Industry’s First Distributed Security SystemBuilt for the Multi-Cloud World.

vArmour DSS Distributed Security System was built from the ground-up to scale security across multi-cloud environments. Distributed sensors are connected by an intelligent fabric and managed as a single, logical entity – no individual agents or single-instance policies to manage. By moving security controls from the perimeter down next to each workload, vArmour provides deep, Layer 7 visibility and global policy management across private and public cloud infrastructures.

Download Whitepaper

vArmour Distributed Security System

Architecture

broad

Extensible architecture provides scalable security across private and public cloud infrastructure

deep

Contextual visibility and control of application traffic from Layer 2 to Layer 7

control

Micro-segment every workload to prevent and stop unwanted behaviors with inline policies

vArmour DSS

Architecture

vArmour DSS is a distributed, software-driven security solution that consists of three primary components: vArmour Fabric, vArmour SharedDefense, and vArmour Analytics.

Fabric

Analytics

SharedDefense

vArmour Fabric is connected together as one logical software system that deploys inline distributed sensors to perform deep packet inspection of all data center traffic, enforce application-layer security policies, and transparently route traffic to deception services. With fine-grained security controls next to each workload, vArmour micro-segments every communication within and between workloads on the same subnet, same VLAN, or same hypervisor. As traffic passes through the Fabric, it provides:

  • Detailed Layer 7 metadata with customizable fields that feed vArmour Analytics as well as other third party visibility tools, such as SIEM, for contextual insight into all network, application, and user traffic
  • A single point of security policy and deception management that controls every intra-application communication - no siloed hardware appliances to correlate and synchronize
  • Distributed security processing that spins up additional sensors instantaneously to meet application demand, scaling out on-demand and minimizing the consumption of infrastructure resources
  • Inline enforcement of application-layer security policies, to take swift action when malicious behaviors are detected
  • Seamless integration of deception services to lure and identify attackers using an extremely small IT resource footprint

vArmour SharedDefense is a vArmour-hosted service that continually updates vArmour DSS with a global view of security events, behavioral anomalies, threat characteristics, and laterally-moving threats across customer environments. With SharedDefense, vArmour threat analysts associate intelligence from third party sources, vArmour research, and customers to recommend areas of risk that should be addressed. SharedDefense provides:

  • Analysis and detection of current threats to keep vArmour DSS up-to-date
  • Smarter insights to update policy changes to stop or prevent certain advanced attacks
  • Federated threat detection across customers in similar verticals, regions, and more

vArmour Analytics provides visualizations into all workload traffic collected by the Fabric. These traffic patterns are analyzed to detect and alert on potential threats. Analytics provide users with insights to inform policy changes based on unexpected application behaviors. These policies are implemented and enforced throughout the multi-cloud environment via the Fabric. Analytics provides:

  • Continuous monitoring across networks, applications, workloads, and users for end-to-end visibility
  • Out-of-the-box and custom trend visualizations to determine overall security posture
  • Drill-downs into specific behaviors of workloads or users for further investigation
  • Customizable dashboards that can be tailored to each Analytics user’s preferred view, from graphs to tables, to correlate a wide range of data (including source and destination IPs, application/workload details, and geo trends)
  • Custom alerting for rapid investigation and response to compromised workloads

Key Design Principles for Distributed Security

vArmour DSS was designed for the modern data center that is software-driven and built on a range of infrastructures. vArmour DSS architecture leverages these key design principles for today’s multi-clouds.

extensible Security is automated, provisioned, and orchestrated through APIs to fit easily into existing cloud architectures.
Scalable Security scales horizontally, expanding elastically based on demand.
independent Security protects every workload independent of the underlying infrastructure.
actionable Security enforces business policies, detects advanced attackers, and then takes swift action.

Multi-Cloud Security Architecture

vArmour DSS leads organizations on their path to building a multi-cloud security architecture. vArmour, with our ecosystem of partners, provides customers an API-based security system that operates effectively and efficiently in multi-cloud environments.

Watch On-Demand Webinar