Review: vArmour flips security on its head

Review: vArmour flips security on its head

Almost every cybersecurity program these days does some sort of scanning, sandboxing or traffic examination to look for anomalies that might indicate

SEVered Attack Extracts the Memory of AMD-Encrypted VMs
Wicked Botnet Uses Passel of Exploits to Target IoT
ShadowBrokers Dump More Equation Group Hacks, Auction File Password

Almost every cybersecurity program these days does some sort of scanning, sandboxing or traffic examination to look for anomalies that might indicate the presence of malware. We’ve even reviewed dedicated threat-hunting tools that ferret out malware that’s already active inside a network.

However, what if there were a different way to approach security? Instead of searching for behaviors that might indicate a threat, what if you could define everything that is allowed within a network? If every process, application and workflow needed to conduct business could be defined, then by default everything outside of those definitions could be flagged as illegal. At the very least, critical programs could be identified and all interactions with them could be tightly defined and monitored.

It’s a different way of looking at security, called segmentation.

One of the advantages of segmentation is that if properly deployed, it can almost reestablish a perimeter type of defensive footing, which has all but evaporated from traditional networks and never really existed in the cloud.

Go to Source

COMMENTS