Better Together: Building Strong Partnerships for Business Continuity

better-together-2.001

When I look around at the world today, I am starting to see an emergence of businesses and individuals contemplating what our world will look like post COVID-19.  I think the stark fact is that we will never fully go back to the way things were prior to this pandemic. Large facilities with thousands of cubical style offices, or open concept spaces with people working shoulder to shoulder, will become a thing of the past for the foreseeable future.  Whether we are ready or not, remote working is here to stay for many businesses that have traditionally not embraced it as part of their culture.  Most importantly, Business Continuity Planning (BCP) will now have to look at the need to be flexible in the coming months to address a resurgence of pandemic planning, or will face additional unforeseen challenges. It is now time to move away from the static, manual approach of BCP, to a continuous process of Business Continuity Management (BCM) which is only truly possible with technologies that can continuously monitor and assess your application deployments.

Given the rapid changes many businesses were forced to undergo, we need to start addressing the fact that our environments are even more vulnerable than before.  We have all been forced to make quick decisions to address immediate needs, and for many, that meant  migrating to the cloud rapidly making it an even higher priority to manage cloud complexity.  To add to this paradox, many organizations are experiencing budget cuts that would otherwise go to security investments, thus having to leverage the existing technologies and controls they already have in their environments.

In reflecting on this, I am excited to take the opportunity to pick up where my colleague Rich Noguera left us last week with the idea that many  security solutions are, indeed, “Better Together”.  Working collaboratively, many joint solutions can  bridge the gaps in business and technical prioritization by  cultivating and maintaining strong partnerships for enhanced business continuity.

Better Together: Do more with Less

At vArmour, we full heartedly believe that we are better together. We have formed strong alliance partnerships with Gigamon, Tanium, Tufin and Digital Shadows and deeper integrations with two major cloud providers, including Microsoft Azure. Together, we meet the core needs of our customers and enable them to do more with less  by leveraging multiple solutions in the same environment to reduce operational and cyber risk in network and cloud.

Most importantly, business continuity requires understanding, characterizing and ultimately controlling relationships across the enterprise. vArmour’s Application Controller is a continuous data-driven approach called Continuous Application Relationship Management, that centralizes and transforms existing data into a relationship graph enabling a consistently up-to-date relationship map for continuous visibility and control across all environments, on-premise or cloud. Continuous application discovery combined with our partner technologies for network flow and policy control, endpoint security and management and threat intelligence enables targeted security and compliance in hybrid and multi-cloud environments.

Below are some significant “Better Together” use cases within our existing customer portfolio demonstrating the value of our joint solutions that ensure better visibility and relational control for customers in Financial Services, Healthcare, Telecommunications, Retail and more. 

vArmour + Gigamon Provides Application Relationship Visibility & Control without Endpoint Agents. vArmour Application Controller coupled with Gigamon GigaVue, provides application visibility plus policy orchestration to ensure consistent policy enforcement across private and public cloud environments. 

The vArmour and Gigamon joint solution has been deployed and proven with customers in Financial Services and Healthcare. More specifically, this partnership helped our joint customers maintain compliance with the increasing number of consumer protection, anti-terrorism, anti-money laundering regulations and increasingly more stringent operational certifications they have been challenged with.

Furthermore, the customer had both Application Performance Management (APM) and Network Performance Management capabilities (NPM) creating more unnecessary costs. Now with our joint solution, we have the ability to demonstrate a defined scope of compliance with consistent enforcement of network security control, and enable the customers to reduce their spend in GRC tooling and pre-audit support services. Moreso, our joint solution provides qualified application flow volumes coupled with the ability to remediate network performance bottlenecks.

vArmour + Tanium Provides Application Relationship Visibility to Manage and Protect Applications out to Endpoints. Together, vArmour and Tanium enable application-based endpoint performance management, application driven enforcement of endpoint security policies and application defined compliance at the endpoint for security and compliance. 

