Software-based Segmentation & Microsegmentation
Logically separate workloads based on security requirements
– abstracted from the network and infrastructure

Network segmentation has long been a security best practice, based on hardware-bound zones of firewalls and/or VLANs inside the data center. These segmentation technologies remain rigid, complex, and slow to change, even though the data centers they are protecting have become dynamic, fast, and integrated with cloud services. vArmour’s all-software segmentation and microsegmentation security services offer a simple, scalable and cost-effective way to secure workloads and applications across physical, virtual, and cloud infrastructures.

Why Use Segmentation and Microsegmentation?


Reduce Attack Surfaces

Drastically reduce the number of entry points to critical assets and the attack surfaces by restricting communication between authorized systems with application and stateful controls that limit the opportunity for lateral spread.


Improve Compliance Faster

Separate regulated workloads from non-regulated, to meet standards for in-scope assets of PCI, HIPAA, GDPR, FFIEC, SOX and more – without relying on hardware-bound zones as the primary policy construct for compliance.


Become Operationally Efficient

Simplify and consolidate IT through commingling of resources with different security requirements on the same shared infrastructure – whether by data state (test/dev/prod), application tier (web/application/database), or any way that aligns to your business.

Layer 7, Stateful Security Controls

  • Global, application-layer security policies are independent of network topology and infrastructure, so they can maintain state, no matter where workloads travel (including live migration – such as vMotion – events)
  • Microsegmentation capabilities are accompanied by continuous monitoring of 100% of network, application and user traffic – not traffic sampling or basic reports provided by firewalls
  • Proactive threat mitigation using redirection to built-in cyber deception capabilities that go beyond simple allow and deny actions

High-performance Protection at Scale

  • Advanced security policies up to Layer 7 can inspect and protect all application traffic at scale, up to 10 Tbps of throughput
  • API-driven architecture can scale up or down on-demand to match infrastructure utilization demands, without security gaps
  • Single point of policy management for every workload and application, with updates pushed automatically across the entire virtualized data center and cloud

Simple to Deploy and Use

  • After the initial 15-minute installation, deploy application-aware microsegmentation from a single product in an hour, not weeks or months
  • Built all in software, vArmour is infrastructure-independent and requires limited network reconfiguration to deploy and manage security policy ongoing, unlike hardware-dependent appliances with high operational overhead
  • Full security inspection and enforcement of Layer 4-7 traffic in a single distributed system, no complex service-chaining between multiple products required

vArmour Awards