Application Discovery
Uncover the actual application behaviors taking place across your data center
Accurate security policies require an accurate
understanding of application behaviors

Being able to create policies that will not only protect applications, but also not get in the way of the application functioning as intended is a significant challenge facing any organization wanting to adopt tighter data center or cloud security. Arguably the two biggest hurdles to overcome in this process are 1) obtaining full visibility into the communications taking place across the infrastructure, and 2) making sense of the huge volume of observed traffic once it’s available.

In order to fully understand how an application is functioning, which workloads and protocols are involved, and what dependencies exist, a complete picture of the traffic is required. This is easier said than done however. The typical blind spots of intra-hypervisor, intra-subnet, and intra-VLAN traffic can derail efforts to understand application traffic even before they begin. Moreover, many monitoring solutions only provide a sampled view of the traffic, which makes creating accurate policies challenging if not impossible.


The vArmour Solution

Built on vArmour’s patented DSS Distributed Security System, vArmour Policy Architect provides security and infrastructure practitioners with the necessary data and tooling to accelerate application discovery and policy creation within a flexible and intelligent framework. By taking a data-driven approach to application discovery and policy modeling, vArmour Policy Architect enables organizations to have a complete view of how their applications and users are behaving and deploy flexible policy templates to reduce exposed attack surfaces, regardless of location or underlying infrastructure.

Full Layer 7 Visibility

Due to its unique place in the infrastructure, the vArmour DSS Distributed Security System delivers accelerated understanding of application behaviors with complete Layer 7 visibility across the entire data center and cloud. Monitoring traffic directly adjacent to each workload, the previous blind spots of hypervisors, subnets, and VLANs are no longer an issue and the complete picture of data center and cloud traffic is easily accessible.

Complete Traffic Visualization Tools

The vArmour DSS provides tools for flexibly inspecting, reporting on, and visualizing data center traffic flows, enabling the identification and understanding of application behaviors and dependencies. With this complete picture of data center and cloud traffic, the creation of close-fit security policies that reduce attack surfaces while also ensuring the continued operation of each application comes within reach.

Template-based Policy Creation

Once a complete picture of the data center and cloud traffic is available, creating policies that closely fit each application can be a time consuming and tedious effort. For this reason vArmour provides a template-based approach to policy creation which intelligently fits policy structures to observed traffic and then validates that the created policies will not interfere with the proper operation of the applications. What was previously complex, error prone, and time consuming is now painless, accurate, and streamlined.

Figure: Application discovery and policy creation with vArmour Policy Architect

Benefits
  • Visualize true application behaviors with the most complete picture of Layer 7 data center and cloud communications available today
  • Guided policy creation leveraging templatized, intent-based policies with integrated validation and efficacy metrics
  • Intelligent policy structures to ensure that as applications and data center infrastructures grow and evolve, that security policies easily expand to meet the new requirements