Timothy Eades on Software-based Segmentation

LIFARS question and answers session with cyber security experts, Where,who,when,how,why,what

With over 20 years of leadership experience in sales, marketing, and executive management at the CEO level, Tim has deep expertise in driving high growth for computing, security and enterprise software companies. Tim joined vArmour as CEO in October, 2013. Prior to that, he was the CEO at Silver Tail Systems from March, 2010 until the company was acquired by RSA, the security division of EMC in late 2012. Prior to leading Silver Tail Systems, Tim was CEO of Everyone.net, an SMB focused SaaS company that was acquired by Proofpoint. Tim has also held sales and marketing executive leadership positions at BEA Systems, Sana Security, Phoenix Technologies and IBM. Tim holds advanced degrees in business, international marketing, and financial analysis, primarily from Solent University in England.

Tim spoke about software-based segmentation and its benefits at an interview conducted by LIFARS. 

LIFARS: What is vARMOUR and what benefits does software-based segmenting provide?

Tim: vArmour, the data center and cloud security company, delivers software-based segmentation and micro-segmentation to protect critical applications and workloads with the industry’s first distributed security system (DSS).  vArmour DSS is architected to scale security across multi-clouds with deep insight and control of individual workloads. With its patented capabilities, vArmour DSS moves security controls that were traditionally at the perimeter down next to each asset and is independent of the underlying infrastructure. Security travels with the workload, wherever it resides, across virtual, cloud, and physical real estate, increasing visibility, security and operational efficiency.

vArmour DSS delivers software-based segmentation to protect critical assets in three steps:

  • SEE 100% of network, application, and user traffic to inform policy creation based on anomaly detection and application mapping.
  • SEGMENT workloads to reduce attack surfaces and increase utilization.
  • SECURE workloads with proactive cyber deception that distracts and stalls attackers.

LIFARS: What do you think the future of software-based segmenting will look like and what are some challenges you are likely to face?

Tim: Across every single enterprise technology sector, IT professionals are increasingly evaluating technologies through the lens of AWS.  AWS adoption has accelerated the transition from hardware/physical to software/virtual products and is setting the yard stick for modern data centers.  Security for the modern data centers and cloud needs to be:

  • Better
    Extensible – API-based, programmable
    Independent of underlying infrastructure
    Granular – wrapped around individual asset
  • Faster
    High performing
    Agile: moves at the speed of business.
  • Cheaper
    Cloud consumption economics – displaces expensive and inflexible hardware boxes that require significant upfront Capex investment and strenuous refresh cycles every few years

LIFARS: Have you seen malware that has been able to maneuver segmentation and how do you deal with that?

Tim: After a period of “panic” buying in 2013-2015, wherein customers responded to high-profile breaches by investing heavily to replace legacy firewalls with fully featured firewalls, they are coming to the day of reckoning that the scale and complexity of modern data centers is demanding cloud-native security rather than traditional security “forklifted” into the cloud infrastructure.  Despite substantial security investment, customers continue to struggle with insecure and flat networks, often built incrementally, with a good portion of their critical assets connected to legacy networks, simply because they have been around the longest.

Too often, malware has been able to maneuver freely inside data centers because people rely on a hardened perimeter and assume that the internal network is trusted. There should be no presumption of trust for networks. There should be a series of domains and tenants for business units, environments and application classes. Controls within and between these domains and tenant should be state and application aware.

It is exactly with this understanding that we created the industry’s first distributed security system – DSS. Built entirely in software, DSS allows us to move protection and controls down next to individual asset and is independent of the underlying infrastructure. Security travels with the workload, wherever it resides, across virtual, cloud, and physical real estate, increasing visibility, security and operational efficiency.

LIFARS: What benefits do software-based segmenting and vARMOUR provide in the context of a breach?

Tim: The blueprint for a data breach is to get in and move around and find valuable assets and data, much of which is unstructured and highly distributed. Once in a “trusted” network, adversaries can go anywhere and potentially compromise/access more and more systems leading to a domino effect.

vArmour DSS places controls to restrict communication between authorized systems only and to reduce attack surfaces available to an attacker exploiting common protocol vulnerabilities. It prevents protocol hijacking of existing connections (stateful) and control disablement (the agent problem). vArmour DSS – industry’s first and only distributed security system – provides the capability to rapidly deploy application aware controls to help protect critical workloads. Traditional security cannot apply controls with the required level of granularity and proximity to the workload to be effective.  vArmour DSS enables security with not only application-aware workload controls but also distributed deception to prevent, detect, and respond to security events, regardless of the evasiveness of an advanced attacker.

Connect with Tim on LinkedIn.