Vendor: vArmour
Price: Suggested retail price of $1,500 per hypervisor per year, $150 per workload per year (for hybrid cloud solutions; discounts on volume and extended term).
Contact: varmour.com

Quick Read

Strengths:
Flexible options such as on-premise or SaaS-based application of discovery and policy computation.
Weakness:
None that we found.
Verdict:
vArmour is a customer defined security solution at the business application level with a single set of controls across hybrid infrastructure. The Application Controller makes security vague enough for clients, so the information they receive is workable and not overwhelming while still affording them a deeply flexible, customizable product. The depth is there for the experienced administrators that want to get more detailed.

Rating Breakdown

SC Labs Reviews

Reviews from our expert team

Features:
Rating: %s
Documentation:
Rating: %s
Value for Money:
Rating: %s
Performance:
Rating: %s
Support:
Rating: %s
Ease of Use:
Rating: %s
Rating: 5.00/5 5.00/5

Summary

vArmour recognizes that a shift to hybrid cloud environments and micro-services has left enterprises blind to application flows. It has an increasing number of partnerships with third parties with agent or device level controls that can be used for per workload telemetry and per workload enforcement, building policies surrounding applications and enforcing them based on need and intent.

There are four stages in the workflow with corresponding technical requirements. Stage 1 – Telemetry ingestion and enrichment strives to achieve a cloud-wide working data set. Stage 2 – Application modeling & visualization aims to visualize enterprise applications. This requires application-centric visualizations, discovery and algorithmic clustering, and the ability to learn from environments through CMDB/orchestration. Stage 2 – Policy computation and validation, aiming to automate policies. This requires flexible template to describe security intent, computation of policies to simplify security, and simulation to make safe policies. Stage 4 –  Policy distribution and monitoring to ensure consistent multi-cloud security.

vArmour has three areas the platform is focused around: 1) Discover and understand – Designed to auto-discover applications and visualize their relationships, 2) Computer and validate – Designed to build predictive application-centric policies and model those policies for safety against historical behaviors, and 3) Protect and monitor – Deploys consistent policies across hybrid cloud environments and verifies policy enforcement.  

Building policies is easy and intuitive. Select policy style, a label for the application you want to secure, and a block name. When you click the add button, policies get computed in the background and can be tested in the model. The Policy Validation tab helps eliminate unintended consequences to policies before deploying. Within the Deploy Ruleset tab, users can specify the environment to deploy a policy to and see defined intents in a single console. Individual applications can be dissected for more detailed information. DevOps professionals can visualize individual containers in a clean, intuitive flow chart. Here you can see their communications, what ports they are using, and what that flow looks like.

Customers can see specific nodes of network traffic and where they are communicating in the Asset Management Window. If you drill down into individual applications, you again see the same kind of flow chart visualization.

This solution delivers simple multi-cloud applications that securely understand and operate multi-cloud applications with distributed telemetry and enforcement, along with sensors for non-cloud native infrastructures.

Tested by Matthew Hreben