Logically separate workloads based on security requirements - without redesigning the network
Network segmentation has long been a security best practice, based on hardware-bound zones of firewalls and/or VLANs inside the data center. These segmentation technologies remain rigid, complex, and slow to change, even though the data centers they are protecting have become dynamic, fast, and simple. vArmour’s all-software distributed security system offers a simple, scalable and application-aware segmentation solution to secure workloads and applications across physical, virtual, and cloud infrastructures.
Why Use Segmentation?
Improve Compliance Faster
Separate regulated versus non-regulated workloads to meet standards for in-scope assets of HIPAA, PCI, and more – without relying on hardware-bound zones as the primary policy construct for compliance.
Drastically reduce the number of entry points to critical assets and attack surfaces by restricting communication between authorized systems with application and stateful controls.
Become Operationally Efficient
Simplify and consolidate IT through commingling of resources with different security requirements on the same shared infrastructure - whether by data state (test/dev/prod), application tier (web/application/database), or any way that aligns to your business.
Stateful security policy
- Global, application-layer security policies are independent of network topology, so they can maintain state, no matter where workloads travel (including live migration - such as vMotion - events)
- Micro-segmentation capabilities are accompanied by continuous monitoring of 100% of network, application and user traffic - not traffic sampling or basic reports provided by firewalls
- vArmour Analytics information is used to define and update appropriate security policies, based on application dependencies and any suspicious behaviors
- If an attacker is detected in vArmour Analytics, use micro-segmentation to click-to-quarantine the activity for further investigation and prevent lateral spread
High-performance protection at scale
- Advanced security policies up to Layer 7 can inspect and protect all application traffic at scale, up to 10 Gbps of throughput, versus leading vendors that max out at 1 Gbps
- API-driven architecture can scale up or down on-demand to match infrastructure utilization demands, without security gaps
- Single point of policy management for every workload and application, with updates pushed automatically across the entire virtualized data center and cloud
Simple to deploy and use
- After the initial 15-minute installation, deploy application-aware micro-segmentation from a single product in an hour, not weeks or months
- Built all in software, vArmour is infrastructure-independent and requires limited network reconfiguration to deploy and manage security policy ongoing, unlike hardware-dependent appliances with high operational overhead
- Full security inspection and enforcement of Layer 4-7 traffic in a single distributed system, no complex service-chaining between multiple products required
“vArmour allows us not only to get that baseline and see what’s happening within the network, but then it also allows us to take action and then create policy based on those actions, so they happen automatically going forward.”