vArmour reveals the stealthy details of its dynamic and distributed data center security solution

By Michael Carney , written on September 16, 2014

From The News Desk

In the world of cyber-security stealth can be an asset to both attackers and those companies trying to defend corporate networks and underlying data. It’s with this in mind that vArmour has spent the last three years building out its data center security product and signing up marquee enterprise clients around the world without revealing much of anything in terms of details about its solution to the general public.

The company also managed to pull in $42 million in funding over three rounds during this time, add two former Palo Alto Networks CEOs to its board, and recruit former Silver Tail Systems CEO Tim Eades into its Chief Executive role during this time. Now, after all that, vArmour is finally pulling back the curtain and launching its product publicly today.

Founded by former NetScreen and Juniper Networks executives Michael Shieh and Roger Lian, vArmour was born out of experience watching legacy security platforms fail in a virtualized environment. Thus, the core tenet behind company’s solution is to provide visibility and threat defense everywhere that data resides in the enterprise, meaning across physical, virtual, and cloud applications. This is in stark contrast to the traditional hardware-centric perimeter model that has historically dominated the industry.

“Michael and Roger realized before anyone else that security needs to become as distributed as compute and networking resources have become over the last decade,”Eades says. “Perimeters are so porous and built so poorly that it’s incredibly difficult to see the flow of data. Which is why the average attacker spends more than 243 days inside a corporate network undetected. It wasn’t just that they understood that there was a problem, but having the foresight for just how bad the problem was about to become. It happened faster than anyone thought it would.”

Eades goes on to describe vArmour’s solution as putting security processing as close to the asset you’re trying to protect as possible, thus providing more precise context and a better picture when looking at inflows and outflows around each asset.

“We’ve taken what have historically been location-centric, hardware-centric product models and fragmented them into thousands of tiny pieces and push them out across the network everywhere that data exists,” he says. “The trick has been how to build such a system that scales? We’ve built a system that is logically a single system, where these many discrete components work together as if they were one seamless system share and correlate information from virtual sensors.”

The goal of this system is not only to identify attacks in progress, but to understand how attackers target enterprise networks, where points of entry are located, and how they move throughout a network.

“It’s essential that we know what was the patient zero that originally was compromised, and also all the probing that the attacker used up until that point to identify that weakness,” says VP of Product Keith Stewart. “When it’s time to close to door, you better make sure you close all the doors and make sure the bad guys are on the outside and not still on the inside with you.”

Cyber crime is estimated to cost the global economy more than $400 billion per year, according to a McAffee study, making it altogether unsurprising that the enterprise firewall market alone is worth $11.75 billion, despite the ineffectiveness of legacy solutions in today’s distributed and virtualized world.

VArmour released the GA version of its product in December 2013 offering, in general, security visibility, threat analytics, attack remediation, and policy control and enforcement. The company has spent the last ten months developing three critical capabilities ahead of today’s public reveal,Eades says.

First, the company has added additional data visualization tools to help CIOs and CISOs better understand the efficacy, attributes and affinity of various nodes across their network, and the line between suspicious and malicious activity. Approximately 83 percent of traffic now travels east/west within the data center, according to varmour, meaning it’s never seen by the traditional security perimeter. For agile enterprises, where over 50 percent of workloads are virtualized, this is a huge problem. VArmour’s UI/UX layer is aimed directly at solving this problem, by making its solution not only effective at identifying attackers, but usable by people that eventually need to take action to correct vulnerabilities in the network.

“Traffic falls into three categories: 1. Normal and good; 2. Stupid people doing stupid things, but not necessarily malicious; and 3. Dangerous traffic,”Eades says. “We ask CIOs, ‘Can you see east/west traffic on your network?’ No. ‘Do you know attackers get in?’ Yes. ‘Do these assets hold your IP?’ Yes. They know its a problem and they know their existing solutions aren’t working. We give them a magnifying glass to identify the problem and a hammer to fix it.”

Secondly, vArmour has improved its threat analytics and malware conviction capabilities such that now the typical enterprise sees value within 30 seconds to two hours after installation. “We call it the long lunch scenario,” Stewart says. “We want you to turn this on, go out to lunch, and come back and see that it’s worth the investment. It’s the only solution to the vendor ADD we see in the market.”

Third and finally, vArmour has been evolving its business model to better align pricing with utilization. Unlike legacy security systems which are fixed price and thus encourage over- or under-utilization across a network, vArmour takes a dynamic, consumption-based approach.

“If you’re consuming 2GB worth of protection, you pay for 2GB worth of protection,”Eades says. “But instead of installing that software and hardware in a single location on your network and being stuck with that regardless of where threats are coming from, you can stretch this protection in one direction or another based on traffic flows and changes in your business. Distributed systems like this have existed previously in the world of load balancing, but never in security.”

The big challenge with enterprise security is that it’s a moving target. With more and more data moving to the cloud, the economic incentive for attackers to innovate and find new attack vectors is growing exponentially. And with each new technology, such as virtualization or mobile, new vulnerabilities are introduced to enterprise network. It’s hard to attack this type of security problem with fixed components that have been the norm historically.

“Security budgets keep going up and people complain about konga line of components keep adding in,” Stewart says. “Nobody ever removes anything, they keep adding one more thing to their solution stack without ever knowing if they’re really protected or not.”

VArmour won’t reveal the identity of its clients for security and contractual reasons – a press release on today’s product announcement names only Taiwan’s Chunghwa Telecom as a client – but claims that it’s on track to engaged with 10 percent of the Fortune 500 by year’s end, meaning these companies will either be paying customers, or actively testing its software. Today, vArmour has existing customers in Japan, Taiwan, Europe, and the US in the financial services, healthcare, retail, and service provider sectors, according to its CEO.

“We believe in white gloving customers for on-boarding and configuration, and have built out a network of channel and distributor partnerships around the world,”Eades says. “Our goal is to always be customer-centric, industry relevant, and market driven. We’ve added 85 employees over the last 12 months to support this growth.”

If the last 24 months of massive and widely publicized corporate security breaches have taught us anything it’s that legacy security systems are completely ineffective in stopping today’s cyber-criminals. With this in mind, incremental improvements to this technology is the wrong approach and an entirely different approach to data center security is a welcome and entirely necessary change.

“We’re very comfortable saying the solution we have in the market today is the best in the world,”Eades says. “But we talk about being continuously paranoid, about waking up every morning and relooking at what we’re do every day – that means marketing, sales compensation, system architecture, etc. In the software world, particularly security, things move so fast that the adage is true, ‘only the paranoid survive.’”