"Microsegmentation is allowing us to consolidate workloads in our hyperconverged environment for better resource utilization and increased protection of business and client data."

Senior Network Engineer
Top-25 Global Law Firm

Top-25 Global Law Firm uses Microsegmentation to Maximize Virtual Infrastructure Efficiency

This vArmour customer is a top-25 global law firm with over 1,000 attorneys and $1B in annual revenue. Their primary objective was to increase the capital and operational efficiency of their IT environment by moving to a hyperconverged infrastructure. They recognized that microsegmentation would allow them to collapse their infrastructure even further to maximize the benefits of consolidation, while at the same time significantly reducing the size of their overall attack surface. For them, microsegmentation was as much a business strategy as it was a security strategy.

Microsegmentation could have been achieved several different ways. Their first option was to steer all application traffic through dedicated east-west firewalls for policy enforcement. This may sound appealing at first, especially given the familiarity most operators have using these same devices at their perimeter, but complexities around insertion lead most architects in a different direction. For this organization, rerouting all workload traffic through these firewalls would require an SDN, which would complicate the solution and drive up costs. With infrastructure simplification and OPEX reduction as primary goals, this solution would not work.

An alternative was considered; to microsegment their environment using an agent-based solution. While this approach would allow the enterprise to have workload-level segmentation and policy enforcement without an SDN, there were a couple of downsides to it. The first one is that not all existing systems can be covered by an agent-based system. In fact, legacy systems which are likely the least security conscious, are more likely to not be covered by an agent, and furthermore, OS upgrades can create a compatibility matrix that gets out of hand. The other concern was using an agent as a primary security mechanism, since one can’t rely on a device that secures itself in the event of a compromise.

With a network-based approach to microsegmentation, the vArmour Distributed Security System was uniquely positioned to deliver a solution that provides a virtual application control in front of all endpoints, in a way that maintains the separation of security control from the devices being secured. By doing this, a non-location-centric single policy can be designed that applies to the entire environment, reducing the cost of implementation and the complexity of maintenance. The goals of hyperconvergence were met, and no additional hardware was required to secure the environment in this way.

Now fully hyperconverged, microsegmented, and more secure, this legal enterprise is an example of infrastructure optimization and IT simplification. With vArmour maintaining workload separation and enforcing security policy on top of their hyperconverged infrastructure, this organization is seeing the OPEX benefits of more efficient resource utilization and cloud-like infrastructure consumption, while strengthening protection of business-critical applications.


Results

  • Decreased CAPEX and OPEX through enhanced infrastructure consolidation
  • Reduced attack surface with policy enforcement at each workload