The Industry’s First Distributed Security SystemBuilt for the Multi-Cloud World.

The vArmour DSS Distributed Security System was built from the ground-up to scale security across multi-cloud environments. Distributed sensors are connected by an intelligent fabric and managed as a single, logical entity – no individual agents or single-instance policies to manage. By moving security controls from the perimeter down next to each workload, vArmour provides deep, Layer 7 visibility and global policy management across physical, virtual, and cloud infrastructures.

Download Whitepaper

Modern Security
Architecture Principles
Extensible
Security is automated, provisioned, orchestrated through APIs to fit easily into existing physical and cloud infrastructures
Scalable
Security scales horizontally, protecting 1 to 100,000 workloads instantly
Independent
Security protecting every workload with broad environment support and independent of the underlying infrastructure
Actionable
Security has deep application context to identify risks and take swift action

vArmour DSS

Architecture

vArmour DSS is a platform of integrated security services including software-based segmentation, application-aware monitoring, and cyber deception. The three primary components include: vArmour Fabric, vArmour Analytics and vArmour SharedDefense.

Fabric

Analytics

SharedDefense

vArmour Fabric is connected together as one logical software system that deploys inline distributed sensors to perform deep packet inspection of all data center traffic, enforce application-layer security policies, and transparently route traffic to deception services. With fine-grained security controls next to each workload, vArmour micro-segments every communication within and between workloads on the same subnet, same VLAN, or same hypervisor. As traffic passes through the Fabric, it provides:

  • Detailed Layer 7 metadata with customizable fields that feed vArmour Analytics as well as other third party visibility tools, such as SIEM, for contextual insight into all network, application, and user traffic
  • A single point of security policy and deception management that controls every intra-application communication - no siloed hardware appliances to correlate and synchronize
  • Distributed security processing that spins up additional sensors instantaneously to meet application demand, scaling out on-demand and minimizing the consumption of infrastructure resources
  • Inline enforcement of application-layer security policies, to take swift action when malicious behaviors are detected
  • Seamless integration of deception services to lure and identify attackers using an extremely small IT resource footprint

vArmour SharedDefense is a vArmour-hosted service that continually updates vArmour DSS with a global view of security events, behavioral anomalies, threat characteristics, and laterally-moving threats across customer environments. With SharedDefense, vArmour threat analysts associate intelligence from third party sources, vArmour research, and customers to recommend areas of risk that should be addressed. SharedDefense provides:

  • Analysis and detection of current threats to keep vArmour DSS up-to-date
  • Smarter insights to update policy changes to stop or prevent certain advanced attacks
  • Federated threat detection across customers in similar verticals, regions, and more

vArmour Analytics provides visualizations into all workload traffic collected by the Fabric. These traffic patterns are analyzed to detect and alert on potential threats. Analytics provide users with insights to inform policy changes based on unexpected application behaviors. These policies are implemented and enforced throughout the multi-cloud environment via the Fabric. Analytics provides:

  • Continuous monitoring across networks, applications, workloads, and users for end-to-end visibility
  • Out-of-the-box and custom trend visualizations to determine overall security posture
  • Drill-downs into specific behaviors of workloads or users for further investigation
  • Customizable dashboards that can be tailored to each Analytics user’s preferred view, from graphs to tables, to correlate a wide range of data (including source and destination IPs, application/workload details, and geo trends)
  • Custom alerting for rapid investigation and response to compromised workloads

Multi-Cloud Security Architecture

vArmour DSS leads organizations on their path to building a multi-cloud security architecture. vArmour, with our ecosystem of partners, provides customers an API-based security system that operates effectively and efficiently in multi-cloud environments. Get started by watching vArmour CTO Marc Woolward as he outlines the pathway to multi-cloud security.

Watch Webinar