vARMOUR ANALYTICS

DEMANDS ON SECURITY TEAMS ARE INCREASING

In a world where large data breaches are a daily occurrence and every device on the planet is under attack, organizations no longer worry about whether they’ll be breached but instead when. Faced with more sophisticated adversaries as well as more numerous and persistent attack campaigns, security teams are employing an ever-increasing set of security tools to predict, prevent, detect, and respond to internal and external threats. The management and monitoring of this expanding security infrastructure requires
a significant expenditure of person-hours, forcing many organizations to go without—either for lack of resources to hire security professionals or lack of qualified candidates. Moreover, these challenges do not appear to be abating; the demand for skilled cybersecurity practitioners is expected to increase to 6 million by 2019 with a projected shortfall of 1.5 million.1

You Can’t Protect What You Can’t See

Compounding the impact on security teams is the continually evolving IT landscape. As organizations adapt their business models and IT infrastructures to more scalable and flexible platforms, new attack surfaces are created for attackers that become blind spots for security teams. In the preceding years, digital business (including cloud computing, BYOD, IoT, public cloud, and dependence on third party providers) has dramatically changed the way organizations operate, providing greater flexibility and agility, but often at the expense of security. With new holes being punched in traditional perimeter network defenses to support a wide array of devices, applications, and partners, it becomes increasingly difficult to control the various entities accessing corporate data centers and clouds. Combined with IT infrastructures evolving rapidly to keep pace with business needs, the defense of data centers and clouds has become significantly more challenging.

…and the Existing Challenges Haven’t Gone Away

Despite the benefits of new data center and cloud technologies, the old challenges facing security teams have yet to find good solutions.

• How do you interrogate communications between workloads on the same hypervisor, VLAN, or subnet?
• How do you achieve broad visibility into network, application, and user traffic?
• How do you combine machine and user data to more accurately identify malicious activity?
• How do you easily determine the scope of a compromise and identify other potentially
  compromised assets?
• How do you rapidly quarantine compromised workloads for further inspection?

How do you incorporate findings about data center and cloud traffic to refine security policies?  At best, these challenges result in hours of tedious work for security teams trying to protect their data centers and clouds. At worst, they are the cause of security blind spots that attackers exploit and for which there has been a lack of adequate security solutions up to this point.

SEEING AND STOPPING ATTACKS WITH VARMOUR

vArmour has designed the industry’s first distributed security system that provides application-aware micro-segmentation with advanced security analytics in data center and cloud environments. The vArmour DSS Distributed Security System moves security controls next to each data center and cloud workload, maintaining central management of these controls as a single logical system. By placing controls directly next to the assets being protected, organizations can not only micro-segment each workload, but also enable visibility into network, application, and user traffic for every workload in private, public, or multi-cloud environments.
The unprecedented visibility into virtual and cloud data centers provided by vArmour DSS is brought to life through the vArmour Analytics component of the vArmour DSS. vArmour Analytics provides a single pane-of-glass to quickly understand network traffic characteristics, application usage, and user behavior across the data center and cloud. This visibility is then expanded upon through drill-downs, insights, and threat detection logic designed to make detection, investigation, and remediation of security events as simple, rapid, and thorough as possible.

AT A GLANCE

Access and visualize full application- layer traffic data within virtualized and cloud data centers.

Leverage correlated network, application, and user behavior data for improved situational awareness and threat identification.

Rapidly quarantine compromised workloads to thwart attackers and prevent lateral spread.

Visualize observed network communications to identify the stages of an attack and fully remediate compromised workloads.

Utilize a single security system to predict, prevent, detect, and respond to security events.

“Within 2 hours of deployment, we saw our first behavior previously unforeseeable in our environment. We never had that level of visibility in our agile data center.”

–VP OF IT,
FORTUNE 100 RETAILER

Visibility Into Unseen Traffic

Within virtual and cloud data centers, the limited visibility into communications between workloads—be it virtual machines or VPC instances—is a major challenge for security teams. Whether between workloads on the same subnet, same VLAN, or same hypervisor, security practitioners need the ability to reliably inspect every communication ow in these typical data center and cloud blind spots. This previously inaccessible application-layer data quickly becomes indispensable for identifying policy violations and unknown application use, as well as understanding client-server relationships for every application. By having each workload connected to the vArmour Fabric, vArmour DSS is able to provide visibility and policy controls across the entire virtualized or cloud data center. This insertion method also avoids the tax on performance and security integrity issues associated with agent-based solutions.

