The Multiplier Effects of Distributed Security Architecture

Contrary to popular belief, there are very few ‘a-ha’ moments in VC. Startups are on a 10-year lifecycle and despite all the stimulation and exposure, there’s a modicum of tangible wins (or clear cut failures) to learn from. Last week I had one of these ‘a-ha’ moments catching up with our Work-Bench portfolio company vArmour that speaks to the eye-widening impact of distributed security systems.

We were discussing the company’s new cyber deception product launch. In summary, the team is bringing a step-function improvement to honeypots, making what was for years an esoteric security practice due to complexity and performance requirements a reality for the masses.

I’m always exceedingly impressed by vArmour’s progress, but this case was strikingly different because it marks a major (although highly complementary) step outside its core focus of cloud and datacenter infrastructure security. Using the subtle powers of a unique system architecture, the team is expanding product scope beyond what we initially imagined was possible when we invested in the company two years ago alongside a host of great venture capital firms like Highland Capital Partners and Menlo Ventures. What the vArmour team uncovered was that the same distributed approach to workload security policy enforcement can also dynamically scale datacenter mousetraps. Hearing the story made it all very clear, but in retrospect I doubt we’d anticipated this translation. This small anecdote reaffirms that proprietary systems design is a means in and of itself beyond its immediate purpose of underpinning solution “A” which solves problem “B.”

How exactly is vArmour leveraging its underlying architecture to move like magic into the cyber deception market? It takes a unique approach to instrumentation — the mechanism by which security products interact with IT systems, and the backbone that reverberates upstream to dictate many of the management and performance tradeoffs product teams must make. vArmour’s unique instrumentation can help solve many security challenges that other companies using established mechanisms cannot.

vArmour’s ‘fabric’ as the company refers to it, is a fully-distributed control plane. It works very much like The Force and its legion of Jedi Knights. A single instance of the vArmour fabric installed as a virtual machine (let’s call this the force) orchestrates security policies across an entire data center. Distributed sensors and security processors (the Jedis) provide visibility and enforcement for up to 1,000 hypervisors and 100,000 individual workloads bound by the power of the force. It’s distributed in that any security element in the system can take over processing responsibilities for any other. Traditional forms of security instrumentation, be they network or host-based, are topologically rigid, resource intensive, and complex to manage. They are the armies of stormtroopers or fleets of imperial battleships in Star Wars speak.

The same underlying system that dynamically distributes security processes can now intelligently route traffic to create the illusion that a single deception point is really thousands or even millions of honeypots spread across unused address space within the datacenter. Vendors in the cyber deception market, most of whom operate within the constraints of workload and agent-based instrumentation methods, will struggle to compete on the basis of time-consumption and resource utilization. On another dimension, the same abstraction that allows vArmour to enforce security policies in a multi-tenant environment can now ensure a savvy attacker who dismantles a honeypot doesn’t compromise the entire security system in consequence. This is the major concern impeding adoption of cyber deception techniques, and any security architecture in which the process ties directly to the underlying asset base is particularly vulnerable to this risk. Unlike the Death Star with its single point of failure, vArmour’s ‘force’ transcends, with any disturbance in the force felt by all Jedi Knight.

In theory it seems obvious that distributed systems are inherently greater than the sum of their parts. The distributed systems that bring elasticity and efficiency to the web scale giants like Netflix, Google and Facebook are clear markers. However, seeing how this concept applies deep in the depths of the security sector with a company we work closely with makes it more universal. I’m excited to see how our other portfolio companies powered by slick distributed systems architectures like Cockroach Labs and CoreOS see the same multiplier effects in their product evolution.

Despite open-source flattening the landscape, many deep-in the-stack IT startups have lofty ambitions to become platforms. vArmour is a prime example of a company making this transition leveraging its unique underlying systems architecture. Even as the locus of focus inexorably shifts up the stack to applications and “machine learning,” we’ll be sure not to underestimate the hidden powers of companies deep within the IT stack that re-architect the how and not just the what.