How We Got Here
For the past two decades network security devices (firewalls, VPNs, IPS, QoS, DPI, Application Identification, etc.) have innovated on the same fundamental solution architecture: a stand-alone, location-based, physical device chassis "firewall" that enforced static, device-specific policies, albeit centrally managed. We know, we built them.
Enter the emerging era of computing and network operation. What we see now is a fundamental shift. Nothing we've seen before comes close. This isn't incremental. This is really something different. Today's firewall architecture won't work.
Everybody is buzzing about "the cloud." The cloud is the evolutionary step in computing that offers automated deployment, resource elasticity, and self-service. Workloads of all different types can easily be scaled up, and down. Lines of businesses or application owners can provision their own compute and storage resource through a web-based interface, and a centralized system will find and fulfill the provisioning request. Companies want cloud. Service providers, enterprises and governmental agencies can't build them fast enough.
The ingredients shaping the cloud infrastructure include: an orchestration system, workload virtualization, provisioning on hypervisors and bare metal servers, and software-defined storage (SDS). Put together, they create a pool of resource that enables any workload to run on-demand on any available physical resource anywhere in the data center. No boundaries. No silos. Lots of flexibility and mobility. It's powerful.
Maximizing the efficiency of virtual workloads de-coupled from physical servers, to truly embrace the any-workload-anywhere vision, requires a very different networking model. Virtual networks, software-defined networks (SDN), are bounding onto the scene. Protocols like OpenFlow, VxLAN, STT, and NVGRE are fulfilling the SDN vision. Connectivity is re-inventing itself. SDN represents a transformative architectural shift in the networking industry, the likes of which haven't been seen in two decades. SDN aims to deliver an open, flexible and programmable network infrastructure to match the virtualization and workload provisioning ability.
And here is where we step in. Securing these any-workload-anywhere environments, these agile data centers, will take more than a few feature enhancements. Virtualization changes everything. These environments require a new, transformative architecture for network security enforcement. They require a security and service layer, not a just a few tweaks to an existing device. The fundamental architecture employed in network security devices for the past two decades will not work in these emerging clouds.
We are creating that security and service layer for the cloud environment. The software-driven compute service, the one looking to SDN to virtualize the network, it needs software-defined security. We call that SDSec. We get it. It's got to work like the rest of the environment. It's got to scale. It's got to fit and flex. It's got to unleash the efficiency gains being realized by the workload provisioning systems. It must be programmable. It must enable, not confine, the any-workload-anywhere model. It must be interoperable with OpenFlow and other SDN protocols. The old "firewall" architecture won't get you there. A new architecture is needed, not just a new box architecture, but a very different enforcement model.
vArmour’s innovative solution enables service provider, enterprise, and government cloud operators to insert security and application policy inline wherever needed within network, with high performance. Though we delivered the industry’s first SDN-enabled security solution, SDSec’s benefits are realized equally in both physical and virtual networking environments, to improve network security, intelligence, and dramatically reduce IT administration.