Evolving from a centralized DMZ-based enterprise to a hybrid distribution of cloud and premise services is not easy. It requires rethinking application behavior, business process execution, and hosting of critical services. One unique challenge in this evolution involves finding an effective way to properly orchestrate the new virtualized enterprise perimeter to maintain desired protection policy, while also encouraging and supporting use of cloud.
The vArmour team has been a pioneer in virtualized, distributed security through its advanced cyber security solution platform. We recently spent time with Marc Woolward, CTO of vArmour, to better understand trends in hybrid cloud-based, virtualized security. We asked Marc to share his perspective on the best means for an enterprise team to reduce its risk as its architecture continues to change. Here is a summary of the conversation:
Edward Amoroso: Do most organizations recognize and acknowledge the cloud-based changes that are occurring across their perimeter?
Marc Woolward: By now, a large percentage of enterprises have, in fact, recognized the business advantage of multi-cloud architectures to their business. And they have acknowledged that the traditional security perimeter is no longer relevant in protecting such environments. Not only do these static architectures impede the agility required, but they also fail to protect applications deployed across the multi-cloud. In addition, they no longer provide the level of visibility and control needed to defeat attempts at lateral traversal associated with Advanced Persistent Threats (APTs) and Advanced Targeted Threats (ATTs). This is particularly true now that we see nation state-developed malware in the hands of criminal hacker groups.
EA: How do CISO teams best address this challenge of shifting to more virtualized enterprise security?
MW: We are now seeing enterprises thinking strategically about securing and orchestrating their multi-cloud applications, of which their on-premise virtualized estate is a part, but which also includes PaaS and public cloud IaaS. Any solution addressing just the virtualized or the containerized environment is going to add security complexity to the heterogeneous cloud environment. Clearly, security controls must encompass applications wherever they execute and provide consistent levels of protection. But more importantly, enterprise security teams need the tooling to allow them to manage security risk through the application lifecycle across the multi-cloud. They need the tools to understand their applications wherever they execute, assessing the risks, and computing the requirements to protect them.
EA: Can you share with us a little bit about how the vArmour platform supports this process?
MW: At vArmour, we provide our enterprise customers with the visibility and computed policies to secure their applications wherever they are deployed. The powerful vArmour Application Controller ingests telemetry and metadata to produce application models, which can be turned into validated, measured policies. Most of our customers utilize native telemetry produced by cloud environments or SDNs and for legacy environments our sensors collect application telemetry. This allows our Application Controller to cover the entire enterprise attack surface and to provide orchestration.
EA: Can teams easily orchestrate policy across multiple platform instances?
MW: Yes. The vArmour Application Controller provides a consistent pane of glass for enterprise security teams, from which to secure applications. It also abstracts the differences within each of the public cloud environments, virtualized and physical on-premise deployments, and containers wherever they may be deployed.
EA: What types of forward-looking work are you doing at vArmour to address these emerging trends and threats?
MW: Securing applications from today’s nation-state class attacks across heterogeneous multi-clouds can be complex. Any solution that is itself complex will thus make the problem worse since complexity is the number one enemy of security. At vArmour, we are focused on driving application security towards an autonomic, self-securing model based upon a data driven approach. We believe that although data science techniques have been broadly applied broadly to reactive threat detection and response, ML models are particularly well-suited to the automation of proactive policies, which provide application security proactively, thus reducing the need for response.