vArmour recognizes that a shift to hybrid cloud environments and micro-services has left enterprises blind to application flows. It has an increasing number of partnerships with third parties with agent or device level controls that can be used for per workload telemetry and per workload enforcement, building policies surrounding applications and enforcing them based on need and intent.
There are four stages in the workflow with corresponding technical requirements. Stage 1 – Telemetry ingestion and enrichment strives to achieve a cloud-wide working data set. Stage 2 – Application modeling & visualization aims to visualize enterprise applications. This requires application-centric visualizations, discovery and algorithmic clustering, and the ability to learn from environments through CMDB/orchestration. Stage 2 – Policy computation and validation, aiming to automate policies. This requires flexible template to describe security intent, computation of policies to simplify security, and simulation to make safe policies. Stage 4 – Policy distribution and monitoring to ensure consistent multi-cloud security.
vArmour has three areas the platform is focused around: 1) Discover and understand – Designed to auto-discover applications and visualize their relationships, 2) Computer and validate – Designed to build predictive application-centric policies and model those policies for safety against historical behaviors, and 3) Protect and monitor – Deploys consistent policies across hybrid cloud environments and verifies policy enforcement.
Building policies is easy and intuitive. Select policy style, a label for the application you want to secure, and a block name. When you click the add button, policies get computed in the background and can be tested in the model. The Policy Validation tab helps eliminate unintended consequences to policies before deploying. Within the Deploy Ruleset tab, users can specify the environment to deploy a policy to and see defined intents in a single console. Individual applications can be dissected for more detailed information. DevOps professionals can visualize individual containers in a clean, intuitive flow chart. Here you can see their communications, what ports they are using, and what that flow looks like.
Customers can see specific nodes of network traffic and where they are communicating in the Asset Management Window. If you drill down into individual applications, you again see the same kind of flow chart visualization.
This solution delivers simple multi-cloud applications that securely understand and operate multi-cloud applications with distributed telemetry and enforcement, along with sensors for non-cloud native infrastructures.
Tested by Matthew Hreben