Application Discovery
Uncover the actual application behaviors taking place across your data center
Accurate security policies require an accurate understanding of application behaviors

Being able to create policies that will not only protect applications, but also not get in the way of the applications functioning as intended is a significant challenge facing any organization wanting to adopt tighter data center or cloud security. Arguably the two biggest hurdles to overcome in this process are: 1. obtaining full visibility into the communications taking place across the infrastructure, and 2. making sense of the huge volume of observed traffic once it’s available.

In order to fully understand how an application is functioning, which workloads and protocols are involved, and what dependencies exist, a complete picture of the traffic is required. This is easier said than done however. The typical blind spots of intra-hypervisor, intra-subnet, and intra-VLAN traffic can derail efforts to understand application traffic even before they begin. Moreover, many monitoring solutions only provide a sampled view of the traffic, which makes creating accurate policies challenging if not impossible.


The vArmour Solution

vArmour designed the industry’s first distributed security system built entirely in software with highly programmable APIs that provide unparalleled visibility into all data center and cloud communications for clear and accurate application discovery. vArmour enables application owners and operators to embed security functions within each workload so that security policies travel with the workloads regardless of location or underlying infrastructure.

Full Layer 7 Visibility

Due to its unique place in the infrastructure, the vArmour DSS Distributed Security System delivers complete Layer 7 visibility across the entire data center and cloud. Monitoring traffic directly adjacent to each workload, the previous blind spots of hypervisors, subnets, and VLANs are no longer an issue and the complete picture of data center and cloud traffic is easily accessible.

Traffic Visualization Tools

The vArmour DSS provides tools for inspecting, reporting on, and visualizing data center traffic flows, enabling the identification and understanding of application behaviors and dependencies. With this complete picture of data center and cloud traffic, the creation of close-fit security policies that reduce attack surfaces while also ensuring the continued operation of each application comes within reach.

Template-based Policy Creation

Once a complete picture of the data center and cloud traffic is available, creating policies that closely fit each application can be a time consuming and tedious effort. For this reason vArmour provides a template-based approach to policy creation which systematically fits policy structures to observed traffic and then validates that the created policies will not interfere with the proper operation of the applications. What was previously complex, error prone, and time consuming is now painless, accurate, and streamlined.

Figure: vArmour application discovery and policy creation

Benefits
  • Data-driven segmentation based on the real Layer 7 traffic observed across the data center and cloud
  • Streamlined policy creation leveraging templatized, intent-based policies with rigorous validation and efficacy metrics
  • Scalable policy creation to ensure that as data center and cloud infrastructures grow and evolve, that the security policies easily expand to meet the new requirements