vArmour is the industry’s first distributed security system that provides application-aware micro-segmentation with advanced security analytics. Built in software, vArmour DSS Distributed Security System is architected to scale security across multi-clouds with deep insight and control of individual workloads. With its patented application-aware micro-segmentation capabilities, vArmour DSS moves security controls that were traditionally at the perimeter down next to each asset, wrapping fine-grained protection around every workload, regardless of where it resides. Workload-level visibility and control of inbound, outbound, and lateral traffic patterns from vArmour DSS helps organizations detect and prevent application misuse, policy violations, and advanced persistent threats across complex multi-cloud environments from a single system.
Network Visibility -A Gain fine-grained Layer 7 visibility of all workload communications, even within the same hypervisor, that traditional perimeter security solutions cannot see.
APT Prevention –Continuously monitor all data center traffic patterns to identify suspicious or anomalous behaviors as well as the capability to divide the extensive data center environment into smaller, more protected zones or segments to reduce attack surfaces all from one single system.
Broad Security Across Multi-Clouds – Secure workloads across multi-clouds (both private and public) by enabling organizations to extend and apply their own consistent, global policies and auditing across cloud vendors.
Environmental Separation – Segment workload and application communications based on environmental conditions even on the same shared infrastructure whether isolating assets based on production versus non-production or by application tiers (web, application, database).
Compliance Assurance – Segregate regulated and non-regulated data on the same shared infrastructure to adhere to compliance mandates in any industry.
Rapid Breach Detection and Forensic Investigations – Garner context-aware security intelligence to detect anomalous or malicious activity by quickly determining what machines, systems, and resources are involved in an attack, reducing forensic investigation time from days to minutes, and then systematically quarantining those workloads.
vArmour DSS Distributed Security System is comprised of distributed sensors that are connected by an intelligent fabric and managed as a single, logical entity no individual agents or single-instance policies to manage. vArmour DSS consists of three primary components: vArmour Fabric, vArmour Analytics, and vArmour SharedDefense.
is connected together as one logical system that deploys inline distributed sensors to perform deep packet inspection of all workload traffic, baseline normal workload communication patterns across sensors, and enforce security policies. With ne-grained protection next to each asset, vArmour isolates every workload and its communication within and between hypervisors, instances, and everything else on the network. As traffic passes through the Fabric, it provides:
provides visualizations into all workload tra c collected by the Fabric. These tra c patterns are analyzed to detect and alert on suspicious and potential threats. Analytics provide users with insights to deploy policy changes based on unexpected application or workload behaviors. These policies are implemented and enforced throughout the multi-cloud environment via the Fabric. Analytics provides:
is an opt-in hosted service that continually updates vArmour DSS with a global view of security events, behavioral anomalies, threat characteristics, and laterally-moving threats across customer environments. With SharedDefense, vArmour threat analysts associate intelligence from vArmour research and customers to recommend areas of risk that should be addressed. SharedDefense provides:
vArmour DSS is a software-only solution, built speci cally for virtualized and multi-cloud environments, that implements a single logical system comprised of multiple, autonomous sensors. These sensors are connected through the vArmour Fabric, which then shares information and context across the system, unlike agents or network overlays, which cannot. Security processing is dynamically distributed across the vArmour Fabric for greater system performance and without reliance on load balancers.
Full deep packet inspection is conducted on all tra c, no packet sampling, up to Layer 7 with deep understanding of application context and interactions. With integration into user directories and metadata repositories, organizations can visualize relationships of users and applications for inter-hypervisor and workload-to-workload tra c across clouds.
vArmour’s application-aware micro-segmentation can be deployed in three simple steps and in less than 30 minutes without requiring complex network overlays, service-chaining, or deploying of resource-intensive components. Controls are placed next to each workload and are independent of the workload itself. vArmour DSS o ers the exibility of providing both zone-based and workload-level segmentation on any underlying infrastructure, so organizations have the freedom to segment workloads in any heterogeneous cloud environment.
Visibility and detection solutions are typically not enough to swiftly stop modern attacks. vArmour DSS is an integrated system that not only provides the ability to spot threats and analyze the attack steps as part of the kill chain, but it can also stop the current threat and prevent new attacks or reinfections of compromised systems. With vArmour DSS, organizations can readily update policies based on malicious behaviors identified in the environment, which are then enforced across the vArmour Fabric.
With application-layer visibility, vArmour DSS correlates contextual information in real-time from the vArmour Fabric to better detect patterns of abuse and misuse, without dependencies on signatures. With sophisticated threat analytics, organizations can detect a compromised workload and the lateral spread of the attack whether it’s an APT, malware or an insider threat and can easily nd the entry point and full spread of the breach.
Since security is decoupled and independent from the underlying infrastructure, vArmour DSS o ers a software-based, extensible architecture that can auto-scale with workloads and applications everywhere and anywhere they reside on-premises using VMware, Nutanix, or OpenStack KVM, or o -premises in Amazon Web Services. With native support for live migration using VMware vMotion and OpenStack KVM, security policy automatically travels with the workload and application without disruption.
Unlike traditional perimeter solutions, vArmour DSS provides a single point of policy management and control that scales within clouds and infrastructure providers, eliminating security silos while lowering the cost and complexity of security management. Additionally, security controls are automatically provisioned to new applications and workloads, removing the need to manually write new policies as new workloads are provisioned. Full featured JSON/REST APIs makes vArmour DSS integrate seamlessly with third party orchestration and automation systems.