"Visibility of application-layer traffic information inside the virtualized network has been very helpful in understanding the workloads’ usage of the network, and how to partition the network without disrupting critical application relationships."

Naitou Shigeki

Technical Associate

vArmour Strengthens Security at NINS with Microsegmentation

A world-class organization unique to Japan, the National Institute of Natural Sciences (NINS) has established itself as a prominent, academically-charged environment for collaborative research, dedicated to enhancing our understanding of the natural sciences. NINS is comprised of five research institutes: the National Astronomical Observatory, the National Institute for Fusion Science, the National Institute for Basic Biology, the National Institute for Physiological Sciences, and the Institutes for Molecular Sciences.

In an effort to bolster its network defences, NINS evaluated security mechanisms to control East-West traffic between servers in its VMware vSphere environment. NINS compared various approaches to microsegmentation, including agent-based controls and a SDN + NGFW solution. As an agent-less, software-based solution, vArmour DSS was selected because of its superior application visibility and simplicity of installation and operation compared to the alternatives. In addition, vArmour was able to provide detailed traffic visibility to help NINS gain a deep understanding of server applications to aid in creating accurate and effective microsegmentation policies.

vArmour DSS is deployed and microsegmenting virtual workloads at NINS that were previously not separated. The ability to provide application and data separation between virtualized workloads without having access to each server’s internal firewall rules is an operational advantage. vArmour’s integrated deception technology is bringing additional benefit to NINS, who had previously developed their own deception solution using hundreds of ACLs on traditional network switches, external security log analysis, and dedicated servers to redirect suspicious traffic, but found it hard to maintain due to all of the moving parts. NINS has replaced their own deception system with vArmour’s integrated deception solution, lowering the operational effort of NINS’s overall network security strategy.

Results

Strengthened virtual infrastructure security with microsegmentation

Gained application traffic visibility for accurate policy creation

Reduced operational efforts with integrated deception solution