clock menu more-arrow no yes mobile

Filed under:

VArmour Comes Out of Stealth With Plan to Secure Data Centers

First, assume the hackers are going to get in. Then watch for them inside your network.


Barely a day goes by without a news report about a hacker attack, or the revelation of a new security vulnerability to worry about. The rise in computer breaches has sparked a new generation of startups that are thinking about security in new ways and enticing investment.

Today, vArmour, a Mountain View, Calif.-based company whose ability to attract venture capital funding we noted last month, is coming out of stealth mode. Its plan is to offer companies ways to secure their data centers against some of the new tactics that attackers use to sneak in.

While computers have evolved, the ways in which they are secured largely have not. More than half of the computing workload in a modern corporation makes use of so-called virtual machines, which uses software to allow one physical computer to act like many. Most of the servers on the Internet, in fact, make use of virtualization, a backbone technology of cloud computing.

And while virtualization has done wonders for computing efficiency and flexibility, it has also created weaknesses that an attacker could exploit and that can also hide the attack itself. On average, attackers are spending more than 240 days perusing a target’s network looking for the juicier files to take before being detected.

VArmour founder and CEO Tim Eades represents a new school of thought in computer security circles that can be best summed up like this: Determined hackers are going to get in, one way or another, so it’s better to catch them in the act and silently study their techniques and learn how they got in. We saw this in the attack against the New York Times disclosed last year.

“The thing that’s not being understood with all these breaches are sometimes the most basic questions: Where did the attackers get in? How did they navigate to it? Where is patient zero?” he said. “If you can’t tell me exactly where they came in, then you can’t shut the door.”

Eades says data centers are suffering from what he calls “invisible east-west traffic.” When virtual machines talk to each other, in the parlance of data center nerds, they’re talking “east to west,” as opposed to the “north to south” traffic between physical machines. It’s so named because servers, storage and networking gear are stacked on top of each other in a data center. (Up-down equal north-south, get it?)

Once a hacker gets inside a network, more than 80 percent of attacks on data centers, Eades says, take place in that “east to west” territory. They get inside and start sniffing around, hopping from one virtual machine to another, looking for the good stuff to take. Most security products date back to the days before virtualization and so are more focused on the “north-south” connection between physical machines, essentially guarding the perimeter. Trouble is, those tools are busy looking for trouble outside, while the attack is likely happening right behind their backs.

“It’s one thing to shut the gate, but quite another if you don’t know what side of the gate the bad guys are on,” Eades said.

The answer, according to Eades, is to create small virtual machines that can be deployed anywhere in the data center. He calls them sensors. “When the sensors see something suspicious, they can actually do something about it,” he said. “They can stop it, they can move it. But most of our customers don’t want to stop it right away. They want to observe the attack as it happens and see what the perpetrators are up to.”

Putting software sensors throughout the network puts the protection where it’s needed most: Right next to a company’s critical data. Think of the sensors as bodyguards watching over anything on a network — including the traffic between virtual machines — sounding a silent alarm if anything suspicious is going on.

It makes sense in a world that is shifting its computing resources toward the cloud. And so vArmour charges like a cloud vendor: Customers pay for what they use. “The model has to change. In the old ‘up to’ model, you pay for 100 percent of something, even if you’re only using, say, 37 percent of that something.” That allows customers the flexibility to use more sensors when they’re under attack, and throttle back down later. “The legacy security companies are going to have a hard time adjusting to that,” he said.

VArmour last month closed a $21 million C round led by Columbus Nova Technology Partners, Citi Ventures and Work-Bench Ventures, and also disclosed a $15 million B round led by Menlo Ventures which it closed late last year. It has raised a combined $42 million. Eades sold his last security company, Silver Tail Systems, to RSA, the security unit of tech giant EMC. The deal was said at the time to value Silver Tail in the neighborhood of $300 million.

This article originally appeared on

Sign up for the newsletter Sign up for Vox Recommends

Get curated picks of the best Vox journalism to read, watch, and listen to every week, from our editors.