Almost every cybersecurity program these days does some sort of scanning, sandboxing or traffic examination to look for anomalies that might indicate the presence of malware. We’ve even reviewed dedicated threat-hunting tools that ferret out malware that’s already active inside a network.
However, what if there were a different way to approach security? Instead of searching for behaviors that might indicate a threat, what if you could define everything that is allowed within a network? If every process, application and workflow needed to conduct business could be defined, then by default everything outside of those definitions could be flagged as illegal. At the very least, critical programs could be identified and all interactions with them could be tightly defined and monitored. It’s a different way of looking at security, called segmentation.
One of the advantages of segmentation is that if properly deployed, it can almost reestablish a perimeter type of defensive footing, which has all but evaporated from traditional networks and never really existed in the cloud.
The vArmour suite that we reviewed is designed to allow segmentation to happen in any environment, including massive data centers and in the cloud. It is able to do this without deploying agents and works regardless of the hardware deployed. We tested vArmour in a cloud and virtualized environment to see how this evolving form of security worked, how well it could lock down applications and workflows against tampering and malware, and the level of difficulty involved in setting up and maintaining segmentation over time.