More and more, the IT and InfoSec leaders we work with are realizing the need to move away from perimeter-centric, hardware-based security models that aren’t sufficient to address the trillions of dollars of cybercrimes festering inside virtual data center and cloud environments today. In short, we all know that the bad guys are going to get in, but once they’re in, how can you see and stop them before they take control of your critical systems? No firewall can help you there.
Micro-segmentation combined with continuous monitoring has emerged as a key strategy for protecting assets inside virtualized data center and cloud environments. Organizations can segment off their most sensitive data, like patient and financial records, by wrapping security controls around each of these workloads. We and others believe application-aware micro-segmentation with advanced security analytics is the logical place that efforts will go first for cloud security because it gives organizations the ability to see and stop threats at a deeper level than ever before.
Companies around the world come to us with specific projects that require micro-segmentation - from baking security into their modern data center to reducing threat risks for an upcoming audit. And while their need for micro-segmentation is real, the various messages in the marketplace make it hard to differentiate between the technical approaches to implementation. Unfortunately, this can mask the fact that many existing offerings are insufficient and costly… and far from the fast and easy IT delivery model that AWS and others are promoting.
Still, according to new research, 55% of organizations are already attempting some kind of micro-segmentation and 37% are planning to deploy some version of micro-segmentation in the next 6-12 months because they cannot afford to leave themselves open to laterally-moving threats (ESG Group, 2015).
So it’s time to make things clear: you may have heard a pitch or two, but not all micro-segmentation is created equal. It’s important to know your options and differences between approaches before investing your valuable time and security budget. Some tactics require complex network reconfigurations and hundreds of pages of manuals to read in order to get up and running, while others cannot see or deal with application-level threats proactively.
At vArmour, we believe micro-segmentation must be simple, integrated, and economical. Today, we announced the latest version of the vArmour DSS Distributed Security System to deliver application-aware micro-segmentation that can be deployed in minutes, to provide clearer visibility of all your application and user behaviors, better control, and an easier way to see and then stop advanced persistent threats with one-click policies across your virtual data center and cloud environment. See for yourself in our demo video:
It’s Simple: You can deploy in minutes, not months. Now, customers need just 30 minutes and 3 easy steps to protect their most critical assets - no more waiting around for security to catch up with your business needs or special certifications before you start; security is right there with every workload you deploy.
It’s Integrated: Integration means speed. Built-in security analytics as part of DSS provide one-click threat detection-to-quarantine. DSS can give you application-layer visibility of your entire network in 15 minutes that could take a security analyst hours of tedious investigation through multiple silo’d tools to accomplish.
It’s Economical: Cut millions in hardware spend. Gone are the days of expensive hardware on the shelf, of hearing “we can’t do that” because that zone of the network is at capacity, or “we’ll have to wait till the next hardware refresh.” DSS offers you a single, pay-as-you-grow, software-based system for both threat detection and remediation - no specialized hardware or software required.
Our customers around the world are already experiencing the peace of mind that comes from knowing they can move quickly to see and stop threats in their cloud environments on-premises and off, exponentially reducing detection and remediation times while saving lots of money along the way.