Software Defined Security - SDSec
vArmour is providing a new type of network security solution designed to meet the unique challenges and opportunities brought about by the widespread adoption of automated workload provisioning, and the spread of virtualization across the data center.
While initially deployed primarily for tactical benefits like server consolidation, virtualization is increasingly being used for its ability to dynamically allocate and provision workloads, making IT more adaptive and responsive to the business, and making it more efficient. Virtualization is now in the mainstream for computing, and is seeing adoption in storage and networking with software-defined storage (SDS) and software-defined networking (SDN). vArmour is taking virtualization into the realm of network security, pioneering a new kind of solution called software-defined security (SDSec).
SDSec eliminates the provisioning, topology, performance and scaling bottlenecks that plague both traditional security solutions and host-based virtual security solutions when applied in dynamic, agile, and often virtualized environments.
Among the many benefits of the vArmour platform, it can be deployed today in SDN environments and also in conventional IP networks, to protect any any type of hypervisor or bare metal server, delivering the benefits of SDSec now in either network environment.
What Exactly is SDSec?
SDSec separates the security control plane from the enforcement (data) plane, much as SDNs abstract the network control plane from the forwarding plane. The result is a tightly coupled, dynamic, distributed system that scales like virtual machines and acts as a single system at any scale. This is quite different from “virtual firewalls”, which are merely standalone software instances that perform various security functions but are controlled and managed via static rules, just like conventional firewalls. With an SDSec security solution, network security policies, as well as real-time session state, are distributed across enforcement points automatically via the control plane, so that workloads (running on either virtual machines or bare metal servers) can be spun up and moved at will without regard for their location, without losing connections. This effectively eliminates the bottlenecks that have prevented data centers from fully realizing the benefits of compute and network virtualization.
Something Old, Something New
Virtualization and software-defined provisioning has enabled data center designers and operators to adopt much more flexible and efficient architectures. However, the performance and topological limitations of legacy security that have been encountered with conventional, physical infrastructures are equally evident in the virtual realm. Put simply, virtualization changes many rules of network design, but it doesn’t eliminate the need for network-based security. What virtualization *has* changed is the need for network-level security policies to be enforced independent of location, i.e. anytime, anywhere security. This is a fundamentally new requirement, and SDSec is the solution.
Click HERE to apply for participation in our limited Early Access Program.