Application-layer network visibility, software-based segmentation and microsegmentation from vArmour to protect applications and workloads in data center and cloud environments

WESTMINSTER, Colo. - November 10, 2016 - Coalfire, a respected Payment Card Industry Qualified Security Assessor (PCI QSA), has announced today that it has completed an independent technical assessment of vArmour’s Distributed Security System against PCI Data Security Standard (DSS) version 3.2 requirements. Coalfire found that vArmour DSS Distributed Security System, which provides software-based segmentation and microsegmentation to protect critical applications and workloads in data centers and clouds, can be effectively implemented to enable enhanced network security in support of building and maintaining a secure network and systems.

The lack of visibility of the behaviors of workloads and applications is a significant challenge to network security, especially in virtualization and cloud infrastructures. The inability to visualize and understand the traffic patterns of workloads and applications make it difficult to properly assign policy to protect them. To effectively segment the network and apply controls, the key first step should be to visibly identify and understand network traffic.

vArmour DSS’s visibility of the network helps users:

  • Better understand the exposed attack surface area within the data center
  • Determine what workloads are more susceptible to lateral spread
  • Understand if data staging or exfiltration is occurring within the environment
  • Gain an understanding of application and protocol profiles within the data center
  • Correlate views of application dependencies to inform policy creation, discover policy violations, and detect suspicious or anomalous behaviors around critical assets

“It’s not enough to segment and microsegment the networks,” said Tim Eades, CEO, vArmour. “You need to have deep Layer 7 application context of the traffic to understand not just who’s talking to whom but what are they saying to each other, so that your policies reflect the behaviors you want and, more importantly, don’t want occurring with your critical assets. Application visibility coupled with software-based segmentation has been the fundamental driver of our customers deploying vArmour in critical infrastructures in highly regulated industries across the globe. This technical assessment from Coalfire, a renowned security advisor and auditor, speaks to the capabilities of vArmour to help organizations with their PCI 3.2 requirements.”

As outlined in the assessment, vArmour DSS’s segmentation has the ability to enforce security policy between any and all workloads while maintaining security policy enforcement in environments with frequent, automatic vMotion of workloads. Security policies can be created to enforce access control for the data center resources where policies define how communication occurs between workloads or zones. This provides the capability to isolate each workload individually on the network and apply a set of policies relevant to that specific workload.

Whereas traditional VLAN segmentation does little to protect adjacent workloads on the same VLAN segment, vArmour DSS provides microsegmentation capability such that each workload regardless of VLAN can be encapsulated and protected. This is tremendously valuable in decreasing the impact of lateral network attacks. Workloads can be grouped by security, compliance, or other requirements as determined by the organization’s Governance Risk Compliance (GRC) program.

Implementation of vArmour DSS does not require significant modifications or re-architecture of existing virtualization infrastructures. This significantly shortens the time to implement this network and security system into existing environments. Security is automated, provisioned and orchestrated through APIs to fit easily into existing cloud architectures. Moreover, vArmour DSS’s extensible architecture provides scalable security across private and public cloud infrastructures. Finally, the distributed nature of vArmour DSS improves performance over traditional approaches, allowing network traffic to remain closer to the workloads without having to route through a physical central security appliance.

A white paper describing the technical assessment by Coalfire on vArmour DSS Distributed Security System for network segmentation in virtualized and cloud environments for PCI 3.2 can be found here.

Register today for the upcoming vArmour and Coalfire webinar on December 8, 2016 at 10am PT to learn more about how software-based segmentation and microsegmentation can help organizations adhere to PCI 3.2 requirements in data center and cloud environments.

About Coalfire

Coalfire is the trusted leader in cybersecurity risk management and compliance services. Coalfire integrates advisory and technical assessments and recommendations to the corporate directors, executives, boards, and IT organizations for global brands and organizations in the technology, cloud, healthcare, retail, payments, and financial industries. Coalfire’s approach addresses each businesses’ specific vulnerability challenges, developing a long-term strategy to prevent security breaches and data theft. Coalfire has offices throughout the United States and Europe.

About vArmour

vArmour, the data center and cloud security company, delivers software-based segmentation and microsegmentation to protect critical applications and workloads with the industry’s first distributed security system. Based in Mountain View, CA, the company was founded in 2011 and is backed by top investors including Highland Capital Partners, Menlo Ventures, Columbus Nova Technology Partners, Work-Bench Ventures, Allegis Capital, Redline Capital, and Telstra. The vArmour DSS Distributed Security System is deployed across the world’s largest banks, telecom service providers, government agencies, healthcare providers, and retailers. Partnering with companies including AWS, Cisco, HPE and VMware, vArmour builds security into modern infrastructures with a simple and scalable approach that drives unparalleled agility and operational efficiency. Learn more at