Virtualization and cloud-based security

Industry Innovators 2016: Virtualization and cloud-based security

These are two sides of the same coin. On one side, we have security for the virtual, or software-defined, data center. On the other, we have security for cloud-based systems. The two are the same but different. They are the same in that they both work in a virtualized environment. They are different in that they have somewhat different challenges to address.

In a local software-defined data center there is complete control and the systems that get spun up are directly under the control of the administrator. Anything that happens in the local environment can be managed and investigated. The organization owns the data center and, although it might be considered to be a private cloud, it is a closely contained one.

In a public cloud, the administrator does not have complete control. Because it is a shared environment, the cloud operator keeps a level of control that the administrator in a localized data center would retain. That means that security at the level one would expect in a self-contained environment is not, natively, present in a public cloud. Moreover, the ability to investigate a breach in a public cloud is severely limited by contractual constraints. The solution to this set of challenges is the virtual network equivalent of a software wrapper. You wrap the virtual environment in the public cloud in a layer of protection and administration that, effectively, cuts off the virtual enterprise from those virtual enterprises sharing the same cloud infrastructure.

Our two Innovators in this section address the two sides of the virtual security coin. One focuses on the software-defined data center while the other concentrates on the enterprise in the cloud. However, one trend that we are seeing more and more – and this certainly applies to our two Innovators – is microsegmentation. This allows highly granular control of security functionality and highly granular management of virtual assets.

This is an interesting and emerging group because the clear future of the data center is in the virtual – whether private, public or hybrid clouds – and we need a reliable way to protect the data residing in these environments.

GuardiCore

GuardiCore was founded with the vision that security for the data center needs to not only be able to keep up with the rate of constant change, but also be able to close the gap between traditional security technology and a sophisticated threat actor's ingenuity. In order to address that ingenuity, innovators need to be equally – or, perhaps, a bit more – ingenious. The GuardiCore Centra Platform provides a single, scalable platform that covers five elements of effective data center security: visibility, micro-segmentation, breach detection, automated analysis and response.

This Innovator starts by mixing the right people with a set of tough problems to solve. On the product side, the company has innovated by building a unique, highly converged platform within the data center. It combines visibility, both in real time and historically; microsegmentation of the infrastructure, by developing policy with very high resolution; continuous monitoring for breaches and quick reporting of the breach, using deception, reputation, lateral movement detection and semantic analysis to determine forensic details of the breach – all automated of course. Part of this Innovator's philosophy that we really liked is: Create a resilient network that assumes a compromise and learn how to live with it.

The company has combined multiple capabilities in the security space into a single product. This allows the tool to be deployed across hybrid infrastructures. Questions of scale require innovation for analysis and detection across multiple terabytes of data and virtual devices. The company views itself as being forced by the industry in which it works to be innovative. It is driven by the complexity of the environment. Niches no longer work. One needs a highly connected approach. There are no simple solutions.

We liked that approach. Here is a case where the industry and the creativity of the adversary are the predominating drivers. In our experience, that is a pretty good formula for success as long as you recognize and respond to it. GuardiCore does all of that. To get to that point, however, you need a group of people passionate about security and infrastructure with lots of experience in both the security and IT infrastructure fields. They have that too.

vArmour describes itself on its website as being a “distributed security system that provides insight and control for multi-cloud environments...vArmour microsegments each application by wrapping protection around every workload – increasing visibility, security and operational efficiency.”

That's a pretty big order. What we found as we looked into this Innovator is that it does a good job of meeting that marketing statement. How?

vArmour learned some unique and important lessons from the evolution of the public cloud: Show value quickly, kill adjacent product interactions by segmenting, deploy quickly, and illustrate value. To accomplish these goals, the company is infrastructure agnostic. That allows it to be more flexible. This Innovator believes that security should be as portable as the applications. So, it focused on taking out what is not necessary and making its product more efficient and more secure.

Networks usually have been built incrementally and that adds complexity and leaves the networks unsecure. This is especially true in the “multi-cloud” (public and private) environment. So, to address that complexity, vArmour has created an abstraction layer that lets customers straddle both kinds of clouds. Built for virtual and cloud environment, this is a purpose-built software designed specifically for virtualized and multi-cloud environments that uses a single logical system consisting of multiple, autonomous sensors rather than agents. These sensors are connected through the vArmour Fabric, which shares information and context across the system.

The system arbitrarily redirects devices to a deception point which allows the use of very few actual deception points and ties segmentation to deception. The tool views deception as a capability of the overall security stack rather than a standalone product.

vArmour customers are focused on protecting workloads in such industries as health care, financial services and government. Only 3.5 years old, the company has been shipping product for two years. Shipping products after only a year and a half of development requires innovation and vision – both on the technical side and on the business and marketing side. Entering a new market struggling to find its way, as the cloud market space, requires an immediate development of trust and confidence on the part of prospective customers. vArmour has done as good a job of this as it has in developing its product which, by the way, is in its third major release.