Lock down your Data Centre with 360º Protection from vArmour
IT security is getting more complicated in today’s digitised world and security breaches are more common. Mobile devices, the Internet of Things, big data and cloud computing are changing our world. Compute, storage and networking have become virtualised. Traditional, hardware-based IT architecture is becoming obsolete as businesses transform their data centre from a reactive, inflexible and silo’d infrastructure to a more proactive and agile hybrid environment that leverages cloud providers on-premises and off. Many organisations are consolidating workloads through the deployment of converged infrastructure and cloud technologies.
At the same time security threats are escalating, with attackers using the same agile models of IT. Basic and minimum security is all about defence – keeping attackers out through the use of a perimeter defence, but hardware-centric perimeter models cannot scale to meet the demands of virtualised environments. Perimeter breaches can allow an attacker to remain undetected for a long period of time where they can move through the flat pools of infrastructure in today’s data centres. Perimeter security is only the start, now organisations need to move controls closer to the assets they want to protect. Business adoption of an automated protection approach for basic internet attacks will help preserve the free and openness of the internet.
- Google/McAfee estimate 2,000 cyber-attacks globally daily costing £300bn a year
- Security is still focussed on securing the perimeter: 87% of budget spent on firewalls
- Firewalls only stop unwanted traffic at the perimeter, which is only 20% of total traffic
- IT infrastructure has changed – virtual, cloud and multi-cloud
- Today’s applications move across VMs so no longer obvious what is running where
- Virtualisation and cloud have changed the flow of traffic – not seen by the perimeter
- 80% of threats within the data centre (known as east-west traffic) and can’t be seen or stopped by your firewall!
- Application firewalls don’t protect east-west traffic with a policy wrapper
- Cloud creates new attack surfaces that can be taken advantage of by attackers
- Increasing sophistication of the hacker and their motives
- Undetected breaches of security allow for calculated attacks months after breach
- Increase in high profile attacks with the huge impact to brand and shareholders
- Average big hack on a large company estimated to cost the business £1.5m
- Importance of data to business not understood along with risk of its loss
- Knowledge limitations within business as to where data is stored or transmitted
- Difficulty in knowing where threat came from or what entry points were probed
- Little priority on the insider threat – be it an innocent click on a link or an employee in the pay of criminal gangs
- Poor security process e.g. delay in patching, lack of encryption and password policy
- Pressure to consolidate infrastructure and do more with less
- Desire to separate operational from development environments
- Knowing that you are only as secure as your weakest link
- Recognition of the need to build security into data centre rather than an after thought
- Breaches are inevitable : data protection and risk mitigation is key
- The internet was never designed with security in mind!
With all the above in mind, organisations are, therefore, in search of ways to more efficiently and securely use IT resources to increase innovation and minimise cost, without sacrificing security.
vArmour mitigates risk by closely protecting the asset, wherever it resides
vArmour moves security controls from the perimeter to every asset or workflow in the data centre, tied together with a common security fabric that sits on top of any network topology or infrastructure. vArmour is a leader in multi-cloud security and has delivered the world’s first distributed security system that enables Layer 7 visibility and control of all multi-cloud workloads – being entirely software based with no physical appliance.
The vArmour Distributed Security System includes an intelligent system of cyber defence analytics with lateral threat indicators that gives organisations visibility, with Layer 2-7 full deep packet inspection and App-ID down to the intra-hypervisor level.
vArmour uses micro-segmentation (lots of little walls inside the data centre perimeter) which allows the separation of environments that have different security policies such as operational and development environments. It enforces security policies around each individual workload in the environment. Security policies are then asset specific and maintained throughout the entire IT environment. Workloads with different security levels can then share common infrastructure enabling greater consolidation and agility.
vArmour enables the security analyst to visualise traffic patterns to find suspicious behaviours and then make fast decisions about potential threats giving them a fuller picture of what’s going on in their data centres. Using the security analytics and visualisations within vArmour, an analyst can also see areas for resource optimisation as well as threats.
- Looks at all the traffic data that comes into the network from Layer 2-7
- Deep visibility into every application, asset, packet and connection
- Visualise data traffic patterns, working out what may be legitimate and alert on suspicious behaviours
- Determines whether communications are normal, suspicious or a serious threat
- Delivers micro-segmentation that is scalable, actionable, extensible and independent of underlying infrastructure
- Embraces secure data centre transformation
- Scales horizontally, expanding elastically based on demand and attacks
- Enforces security policy to reflect business need
- Integrates policy enforcement with threat identification
- Automated security, provisioned and orchestrated through APIs
- No software agents that compete with workloads for resources
- Maintains safe third party access
- Detects, contains and prevents data centres from advanced attackers and lateral moving threats across multi-cloud environments
- Inspects all east-west traffic (internal to the data centre) and detects potential suspicious activity or system misconfigurations
- Complex threat analytics through real-time detection and visualisation of laterally moving threats
- Micro-segmentation and policy enforcement to isolate and control communications between applications, workgroups and tenants
- Quarantines threats to understand the extent of the compromise
- Understands the ‘Patient Zero’ – the attackers point of entry into network
- Stops the current attack and prevents new attacks by upgrading business policies and strengthening controls on every asset
vArmour delivers a new distributed approach to security that is API-driven and independent of underlying infrastructure, whilst providing deep visibility and control in a multi-cloud environment. Businesses can adopt this approach for multi-cloud security as they evolve their IT to meet their business needs, ensuring that security is built into each transformation phase. With vArmour Distributed Security System, organisations can mitigate new risks and secure the entire cloud infrastructure whilst still providing the agility for the business. Organisations can also create an intelligent, secure system over time that is dynamic, efficient and automated to provide security along their path to a multi-cloud infrastructure.
Mitigate risk and lock your data centre down: visualise, detect, secure and prevent with vArmour.
Take the first step in improving security in your data centre through the deployment of vArmour DSS-V for free.
DSS-V gives organisations free visibility of application-layer communication for up to 10 hypervisors so they can:
- Gain an understanding of application and protocol profiles within the data centre
- Identify network misuse attributed to personal and out of policy applications
- Monitor workloads to find suspicious behaviours
Download DSS-V today via this link : vArmour DSS-V free software
Leverage our experience of vArmour within the Millennia® data centre and let us help you decide if it is right for your environment.
Drop an email to [email protected] and we will be in touch. Alternatively, ring us on 0333 335 6780.