Information Security

Distributed Security System

Deep insight and control for multi-clouds

vArmour is the industry’s first distributed security system that provides application-aware micro-segmentation with advanced security analytics. Built in software, vArmour DSS Distributed Security System is architected to scale security across multi-clouds with deep insight and control of individual workloads. With its patented application-aware micro-segmentation capabilities, vArmour DSS moves security controls that were traditionally at the perimeter down next to each asset, wrapping fine-grained protection around every workload, regardless of where it resides. Workload-level visibility and control of inbound, outbound, and lateral traffic patterns from vArmour DSS helps organizations detect and prevent application misuse, policy violations, and advanced persistent threats across complex multi-cloud environments from a single system.

vArmour DSS in action

  • Screen Shot 2016-02-29 at 4.24.01 PM

    Network Visibility -A Gain fine-grained Layer 7 visibility of all workload communications, even within the same hypervisor, that traditional perimeter security solutions cannot see.

  • Screen Shot 2016-02-29 at 4.28.26 PM

    APT Prevention –Continuously monitor all data center traffic patterns to identify suspicious or anomalous behaviors as well as the capability to divide the extensive data center environment into smaller, more protected zones or segments to reduce attack surfaces all from one single system.

  • Screen Shot 2016-02-29 at 5.00.40 PM

    Broad Security Across Multi-Clouds – Secure workloads across multi-clouds (both private and public) by enabling organizations to extend and apply their own consistent, global policies and auditing across cloud vendors.

  • Screen Shot 2016-02-29 at 8.00.46 PM

    Environmental Separation – Segment workload and application communications based on environmental conditions even on the same shared infrastructure whether isolating assets based on production versus non-production or by application tiers (web, application, database).

  • Screen Shot 2016-02-29 at 8.08.23 PM

    Compliance Assurance – Segregate regulated and non-regulated data on the same shared infrastructure to adhere to compliance mandates in any industry.

  • Screen Shot 2016-02-29 at 8.08.55 PM

    Rapid Breach Detection and Forensic Investigations – Garner context-aware security intelligence to detect anomalous or malicious activity by quickly determining what machines, systems, and resources are involved in an attack, reducing forensic investigation time from days to minutes, and then systematically quarantining those workloads.

Architecture

vArmour DSS Distributed Security System is comprised of distributed sensors that are connected by an intelligent fabric and managed as a single, logical entity no individual agents or single-instance policies to manage. vArmour DSS consists of three primary components: vArmour Fabric, vArmour Analytics, and vArmour SharedDefense.

varmour architcetire

A vArmour Fabric

is connected together as one logical system that deploys inline distributed sensors to perform deep packet inspection of all workload traffic, baseline normal workload communication patterns across sensors, and enforce security policies. With ne-grained protection next to each asset, vArmour isolates every workload and its communication within and between hypervisors, instances, and everything else on the network. As traffic passes through the Fabric, it provides:

  • Deep packet inspection that generates detailed Layer 7 metadata that feed vArmour Analytics as well as other third party visibility tools, such as SIEM, for contextual insight into all
    workload communications.
  • A single point of policy management that controls every intra- application interaction—no siloed tools to correlate.
  • Distributed security processing that easily scales to meet application demand, minimizing the consumption of infrastructure resources.
  • Inline enforcement of policies through micro-segmentation to take swift action when malicious behaviors are detected in vArmour Analytics.

vArmour Analytics

provides visualizations into all workload tra c collected by the Fabric. These tra c patterns are analyzed to detect and alert on suspicious and potential threats. Analytics provide users with insights to deploy policy changes based on unexpected application or workload behaviors. These policies are implemented and enforced throughout the multi-cloud environment via the Fabric. Analytics provides:

  • Continuous monitoring across networks, applications, workloads, and users for end-to-end visibility.
  • Out-of-the-box and custom trend visualizations to determine overall security posture.
  • Drill-downs into specific behaviors of workloads or users for further investigation.
  • Highly detailed historical views of all network tra c activity for a given period of time.
  • Customizable dashboards that can be tailored to each Analytics user’s preferred view from graphs to tables to correlate a wide range of data (including source and destination IPs, application/ workload details, and geo trends).
  • Custom alerting for rapid investigation and response to compromised workloads.

vArmour SharedDefense

is an opt-in hosted service that continually updates vArmour DSS with a global view of security events, behavioral anomalies, threat characteristics, and laterally-moving threats across customer environments. With SharedDefense, vArmour threat analysts associate intelligence from vArmour research and customers to recommend areas of risk that should be addressed. SharedDefense provides:

  • Analysis and detection of current threats to keep vArmour DSS customers protected.
  • Smarter insights to update policy to prevent advanced attacks.
  • Federated threat detection across vArmour customers in similar regions and more.

Key Features

    vArmour DSS is a software-only solution, built speci cally for virtualized and multi-cloud environments, that implements a single logical system comprised of multiple, autonomous sensors. These sensors are connected through the vArmour Fabric, which then shares information and context across the system, unlike agents or network overlays, which cannot. Security processing is dynamically distributed across the vArmour Fabric for greater system performance and without reliance on load balancers.

    Full deep packet inspection is conducted on all tra c, no packet sampling, up to Layer 7 with deep understanding of application context and interactions. With integration into user directories and metadata repositories, organizations can visualize relationships of users and applications for inter-hypervisor and workload-to-workload tra c across clouds.

    vArmour’s application-aware micro-segmentation can be deployed in three simple steps and in less than 30 minutes without requiring complex network overlays, service-chaining, or deploying of resource-intensive components. Controls are placed next to each workload and are independent of the workload itself. vArmour DSS o ers the exibility of providing both zone-based and workload-level segmentation on any underlying infrastructure, so organizations have the freedom to segment workloads in any heterogeneous cloud environment.

    Visibility and detection solutions are typically not enough to swiftly stop modern attacks. vArmour DSS is an integrated system that not only provides the ability to spot threats and analyze the attack steps as part of the kill chain, but it can also stop the current threat and prevent new attacks or reinfections of compromised systems. With vArmour DSS, organizations can readily update policies based on malicious behaviors identified in the environment, which are then enforced across the vArmour Fabric.

    With application-layer visibility, vArmour DSS correlates contextual information in real-time from the vArmour Fabric to better detect patterns of abuse and misuse, without dependencies on signatures. With sophisticated threat analytics, organizations can detect a compromised workload and the lateral spread of the attack whether it’s an APT, malware or an insider threat and can easily nd the entry point and full spread of the breach.

    Since security is decoupled and independent from the underlying infrastructure, vArmour DSS o ers a software-based, extensible architecture that can auto-scale with workloads and applications everywhere and anywhere they reside on-premises using VMware, Nutanix, or OpenStack KVM, or o -premises in Amazon Web Services. With native support for live migration using VMware vMotion and OpenStack KVM, security policy automatically travels with the workload and application without disruption.

    Unlike traditional perimeter solutions, vArmour DSS provides a single point of policy management and control that scales within clouds and infrastructure providers, eliminating security silos while lowering the cost and complexity of security management. Additionally, security controls are automatically provisioned to new applications and workloads, removing the need to manually write new policies as new workloads are provisioned. Full featured JSON/REST APIs makes vArmour DSS integrate seamlessly with third party orchestration and automation systems.