A multinational bank customer used the vArmour and Tanium combined platform to establish visibility and control of their application environment in anticipation of increased targeted attacks against their infrastructure, given their rapid cloud expansion and adoption of Agile-DevOps practices. Secondarily, through the course of the deployment, this customer also leveraged our joint platform to rationalize application dependencies, eliminate performance bottlenecks and consistently enforce endpoint data protection opportunities throughout their global operational environment.

As this joint deployment continues to evolve, this customer has identified several other cost management opportunities the solution can be applied against. Though use cases continue to emerge, applications in Asset Management, Change/Release Management, Threat & Vulnerability Scanning, and Governance & Compliance reporting have been documented. And as each use case is tested and operationalized, the tools and operational landscape of the bank simplifies along with the overall IT/InfoSec run rate.     

vArmour + Tufin provides Application Relationship Visibility to Protect Enterprise IT with Centralized Orchestration. vArmour enables Tufin expansion with application policy modeling and integrated policy deployment. Together, vArmour and Tufin are being used to identify and resolve application dependencies and performance issues, and to ensure network and firewall policies are consistently enforced through on-premise and cloud environments.

vArmour and Tufin have been deployed and proven with Healthcare customers. For these use cases, our joint solution consistently enforces secure network and data segmentation policies for  EPHI/EHR data transfer platforms between on-premise and all 3rd Party and public cloud based electronic medical records (EMR) and billing systems. Through these efforts, customers are able to reassess and modify their spend in GRC tooling and auditing services; and, DLP and database FW platforms.

For one of our joint global Retail customers, the vArmour and Tufin partnership has been operationalized  to enforce, track and report corporate firewall and network infrastructure PCI policies for both IT and InfoSec. This Retailer was able to streamline manual and error prone release processes with the automation capabilities of Tufin to enforce consistent Change Control, and leverage the vArmour application relationship data to enrich their Asset Management and CMDB platform.   Moreover, the resultant application plus network relationship flow model enabled this Retailer to better size and plan for platform lift/shift/modernization from their legacy platforms into public cloud.  

vArmour + Digital Shadows Partnership Enables Actionable Defense with Threat Intelligence. Our strategic alliance partnership with Digital Shadows accelerates our joint customers ability to discreetly and effectively minimize their risk with qualified threat intelligence. Simply put, customers that know what will be attacked and when those attacks are likely to happen are able to pre-emptively prepare their detection and response capabilities. Beyond accelerating Time-to-Detect (TTD) and Time-to-Contain (TTC) metrics, our joint customers minimize the possibility of breach and can potentially eliminate attacker dwell time all together.    

Contextualizing threats against business critical applications takes the guesswork out of the traditional Security Operations, Security Monitoring and Incident Response. Operators, engineers, and developers can take a more proactive (vs. reactive or passive) approach to security when provided a means to prioritize work efforts based on ‘real’ Dark Web threats.  A couple of examples include ‘Offensive’ Security designed to isolate or segment threatened applications, harden the systems or workload they are on, or scan source code before vulnerabilities are exploited; and, Targeted Threat & Vulnerability Management designed to deploy specific application fixes or server/workload patches, when needed and as needed to be secure and operationally resilient. 

Proven Better Together

So with the emphasis on engaging, frictionless, and sticky digital customer experiences; and, the ever present need to do more with less, Better Together could not be a more apt motto for the modern enterprise. Even more, with the operational stress the global pandemic response has put on all of us, having strong partnerships to drive communications and doing more with less goes a long way to across and within our new digital way of life.

Stay tuned for more integration announcements coming soon. To learn more about our existing integrations, schedule a demo today (and lunch is on us!). 

Related

Read More
December 13, 2023
Decoding DORA ICT Risk Management Requirements: Step 3 - Executing Business Impact Analysis and Risk Assessments
READ MORE
Read More
December 6, 2023
Decoding DORA ICT Risk Management Requirements: Step 2 - Mapping your Business Functions and their Dependencies
READ MORE
Read More
November 28, 2023
Decoding DORA ICT Risk Management Requirements: Step 1 - Identifying and Classifying ICT Functions
READ MORE
close

Timothy Eades

Chief Executive Officer