Richness of Application-Layer Data

Deriving meaningful application context from Layer 4 log data is conjecture at best. Alternatively, the depth of information provided by Layer 7 data when investigating an incident can be eye-opening. vArmour’s unique location next to the assets being protected, combined with its Layer 7 identification engine, allows security teams to inspect network connections all the way up through the application layer, providing a wealth of data previously unavailable. Moreover, this visibility spans across the entire virtual or cloud data center and is not based on sampling or a subset of applications or port numbers as is typically seen with service chaining to next-gen firewalls. The ability to explore full fidelity traffic data by application, protocol, workload, traffic direction, and more allows for better baselining and understanding of what “normal” behavior looks like in data center and cloud environments. Armed with this new level of data access, vArmour DSS alerts security teams to risky traffic patterns, out of policy events, and anomalous application usage across the various stages of the cyber kill chain as well as any custom scenarios de ned by the security analysts.

“We used to have limited visibility of tra c owing between virtual machines on the same hypervisor. With vArmour, we can see and inspect this tra c in real time.”

–HEAD OF IT SECURITY, LEADING NEW YORK BASED GLOBAL INVESTMENT FIRM

Correlating User and Workload Contexts

Whether dealing with insider threats or compromised user credentials, understanding user, as well as machine context, is a critical aspect of security operations and incident response. With vArmour Analytics, security teams have access to user authentication event data alongside the Layer 7 communications data for entire virtual and cloud data centers. Understanding the various dimensions of an attack such as which user credentials were used when and where, and what machine communications occurred as a result, can be accomplished in a single, intuitive interface.

Click-to-Quarantine

When a potential compromise is identified, a common reaction of many security operators is to simply blow the VM away and spin up a new copy. Unfortunately, this approach eliminates the ability to perform additional forensics on the compromised workload. To allow security teams to fully investigate compromised workloads while preventing the possibility of additional attacker activity, vArmour DSS includes a click- to-quarantine capability where workloads can easily be isolated from the network while remaining in
an operational state. Memory forensics, payload identification, data staging activities, and vulnerability discovery are now possible in a secured environment.

Map and Investigate the Spread of an Attack

As any security analyst will tell you, determining what communication has occurred between a compromised workload and the rest of the network is a tedious and often challenging exercise. For this reason, vArmour Analytics provides a tool for recursively mapping the observed connections and protocols between workloads. This allows security teams to inspect the realized connectivity between workloads to ascertain the scope of a compromise, determine the attacker’s movement through the network, understand how communications t into the stages of the cyber kill chain, and adjust the investigation and response plans accordingly. What used to take hours of manual work can now be accomplished in minutes.

Accelerate Security Cycles

Virtualization and cloud architectures allow businesses to move at a more rapid pace than what has ever been possible before. However, maintaining security policies in these dynamic environments is increasingly challenging—particularly when you don’t have visibility into how the various workloads are communicating. vArmour DSS not only provides full visibility across virtualized and cloud data centers for assessing risk, understanding trends, and spotting anomalies, but also provides a single logical control point for enforcing security policies. Working within a single system for observing and understanding data center and cloud traffic flows as well as being able to enforce security policies greatly accelerates the process of tightening security postures, reducing attack surfaces, and moving trust boundaries as close as possible next to the assets being protected.

“Most of all, I really appreciate having visibility into network tra c I haven’t previously enjoyed; thank you all.”

–IT SECURITY ENGINEER, TOP-RANKED U.S. COLLEGE

GET STARTED WITH APPLICATION-LAYER VISIBILITY

AND MICRO-SEGMENTATION FROM vARMOUR

vArmour is the industry’s first distributed security system that delivers application-aware micro-segmentation with advanced security analytics for data center and cloud environments. With its patented software, the vArmour DSS Distributed Security System sees, segments, and secures each application and asset—from patient records to financial statements—by wrapping protection around every workload, increasing visibility, security, and operational efficiency. Built for the multi-cloud world, vArmour DSS is:

Take the first step to greater security inside your virtualized or cloud data center with vArmour DSS-V. Request your free download of vArmour DSS-V for application-layer visibility and threat detection at www.varmour.com/dssv.

ABOUT vARMOUR

Based in Mountain View, CA, vArmour
is the data center security company
that is the leader in application-aware micro-segmentation with advanced security analytics. The company was founded in 2011 and is backed by top investors including Highland Capital Partners, Menlo Ventures, Columbus Nova Technology Partners, Citi Ventures, Work-Bench Ventures, and Allegis Capital. The vArmour Distributed Security System is deployed in a significant number

of the world’s largest banks, telecom service providers, government agencies, healthcare providers, and retailers, and is leading the industry with a new patented, distributed approach to data security that allows organizations to deliver IT at the speed of business. Along with partners
like Amazon and VMware, vArmour secures many of the largest data center and cloud environments in the world.

Learn more at www.virtis-us.com.

vArmour Inc. | Virtis-US, LLC | 11601 Wilshire Blvd, 5th Floor, Los Angeles, California 90025 94040

650 564 5100 

info@varmour.com