vArmour DSS Distributed Security System

Software-based Segmentation & Microsegmentation
Logically separate workloads based on security requirements
- abstracted from the network and infrastructure
Read the Data Sheet
Network segmentation has long been a security best practice, based on hardware-bound zones of firewalls and/or VLANs inside the data center. These segmentation technologies remain rigid, complex, and slow to change, even though the data centers they are protecting have become dynamic, fast, and integrated with cloud services. vArmour’s all-software segmentation and microsegmentation security services offer a simple, scalable and cost-effective way to secure workloads and applications across physical, virtual, and cloud infrastructures.

Why Use Segmentation and Microsegmentation?

Reduce Attack Surfaces
Drastically reduce the number of entry points to critical assets and the attack surfaces by restricting communication between authorized systems with application and stateful controls that limit the opportunity for lateral spread.
Improve Compliance Faster
Separate regulated workloads from non-regulated, to meet standards for in-scope assets of PCI, HIPAA, GDPR, FFIEC, SOX and more – without relying on hardware-bound zones as the primary policy construct for compliance.
Become Operationally Efficient
Simplify and consolidate IT through commingling of resources with different security requirements on the same shared infrastructure - whether by data state (test/dev/prod), application tier (web/application/database), or any way that aligns to your business.

Layer 7, Stateful security controls

  • Global, application-layer security policies are independent of network topology and infrastructure, so they can maintain state, no matter where workloads travel (including live migration - such as vMotion - events)
  • Microsegmentation capabilities are accompanied by continuous monitoring of 100% of network, application and user traffic - not traffic sampling or basic reports provided by firewalls
  • Proactive threat mitigation using redirection to built-in cyber deception capabilities that go beyond simple allow and deny actions

High-performance protection at scale

  • Advanced security policies up to Layer 7 can inspect and protect all application traffic at scale, up to 10 Tbps of throughput
  • API-driven architecture can scale up or down on-demand to match infrastructure utilization demands, without security gaps
  • Single point of policy management for every workload and application, with updates pushed automatically across the entire virtualized data center and cloud

Simple to deploy and use

  • After the initial 15-minute installation, deploy application-aware microsegmentation from a single product in an hour, not weeks or months
  • Built all in software, vArmour is infrastructure-independent and requires limited network reconfiguration to deploy and manage security policy ongoing, unlike hardware-dependent appliances with high operational overhead
  • Full security inspection and enforcement of Layer 4-7 traffic in a single distributed system, no complex service-chaining between multiple products required

vArmour's Winning Approach

Application aware segmentation and microsegmentation are key to securing workloads, reducing attack surface and meeting regulatory compliance. There are a few different ways to achieve this goal. Here is a comparative view of three mainstream approaches.

3 approaches for segmenting 4,000 workloads

option 1



4 X
720 Gbps

option 2

Virtuaized NGFW


5 X
200 Gbps

option 3

Distributed Security System

1 X
2,000 Gbps

How to get started

The quickest way to learn about vArmour DSS is to try it for yourself with our free trial. It’s a 100% software download that can be installed in under an hour to provide application visibility, application dependency mapping, and policy creation and optimization for your network.

varmour awards