Logically separate workloads based on security requirements - without redesigning the network
Network segmentation has long been a security best practice, based on hardware-bound zones of firewalls and/or VLANs inside the data center. These segmentation technologies remain rigid, complex, and slow to change, even though the data centers they are protecting have become dynamic, fast, and simple. vArmour’s all-software distributed security system offers a solution with operational and performance-efficient separation, including micro-segmentation capabilities, across shared cloud infrastructure.
Why Use Segmentation?
Improve Compliance Faster
Separate regulated versus non-regulated workloads to meet standards for in-scope assets of HIPAA, PCI, and more – without relying on hardware-bound zones as the primary policy construct for compliance.
Reduce Attack Surfaces
Drastically reduce the number of entry points an attacker has to compromise by locking down east-west communications to only those required by the application, limiting the opportunity for lateral spread.
Achieve advanced environmental separation by data state (test/dev/prod), application tier (web/application/database), or business units (HR/finance) on a single shared resource pool.
Stateful security policy
- Global, application-layer security policies are independent of network topology, so they can maintain state, no matter where workloads travel (including live migration - such as vMotion - events)
- Micro-segmentation capabilities are accompanied by continuous monitoring of 100% of network, application and user traffic - not traffic sampling or basic reports provided by firewalls
- vArmour Analytics information is used to define and update appropriate security policies, based on application dependencies and any suspicious behaviors
- If an attacker is detected in vArmour Analytics, use micro-segmentation to click-to-quarantine the activity for further investigation and prevent lateral spread
High-performance protection at scale
- Advanced security policies up to Layer 7 can inspect and protect all application traffic at scale, up to 10 Gbps of throughput, versus leading vendors that max out at 1 Gbps
- API-driven architecture can scale up or down on-demand to match infrastructure utilization demands, without security gaps
- Single point of policy management for every workload and application, with updates pushed automatically across the entire virtualized data center and cloud
Simple to deploy and use
- After the initial 15-minute installation, deploy application-aware micro-segmentation from a single product in an hour, not weeks or months
- Built all in software, vArmour is infrastructure-independent and requires limited network reconfiguration to deploy and manage security policy ongoing, unlike hardware-dependent appliances with high operational overhead
- Full security inspection and enforcement of Layer 4-7 traffic in a single distributed system, no complex service-chaining between multiple products required
“vArmour allows us not only to get that baseline and see what’s happening within the network, but then it also allows us to take action and then create policy based on those actions, so they happen automatically going forward.”