computing resources and bandwidth. Furthermore, the possible rearrangement due to VM migration is also addressed. Because the complexity of the problems are known to be NP-hard, we design an greedy solution to reduce the complexity. We evaluate the greedy solution with various topology sizes and communication pairs in a DCN by Mininet simulation. The experiments demonstrate that the placement of NSM-VNFs by the solution is close to that of an optimal algorithm, while the execution time is reduced significantly.