vArmour's Winning Approach

Application aware segmentation and microsegmentation are key to securing workloads, reducing attack surface and meeting regulatory compliance. There are a few different ways to achieve this goal. Here is a comparative view of three mainstream approaches.

3 approaches for segmenting 4,000 workloads

option 1

NGFW

Hardware

complexity
20 APPLIANCES
cost
4 X
scale
720 Gbps
Image

option 2

VIRTUALIZED NGFW

+ SDN

complexity
200 APPLIANCES
cost
5 X
scale
200 Gbps
Image

option 3

Distributed Security System

complexity
1 SYSTEM
cost
1 X
scale
2,000 Gbps
Image
Uncovering
the Full depth of
Layer 7 Data
As both the frequency and severity of cyber attacks continue to increase, the need for better security visibility and control across the data center and cloud is becoming even more critical.  Although the information and capabilities provided by Layer 4 data are generally well understood, the leap in capabilities provided by full Layer 7 data is only now being fully realized.
More About Layer 7 Download Full Layer 7 Infographic
  • Allow/disallow traffic on predefined ports
  • Coarse-grained policy zoning
  • Coarse-grained traffic logging
  • Create policies based on IP address
  • Identify workload misconfigurations
  • Understand complex application dependencies
  • Uncover true source IPs with X-Forwarded headers
  • Understand how applications and users are behaving
  • Create policies based on activity
  • Extract user information
  • Identify protocol misuse
  • Audit for disallowed applications or operating systems
  • Ascertain host operating system types
  • Know which traffic is encrypted